diff --git a/.ansible-lint b/.ansible-lint index f7fda23..8823c1f 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,15 +1,8 @@ --- -skip_list: - - role-name - - fqcn-builtins -warn_list: - - load-failure # allow include_tasks with tasks/ directory -exclude_paths: - - tests/ - - tests/roles/ - - .github/ - - examples/roles/ +profile: production kinds: + - yaml: "**/meta/collection-requirements.yml" + - yaml: "**/tests/collection-requirements.yml" - playbook: "**/tests/tests_*.yml" - playbook: "**/tests/setup-snapshot.yml" - tasks: "**/tests/*.yml" @@ -18,3 +11,14 @@ kinds: - tasks: "**/tests/tasks/*/*.yml" - vars: "**/tests/vars/*.yml" - playbook: "**/examples/*.yml" +skip_list: + - fqcn-builtins +warn_list: + - load-failure +exclude_paths: + - tests/roles/ + - .github/ + - examples/roles/ + - tests/ +mock_roles: + - linux-system-roles.network diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..f0028ef --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,33 @@ +--- +name: Ansible Lint +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_lint: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Fix up role meta/main.yml namespace and name + run: | + set -euxo pipefail + mm=meta/main.yml + if [ -f "$mm" ]; then + if ! grep -q '^ *namespace:' "$mm"; then + sed "/galaxy_info:/a\ namespace: linux_system_roles" -i "$mm" + fi + if ! grep -q '^ *role_name:' "$mm"; then + sed "/galaxy_info:/a\ role_name: network" -i "$mm" + fi + fi + - name: Run ansible-lint + uses: ansible-community/ansible-lint-action@v6 diff --git a/.github/workflows/ansible-managed-var-comment.yml b/.github/workflows/ansible-managed-var-comment.yml new file mode 100644 index 0000000..7029c7c --- /dev/null +++ b/.github/workflows/ansible-managed-var-comment.yml @@ -0,0 +1,28 @@ +--- +name: Check for ansible_managed variable use in comments +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_managed_var_comment: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Run ansible-plugin-scan + run: | + set -euxo pipefail + TOXENV=ansible-managed-var-comment lsr_ci_runtox diff --git a/.github/workflows/ansible-plugin-scan.yml b/.github/workflows/ansible-plugin-scan.yml new file mode 100644 index 0000000..9883193 --- /dev/null +++ b/.github/workflows/ansible-plugin-scan.yml @@ -0,0 +1,28 @@ +--- +name: Ansible Plugin Scan +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_plugin_scan: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Run ansible-plugin-scan + run: | + set -euxo pipefail + TOXENV=ansible-plugin-scan lsr_ci_runtox diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml new file mode 100644 index 0000000..e2ffaef --- /dev/null +++ b/.github/workflows/ansible-test.yml @@ -0,0 +1,50 @@ +--- +name: Ansible Test +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +env: + LSR_ROLE2COLL_NAMESPACE: fedora + LSR_ROLE2COLL_NAME: linux_system_roles +jobs: + ansible_test: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Convert role to collection format + run: | + set -euxo pipefail + TOXENV=collection lsr_ci_runtox + # copy the ignore files + coll_dir=".tox/ansible_collections/$LSR_ROLE2COLL_NAMESPACE/$LSR_ROLE2COLL_NAME" + # wokeignore:rule=sanity + ignore_dir="$coll_dir/tests/sanity" + if [ ! -d "$ignore_dir" ]; then + mkdir -p "$ignore_dir" + fi + # wokeignore:rule=sanity + for file in .sanity-ansible-ignore-*.txt; do + if [ -f "$file" ]; then + # wokeignore:rule=sanity + cp "$file" "$ignore_dir/${file//*.sanity-ansible-}" + fi + done + - name: Run ansible-test + uses: ansible-community/ansible-test-gh-action@release/v1 + with: + testing-type: sanity # wokeignore:rule=sanity + collection-src-directory: .tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} diff --git a/.github/workflows/changelog_to_tag.yml b/.github/workflows/changelog_to_tag.yml index a08c91b..762f268 100644 --- a/.github/workflows/changelog_to_tag.yml +++ b/.github/workflows/changelog_to_tag.yml @@ -1,10 +1,10 @@ +--- # yamllint disable rule:line-length -name: Pushing CHANGELOG.md triggers tag, release, and Galaxy publish +name: Tag, release, and publish role based on CHANGELOG.md push on: # yamllint disable-line rule:truthy push: branches: - main - - master paths: - CHANGELOG.md env: @@ -13,8 +13,13 @@ jobs: tag_release_publish: runs-on: ubuntu-latest steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - name: checkout PR - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Get tag and message from the latest CHANGELOG.md commit id: tag run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..855d93b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,43 @@ +--- +name: CodeQL +on: # yamllint disable-line rule:truthy + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: 39 10 * * 0 +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [python] + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/tox.yml b/.github/workflows/python-unit-test.yml similarity index 50% rename from .github/workflows/tox.yml rename to .github/workflows/python-unit-test.yml index 8994fb1..71ff180 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/python-unit-test.yml @@ -1,34 +1,38 @@ +--- # yamllint disable rule:line-length -name: tox +name: Python Unit Tests on: # yamllint disable-line rule:truthy - - pull_request - - push + pull_request: + push: + branches: + - main + workflow_dispatch: env: - TOX_LSR: "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" - LSR_ANSIBLE_TEST_DOCKER: "true" - LSR_ANSIBLES: 'ansible==2.9.*' - LSR_MSCENARIOS: default - # LSR_EXTRA_PACKAGES: "libdbus-1-dev libgirepository1.0-dev python3-dev" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: python: strategy: matrix: pyver_os: - - ver: '2.7' + - ver: "2.7" os: ubuntu-20.04 - - ver: '3.6' + - ver: "3.6" os: ubuntu-20.04 - - ver: '3.8' + - ver: "3.8" os: ubuntu-latest - - ver: '3.9' + - ver: "3.9" os: ubuntu-latest - - ver: '3.10' + - ver: "3.10" os: ubuntu-latest - - ver: '3.11' + - ver: "3.11" os: ubuntu-latest runs-on: ${{ matrix.pyver_os.os }} steps: + - name: Update git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - name: checkout PR uses: actions/checkout@v3 - name: Set up Python @@ -39,28 +43,25 @@ jobs: run: | set -euxo pipefail python -m pip install --upgrade pip - sudo apt-get update - sudo apt-get install -y git - pip install "$TOX_LSR" - lsr_ci_preinstall - - name: Run tox tests + pip install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + # If you have additional OS dependency packages e.g. libcairo2-dev + # then put them in .github/config/ubuntu-requirements.txt, one + # package per line. + if [ -f .github/config/ubuntu-requirements.txt ]; then + sudo apt-get install -y $(cat .github/config/ubuntu-requirements.txt) + fi + - name: Run unit tests run: | set -euxo pipefail toxpyver=$(echo "${{ matrix.pyver_os.ver }}" | tr -d .) toxenvs="py${toxpyver}" + # NOTE: The use of flake8, pylint, black with specific + # python envs is arbitrary and must be changed in tox-lsr + # We really should either do those checks using the latest + # version of python, or in every version of python case "$toxpyver" in 27) toxenvs="${toxenvs},coveralls,flake8,pylint" ;; - 36) toxenvs="${toxenvs},coveralls,ensure_provider_tests,black,yamllint" ;; - 38) toxenvs="${toxenvs},coveralls,ansible-lint,ansible-plugin-scan,collection,ansible-test" ;; - 39) toxenvs="${toxenvs},coveralls,ansible-managed-var-comment" ;; - 310) toxenvs="${toxenvs},coveralls,check-meta-versions" ;; - 311) toxenvs="${toxenvs},coveralls" ;; + 36) toxenvs="${toxenvs},coveralls,black" ;; + *) toxenvs="${toxenvs},coveralls" ;; esac TOXENV="$toxenvs" lsr_ci_runtox - python-26: - runs-on: ubuntu-latest - steps: - - name: checkout PR - uses: actions/checkout@v2 - - name: Run py26 tests - uses: linux-system-roles/lsr-gh-action-py26@1.0.2 diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 0000000..351c204 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,29 @@ +--- +name: ShellCheck +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +env: + # some scripts source tox-lsr scripts - suppress that check + SHELLCHECK_OPTS: -e SC1091 +jobs: + shellcheck: + runs-on: ubuntu-latest + steps: + - name: Update git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Run ShellCheck + id: shellcheck_id + uses: ludeeus/action-shellcheck@master + - name: Show file paths scanned + run: | + echo Files scanned: + echo "${{ steps.shellcheck_id.outputs.files }}" diff --git a/.github/workflows/weekly_ci.yml b/.github/workflows/weekly_ci.yml index 7e188a8..ebf39d9 100644 --- a/.github/workflows/weekly_ci.yml +++ b/.github/workflows/weekly_ci.yml @@ -2,64 +2,69 @@ name: Weekly CI trigger on: # yamllint disable-line rule:truthy workflow_dispatch: + schedule: + - cron: 0 12 * * 6 env: - BRANCH_NAME: "weekly-ci" - COMMIT_MESSAGE: "Weekly CI check" + BRANCH_NAME: weekly-ci + COMMIT_MESSAGE: This PR is to trigger periodic CI testing + BODY_MESSAGE: >- + This PR is for the purpose of triggering periodic CI testing. + We don't currently have a way to trigger CI without a PR, + so this PR serves that purpose. COMMENT: "[citest]" jobs: weekly_ci: runs-on: ubuntu-latest steps: - - name: Delete the previous branch if exists - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const response = await github.rest.git.listMatchingRefs({ - owner: context.repo.owner, - repo: context.repo.repo, - branch: "heads/${{ env.BRANCH_NAME }}", - }); - for (ref in response.data){ - if (response.data[ref].ref == "refs/heads/${{ env.BRANCH_NAME }}"){ - console.log("deleting branch"); - console.log(response.data[ref]); - await github.rest.git.deleteRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: "heads/${{ env.BRANCH_NAME }}", - }); - } - } - + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Create and push empty commit run: | set -euxo pipefail + git config --global user.name "github-actions[bot]" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git checkout -b weekly-ci + git checkout ${{ env.BRANCH_NAME }} || git checkout -b ${{ env.BRANCH_NAME }} + git rebase main git commit --allow-empty -m "${{ env.COMMIT_MESSAGE }}" - git push --set-upstream origin ${{ env.BRANCH_NAME }} + git push -f --set-upstream origin ${{ env.BRANCH_NAME }} - name: Create and comment pull request uses: actions/github-script@v6 with: github-token: ${{ secrets.GH_PUSH_TOKEN }} script: | - const response = await github.rest.pulls.create({ + const head = [context.repo.owner, ":", "${{ env.BRANCH_NAME }}"].join(""); + const response = await github.rest.pulls.list({ owner: context.repo.owner, repo: context.repo.repo, - title: "${{ env.COMMIT_MESSAGE }}", - head: "${{ env.BRANCH_NAME }}", - base: context.ref + head: head, + base: context.ref, + state: "open" }); + if (response.data.length === 0) { + const response = await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: "${{ env.COMMIT_MESSAGE }}", + body: "${{ env.BODY_MESSAGE }}", + head: "${{ env.BRANCH_NAME }}", + base: context.ref, + draft: true + }); + var pr_number = response.data.number; + } else { + var pr_number = response.data[0].number; + } github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, - issue_number: response.data.number, + issue_number: pr_number, body: "${{ env.COMMENT }}", }); diff --git a/.yamllint.yml b/.yamllint.yml index fb57486..eb1b02a 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -1,50 +1,55 @@ # SPDX-License-Identifier: MIT --- extends: default -# possible customizations over the base yamllint config -# skip the yaml files in the /tests/ directory -# NOTE: If you want to customize `ignore` you'll have to -# copy in all of the config from .yamllint.yml, then -# add your own - so if you want to just add /tests/ to -# be ignored, you'll have to add the ignores from the base -# ignore: | -# /tests/ -# /.tox/ -# skip checking line length -# NOTE: the above does not apply to `rules` - you do not -# have to copy all of the rules from the base config -# rules: -# line-length: disable ignore: | + /.tox/ tests/roles/ - .tox/ rules: braces: - max-spaces-inside: 1 level: error + max-spaces-inside: 1 brackets: - max-spaces-inside: 1 level: error - truthy: disable + max-spaces-inside: 1 document-start: disable line-length: - ignore: | - /tests/tasks/setup_mock_wifi_wpa3_owe.yml + ignore: '/tests/tasks/setup_mock_wifi_wpa3_owe.yml + /tests/tasks/setup_mock_wifi_wpa3_sae.yml + /tests/tests_ethtool_coalesce_initscripts.yml + /tests/tests_ethtool_ring_initscripts.yml + /tests/tests_team_plugin_installation_nm.yml + /tests/tests_wireless_plugin_installation_nm.yml + /tests/tests_wireless_wpa3_owe_nm.yml + /tests/tasks/setup_mock_wifi_wpa3_owe.yml + /tests/tests_auto_gateway_initscripts.yml + /tests/tests_bond_deprecated_initscripts.yml + /tests/tests_ethtool_features_initscripts.yml + /tests/tests_wireless_wpa3_sae_nm.yml + /tests/tests_eth_pci_address_match_nm.yml + /tests/playbooks/tests_eth_pci_address_match.yml + /tests/tasks/setup_802_1x_server.yml + /tests/tests_bond_removal_initscripts.yml + /tests/tests_bond_cloned_mac_initscripts.yml + /tests/tests_bridge_cloned_mac_initscripts.yml + /tests/tests_bridge_cloned_mac_nm.yml + + ' + truthy: disable