⚠️ CONFLICT! Lineage pull request for: skeleton #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We removed the systemd_enabled scenario in cisagov/skeleton-ansible-role#175 but we missed updating the `exclude` directive for the `bandit` hook. Instead of just removing the unused scenario the regex is instead updated to match the `tests` subdirectory for any molecule scenario.
This is what is expected by Ansible Galaxy: https://docs.ansible.com/ansible/latest/dev_guide/collections_galaxy_meta.html
New versions of ansible-core (2.16.7 and 2.17.0) have been released that do not suffer from the bug discussed in ansible/ansible#82702. This bug broke any symlinked files in vars, tasks, etc. for any Ansible role installed via ansible-galaxy. All versions later than ansible-core 2.16.7 and 2.17.0 should function as expected. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
The line is not only unnecessary, it was commented out to boot!
…lint On its own ansible-lint does not pull in ansible, only ansible-core. Therefore, if an Ansible module lives in ansible instead of ansible-core, the linter will complain that the module is unknown. In these cases it is necessary to add the ansible package itself as an additional dependency, with the same pinning as is done in requirements-test.txt of cisagov/skeleton-ansible-role.
We explicitly add the `community.docker` collection with a minimum version as a requirement to the molecule configuration. This will allow us to ensure that a version of this collection that is compatible with 2.32.0 and newer of the Python requests library is installed.
…equirement Add `community.docker` as a requirement for molecule testing
We can do this because new versions of ansible-core (2.16.7 and 2.17.0) have been released that do not suffer from the bug discussed in ansible/ansible#82702. This bug broke any symlinked files in vars, tasks, etc. for any Ansible role installed via ansible-galaxy. All versions later than ansible-core 2.16.7 and 2.17.0 should function as expected.
With the updated ansible-core pin we can support ansible 9. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
In SystemD-enabled Docker images sources from geerlingguy he has made the decision to remove the indicator for an externally managed Python environment if the host is configured with one. This impacts Debian Bookworm and Trixie, as well as Ubuntu 24.04 (Noble Numbat), and as far as we know any future versions of these distributions. This will help ensure that our Ansible role testing is done against images that reflect how a host will be configured when used to create AMIs.
Remove the hard-coded values used in to restore the externally managed Python environment file. Instead check that Python 3 is installed and derive the major.minor version of the Python 3 package that is on the host. Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov> Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
In the playbook that restores the externally managed Python environment file we can just check for supported distributions instead of checking for Debian-based and then excluding distributions (like Kali).
Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
Improve the comment that explains the backslash usage in a YAML multiline string used to define a regex pattern. Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
Remove support for Fedora 38 as it is now EOL.
Update version pin on `ansible-core` Python package
…anage_python_file Restore externally managed Python environment indicator if necessary
…tu_2404 Add support for Ubuntu 24.04 (Noble Numbat)
…ra-40 Add support for Fedora 40
Change the license so that it is an SPDX string
…ion_to_remove_scenario Update the `bandit` hook configuration for pre-commit
This idea was stolen from felddy/reusable-workflows.
Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
…2023 These platforms can now be included because the following PRs have been merged: - geerlingguy/docker-fedora39-ansible#2 - geerlingguy/docker-fedora40-ansible#1 - geerlingguy/docker-amazonlinux2023-ansible#4
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This helps keep the job name in line with the molecule configuration. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Adjust the script to pull down platform specific images instead of just the image of the running system's platform. This will ensure that all images needed by the molecule configuration are retrieved regardless of the system platform.
Adds commented out ignore statements for the following new Action dependencies added to the `test` job: - docker/setup-buildx-action - docker/setup-qemu-action Once uncommented in downstream repositories this will ensure that these dependencies are managed in a centralized place.
This updates it to support arm64 inline with the changes to the default scenario as well as the necessary files to fix the externally managed Python configuration on certain Debian versions.
These platforms do not provide systemd-resolved so we do not test on them.
|
I think systemd/systemd#21511 and related are hurting us here. This may harpoon our attempts to test anything that actually uses Note from cisagov/ansible-role-chrony-aws#41 that this only necessarily applies to |
This is done automatically with the `pre-commit autoupdate` command. The pre-commit/mirrors-prettier was manually held back because the latest tags are for alpha releases of the next major version.
Use the latest v3 release available from NPM.
The pin now agrees with what is in cisagov/skeleton-ansible-role. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Update `pre-commit` hooks
…ible-lint Pin packages for `ansible-lint`
Lineage pull request for: skeleton
We require ansible when running the ansible-lint linter because this role uses an Ansible module that is included as part of ansible, not ansible-core.
|
I created this table by running each ARM64 Docker image and checking what version of
Clearly something changed in |
TODO: Starting with systemd version 253 or 254 (I'm not sure which) it is no longer possible to start systemd-resolved.service under QEMU emulation. We support this case, but we cannot test it until we have native ARM64 runners. See issue #10 for more details.
jsf9k
requested review from
dav3r,
felddy,
jasonodoom,
jsf9k and
mcdonnnj
as code owners
dv4harr10
approved these changes
Jun 18, 2024
mcdonnnj
approved these changes
Jun 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-ansible-role.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage