diff --git a/.ansible-lint b/.ansible-lint index 50c7005..649c091 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -20,7 +20,8 @@ exclude_paths: - .github/ - .markdownlint.yaml - examples/roles/ + - .collection/ mock_roles: - - linux-system-roles.trustee_attestation_client + - linux-system-roles.trustee_client supported_ansible_also: - "2.14.0" diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index b64f48e..6b773cf 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -22,6 +22,15 @@ jobs: !((github.event_name == 'pull_request' && contains(github.event.pull_request.title, '[citest_skip]')) || (github.event_name == 'push' && contains(github.event.head_commit.message, '[citest_skip]'))) runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + # There should be one version which is the one used by the Automation Hub gating, and + # one for the latest version. + # https://github.com/ansible-collections/partner-certification-checker/blob/main/.github/workflows/certification-reusable.yml#L108 + versions: + - { ansible_lint: "24.*", ansible: "2.16.*", python: "3.12" } + - { ansible_lint: "26.*", ansible: "2.20.*", python: "3.13" } steps: - name: Update pip, git run: | @@ -35,53 +44,17 @@ jobs: - name: Install tox, tox-lsr run: | set -euxo pipefail - pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.17.1" + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.18.0" - - name: Convert role to collection format - id: collection + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: ${{ matrix.versions.python }} + + - name: Convert role to collection format and run ansible-lint run: | set -euxo pipefail - TOXENV=collection lsr_ci_runtox - coll_dir=".tox/ansible_collections/$LSR_ROLE2COLL_NAMESPACE/$LSR_ROLE2COLL_NAME" - # cleanup after collection conversion - rm -rf "$coll_dir/.ansible" .tox/ansible-plugin-scan "$coll_dir/.collection" - # ansible-lint action requires a .git directory??? - # https://github.com/ansible/ansible-lint/blob/main/action.yml#L45 - mkdir -p "$coll_dir/.git" - meta_req_file="${{ github.workspace }}/meta/collection-requirements.yml" - test_req_file="${{ github.workspace }}/tests/collection-requirements.yml" - if [ -f "$meta_req_file" ] && [ -f "$test_req_file" ]; then - coll_req_file="${{ github.workspace }}/req.yml" - python -c 'import sys; import yaml - hsh1 = yaml.safe_load(open(sys.argv[1])) - hsh2 = yaml.safe_load(open(sys.argv[2])) - coll = {} - for item in hsh1["collections"] + hsh2["collections"]: - if isinstance(item, dict): - name = item["name"] - rec = item - else: - name = item # assume string - rec = {"name": name} - if name not in coll: - coll[name] = rec - hsh1["collections"] = list(coll.values()) - yaml.safe_dump(hsh1, open(sys.argv[3], "w"))' "$meta_req_file" "$test_req_file" "$coll_req_file" - echo merged "$coll_req_file" - cat "$coll_req_file" - elif [ -f "$meta_req_file" ]; then - coll_req_file="$meta_req_file" - elif [ -f "$test_req_file" ]; then - coll_req_file="$test_req_file" - else - coll_req_file="" - fi - echo "coll_req_file=$coll_req_file" >> $GITHUB_OUTPUT - - - name: Run ansible-lint - uses: ansible/ansible-lint@v26 - with: - working_directory: ${{ github.workspace }}/.tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} - requirements_file: ${{ steps.collection.outputs.coll_req_file }} - env: - ANSIBLE_COLLECTIONS_PATH: ${{ github.workspace }}/.tox + LSR_ANSIBLE_LINT_DEP="ansible-lint==${{ matrix.versions.ansible_lint }}" \ + LSR_ANSIBLE_LINT_ANSIBLE_DEP="ansible-core==${{ matrix.versions.ansible }}" \ + tox -x testenv:ansible-lint-collection.basepython="python${{ matrix.versions.python }}" \ + -e collection,ansible-lint-collection diff --git a/.github/workflows/ansible-managed-var-comment.yml b/.github/workflows/ansible-managed-var-comment.yml index 5d408f6..3ba263a 100644 --- a/.github/workflows/ansible-managed-var-comment.yml +++ b/.github/workflows/ansible-managed-var-comment.yml @@ -33,7 +33,7 @@ jobs: - name: Install tox, tox-lsr run: | set -euxo pipefail - pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.17.1" + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.18.0" - name: Run ansible-plugin-scan run: | diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml index 2df187a..f23aa2e 100644 --- a/.github/workflows/ansible-test.yml +++ b/.github/workflows/ansible-test.yml @@ -22,6 +22,17 @@ jobs: !((github.event_name == 'pull_request' && contains(github.event.pull_request.title, '[citest_skip]')) || (github.event_name == 'push' && contains(github.event.head_commit.message, '[citest_skip]'))) runs-on: ubuntu-latest + strategy: + fail-fast: false # get all results, not just the first failure + matrix: + versions: + - { ansible: "2-14", python: "3.9" } + - { ansible: "2-16", python: "3.11" } + - { ansible: "2-17", python: "3.12" } + - { ansible: "2-18", python: "3.12" } + - { ansible: "2-19", python: "3.13" } + - { ansible: "2-20", python: "3.13" } + - { ansible: "milestone", python: "3.13" } steps: - name: Update pip, git run: | @@ -36,16 +47,15 @@ jobs: - name: Install tox, tox-lsr run: | set -euxo pipefail - pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.17.1" + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.18.0" - - name: Convert role to collection format - run: | - set -euxo pipefail - TOXENV=collection lsr_ci_runtox - - - name: Run ansible-test - uses: ansible-community/ansible-test-gh-action@release/v1 + - name: Set up Python + uses: actions/setup-python@v6 with: - testing-type: sanity # wokeignore:rule=sanity - ansible-core-version: stable-2.17 - collection-src-directory: ${{ github.workspace }}/.tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} + python-version: ${{ matrix.versions.python }} + + - name: Convert role to collection format and run ansible-test + run: | + tox \ + -x testenv:ansible-test-${{ matrix.versions.ansible }}.basepython="python${{ matrix.versions.python }}" \ + -e collection,ansible-test-${{ matrix.versions.ansible }} diff --git a/.github/workflows/qemu-kvm-integration-tests.yml b/.github/workflows/qemu-kvm-integration-tests.yml index 2bcb450..3849aaa 100644 --- a/.github/workflows/qemu-kvm-integration-tests.yml +++ b/.github/workflows/qemu-kvm-integration-tests.yml @@ -110,7 +110,7 @@ jobs: python3 -m pip install --upgrade pip sudo apt update sudo apt install -y --no-install-recommends git ansible-core genisoimage qemu-system-x86 - pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.17.1" + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.18.0" # HACK: Drop this when moving this workflow to 26.04 LTS - name: Update podman to 5.x for compatibility with bootc-image-builder's podman 5 diff --git a/.github/workflows/tft.yml b/.github/workflows/tft.yml index 8d1ff5e..7e0e7d4 100644 --- a/.github/workflows/tft.yml +++ b/.github/workflows/tft.yml @@ -181,7 +181,7 @@ jobs: tf_scope: private api_key: ${{ secrets.TF_API_KEY_RH }} update_pull_request_status: false - tmt_plan_filter: "tag:playbooks_parallel,trustee_attestation_client" + tmt_plan_filter: "tag:playbooks_parallel,trustee_client" - name: Set final commit status uses: myrotvorets/set-commit-status-action@master diff --git a/README.md b/README.md index 7c50785..8411f98 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # trustee_attestation_client -[![ansible-lint.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/ansible-test.yml) [![codespell.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/markdownlint.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/trustee_attestation_client/actions/workflows/woke.yml) +[![ansible-lint.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/ansible-test.yml) [![codespell.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/markdownlint.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/trustee_client/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/trustee_client/actions/workflows/woke.yml) ![trustee_attestation_client](https://github.com/linux-system-roles/trustee_attestation_client/workflows/tox/badge.svg) diff --git a/contributing.md b/contributing.md index 7071d9b..2bf49c9 100644 --- a/contributing.md +++ b/contributing.md @@ -1,4 +1,4 @@ -# Contributing to the trustee_attestation_client Linux System Role +# Contributing to the trustee_client Linux System Role ## Where to start @@ -12,12 +12,12 @@ This has all of the common information that all role developers need: * How to create git commits and submit pull requests **Bugs and needed implementations** are listed on -[Github Issues](https://github.com/linux-system-roles/trustee_attestation_client/issues). +[Github Issues](https://github.com/linux-system-roles/trustee_client/issues). Issues labeled with -[**help wanted**](https://github.com/linux-system-roles/trustee_attestation_client/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) +[**help wanted**](https://github.com/linux-system-roles/trustee_client/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) are likely to be suitable for new contributors! -**Code** is managed on [Github](https://github.com/linux-system-roles/trustee_attestation_client), using +**Code** is managed on [Github](https://github.com/linux-system-roles/trustee_client), using [Pull Requests](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). ## Running CI Tests Locally diff --git a/plans/README-plans.md b/plans/README-plans.md index acd9488..d51226c 100644 --- a/plans/README-plans.md +++ b/plans/README-plans.md @@ -1,6 +1,6 @@ # Introduction CI Testing Plans -Linux System Roles CI runs [tmt](https://tmt.readthedocs.io/en/stable/index.html) test plans in [Testing farm](https://docs.testing-farm.io/Testing%20Farm/0.1/index.html) with the [tft.yml](https://github.com/linux-system-roles/trustee_attestation_client/blob/main/.github/workflows/tft.yml) GitHub workflow. +Linux System Roles CI runs [tmt](https://tmt.readthedocs.io/en/stable/index.html) test plans in [Testing farm](https://docs.testing-farm.io/Testing%20Farm/0.1/index.html) with the [tft.yml](https://github.com/linux-system-roles/trustee_client/blob/main/.github/workflows/tft.yml) GitHub workflow. The `plans/test_playbooks_parallel.fmf` plan is a test plan that runs test playbooks in parallel on multiple managed nodes. `plans/test_playbooks_parallel.fmf` is generated centrally from `https://github.com/linux-system-roles/.github/`. @@ -16,7 +16,7 @@ The `plans/test_playbooks_parallel.fmf` plan does the following steps: 2. Does the required preparation on systems. 3. For the given role and the given PR, runs the general test from [test.sh](https://github.com/linux-system-roles/tft-tests/blob/main/tests/general/test.sh). -The [tft.yml](https://github.com/linux-system-roles/trustee_attestation_client/blob/main/.github/workflows/tft.yml) workflow runs the above plan and uploads the results to our Fedora storage for public access. +The [tft.yml](https://github.com/linux-system-roles/trustee_client/blob/main/.github/workflows/tft.yml) workflow runs the above plan and uploads the results to our Fedora storage for public access. This workflow uses Testing Farm's Github Action [Schedule tests on Testing Farm](https://github.com/marketplace/actions/schedule-tests-on-testing-farm). ## Running Tests @@ -47,7 +47,7 @@ You can run tests locally with the `tmt try` cli or remotely in Testing Farm. $ TESTING_FARM_API_TOKEN= \ testing-farm request --pipeline-type="tmt-multihost" \ --plan-filter="tag:playbooks_parallel" \ - --git-url "https://github.com//trustee_attestation_client" \ + --git-url "https://github.com//trustee_client" \ --git-ref "" \ --compose CentOS-Stream-9 \ -e "SYSTEM_ROLES_ONLY_TESTS=tests_default.yml" \ diff --git a/plans/test_playbooks_parallel.fmf b/plans/test_playbooks_parallel.fmf index 7d886c1..0fc4872 100644 --- a/plans/test_playbooks_parallel.fmf +++ b/plans/test_playbooks_parallel.fmf @@ -12,7 +12,7 @@ provision: environment: # ensure versions are strings! SR_ANSIBLE_VER: "2.17" - SR_REPO_NAME: trustee_attestation_client + SR_REPO_NAME: trustee_client SR_PYTHON_VERSION: "3.12" SR_ONLY_TESTS: "" # tests_default.yml SR_TEST_LOCAL_CHANGES: true @@ -32,6 +32,9 @@ prepare: if grep -q 'CentOS Linux release 7.9' /etc/redhat-release; then sed -i '/^mirror/d;s/#\?\(baseurl=http:\/\/\)mirror/\1vault/' /etc/yum.repos.d/*.repo fi + - name: Ensure use of devel site for yum repos + script: | + sed -i -e 's|\.lab\.bos\.|.devel.|g' -e 's|\.eng\.bos\.|.devel.|g' /etc/yum.repos.d/*.repo discover: - name: Prepare managed node how: fmf diff --git a/tests/tasks/run_role_with_clear_facts.yml b/tests/tasks/run_role_with_clear_facts.yml new file mode 100644 index 0000000..df9a70a --- /dev/null +++ b/tests/tasks/run_role_with_clear_facts.yml @@ -0,0 +1,38 @@ +--- +# DO NOT EDIT THIS FILE - managed by linux-system-roles/.github +# Task file: clear_facts, run linux-system-roles.trustee_client. +# Include this with include_tasks or import_tasks +# Input: +# - __sr_tasks_from: tasks_from to run - same as tasks_from in include_role +# - __sr_public: export private vars from role - same as public in include_role +# - __sr_failed_when: set to false to ignore role errors - same as failed_when in include_role +- name: Clear facts + meta: clear_facts + +# note that you can use failed_when with import_role but not with include_role +# so this simulates the __sr_failed_when false case +# Q: Why do we need a separate task to run the role normally? Why not just +# run the role in the block and rethrow the error in the rescue block? +# A: Because you cannot rethrow the error in exactly the same way as the role does. +# It might be possible to exactly reconstruct ansible_failed_result but it's not worth the effort. +- name: Run the role with __sr_failed_when false + when: + - __sr_failed_when is defined + - not __sr_failed_when + block: + - name: Run the role + include_role: + name: linux-system-roles.trustee_client + tasks_from: "{{ __sr_tasks_from | default('main') }}" + public: "{{ __sr_public | default(false) }}" + rescue: + - name: Ignore the failure when __sr_failed_when is false + debug: + msg: Ignoring failure when __sr_failed_when is false + +- name: Run the role normally + include_role: + name: linux-system-roles.trustee_client + tasks_from: "{{ __sr_tasks_from | default('main') }}" + public: "{{ __sr_public | default(false) }}" + when: __sr_failed_when | d(true) diff --git a/tests/vars/rh_distros_vars.yml b/tests/vars/rh_distros_vars.yml index 9a15a2b..d080745 100644 --- a/tests/vars/rh_distros_vars.yml +++ b/tests/vars/rh_distros_vars.yml @@ -4,17 +4,17 @@ # file is playbooks/templates/tests/vars/rh_distros_vars.yml --- # Ansible distribution identifiers that the role treats like RHEL -__trustee_attestation_client_rh_distros: +__trustee_client_rh_distros: - AlmaLinux - CentOS - RedHat - Rocky # Same as above but includes Fedora -__trustee_attestation_client_rh_distros_fedora: "{{ __trustee_attestation_client_rh_distros + ['Fedora'] }}" +__trustee_client_rh_distros_fedora: "{{ __trustee_client_rh_distros + ['Fedora'] }}" # Use this in conditionals to check if distro is Red Hat or clone -__trustee_attestation_client_is_rh_distro: "{{ ansible_facts['distribution'] in __trustee_attestation_client_rh_distros }}" +__trustee_client_is_rh_distro: "{{ ansible_facts['distribution'] in __trustee_client_rh_distros }}" # Use this in conditionals to check if distro is Red Hat or clone, or Fedora -__trustee_attestation_client_is_rh_distro_fedora: "{{ ansible_facts['distribution'] in __trustee_attestation_client_rh_distros_fedora }}" +__trustee_client_is_rh_distro_fedora: "{{ ansible_facts['distribution'] in __trustee_client_rh_distros_fedora }}"