diff options
Diffstat (limited to 'ansible_collections/community/crypto/.github')
7 files changed, 610 insertions, 0 deletions
diff --git a/ansible_collections/community/crypto/.github/dependabot.yml b/ansible_collections/community/crypto/.github/dependabot.yml new file mode 100644 index 000000000..2f4ff900d --- /dev/null +++ b/ansible_collections/community/crypto/.github/dependabot.yml @@ -0,0 +1,11 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/ansible_collections/community/crypto/.github/patchback.yml b/ansible_collections/community/crypto/.github/patchback.yml new file mode 100644 index 000000000..5ee7812ed --- /dev/null +++ b/ansible_collections/community/crypto/.github/patchback.yml @@ -0,0 +1,9 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +backport_branch_prefix: patchback/backports/ +backport_label_prefix: backport- +target_branch_prefix: stable- +... diff --git a/ansible_collections/community/crypto/.github/workflows/ansible-test.yml b/ansible_collections/community/crypto/.github/workflows/ansible-test.yml new file mode 100644 index 000000000..325dc5275 --- /dev/null +++ b/ansible_collections/community/crypto/.github/workflows/ansible-test.yml @@ -0,0 +1,227 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# For the comprehensive list of the inputs supported by the ansible-community/ansible-test-gh-action GitHub Action, see +# https://github.com/marketplace/actions/ansible-test + +name: EOL CI +on: + # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests + push: + branches: + - main + - stable-* + pull_request: + # Run EOL CI once per day (at 09:00 UTC) + schedule: + - cron: '0 9 * * *' + +concurrency: + # Make sure there is at most one active run per PR, but do not cancel any non-PR runs + group: ${{ github.workflow }}-${{ (github.head_ref && github.event.number) || github.run_id }} + cancel-in-progress: true + +jobs: + sanity: + name: EOL Sanity (Ⓐ${{ matrix.ansible }}) + strategy: + matrix: + ansible: + - '2.9' + - '2.10' + - '2.11' + - '2.12' + # Ansible-test on various stable branches does not yet work well with cgroups v2. + # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 + # image for these stable branches. The list of branches where this is necessary will + # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28 + # for the latest list. + runs-on: >- + ${{ contains(fromJson( + '["2.9", "2.10", "2.11"]' + ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }} + steps: + - name: Perform sanity testing + uses: felixfontein/ansible-test-gh-action@main + with: + ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }} + ansible-core-version: stable-${{ matrix.ansible }} + coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} + pull-request-change-detection: 'true' + testing-type: sanity + + units: + # Ansible-test on various stable branches does not yet work well with cgroups v2. + # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 + # image for these stable branches. The list of branches where this is necessary will + # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28 + # for the latest list. + runs-on: >- + ${{ contains(fromJson( + '["2.9", "2.10", "2.11"]' + ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }} + name: EOL Units (Ⓐ${{ matrix.ansible }}) + strategy: + # As soon as the first unit test fails, cancel the others to free up the CI queue + fail-fast: true + matrix: + ansible: + - '2.9' + - '2.10' + - '2.11' + - '2.12' + + steps: + - name: >- + Perform unit testing against + Ansible version ${{ matrix.ansible }} + uses: felixfontein/ansible-test-gh-action@main + with: + ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }} + ansible-core-version: stable-${{ matrix.ansible }} + coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} + pull-request-change-detection: 'true' + testing-type: units + + integration: + # Ansible-test on various stable branches does not yet work well with cgroups v2. + # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 + # image for these stable branches. The list of branches where this is necessary will + # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28 + # for the latest list. + runs-on: >- + ${{ contains(fromJson( + '["2.9", "2.10", "2.11"]' + ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }} + name: EOL I (Ⓐ${{ matrix.ansible }}+${{ matrix.docker }}+py${{ matrix.python }}:${{ matrix.target }}) + strategy: + fail-fast: false + matrix: + ansible: + - '' + docker: + - '' + python: + - '' + target: + - '' + exclude: + - ansible: '' + include: + # 2.9 + - ansible: '2.9' + docker: fedora31 + python: '' + target: azp/posix/1/ + - ansible: '2.9' + docker: fedora31 + python: '' + target: azp/posix/2/ + - ansible: '2.9' + docker: ubuntu1804 + python: '' + target: azp/posix/1/ + - ansible: '2.9' + docker: ubuntu1804 + python: '' + target: azp/posix/2/ + - ansible: '2.9' + docker: default + python: '2.7' + target: azp/generic/1/ + - ansible: '2.9' + docker: default + python: '2.7' + target: azp/generic/2/ + # 2.10 + - ansible: '2.10' + docker: centos6 + python: '' + target: azp/posix/1/ + - ansible: '2.10' + docker: centos6 + python: '' + target: azp/posix/2/ + - ansible: '2.10' + docker: default + python: '3.6' + target: azp/generic/1/ + - ansible: '2.10' + docker: default + python: '3.6' + target: azp/generic/2/ + # 2.11 + - ansible: '2.11' + docker: fedora32 + python: '' + target: azp/posix/1/ + - ansible: '2.11' + docker: fedora32 + python: '' + target: azp/posix/2/ + - ansible: '2.11' + docker: alpine3 + python: '' + target: azp/posix/1/ + - ansible: '2.11' + docker: alpine3 + python: '' + target: azp/posix/2/ + - ansible: '2.11' + docker: default + python: '3.8' + target: azp/generic/1/ + - ansible: '2.11' + docker: default + python: '3.8' + target: azp/generic/2/ + # 2.12 + - ansible: '2.12' + docker: centos6 + python: '' + target: azp/posix/1/ + - ansible: '2.12' + docker: centos6 + python: '' + target: azp/posix/2/ + - ansible: '2.12' + docker: fedora33 + python: '' + target: azp/posix/1/ + - ansible: '2.12' + docker: fedora33 + python: '' + target: azp/posix/2/ + - ansible: '2.12' + docker: default + python: '2.6' + target: azp/generic/1/ + - ansible: '2.12' + docker: default + python: '3.9' + target: azp/generic/2/ + + steps: + - name: >- + Perform integration testing against + Ansible version ${{ matrix.ansible }} + under Python ${{ matrix.python }} + uses: felixfontein/ansible-test-gh-action@main + with: + ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }} + ansible-core-version: stable-${{ matrix.ansible }} + coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} + docker-image: ${{ matrix.docker }} + integration-continue-on-error: 'false' + integration-diff: 'false' + integration-retry-on-error: 'true' + pre-test-cmd: >- + git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools + ; + git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general + pull-request-change-detection: 'true' + target: ${{ matrix.target }} + target-python-version: ${{ matrix.python }} + testing-type: integration diff --git a/ansible_collections/community/crypto/.github/workflows/docs-pr.yml b/ansible_collections/community/crypto/.github/workflows/docs-pr.yml new file mode 100644 index 000000000..e55c30a63 --- /dev/null +++ b/ansible_collections/community/crypto/.github/workflows/docs-pr.yml @@ -0,0 +1,92 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +name: Collection Docs +concurrency: + group: docs-pr-${{ github.head_ref }} + cancel-in-progress: true +on: + pull_request_target: + types: [opened, synchronize, reopened, closed] + +env: + GHP_BASE_URL: https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }} + +jobs: + build-docs: + permissions: + contents: read + name: Build Ansible Docs + uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-pr.yml@main + with: + collection-name: community.crypto + init-lenient: false + init-fail-on-error: true + squash-hierarchy: true + init-project: Community.Crypto Collection + init-copyright: Community.Crypto Contributors + init-title: Community.Crypto Collection Documentation + init-html-short-title: Community.Crypto Collection Docs + init-extra-html-theme-options: | + documentation_home_url=https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/branch/main/ + render-file-line: '> * `$<status>` [$<path_tail>](https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/pr/${{ github.event.number }}/$<path_tail>)' + + publish-docs-gh-pages: + # for now we won't run this on forks + if: github.repository == 'ansible-collections/community.crypto' + permissions: + contents: write + needs: [build-docs] + name: Publish Ansible Docs + uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-publish-gh-pages.yml@main + with: + artifact-name: ${{ needs.build-docs.outputs.artifact-name }} + action: ${{ (github.event.action == 'closed' || needs.build-docs.outputs.changed != 'true') && 'teardown' || 'publish' }} + secrets: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + comment: + permissions: + pull-requests: write + runs-on: ubuntu-latest + needs: [build-docs, publish-docs-gh-pages] + name: PR comments + steps: + - name: PR comment + uses: ansible-community/github-docs-build/actions/ansible-docs-build-comment@main + with: + body-includes: '## Docs Build' + reactions: heart + action: ${{ needs.build-docs.outputs.changed != 'true' && 'remove' || '' }} + on-closed-body: | + ## Docs Build 📝 + + This PR is closed and any previously published docsite has been unpublished. + on-merged-body: | + ## Docs Build 📝 + + Thank you for contribution!✨ + + This PR has been merged and the docs are now incorporated into `main`: + ${{ env.GHP_BASE_URL }}/branch/main + body: | + ## Docs Build 📝 + + Thank you for contribution!✨ + + The docs for **this PR** have been published here: + ${{ env.GHP_BASE_URL }}/pr/${{ github.event.number }} + + You can compare to the docs for the `main` branch here: + ${{ env.GHP_BASE_URL }}/branch/main + + The docsite for **this PR** is also available for download as an artifact from this run: + ${{ needs.build-docs.outputs.artifact-url }} + + File changes: + + ${{ needs.build-docs.outputs.diff-files-rendered }} + + ${{ needs.build-docs.outputs.diff-rendered }} diff --git a/ansible_collections/community/crypto/.github/workflows/docs-push.yml b/ansible_collections/community/crypto/.github/workflows/docs-push.yml new file mode 100644 index 000000000..2c798c781 --- /dev/null +++ b/ansible_collections/community/crypto/.github/workflows/docs-push.yml @@ -0,0 +1,52 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +name: Collection Docs +concurrency: + group: docs-push-${{ github.sha }} + cancel-in-progress: true +on: + push: + branches: + - main + - stable-* + tags: + - '*' + # Run CI once per day (at 09:00 UTC) + schedule: + - cron: '0 9 * * *' + # Allow manual trigger (for newer antsibull-docs, sphinx-ansible-theme, ... versions) + workflow_dispatch: + +jobs: + build-docs: + permissions: + contents: read + name: Build Ansible Docs + uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-push.yml@main + with: + collection-name: community.crypto + init-lenient: false + init-fail-on-error: true + squash-hierarchy: true + init-project: Community.Crypto Collection + init-copyright: Community.Crypto Contributors + init-title: Community.Crypto Collection Documentation + init-html-short-title: Community.Crypto Collection Docs + init-extra-html-theme-options: | + documentation_home_url=https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/branch/main/ + + publish-docs-gh-pages: + # for now we won't run this on forks + if: github.repository == 'ansible-collections/community.crypto' + permissions: + contents: write + needs: [build-docs] + name: Publish Ansible Docs + uses: ansible-community/github-docs-build/.github/workflows/_shared-docs-build-publish-gh-pages.yml@main + with: + artifact-name: ${{ needs.build-docs.outputs.artifact-name }} + secrets: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/ansible_collections/community/crypto/.github/workflows/ee.yml b/ansible_collections/community/crypto/.github/workflows/ee.yml new file mode 100644 index 000000000..edd4d047b --- /dev/null +++ b/ansible_collections/community/crypto/.github/workflows/ee.yml @@ -0,0 +1,185 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +name: execution environment +on: + # Run CI against all pushes (direct commits, also merged PRs), Pull Requests + push: + branches: + - main + - stable-* + pull_request: + # Run CI once per day (at 04:45 UTC) + # This ensures that even if there haven't been commits that we are still testing against latest version of ansible-builder + schedule: + - cron: '45 4 * * *' + +env: + NAMESPACE: community + COLLECTION_NAME: crypto + +jobs: + build: + name: Build and test EE (${{ matrix.name }}) + strategy: + fail-fast: false + matrix: + name: + - '' + ansible_core: + - '' + ansible_runner: + - '' + base_image: + - '' + pre_base: + - '' + extra_vars: + - '' + other_deps: + - '' + exclude: + - ansible_core: '' + include: + - name: ansible-core devel @ RHEL UBI 9 + ansible_core: https://github.com/ansible/ansible/archive/devel.tar.gz + ansible_runner: ansible-runner + base_image: docker.io/redhat/ubi9:latest + pre_base: '"#"' + # For some reason ansible-builder will not install EPEL dependencies on RHEL + extra_vars: -e has_no_pyopenssl=true + - name: ansible-core 2.15 @ Rocky Linux 9 + ansible_core: https://github.com/ansible/ansible/archive/stable-2.15.tar.gz + ansible_runner: ansible-runner + base_image: quay.io/rockylinux/rockylinux:9 + pre_base: RUN dnf install -y epel-release + # For some reason ansible-builder will not install EPEL dependencies on Rocky Linux + extra_vars: -e has_no_pyopenssl=true + - name: ansible-core 2.14 @ CentOS Stream 9 + ansible_core: https://github.com/ansible/ansible/archive/stable-2.14.tar.gz + ansible_runner: ansible-runner + base_image: quay.io/centos/centos:stream9 + pre_base: RUN dnf install -y epel-release epel-next-release + # For some reason, PyOpenSSL is **broken** on CentOS Stream 9 / EPEL + extra_vars: -e has_no_pyopenssl=true + - name: ansible-core 2.13 @ RHEL UBI 8 + ansible_core: https://github.com/ansible/ansible/archive/stable-2.13.tar.gz + ansible_runner: ansible-runner + other_deps: |2 + python_interpreter: + package_system: python39 python39-pip python39-wheel python39-cryptography + base_image: docker.io/redhat/ubi8:latest + pre_base: '"#"' + # We don't have PyOpenSSL for Python 3.9 + extra_vars: -e has_no_pyopenssl=true + - name: ansible-core 2.12 @ CentOS Stream 8 + ansible_core: https://github.com/ansible/ansible/archive/stable-2.12.tar.gz + ansible_runner: ansible-runner + other_deps: |2 + python_interpreter: + package_system: python39 python39-pip python39-wheel python39-cryptography + base_image: quay.io/centos/centos:stream8 + pre_base: '"#"' + # We don't have PyOpenSSL for Python 3.9 + extra_vars: -e has_no_pyopenssl=true + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Install ansible-builder and ansible-navigator + run: pip install ansible-builder ansible-navigator + + - name: Verify requirements + run: ansible-builder introspect --sanitize . + + - name: Make sure galaxy.yml has version entry + run: >- + python -c + 'import yaml ; + f = open("galaxy.yml", "rb") ; + data = yaml.safe_load(f) ; + f.close() ; + data["version"] = data.get("version") or "0.0.1" ; + f = open("galaxy.yml", "wb") ; + f.write(yaml.dump(data).encode("utf-8")) ; + f.close() ; + ' + working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} + + - name: Build collection + run: | + ansible-galaxy collection build --output-path ../../../ + working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} + + - name: Create files for building execution environment + run: | + COLLECTION_FILENAME="$(ls "${{ env.NAMESPACE }}-${{ env.COLLECTION_NAME }}"-*.tar.gz)" + + # EE config + cat > execution-environment.yml <<EOF + --- + version: 3 + dependencies: + ansible_core: + package_pip: ${{ matrix.ansible_core }} + ansible_runner: + package_pip: ${{ matrix.ansible_runner }} + galaxy: requirements.yml + ${{ matrix.other_deps }} + + images: + base_image: + name: ${{ matrix.base_image }} + + additional_build_files: + - src: ${COLLECTION_FILENAME} + dest: src + + additional_build_steps: + prepend_base: + - ${{ matrix.pre_base }} + EOF + echo "::group::execution-environment.yml" + cat execution-environment.yml + echo "::endgroup::" + + # Requirements + cat > requirements.yml <<EOF + --- + collections: + - name: src/${COLLECTION_FILENAME} + type: file + EOF + echo "::group::requirements.yml" + cat requirements.yml + echo "::endgroup::" + + - name: Build image based on ${{ matrix.base_image }} + run: | + ansible-builder build --verbosity 3 --tag test-ee:latest --container-runtime podman + + - name: Show images + run: podman image ls + + - name: Run basic tests + run: > + ansible-navigator run + --mode stdout + --container-engine podman + --pull-policy never + --set-environment-variable ANSIBLE_PRIVATE_ROLE_VARS=true + --execution-environment-image test-ee:latest + -v + all.yml + ${{ matrix.extra_vars }} + working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}/tests/ee diff --git a/ansible_collections/community/crypto/.github/workflows/reuse.yml b/ansible_collections/community/crypto/.github/workflows/reuse.yml new file mode 100644 index 000000000..3b01cd8ac --- /dev/null +++ b/ansible_collections/community/crypto/.github/workflows/reuse.yml @@ -0,0 +1,34 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +name: Verify REUSE + +on: + push: + branches: [main] + pull_request: + branches: [main] + # Run CI once per day (at 04:45 UTC) + schedule: + - cron: '45 4 * * *' + +jobs: + check: + permissions: + contents: read + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Install dependencies + run: | + pip install reuse + + - name: Check REUSE compliance (except some PEM files) + run: | + rm -f tests/integration/targets/*/files/*.pem + rm -f tests/integration/targets/*/files/roots/*.pem + reuse lint |