From 9ee0e98b775406201ffb936a24d45b66ddaaefa8 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Tue, 24 Jan 2023 18:09:42 -0700 Subject: [PATCH] Create separate github actions for various checks; get rid of monolithic tox.yml There are now separate github actions for the various tests, instead of all of them being done as part of the tox tests in tox.yml - ansible-lint, ansible-test, etc. Use the officially supported github actions e.g. for ansible-lint, ansible-test, rather than using our own from `tox-lsr` and trying to keep up with the latest changes. Developers will still be able to use `tox-lsr` on their local development environments to run these tests in the same way that they are run in github actions, so that errors found when submitting PRs can be reproduced and corrected locally without too many github UI roundtrips. Using separate github actions, and especially the official github actions which generally have support for in-line comments, should help greatly with readability and troubleshooting test results. Python tests are removed from roles that do not use python. Python tests are now done by python-unit-tests.yml which also does the black, flake8, and pylint tests. Signed-off-by: Rich Megginson --- .ansible-lint | 24 ++++--- .github/workflows/ansible-lint.yml | 33 +++++++++ .../workflows/ansible-managed-var-comment.yml | 28 ++++++++ .github/workflows/ansible-plugin-scan.yml | 28 ++++++++ .github/workflows/ansible-test.yml | 50 ++++++++++++++ .github/workflows/changelog_to_tag.yml | 11 ++- .github/workflows/codeql.yml | 43 ++++++++++++ .../{tox.yml => python-unit-test.yml} | 63 ++++++++--------- .github/workflows/shellcheck.yml | 29 ++++++++ .github/workflows/weekly_ci.yml | 69 ++++++++++--------- .yamllint.yml | 45 ++++++------ 11 files changed, 327 insertions(+), 96 deletions(-) create mode 100644 .github/workflows/ansible-lint.yml create mode 100644 .github/workflows/ansible-managed-var-comment.yml create mode 100644 .github/workflows/ansible-plugin-scan.yml create mode 100644 .github/workflows/ansible-test.yml create mode 100644 .github/workflows/codeql.yml rename .github/workflows/{tox.yml => python-unit-test.yml} (50%) create mode 100644 .github/workflows/shellcheck.yml diff --git a/.ansible-lint b/.ansible-lint index f7fda23..8823c1f 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,15 +1,8 @@ --- -skip_list: - - role-name - - fqcn-builtins -warn_list: - - load-failure # allow include_tasks with tasks/ directory -exclude_paths: - - tests/ - - tests/roles/ - - .github/ - - examples/roles/ +profile: production kinds: + - yaml: "**/meta/collection-requirements.yml" + - yaml: "**/tests/collection-requirements.yml" - playbook: "**/tests/tests_*.yml" - playbook: "**/tests/setup-snapshot.yml" - tasks: "**/tests/*.yml" @@ -18,3 +11,14 @@ kinds: - tasks: "**/tests/tasks/*/*.yml" - vars: "**/tests/vars/*.yml" - playbook: "**/examples/*.yml" +skip_list: + - fqcn-builtins +warn_list: + - load-failure +exclude_paths: + - tests/roles/ + - .github/ + - examples/roles/ + - tests/ +mock_roles: + - linux-system-roles.network diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..f0028ef --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,33 @@ +--- +name: Ansible Lint +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_lint: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Fix up role meta/main.yml namespace and name + run: | + set -euxo pipefail + mm=meta/main.yml + if [ -f "$mm" ]; then + if ! grep -q '^ *namespace:' "$mm"; then + sed "/galaxy_info:/a\ namespace: linux_system_roles" -i "$mm" + fi + if ! grep -q '^ *role_name:' "$mm"; then + sed "/galaxy_info:/a\ role_name: network" -i "$mm" + fi + fi + - name: Run ansible-lint + uses: ansible-community/ansible-lint-action@v6 diff --git a/.github/workflows/ansible-managed-var-comment.yml b/.github/workflows/ansible-managed-var-comment.yml new file mode 100644 index 0000000..7029c7c --- /dev/null +++ b/.github/workflows/ansible-managed-var-comment.yml @@ -0,0 +1,28 @@ +--- +name: Check for ansible_managed variable use in comments +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_managed_var_comment: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Run ansible-plugin-scan + run: | + set -euxo pipefail + TOXENV=ansible-managed-var-comment lsr_ci_runtox diff --git a/.github/workflows/ansible-plugin-scan.yml b/.github/workflows/ansible-plugin-scan.yml new file mode 100644 index 0000000..9883193 --- /dev/null +++ b/.github/workflows/ansible-plugin-scan.yml @@ -0,0 +1,28 @@ +--- +name: Ansible Plugin Scan +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +jobs: + ansible_plugin_scan: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Run ansible-plugin-scan + run: | + set -euxo pipefail + TOXENV=ansible-plugin-scan lsr_ci_runtox diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml new file mode 100644 index 0000000..e2ffaef --- /dev/null +++ b/.github/workflows/ansible-test.yml @@ -0,0 +1,50 @@ +--- +name: Ansible Test +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +env: + LSR_ROLE2COLL_NAMESPACE: fedora + LSR_ROLE2COLL_NAME: linux_system_roles +jobs: + ansible_test: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + python3 -m pip install --upgrade pip + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Install tox, tox-lsr + run: | + set -euxo pipefail + pip3 install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + - name: Convert role to collection format + run: | + set -euxo pipefail + TOXENV=collection lsr_ci_runtox + # copy the ignore files + coll_dir=".tox/ansible_collections/$LSR_ROLE2COLL_NAMESPACE/$LSR_ROLE2COLL_NAME" + # wokeignore:rule=sanity + ignore_dir="$coll_dir/tests/sanity" + if [ ! -d "$ignore_dir" ]; then + mkdir -p "$ignore_dir" + fi + # wokeignore:rule=sanity + for file in .sanity-ansible-ignore-*.txt; do + if [ -f "$file" ]; then + # wokeignore:rule=sanity + cp "$file" "$ignore_dir/${file//*.sanity-ansible-}" + fi + done + - name: Run ansible-test + uses: ansible-community/ansible-test-gh-action@release/v1 + with: + testing-type: sanity # wokeignore:rule=sanity + collection-src-directory: .tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} diff --git a/.github/workflows/changelog_to_tag.yml b/.github/workflows/changelog_to_tag.yml index a08c91b..762f268 100644 --- a/.github/workflows/changelog_to_tag.yml +++ b/.github/workflows/changelog_to_tag.yml @@ -1,10 +1,10 @@ +--- # yamllint disable rule:line-length -name: Pushing CHANGELOG.md triggers tag, release, and Galaxy publish +name: Tag, release, and publish role based on CHANGELOG.md push on: # yamllint disable-line rule:truthy push: branches: - main - - master paths: - CHANGELOG.md env: @@ -13,8 +13,13 @@ jobs: tag_release_publish: runs-on: ubuntu-latest steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - name: checkout PR - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Get tag and message from the latest CHANGELOG.md commit id: tag run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..855d93b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,43 @@ +--- +name: CodeQL +on: # yamllint disable-line rule:truthy + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: 39 10 * * 0 +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [python] + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/tox.yml b/.github/workflows/python-unit-test.yml similarity index 50% rename from .github/workflows/tox.yml rename to .github/workflows/python-unit-test.yml index 8994fb1..71ff180 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/python-unit-test.yml @@ -1,34 +1,38 @@ +--- # yamllint disable rule:line-length -name: tox +name: Python Unit Tests on: # yamllint disable-line rule:truthy - - pull_request - - push + pull_request: + push: + branches: + - main + workflow_dispatch: env: - TOX_LSR: "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" - LSR_ANSIBLE_TEST_DOCKER: "true" - LSR_ANSIBLES: 'ansible==2.9.*' - LSR_MSCENARIOS: default - # LSR_EXTRA_PACKAGES: "libdbus-1-dev libgirepository1.0-dev python3-dev" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: python: strategy: matrix: pyver_os: - - ver: '2.7' + - ver: "2.7" os: ubuntu-20.04 - - ver: '3.6' + - ver: "3.6" os: ubuntu-20.04 - - ver: '3.8' + - ver: "3.8" os: ubuntu-latest - - ver: '3.9' + - ver: "3.9" os: ubuntu-latest - - ver: '3.10' + - ver: "3.10" os: ubuntu-latest - - ver: '3.11' + - ver: "3.11" os: ubuntu-latest runs-on: ${{ matrix.pyver_os.os }} steps: + - name: Update git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - name: checkout PR uses: actions/checkout@v3 - name: Set up Python @@ -39,28 +43,25 @@ jobs: run: | set -euxo pipefail python -m pip install --upgrade pip - sudo apt-get update - sudo apt-get install -y git - pip install "$TOX_LSR" - lsr_ci_preinstall - - name: Run tox tests + pip install "git+https://github.com/linux-system-roles/tox-lsr@2.13.1" + # If you have additional OS dependency packages e.g. libcairo2-dev + # then put them in .github/config/ubuntu-requirements.txt, one + # package per line. + if [ -f .github/config/ubuntu-requirements.txt ]; then + sudo apt-get install -y $(cat .github/config/ubuntu-requirements.txt) + fi + - name: Run unit tests run: | set -euxo pipefail toxpyver=$(echo "${{ matrix.pyver_os.ver }}" | tr -d .) toxenvs="py${toxpyver}" + # NOTE: The use of flake8, pylint, black with specific + # python envs is arbitrary and must be changed in tox-lsr + # We really should either do those checks using the latest + # version of python, or in every version of python case "$toxpyver" in 27) toxenvs="${toxenvs},coveralls,flake8,pylint" ;; - 36) toxenvs="${toxenvs},coveralls,ensure_provider_tests,black,yamllint" ;; - 38) toxenvs="${toxenvs},coveralls,ansible-lint,ansible-plugin-scan,collection,ansible-test" ;; - 39) toxenvs="${toxenvs},coveralls,ansible-managed-var-comment" ;; - 310) toxenvs="${toxenvs},coveralls,check-meta-versions" ;; - 311) toxenvs="${toxenvs},coveralls" ;; + 36) toxenvs="${toxenvs},coveralls,black" ;; + *) toxenvs="${toxenvs},coveralls" ;; esac TOXENV="$toxenvs" lsr_ci_runtox - python-26: - runs-on: ubuntu-latest - steps: - - name: checkout PR - uses: actions/checkout@v2 - - name: Run py26 tests - uses: linux-system-roles/lsr-gh-action-py26@1.0.2 diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 0000000..351c204 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,29 @@ +--- +name: ShellCheck +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + workflow_dispatch: +env: + # some scripts source tox-lsr scripts - suppress that check + SHELLCHECK_OPTS: -e SC1091 +jobs: + shellcheck: + runs-on: ubuntu-latest + steps: + - name: Update git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git + - name: Checkout repo + uses: actions/checkout@v3 + - name: Run ShellCheck + id: shellcheck_id + uses: ludeeus/action-shellcheck@master + - name: Show file paths scanned + run: | + echo Files scanned: + echo "${{ steps.shellcheck_id.outputs.files }}" diff --git a/.github/workflows/weekly_ci.yml b/.github/workflows/weekly_ci.yml index 7e188a8..ebf39d9 100644 --- a/.github/workflows/weekly_ci.yml +++ b/.github/workflows/weekly_ci.yml @@ -2,64 +2,69 @@ name: Weekly CI trigger on: # yamllint disable-line rule:truthy workflow_dispatch: + schedule: + - cron: 0 12 * * 6 env: - BRANCH_NAME: "weekly-ci" - COMMIT_MESSAGE: "Weekly CI check" + BRANCH_NAME: weekly-ci + COMMIT_MESSAGE: This PR is to trigger periodic CI testing + BODY_MESSAGE: >- + This PR is for the purpose of triggering periodic CI testing. + We don't currently have a way to trigger CI without a PR, + so this PR serves that purpose. COMMENT: "[citest]" jobs: weekly_ci: runs-on: ubuntu-latest steps: - - name: Delete the previous branch if exists - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const response = await github.rest.git.listMatchingRefs({ - owner: context.repo.owner, - repo: context.repo.repo, - branch: "heads/${{ env.BRANCH_NAME }}", - }); - for (ref in response.data){ - if (response.data[ref].ref == "refs/heads/${{ env.BRANCH_NAME }}"){ - console.log("deleting branch"); - console.log(response.data[ref]); - await github.rest.git.deleteRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: "heads/${{ env.BRANCH_NAME }}", - }); - } - } - + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install -y git - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Create and push empty commit run: | set -euxo pipefail + git config --global user.name "github-actions[bot]" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git checkout -b weekly-ci + git checkout ${{ env.BRANCH_NAME }} || git checkout -b ${{ env.BRANCH_NAME }} + git rebase main git commit --allow-empty -m "${{ env.COMMIT_MESSAGE }}" - git push --set-upstream origin ${{ env.BRANCH_NAME }} + git push -f --set-upstream origin ${{ env.BRANCH_NAME }} - name: Create and comment pull request uses: actions/github-script@v6 with: github-token: ${{ secrets.GH_PUSH_TOKEN }} script: | - const response = await github.rest.pulls.create({ + const head = [context.repo.owner, ":", "${{ env.BRANCH_NAME }}"].join(""); + const response = await github.rest.pulls.list({ owner: context.repo.owner, repo: context.repo.repo, - title: "${{ env.COMMIT_MESSAGE }}", - head: "${{ env.BRANCH_NAME }}", - base: context.ref + head: head, + base: context.ref, + state: "open" }); + if (response.data.length === 0) { + const response = await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: "${{ env.COMMIT_MESSAGE }}", + body: "${{ env.BODY_MESSAGE }}", + head: "${{ env.BRANCH_NAME }}", + base: context.ref, + draft: true + }); + var pr_number = response.data.number; + } else { + var pr_number = response.data[0].number; + } github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, - issue_number: response.data.number, + issue_number: pr_number, body: "${{ env.COMMENT }}", }); diff --git a/.yamllint.yml b/.yamllint.yml index fb57486..eb1b02a 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -1,50 +1,55 @@ # SPDX-License-Identifier: MIT --- extends: default -# possible customizations over the base yamllint config -# skip the yaml files in the /tests/ directory -# NOTE: If you want to customize `ignore` you'll have to -# copy in all of the config from .yamllint.yml, then -# add your own - so if you want to just add /tests/ to -# be ignored, you'll have to add the ignores from the base -# ignore: | -# /tests/ -# /.tox/ -# skip checking line length -# NOTE: the above does not apply to `rules` - you do not -# have to copy all of the rules from the base config -# rules: -# line-length: disable ignore: | + /.tox/ tests/roles/ - .tox/ rules: braces: - max-spaces-inside: 1 level: error + max-spaces-inside: 1 brackets: - max-spaces-inside: 1 level: error - truthy: disable + max-spaces-inside: 1 document-start: disable line-length: - ignore: | - /tests/tasks/setup_mock_wifi_wpa3_owe.yml + ignore: '/tests/tasks/setup_mock_wifi_wpa3_owe.yml + /tests/tasks/setup_mock_wifi_wpa3_sae.yml + /tests/tests_ethtool_coalesce_initscripts.yml + /tests/tests_ethtool_ring_initscripts.yml + /tests/tests_team_plugin_installation_nm.yml + /tests/tests_wireless_plugin_installation_nm.yml + /tests/tests_wireless_wpa3_owe_nm.yml + /tests/tasks/setup_mock_wifi_wpa3_owe.yml + /tests/tests_auto_gateway_initscripts.yml + /tests/tests_bond_deprecated_initscripts.yml + /tests/tests_ethtool_features_initscripts.yml + /tests/tests_wireless_wpa3_sae_nm.yml + /tests/tests_eth_pci_address_match_nm.yml + /tests/playbooks/tests_eth_pci_address_match.yml + /tests/tasks/setup_802_1x_server.yml + /tests/tests_bond_removal_initscripts.yml + /tests/tests_bond_cloned_mac_initscripts.yml + /tests/tests_bridge_cloned_mac_initscripts.yml + /tests/tests_bridge_cloned_mac_nm.yml + + ' + truthy: disable