summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/ack.yml10
-rw-r--r--.github/workflows/push.yml13
-rw-r--r--.github/workflows/redirects.yml33
-rw-r--r--.github/workflows/release.yml47
-rw-r--r--.github/workflows/tox.yml233
5 files changed, 336 insertions, 0 deletions
diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml
new file mode 100644
index 0000000..5e7b9f5
--- /dev/null
+++ b/.github/workflows/ack.yml
@@ -0,0 +1,10 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/ack.yml
+name: ack
+on:
+ pull_request_target:
+ types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+ ack:
+ uses: ansible/devtools/.github/workflows/ack.yml@main
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000..1a01af8
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,13 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/push.yml
+name: push
+on:
+ push:
+ branches:
+ - main
+ - "releases/**"
+ - "stable/**"
+
+jobs:
+ ack:
+ uses: ansible/devtools/.github/workflows/push.yml@main
diff --git a/.github/workflows/redirects.yml b/.github/workflows/redirects.yml
new file mode 100644
index 0000000..28a9a26
--- /dev/null
+++ b/.github/workflows/redirects.yml
@@ -0,0 +1,33 @@
+---
+# Sync RTD redirects
+name: redirects
+
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - docs/redirects.yml
+ - .github/workflows/redirects.yml
+
+ # Manually triggered using GitHub's UI
+ workflow_dispatch:
+
+jobs:
+ docs:
+ environment: release
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/setup-python@v4
+
+ - name: Upgrade Python toolchain
+ run: python3 -m pip install --upgrade pip setuptools wheel
+
+ - name: Install readthedocs-cli
+ run: python3 -m pip install readthedocs-cli
+
+ - name: Sync redirects
+ run: rtd projects ansible-lint redirects sync -f docs/redirects.yml --wet-run
+ env:
+ RTD_TOKEN: ${{ secrets.RTD_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..111f15f
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,47 @@
+---
+# cspell:ignore mislav
+name: release
+
+on:
+ release:
+ types: [published]
+
+jobs:
+ pypi:
+ name: Publish to PyPI registry
+ environment: release
+ runs-on: ubuntu-22.04
+
+ env:
+ FORCE_COLOR: 1
+ PY_COLORS: 1
+ TOXENV: pkg
+
+ steps:
+ - name: Switch to using Python 3.9 by default
+ uses: actions/setup-python@v4
+ with:
+ python-version: 3.9
+ - name: Install tox
+ run: python3 -m pip install --user "tox>=4.0.0"
+ - name: Check out src from Git
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0 # needed by setuptools-scm
+ submodules: true
+ - name: Build dists
+ run: python -m tox
+ - name: Publish to pypi.org
+ if: >- # "create" workflows run separately from "push" & "pull_request"
+ github.event_name == 'release'
+ uses: pypa/gh-action-pypi-publish@release/v1
+ with:
+ password: ${{ secrets.pypi_password }}
+
+ - name: Bump homebrew formula
+ uses: mislav/bump-homebrew-formula-action@v2
+ with:
+ # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
+ formula-name: ansible-lint
+ env:
+ COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
new file mode 100644
index 0000000..4fe6da7
--- /dev/null
+++ b/.github/workflows/tox.yml
@@ -0,0 +1,233 @@
+---
+name: tox
+
+on:
+ create: # is used for publishing to PyPI and TestPyPI
+ tags: # any tag regardless of its name, no branches
+ - "**"
+ push: # only publishes pushes to the main branch to TestPyPI
+ branches: # any integration branch but not tag
+ - "main"
+ pull_request:
+ branches:
+ - "main"
+ release:
+ types:
+ - published # It seems that you can publish directly without creating
+ schedule:
+ - cron: 1 0 * * * # Run daily at 0:01 UTC
+ # Run every Friday at 18:02 UTC
+ # https://crontab.guru/#2_18_*_*_5
+ # - cron: 2 18 * * 5
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+ cancel-in-progress: true
+
+env:
+ FORCE_COLOR: 1 # tox, pytest, ansible-lint
+ PY_COLORS: 1
+
+jobs:
+ pre:
+ name: pre
+ runs-on: ubuntu-22.04
+ outputs:
+ matrix: ${{ steps.generate_matrix.outputs.matrix }}
+ steps:
+ - name: Determine matrix
+ id: generate_matrix
+ uses: coactions/dynamic-matrix@v1
+ with:
+ min_python: "3.9"
+ max_python: "3.11"
+ other_names: |
+ lint
+ pkg,hook,docs
+ schemas
+ eco
+ py-devel
+ platforms: linux,macos
+
+ build:
+ name: ${{ matrix.name }}
+ runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
+ needs: pre
+ defaults:
+ run:
+ shell: ${{ matrix.shell || 'bash'}}
+ strategy:
+ fail-fast: false
+ matrix: ${{ fromJson(needs.pre.outputs.matrix) }}
+ # max-parallel: 5
+ # The matrix testing goal is to cover the *most likely* environments
+ # which are expected to be used by users in production. Avoid adding a
+ # combination unless there are good reasons to test it, like having
+ # proof that we failed to catch a bug by not running it. Using
+ # distribution should be preferred instead of custom builds.
+ env:
+ # vars safe to be passed to wsl:
+ WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
+ # Number of expected test passes, safety measure for accidental skip of
+ # tests. Update value if you add/remove tests.
+ PYTEST_REQPASS: 791
+
+ steps:
+ - name: Activate WSL1
+ if: "contains(matrix.shell, 'wsl')"
+ uses: Vampire/setup-wsl@v2
+
+ - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187
+ if: ${{ matrix.os == 'macOS-latest' }}
+ run: |
+ sudo sysctl -w net.link.generic.system.hwcksum_tx=0
+ sudo sysctl -w net.link.generic.system.hwcksum_rx=0
+
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0 # needed by setuptools-scm
+ submodules: true
+
+ - name: Set pre-commit cache
+ uses: actions/cache@v3
+ if: ${{ matrix.passed_name == 'lint' }}
+ with:
+ path: |
+ ~/.cache/pre-commit
+ key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
+
+ - name: Set galaxy cache
+ uses: actions/cache@v3
+ if: ${{ startsWith(matrix.passed_name, 'py') }}
+ with:
+ path: |
+ examples/playbooks/collections/*.tar.gz
+ examples/playbooks/collections/ansible_collections
+ key: galaxy-${{ hashFiles('examples/playbooks/collections/requirements.yml') }}
+
+ - name: Set up Python ${{ matrix.python_version || '3.9' }}
+ if: "!contains(matrix.shell, 'wsl')"
+ uses: actions/setup-python@v4
+ with:
+ cache: pip
+ python-version: ${{ matrix.python_version || '3.9' }}
+
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18
+ cache: "npm"
+ cache-dependency-path: test/schemas/package-lock.json
+
+ - name: Run ./tools/test-setup.sh
+ run: ./tools/test-setup.sh
+
+ - name: Install tox
+ run: |
+ python3 -m pip install --upgrade pip
+ python3 -m pip install --upgrade "tox>=4.0.0"
+
+ - name: Log installed dists
+ run: python3 -m pip freeze --all
+
+ - name: Initialize tox envs ${{ matrix.passed_name }}
+ run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
+ timeout-minutes: 5 # average is under 1, but macos can be over 3
+
+ # sequential run improves browsing experience (almost no speed impact)
+ - name: tox -e ${{ matrix.passed_name }}
+ run: python3 -m tox -e ${{ matrix.passed_name }}
+
+ - name: Combine coverage data
+ if: ${{ startsWith(matrix.passed_name, 'py') }}
+ # produce a single .coverage file at repo root
+ run: tox -e coverage
+
+ - name: Upload coverage data
+ if: ${{ startsWith(matrix.passed_name, 'py') }}
+ uses: codecov/codecov-action@v3
+ with:
+ name: ${{ matrix.passed_name }}
+ fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598
+ token: ${{ secrets.CODECOV_TOKEN }}
+ verbose: true # optional (default = false)
+
+ - name: Archive logs
+ uses: actions/upload-artifact@v3
+ with:
+ name: logs.zip
+ path: .tox/**/log/
+ # https://github.com/actions/upload-artifact/issues/123
+ continue-on-error: true
+
+ - name: Report failure if git reports dirty status
+ run: |
+ git checkout HEAD -- src/ansiblelint/schemas/__store__.json
+ if [[ -n $(git status -s) ]]; then
+ # shellcheck disable=SC2016
+ echo -n '::error file=git-status::'
+ printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
+ exit 99
+ fi
+ # https://github.com/actions/toolkit/issues/193
+ codeql:
+ name: codeql
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ["python"]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:${{matrix.language}}"
+
+ check: # This job does nothing and is only used for the branch protection
+ if: always()
+ permissions:
+ pull-requests: write # allow codenotify to comment on pull-request
+
+ needs:
+ - build
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Decide whether the needed jobs succeeded or failed
+ uses: re-actors/alls-green@release/v1
+ with:
+ jobs: ${{ toJSON(needs) }}
+
+ - name: Check out src from Git
+ uses: actions/checkout@v3
+
+ - name: Notify repository owners about lint change affecting them
+ uses: sourcegraph/codenotify@v0.6.4
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # https://github.com/sourcegraph/codenotify/issues/19
+ continue-on-error: true