Some documentation:

Setup GitHub Actions for CPAN modules
https://perlmaven.com/setup-github-actions

ASF Wiki, Builds, GitHub Actions status:
https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status

Note the security concerns mentioned in the latter that are not addressed in the examples of the former.

Security concerns may be mitigated if the actions are only used for automated running of make test based on a read-only git mirror of our actual svn repository, i.e., no write access available to any exploiters.

Feel free to copy from my efforts:
https://github.com/bigio/spamassassin/tree/tests

Atm all tests are failing with:
"/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/sa-update
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
Insecure directory in $ENV{PATH} while running with -T switch at t/SATest.pm line 1235.
t/all_modules.t ...................

Notes on attempting to base action files on https://github.com/Perl/docker-perl-tester

That uses the official perl docker images made from dockerfiles at https://github.com/docker-library/docs/tree/master/perl

The officially supported omes only go back to perl 5.32. The docker images for older perl versions still exist, but were built on olber versions of Debian/Ubuntu. I got errors trying to install some of the SpamAssassin optional dependencies on those old versions. There is no reason to have to skip tests because dependencies can't be installed. It should be sufficient to test on current versions of Ubuntu as long as we test various perl versions.

To do this, instead of using the perl version docker images as base, I'll use an Ubuntu image as base and build perl using the dockerfile that is used to build the latest perl docker image, but with different versions of perl.

I'm making progress on GitHub actions in a personal fork of our git-svn mirror on GitHub. Giovanni, the error you hit is the result of bad permissions on a directory in the Ubuntu runner, fixed by adding a suitable sudo chmod in the script setting up the build environment. There was a similar problem on macOS runners with privileges of the default user, and on Windows with a required change in .gitattributes. I'll make it all available at once after it is fully working.

To document it in the public record, here is a copy/paste of a conversation I had a few minutes ago on the asf-infra slack channel, confirming that it should be ok to use our git mirror this way:

----------------

Sidney
SpamAssassin project uses svn. Would it be possible and make sense to add a .gitattributes file and .github directory with some GitHub actions set for manual trigger only to allow someone to fork the git mirror and run tests in Actions? This would not use Apache resources on GitHub since this is not for automated CI actions on the mirror, just a convenient way for individual committers to test in their personal GitHub accounts. If we did that, would it work to add the files to the svn repo, or does the git-svn mirror process ignore git-repo-specific files, so Infra would have to add them to the git repo somehow?

Humbedooh
the mirror process should pick up any files you add

Sidney
Do you see any problems with doing this?

Humbedooh
we can't add anything to the git repo itself manually, as that would break mirroring
I don't see any issues with it, as long as nothing writes or tries to write to the git repo itself
there is already a .gitignore file in the repo for instance

Sidney
The actions would not even be set up to run on the mirror. As long as adding .github/workflow/*.yml files doesn't automatically enable Actions in the repo and then we can't change those automatic settings on a mirror. Is that a possible problem?

Humbedooh
I don't think anyone truly knows the answer to that question, no one has tried that before :slightly_smiling_face:

Sidney
OK, then I guess it is worth a try. Thanks!

Humbedooh
the settings can always be changed by infra manually if anything goes wonky

Committing files that can be used to run a Github Action that builds SpamAssassin and runs make test.

To use:

In your own Github account create a fork of the Github mirror of the SpamAssassin svn repo that is at https://github.com/apache/spamassassin

Note: DO NOT run the action in the the apache Github repo, fork first. Apache does not have the resources on Github to add running these actions to everything else they are already doing.

In the Github web page for your fork, in the settings for the repository, enable permissions to run the actions.

When you want to run the regression tests in Actions, on the Github page for the fork, select the Actions tab, click on the One Native Runner Ci action in the left panel. Click on the Run Workflow dropdown that is in the right panel. Enter the appropriate runner platform, perl version, and make command for the tests your want to run, then click the Run Workflow button.

Click the Actions tab again to see actions that are in progress and click on one and drill down to find the scrolling display of the log output.

trunk % svn ci -m "Bug 8056 - commit Github Actions that can be used in a fork of our Github mirror to run regression tests on Github action runners"
Adding         .github
Adding         .github/actions
Adding         .github/actions/install_cpan_dependencies_for_sa
Adding         .github/actions/install_cpan_dependencies_for_sa/action.yml
Adding         .github/actions/setup_macos_for_sa_test
Adding         .github/actions/setup_macos_for_sa_test/action.yml
Adding         .github/actions/setup_ubuntu_for_sa_test
Adding         .github/actions/setup_ubuntu_for_sa_test/action.yml
Adding         .github/workflows
Adding         .github/workflows/makefile_one_native.yml
Sending        MANIFEST.SKIP
Transmitting file data .....done
Committing transaction...
Committed revision 1905790.

I'm not closing this issue yet. This commit is to get the files in the Github repository so I can use it to run tests for the 4.0.0 release, with the expectation that there will be things to clean up after the release.

Since there are no code changes for production, this has been committed without an R-T-C vote.

trunk % svn ci -m "Bug 8056 - add .gitattributes required for Windows test Github Actions to work" .gitattributes 
Adding         .gitattributes
Transmitting file data .done
Committing transaction...
Committed revision 1905809.

trunk % svn ci -m "Bug 8056 - Add .gitattributes to MANIFEST.SKIP" MANIFEST.SKIP 
Sending        MANIFEST.SKIP
Transmitting file data .done
Committing transaction...
Committed revision 1905811.

.github % svn ci -m "Bug 8056 - fix typos in documentation lines in previous commit"
Sending        actions/install_cpan_dependencies_for_sa/action.yml
Sending        actions/setup_macos_for_sa_test/action.yml
Sending        actions/setup_ubuntu_for_sa_test/action.yml
Transmitting file data ...done
Committing transaction...
Committed revision 1905817.

 .github % svn ci -m "Bug 8056 - fix yet another typo in documentation line in earlier commit"                                                           
Sending        actions/setup_ubuntu_for_sa_test/action.yml
Transmitting file data .done
Committing transaction...
Committed revision 1905818.

The .github directory in our repo now has a complete set of GitHub actions for running tests of SpamAssassin, with a README.md in that directory.

trunk % svn ci -m "Bug 8056 - Update actions tests for SpamAssassin"
Adding         .github/README.md
Sending        .github/actions/install_cpan_dependencies_for_sa/action.yml
Adding         .github/actions/mysql
Adding         .github/actions/mysql/action.yml
Adding         .github/actions/postgres
Adding         .github/actions/postgres/action.yml
Sending        .github/actions/setup_macos_for_sa_test/action.yml
Sending        .github/actions/setup_ubuntu_for_sa_test/action.yml
Deleting       .github/workflows/makefile_one_native.yml
Adding         .github/workflows/spamassassin_make_test.yml
Transmitting file data .......done
Committing transaction...
Committed revision 1906485.

So this is only for individual committers, to run an "extended" make test manually on many platforms when needed?

Or is the intention to automate this in any way? I guess it wouldn't make sense to automate anything across many committer accounts, since they would be just running exact same tests wasting Github resources? Or is there some resource limits on Github side, and we could coordinate running different Perl versions etc with different committer accounts?

(In reply to Henrik Krohns from comment #11)
> So this is only for individual committers, to run an "extended" make test
> manually on many platforms when needed?

That's the basic idea. It's something that I could use when I am preparing a release.

It is set up for manual trigger only, and not to be run from our Apache GitHub repo because Apache has limited resources for such things, that are already oversubscribed by the early adopter projects.

> Or is the intention to automate this in any way? I guess it wouldn't make
> sense to automate anything across many committer accounts, since they would
> be just running exact same tests wasting Github resources?

I don't think it would be reasonable to automate the tests to run with every push, even if it were easy to filter out the rule update pushes.

> Or is there some
> resource limits on Github side, and we could coordinate running different
> Perl versions etc with different committer accounts?

I haven't hit a resource limit on my free personal account. There might be some kind of cap on network usage that I hit occasionally when running many jobs at once that is the cause of some network tests failing very sporadically.

Actually, your mention of splitting up perl versions between people gave me an idea. Github Actions can have a cron trigger, We could run one perl version on three platforms each day, which would just be three make test runs per day and cycle through all perl versions every two weeks. I could do that on my personal account with no problem.

trunk % svn ci -m "Bug 8056 - Add install of pyzor to macOS and Windows test runners on GitHub"
Sending        .github/actions/setup_macos_for_sa_test/action.yml
Adding         .github/actions/setup_windows_for_sa_test
Adding         .github/actions/setup_windows_for_sa_test/action.yml
Sending        .github/workflows/spamassassin_make_test.yml
Transmitting file data ...done
Committing transaction...
Committed revision 1906628.

trunk % svn ci -m "Big 8056 - Fix problem with our setup of Ubuntu runner when apt repo has some newer entries than runner image" .github/actions/setup_ubuntu_for_sa_test/action.yml 
Sending        .github/actions/setup_ubuntu_for_sa_test/action.yml
Transmitting file data .done
Committing transaction...
Committed revision 1906646.

Retargeting to some indefinite time. I never intended this to be tied to any particular release as a potential release blocker. It's just a convenience for ongoing testing that I can get working as well as possible.