From 6e3b47d7328eb8b6949a96e697f8cb1ad51e09e7 Mon Sep 17 00:00:00 2001 From: Webster Mudge Date: Wed, 1 Feb 2023 14:51:29 -0500 Subject: [PATCH] Pull Request workflow and ansible-builder support (#104) * Add PR validation workflows * Add support to ansible-builder * Increment collection to 3.4.1 and clean up Signed-off-by: Webster Mudge --- .github/workflows/label_pr.yml | 68 +++++++++++++++++++++++++ .github/workflows/reset_pr.yml | 39 +++++++++++++++ .github/workflows/validate_pr.yml | 83 +++++++++++++++++++++++++++++++ bindep.txt | 20 ++++++++ builder/requirements.yml | 26 ++++++++++ galaxy.yml | 48 ++---------------- requirements.txt | 16 ++++++ 7 files changed, 256 insertions(+), 44 deletions(-) create mode 100644 .github/workflows/label_pr.yml create mode 100644 .github/workflows/reset_pr.yml create mode 100644 .github/workflows/validate_pr.yml create mode 100644 bindep.txt create mode 100644 builder/requirements.yml create mode 100644 requirements.txt diff --git a/.github/workflows/label_pr.yml b/.github/workflows/label_pr.yml new file mode 100644 index 00000000..72448ce2 --- /dev/null +++ b/.github/workflows/label_pr.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + +name: Label validated Pull Request + +on: + workflow_run: + workflows: ["Validate Pull Request"] + types: + - completed + +jobs: + label: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' + steps: + - name: Download the PR number artifact + uses: actions/github-script@v6 + with: + script: | + let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }); + let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name == "pr_number" + })[0]; + let download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + let fs = require('fs'); + fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); + + - name: 'Unzip artifact' + run: unzip pr_number.zip + + - name: Read the PR number + id: read + run: echo "pr_number=$(cat pr_number)" >> $GITHUB_OUTPUT + + - name: Label the PR + uses: actions-ecosystem/action-add-labels@v1 + with: + labels: validated + number: ${{ steps.read.outputs.pr_number }} diff --git a/.github/workflows/reset_pr.yml b/.github/workflows/reset_pr.yml new file mode 100644 index 00000000..3c4c4735 --- /dev/null +++ b/.github/workflows/reset_pr.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Reset Pull Request validation label + +on: + pull_request_target: + types: + - reopened + - synchronize + - ready_for_review + branches: + - 'release/**' + - 'devel' + - 'devel-pvc-base' + +jobs: + reset: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Reset the PR label + uses: actions-ecosystem/action-remove-labels@v1 + with: + labels: validated diff --git a/.github/workflows/validate_pr.yml b/.github/workflows/validate_pr.yml new file mode 100644 index 00000000..93185e7a --- /dev/null +++ b/.github/workflows/validate_pr.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Validate Pull Request + +on: + pull_request: + branches: + - 'release/**' + - 'devel' + - 'devel-pvc-base' + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup Python and caching + uses: actions/setup-python@v4 + with: + python-version: '3.9' + cache: 'pip' + + - name: Set up Ansible collections + run: | + sudo update-alternatives --install /usr/bin/python python $(which python3) 1 + pip install ansible-core==2.12 ansible-builder pycodestyle voluptuous pylint pyyaml ansible-lint + ansible-galaxy collection install -r builder/requirements.yml -p /usr/share/ansible/collections + ansible-galaxy role install -r builder/requirements.yml -p /usr/share/ansible/roles + + - name: Report Ansible version, collections, and roles + run: | + ansible --version + ansible-galaxy collection list + ansible-galaxy role list + + - name: Set up Ansible collection dependencies + run: | + ansible-builder introspect \ + --write-pip final_python.txt --write-bindep final_bindep.txt \ + /usr/share/ansible/collections + pip install -r final_python.txt + sudo apt-get -y install $(cat final_bindep.txt) + + - name: Report installed Python dependencies + run: pip freeze + + - name: Validate collection + run: | + pushd /usr/share/ansible/collections/ansible_collections/cloudera/cluster + #ansible-lint + #ansible-test sanity --test pep8 + #ansible-test sanity --test validate-modules + #ansible-test units --requirements --color yes --redact + popd + + # See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + - name: Save PR number + env: + PR_NUMBER: ${{ github.event.number }} + run: | + mkdir -p ./pr + echo $PR_NUMBER > ./pr/pr_number + + - name: Upload the PR number + uses: actions/upload-artifact@v3 + with: + name: pr_number + path: pr/ diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 00000000..0f1a9ce6 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,20 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ansible.posix.patch +patch [platform:rpm] + +# community.general.ipa_user +hashlib [platform:rpm] +base64 [platform:rpm] diff --git a/builder/requirements.yml b/builder/requirements.yml new file mode 100644 index 00000000..31595fcb --- /dev/null +++ b/builder/requirements.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +collections: + - source: . + type: dir + +roles: + - name: geerlingguy.postgresql + version: 2.2.0 + + # geerlingguy.mysql with fix for issue #332 + - src: https://github.com/dbeech/ansible-role-mysql + version: master \ No newline at end of file diff --git a/galaxy.yml b/galaxy.yml index 0939f9b0..0606988c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,4 +1,4 @@ -# Copyright 2022 Cloudera, Inc. +# Copyright 2023 Cloudera, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,49 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -### REQUIRED - -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric characters and underscores. Additionally namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores namespace: cloudera - -# The name of the collection. Has the same character restrictions as 'namespace' name: cluster +version: 3.4.1 -# The version of the collection. Must be compatible with semantic versioning -version: 3.4.0 - -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection -readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' authors: [] - - -### OPTIONAL but strongly recommended - -# A short summary description of the collection -description: Cloudera assets for managing Cloudera Clusters - -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' -#license: -#- GPL-2.0-or-later - -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' +readme: README.md +description: Cloudera assets for managing Cloudera clusters license_file: 'LICENSE' - -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' tags: [] -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' dependencies: 'ansible.posix': '1.3.0' 'community.crypto': '2.2.1' @@ -63,14 +30,7 @@ dependencies: 'community.postgresql': '1.6.1' 'freeipa.ansible_freeipa': '1.6.2' -# The URL of the originating SCM repository repository: https://github.com/cloudera-labs/cloudera.cluster - -# The URL to any online docs documentation: https://github.com/cloudera-labs/cloudera.cluster - -# The URL to the homepage of the collection/project homepage: https://github.com/cloudera-labs/cloudera.cluster - -# The URL to the collection issue tracker issues: https://github.com/cloudera-labs/cloudera.cluster/issues diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..54e43ea4 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,16 @@ +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# For community.general.json_query filter +jmespath