diff options
| -rw-r--r-- | .github/workflows/trigger-rebuild-repo-package.yml | 34 | ||||
| -rwxr-xr-x | src/conf_mode/policy.py | 8 | ||||
| -rwxr-xr-x | src/op_mode/restart.py | 42 |
3 files changed, 53 insertions, 31 deletions
diff --git a/.github/workflows/trigger-rebuild-repo-package.yml b/.github/workflows/trigger-rebuild-repo-package.yml index fb4558fc4..7a6a974c3 100644 --- a/.github/workflows/trigger-rebuild-repo-package.yml +++ b/.github/workflows/trigger-rebuild-repo-package.yml @@ -1,7 +1,7 @@ name: Trigger to build a deb package from repo on: - pull_request: + pull_request_target: types: - closed branches: @@ -9,24 +9,24 @@ on: workflow_dispatch: jobs: - trigger-build: - if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' + get_repo_name: runs-on: ubuntu-latest - - env: - REF: main # Used for curl to trigger build package - + outputs: + PACKAGE_NAME: ${{ steps.package_name.outputs.PACKAGE_NAME }} steps: - name: Set variables + id: package_name run: | - echo "PACKAGE_NAME=$(basename ${{ github.repository }})" >> $GITHUB_ENV + echo "PACKAGE_NAME=$(basename ${{ github.repository }})" >> $GITHUB_OUTPUT - - name: Trigger rebuild for ${{ env.PACKAGE_NAME }} - run: | - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REUSE_REPO }}/actions/workflows/build-package.yml/dispatches \ - -d '{"ref": "${{ env.REF }}", "inputs":{"package_name":"'"$PACKAGE_NAME"'", "gpg_key_id": "${{ secrets.GPG_KEY_ID }}", "package_branch": "${{ github.ref_name }}"}}' + trigger-build: + needs: get_repo_name + uses: vyos/.github/.github/workflows/trigger-rebuild-repo-package.yml@circinus + with: + branch: ${{ github.ref_name }} + package_name: ${{ needs.get_repo_name.outputs.PACKAGE_NAME }} + secrets: + REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} + REMOTE_REUSE_REPO: ${{ secrets.REMOTE_REUSE_REPO }} + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + PAT: ${{ secrets.PAT }} diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py index 4df893ebf..a5963e72c 100755 --- a/src/conf_mode/policy.py +++ b/src/conf_mode/policy.py @@ -167,10 +167,10 @@ def verify(policy): continue for rule, rule_config in route_map_config['rule'].items(): - # Action 'deny' cannot be used with "continue" - # FRR does not validate it T4827 - if rule_config['action'] == 'deny' and 'continue' in rule_config: - raise ConfigError(f'rule {rule} "continue" cannot be used with action deny!') + # Action 'deny' cannot be used with "continue" or "on-match" + # FRR does not validate it T4827, T6676 + if rule_config['action'] == 'deny' and ('continue' in rule_config or 'on_match' in rule_config): + raise ConfigError(f'rule {rule} "continue" or "on-match" cannot be used with action deny!') # Specified community-list must exist tmp = dict_search('match.community.community_list', diff --git a/src/op_mode/restart.py b/src/op_mode/restart.py index 813d3a2b7..a83c8b9d8 100755 --- a/src/op_mode/restart.py +++ b/src/op_mode/restart.py @@ -25,11 +25,11 @@ from vyos.utils.commit import commit_in_progress config = ConfigTreeQuery() service_map = { - 'dhcp' : { + 'dhcp': { 'systemd_service': 'kea-dhcp4-server', 'path': ['service', 'dhcp-server'], }, - 'dhcpv6' : { + 'dhcpv6': { 'systemd_service': 'kea-dhcp6-server', 'path': ['service', 'dhcpv6-server'], }, @@ -61,24 +61,40 @@ service_map = { 'systemd_service': 'radvd', 'path': ['service', 'router-advert'], }, - 'snmp' : { + 'snmp': { 'systemd_service': 'snmpd', }, - 'ssh' : { + 'ssh': { 'systemd_service': 'ssh', }, - 'suricata' : { + 'suricata': { 'systemd_service': 'suricata', }, - 'vrrp' : { + 'vrrp': { 'systemd_service': 'keepalived', 'path': ['high-availability', 'vrrp'], }, - 'webproxy' : { + 'webproxy': { 'systemd_service': 'squid', }, } -services = typing.Literal['dhcp', 'dhcpv6', 'dns_dynamic', 'dns_forwarding', 'igmp_proxy', 'ipsec', 'mdns_repeater', 'reverse_proxy', 'router_advert', 'snmp', 'ssh', 'suricata' 'vrrp', 'webproxy'] +services = typing.Literal[ + 'dhcp', + 'dhcpv6', + 'dns_dynamic', + 'dns_forwarding', + 'igmp_proxy', + 'ipsec', + 'mdns_repeater', + 'reverse_proxy', + 'router_advert', + 'snmp', + 'ssh', + 'suricata', + 'vrrp', + 'webproxy', +] + def _verify(func): """Decorator checks if DHCP(v6) config exists""" @@ -102,13 +118,18 @@ def _verify(func): # Check if config does not exist if not config.exists(path): - raise vyos.opmode.UnconfiguredSubsystem(f'Service {human_name} is not configured!') + raise vyos.opmode.UnconfiguredSubsystem( + f'Service {human_name} is not configured!' + ) if config.exists(path + ['disable']): - raise vyos.opmode.UnconfiguredSubsystem(f'Service {human_name} is disabled!') + raise vyos.opmode.UnconfiguredSubsystem( + f'Service {human_name} is disabled!' + ) return func(*args, **kwargs) return _wrapper + @_verify def restart_service(raw: bool, name: services, vrf: typing.Optional[str]): systemd_service = service_map[name]['systemd_service'] @@ -117,6 +138,7 @@ def restart_service(raw: bool, name: services, vrf: typing.Optional[str]): else: call(f'systemctl restart "{systemd_service}.service"') + if __name__ == '__main__': try: res = vyos.opmode.run(sys.modules[__name__]) |