diff options
Diffstat (limited to 'ansible_collections/community/hashi_vault/.github')
6 files changed, 122 insertions, 103 deletions
diff --git a/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/action.yml b/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/action.yml index 766067df7..d2503deaa 100644 --- a/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/action.yml +++ b/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/action.yml @@ -8,8 +8,7 @@ outputs: inputs: image: description: The docker image name. - required: false - default: vault + required: true num_major_versions: description: Number of unique major versions to return. required: false diff --git a/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/versions.py b/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/versions.py index 9d7fcea2d..d73680f8c 100755 --- a/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/versions.py +++ b/ansible_collections/community/hashi_vault/.github/actions/docker-image-versions/versions.py @@ -21,7 +21,7 @@ from warnings import warn from packaging import version -TAG_URI = 'https://registry.hub.docker.com/v2/repositories/library/%s/tags?page_size=1024' +TAG_URI = 'https://registry.hub.docker.com/v2/repositories/%s/%s/tags?page_size=1024' class WarningRetry(Retry): @@ -49,7 +49,7 @@ def main(argv): for opt, arg in opts: if opt == '--image': - image = arg + image = image_name = arg elif opt == '--num_major_versions': num_major_versions = int(arg) elif opt == '--num_minor_versions': @@ -64,7 +64,12 @@ def main(argv): if image is None: raise ValueError('image must be supplied.') - tag_url = TAG_URI % image + if '/' in image: + org, image_name = image.split('/') + else: + org = 'library' + + tag_url = TAG_URI % (org, image_name) sess = requests.Session() retry = WarningRetry(total=5, backoff_factor=0.2, respect_retry_after_header=False) @@ -112,7 +117,7 @@ def main(argv): keep.append(str(ver)) - with open(os.environ['GITHUB_OUTPUT'], 'a') as f: + with open(os.environ.get('GITHUB_OUTPUT', '/dev/stdout'), 'a') as f: f.write('versions=') json.dump(keep, f) diff --git a/ansible_collections/community/hashi_vault/.github/dependabot.yml b/ansible_collections/community/hashi_vault/.github/dependabot.yml new file mode 100644 index 000000000..969b36fe0 --- /dev/null +++ b/ansible_collections/community/hashi_vault/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/ansible_collections/community/hashi_vault/.github/workflows/ansible-builder.yml b/ansible_collections/community/hashi_vault/.github/workflows/ansible-builder.yml index 10aeb5c2d..a3a849c46 100644 --- a/ansible_collections/community/hashi_vault/.github/workflows/ansible-builder.yml +++ b/ansible_collections/community/hashi_vault/.github/workflows/ansible-builder.yml @@ -24,14 +24,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: + show-progress: false path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: 3.11 - name: Install ansible-builder run: pip install ansible-builder diff --git a/ansible_collections/community/hashi_vault/.github/workflows/ansible-test.yml b/ansible_collections/community/hashi_vault/.github/workflows/ansible-test.yml index 25857dadb..b1b079817 100644 --- a/ansible_collections/community/hashi_vault/.github/workflows/ansible-test.yml +++ b/ansible_collections/community/hashi_vault/.github/workflows/ansible-test.yml @@ -2,6 +2,8 @@ name: CI on: # Run CI against all pushes (direct commits, also merged PRs), Pull Requests push: + branches-ignore: + - 'dependabot/**' paths-ignore: - 'docs/**' - '.github/workflows/_shared-*' @@ -31,17 +33,16 @@ jobs: name: Sanity (Ⓐ${{ matrix.ansible }}) runs-on: ${{ matrix.runner }} strategy: + fail-fast: false matrix: runner: - ubuntu-latest test_container: - default ansible: - - stable-2.11 - - stable-2.12 - - stable-2.13 - stable-2.14 - stable-2.15 + - stable-2.16 - devel steps: @@ -55,22 +56,23 @@ jobs: TEST_INVOCATION="sanity --docker ${{ matrix.test_container }} -v --color ${{ github.event_name != 'schedule' && '--coverage' || '' }}" - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: + show-progress: false path: ${{ env.COLLECTION_PATH }} - name: Link to .github # easier access to local actions run: ln -s "${COLLECTION_PATH}/.github" .github - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: # it is just required to run that once as "ansible-test sanity" in the docker image # will run on all python versions it supports. - python-version: 3.9 + python-version: '3.11' # Install the head of the given branch (devel, stable-2.14) - - name: Install ansible-base (${{ matrix.ansible }}) + - name: Install ansible-core (${{ matrix.ansible }}) run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check - name: Pull Ansible test images @@ -95,7 +97,7 @@ jobs: - name: Upload ${{ github.job }} coverage reports if: ${{ github.event_name != 'schedule' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage=${{ github.job }}=ansible_${{ matrix.ansible }}=data path: ${{ env.COLLECTION_PATH }}/tests/output/reports/ @@ -107,19 +109,16 @@ jobs: runs-on: ${{ matrix.runner }} name: Units (Ⓐ${{ matrix.ansible }}) strategy: - # As soon as the first unit test fails, cancel the others to free up the CI queue - fail-fast: true + fail-fast: false matrix: runner: - ubuntu-latest test_container: - default ansible: - - stable-2.11 - - stable-2.12 - - stable-2.13 - stable-2.14 - stable-2.15 + - stable-2.16 - devel steps: @@ -131,21 +130,22 @@ jobs: TEST_INVOCATION="units --color --docker ${{ matrix.test_container }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}" - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: + show-progress: false path: ${{ env.COLLECTION_PATH }} - name: Link to .github # easier access to local actions run: ln -s "${COLLECTION_PATH}/.github" .github - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: # it is just required to run that once as "ansible-test units" in the docker image # will run on all python versions it supports. - python-version: 3.9 + python-version: '3.11' - - name: Install ansible-base (${{ matrix.ansible }}) + - name: Install ansible-core (${{ matrix.ansible }}) run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check - name: Pull Ansible test images @@ -168,7 +168,7 @@ jobs: - name: Upload ${{ github.job }} coverage reports if: ${{ github.event_name != 'schedule' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage=${{ github.job }}=ansible_${{ matrix.ansible }}=data path: ${{ env.COLLECTION_PATH }}/tests/output/reports/ @@ -182,7 +182,7 @@ jobs: integration: runs-on: ${{ matrix.runner }} - name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) + name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}+V[-${{ matrix.vault_minus }}]) strategy: fail-fast: false matrix: @@ -190,12 +190,13 @@ jobs: - ubuntu-latest test_container: - default + vault_minus: + - 0 + - 1 ansible: - - stable-2.11 - - stable-2.12 - - stable-2.13 - stable-2.14 - stable-2.15 + - stable-2.16 - devel python: - '3.6' @@ -204,29 +205,36 @@ jobs: - '3.9' - '3.10' - '3.11' + - '3.12' exclude: # https://docs.ansible.com/ansible/devel/installation_guide/intro_installation.html#control-node-requirements # https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix - - ansible: 'stable-2.11' - python: '3.10' - - ansible: 'stable-2.11' - python: '3.11' - - ansible: 'stable-2.12' - python: '3.11' - - ansible: 'stable-2.13' - python: '3.11' - - ansible: 'stable-2.15' + - ansible: 'devel' python: '3.6' - - ansible: 'stable-2.15' + - ansible: 'devel' python: '3.7' - - ansible: 'stable-2.15' + - ansible: 'devel' python: '3.8' - ansible: 'devel' + python: '3.9' + - ansible: 'stable-2.16' python: '3.6' - - ansible: 'devel' + - ansible: 'stable-2.16' python: '3.7' - - ansible: 'devel' + - ansible: 'stable-2.16' + python: '3.8' + - ansible: 'stable-2.16' + python: '3.9' + - ansible: 'stable-2.15' + python: '3.6' + - ansible: 'stable-2.15' + python: '3.7' + - ansible: 'stable-2.15' + python: '3.12' + - ansible: 'stable-2.15' python: '3.8' + - ansible: 'stable-2.14' + python: '3.12' steps: - name: Initialize env vars @@ -239,29 +247,36 @@ jobs: TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --python ${{ matrix.python }} --docker ${{ matrix.test_container }} ${{ github.event_name != 'schedule' && '--coverage' || '' }} --docker-network hashi_vault_default" - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: + show-progress: false path: ${{ env.COLLECTION_PATH }} - name: Link to .github # easier access to local actions run: ln -s "${COLLECTION_PATH}/.github" .github - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: '3.11' - name: Get Vault versions id: vault_versions uses: ./.github/actions/docker-image-versions with: + image: hashicorp/vault num_major_versions: 1 num_minor_versions: 2 num_micro_versions: 1 - - name: Install ansible-base (${{ matrix.ansible }}) + - name: Install ansible-core (${{ matrix.ansible }}) run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check + - name: Install community.postgresql + uses: ./.github/actions/collection-via-git + with: + collection: community.postgresql + - name: Pull Ansible test images timeout-minutes: 5 continue-on-error: true @@ -270,23 +285,10 @@ jobs: working-directory: ${{ env.COLLECTION_PATH }} ansible-test-invocation: ${{ env.TEST_INVOCATION }} - - name: Set Vault Version (older) + - name: Set Vault Version uses: briantist/ezenv@v1 with: - env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[1] }} - - - name: Prepare docker dependencies (Vault ${{ env.VAULT_VERSION }}) - run: ./setup.sh -e vault_version=${VAULT_VERSION} - working-directory: ${{ env.COLLECTION_INTEGRATION_TARGETS }}/setup_localenv_gha - - - name: Run integration test (Vault ${{ env.VAULT_VERSION }}) - run: ansible-test ${{ env.TEST_INVOCATION }} - working-directory: ${{ env.COLLECTION_PATH }} - - - name: Set Vault Version (newer) - uses: briantist/ezenv@v1 - with: - env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[0] }} + env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[matrix.vault_minus] }} - name: Prepare docker dependencies (Vault ${{ env.VAULT_VERSION }}) run: ./setup.sh -e vault_version=${VAULT_VERSION} @@ -304,9 +306,9 @@ jobs: - name: Upload ${{ github.job }} coverage reports if: ${{ github.event_name != 'schedule' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: coverage=${{ github.job }}=ansible_${{ matrix.ansible }}=${{ matrix.python }}=data + name: coverage=${{ github.job }}=ansible_${{ matrix.ansible }}=${{ matrix.python }}=vault_minus_${{ matrix.vault_minus }}=data path: ${{ env.COLLECTION_PATH }}/tests/output/reports/ if-no-files-found: error retention-days: 1 @@ -318,14 +320,22 @@ jobs: fail-fast: false matrix: ansible: - - stable-2.15 + - stable-2.16 - devel + delete_canaries: + - true + - false python: - - 3.9 + - '3.12' runner: - ubuntu-latest test_container: - default + exclude: + - ansible: devel + delete_canaries: false + - ansible: stable-2.16 + delete_canaries: true steps: - name: Initialize env vars @@ -338,19 +348,20 @@ jobs: DOCKER_TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --controller docker:${{ matrix.test_container }},python=${{ matrix.python }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}" - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: + show-progress: false path: ${{ env.COLLECTION_PATH }} - name: Link to .github # easier access to local actions run: ln -s "${COLLECTION_PATH}/.github" .github - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} - - name: Install ansible-base (${{ matrix.ansible }}) + - name: Install ansible-core (${{ matrix.ansible }}) run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check - name: Install community.crypto @@ -363,6 +374,11 @@ jobs: with: collection: community.docker + - name: Install community.postgresql + uses: ./.github/actions/collection-via-git + with: + collection: community.postgresql + - name: Pull Ansible test images timeout-minutes: 5 continue-on-error: true @@ -374,6 +390,10 @@ jobs: - name: localenv_docker - setup run: | pwd + pip install --upgrade pip setuptools build wheel + pip install "Cython<3.0" "pyyaml<6" --no-build-isolation + # ^ https://github.com/yaml/pyyaml/issues/601 + # ^ https://github.com/docker/compose/issues/10836 pip install -r files/requirements/requirements.txt -c files/requirements/constraints.txt ./setup.sh working-directory: ${{ env.COLLECTION_INTEGRATION_TARGETS }}/setup_localenv_docker @@ -383,13 +403,9 @@ jobs: ansible-test ${{ env.DOCKER_TEST_INVOCATION }} --docker-network hashi_vault_default working-directory: ${{ env.COLLECTION_PATH }} - - name: Run integration again (ensure tests do not break against still-running containers) - run: | - ansible-test ${{ env.DOCKER_TEST_INVOCATION }} --docker-network hashi_vault_default - working-directory: ${{ env.COLLECTION_PATH }} - #TODO add capability in the Ansible side once vault_list and vault_delete exist - - name: Run a third time, but delete Vault's cubbyhole contents first + - name: Delete Vault's cubbyhole contents (ensure test setup is idempotent) + if: matrix.delete_canaries working-directory: ${{ env.COLLECTION_PATH }} env: VAULT_TOKEN: 47542cbc-6bf8-4fba-8eda-02e0a0d29a0a @@ -398,8 +414,11 @@ jobs: echo 'vault list cubbyhole \ | tail -n +3 \ | xargs -I{} -n 1 vault delete cubbyhole/{}' \ - | docker run --rm --network hashi_vault_default -e VAULT_TOKEN -e VAULT_ADDR -i vault sh + | docker run --rm --network hashi_vault_default -e VAULT_TOKEN -e VAULT_ADDR -i hashicorp/vault sh + - name: Run integration again (ensure tests do not break against still-running containers) + working-directory: ${{ env.COLLECTION_PATH }} + run: | ansible-test ${{ env.DOCKER_TEST_INVOCATION }} --docker-network hashi_vault_default # ansible-test support producing code coverage data @@ -410,7 +429,7 @@ jobs: - name: Upload ${{ github.job }} coverage reports if: ${{ github.event_name != 'schedule' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage=${{ github.job }}=${{ matrix.runner }}=ansible_${{ matrix.ansible }}=${{ matrix.python }}=data path: ${{ env.COLLECTION_PATH }}/tests/output/reports/ @@ -430,31 +449,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + show-progress: false - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: path: ./cov - # Before Ansible 2.12, units always used a "target" of "units", and we don't want a flag of "target_units". - # After 2.12, target can be "controller" or "module_utils" and we'll preserve them for now. - # If we decide that those targets are not helpful, we can simplify processing by removing this run block - # and just having two ansible-codecov calls, one for units (that excludes target) and one for integration. - # That change would also make integration processing faster because we can hardcode the integration flag as an additional flag. - - name: Move Ansible pre-2.12 units - run: | - mkdir ./cov-units-pre2.12 - mv ./cov/coverage=units=ansible_stable-2.11=data ./cov-units-pre2.12 - - - name: Upload Ansible pre-2.12 unit coverage reports to Codecov - uses: ./.github/actions/ansible-codecov - with: - directory: ./cov-units-pre2.12 - additional-flags: units - file-flag-pattern: coverage=units=units={env_%}.xml - directory-flag-pattern: =ansible_{ansible-%}= - # See the reports at https://codecov.io/gh/ansible-collections/community.hashi_vault - name: Upload coverage reports to Codecov uses: ./.github/actions/ansible-codecov diff --git a/ansible_collections/community/hashi_vault/.github/workflows/github-release.yml b/ansible_collections/community/hashi_vault/.github/workflows/github-release.yml index 6fce7d2e6..4a2a2418e 100644 --- a/ansible_collections/community/hashi_vault/.github/workflows/github-release.yml +++ b/ansible_collections/community/hashi_vault/.github/workflows/github-release.yml @@ -15,18 +15,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + show-progress: false - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: 3.12 - name: Install PyYaml - run: pip install pyyaml + run: pip install pyyaml ansible-core - name: Validate version is published to Galaxy - run: curl --head -s -f -o /dev/null https://galaxy.ansible.com/download/community-hashi_vault-${{ github.event.inputs.version }}.tar.gz + run: ansible-galaxy collection download -vvv -p /tmp 'community.hashi_vault:==${{ github.event.inputs.version }}' - name: Build release description shell: python |