ci: Comply with Ansible partner certification checking [citest_skip]

[richm]

https://github.com/ansible-collections/partner-certification-checker/blob/main/README.md

Unfortunately we cannot use the checkers provided by their team because they assume
the git repo is in collection format - you cannot convert to collection format first
then point the checkers at that collection. Instead, implement our own checkers that
do the same (and more) - check with multiple versions of ansible-lint and ansible-test
to ensure we cover:

• all supported versions of EL
• Automation Hub gating
• the latest versions of Ansible, including the latest milestone version

This requires the latest version of tox-lsr

Signed-off-by: Rich Megginson rmeggins@redhat.com

Summary by Sourcery

Expand CI coverage for Ansible linting and testing across multiple supported and latest Ansible/Python versions using tox-based workflows aligned with partner certification requirements.

CI:

• Run ansible-lint via tox in collection format across a version matrix matching Automation Hub gating and latest ansible-lint/ansible-core releases.
• Run ansible-test sanity via tox across a matrix of supported and milestone Ansible core and Python versions instead of the ansible-test GitHub Action.
• Upgrade tox-lsr to version 3.18.0 in all GitHub workflows using it, including linting, ansible-managed-var comment checks, and qemu-kvm integration tests.

[sourcery-ai]

Reviewer's Guide

Updates CI workflows to align with Ansible partner certification expectations by running ansible-lint and ansible-test via tox-lsr across multiple Ansible/Python versions and upgrading tox-lsr, replacing GitHub Actions ansible-lint/ansible-test steps with tox-based execution.

Sequence diagram for updated ansible-lint CI job with tox-lsr matrix

sequenceDiagram
  participant GH as GitHub
  participant WF as ansible-lint_workflow
  participant RNR as runner_ubuntu
  participant PIP as pip
  participant TOX as tox_lsr_3_18_0
  participant ENV as tox_envs_collection_and_ansible_lint_collection
  participant LINT as ansible_lint
  participant CORE as ansible_core

  GH->>WF: Trigger workflow (push or PR)
  WF->>RNR: Start ansible-lint job with matrix (ansible_lint, ansible, python)

  loop for each matrix.versions entry
    RNR->>PIP: pip install tox-lsr==3.18.0
    RNR->>RNR: actions/setup-python with matrix python
    RNR->>TOX: tox -e collection,ansible-lint-collection
    TOX->>ENV: Create/prepare tox envs
    ENV->>CORE: Install ansible-core==matrix.ansible
    ENV->>LINT: Install ansible-lint==matrix.ansible_lint
    ENV->>ENV: Convert role to collection format
    ENV->>LINT: Run ansible-lint on generated collection
    LINT-->>ENV: Lint results (pass or fail)
  end

  ENV-->>RNR: Aggregate status for all matrix entries
  RNR-->>WF: Job status
  WF-->>GH: Report check status on commit/PR

Loading

Flow diagram for replacing GitHub ansible-lint action with tox-based execution

flowchart TD
  S["Start: ansible-lint workflow job"] --> CISTATUS["Check [citest_skip] in commit/PR"]
  CISTATUS -->|"skip"| END["End job (skipped)"]
  CISTATUS -->|"do not skip"| MATRIX["Iterate over matrix.versions
(ansible-lint, ansible-core, python)"]

  MATRIX --> PIP["Install tox-lsr 3.18.0 via pip"]
  PIP --> PYV["Set up Python using actions/setup-python
with matrix python version"]
  PYV --> TOX["Run tox:
LSR_ANSIBLE_LINT_DEP=ansible-lint==<matrix.ansible_lint>
LSR_ANSIBLE_LINT_ANSIBLE_DEP=ansible-core==<matrix.ansible>
 tox -x testenv:ansible-lint-collection.basepython=python<matrix.python>
 -e collection,ansible-lint-collection"]
  TOX --> COLLECT["tox env: collection
convert role to collection format"]
  COLLECT --> LINTENV["tox env: ansible-lint-collection
install deps and run ansible-lint"]
  LINTENV --> RES["Collect ansible-lint results
for this matrix entry"]
  RES --> DECIDE{"Any matrix entry failed?"}
  DECIDE -->|"yes"| FAIL["Job fails"]
  DECIDE -->|"no"| PASS["Job passes"]
  FAIL --> END
  PASS --> END

Loading

File-Level Changes

Change	Details	Files
Run ansible-lint via tox across a matrix of ansible-lint, ansible-core, and Python versions instead of using the ansible-lint GitHub Action and custom requirement merging logic.	Add a job matrix over ansible-lint, ansible-core, and Python versions with fail-fast disabled in ansible-lint workflow. Upgrade tox-lsr dependency from 3.17.1 to 3.18.0 in ansible-lint workflow. Introduce actions/setup-python to select the matrix Python version for ansible-lint workflow. Replace manual collection conversion and ansible-lint GitHub Action usage with a single tox invocation that converts the role to collection format and runs ansible-lint using LSR_ANSIBLE_LINT_DEP and LSR_ANSIBLE_LINT_ANSIBLE_DEP environment variables.	.github/workflows/ansible-lint.yml
Run ansible-test via tox across a matrix of ansible-core and Python versions instead of using the ansible-test GitHub Action.	Add a job matrix over ansible-core versions (including milestone) and Python versions with fail-fast disabled in ansible-test workflow. Upgrade tox-lsr dependency from 3.17.1 to 3.18.0 in ansible-test workflow. Introduce actions/setup-python to select the matrix Python version for ansible-test workflow. Replace the ansible-test GitHub Action with a tox invocation that converts the role to collection format and runs versioned ansible-test environments driven by the matrix.	.github/workflows/ansible-test.yml
Align remaining workflows with the newer tox-lsr version.	Upgrade tox-lsr dependency from 3.17.1 to 3.18.0 in the ansible-managed-var-comment workflow. Upgrade tox-lsr dependency from 3.17.1 to 3.18.0 in the qemu-kvm-integration-tests workflow.	.github/workflows/ansible-managed-var-comment.yml .github/workflows/qemu-kvm-integration-tests.yml
Prepare for updated ansible-lint configuration (file present in diff, but content not shown).	Ensure ansible-lint configuration file exists or is updated to work with the new tox-based ansible-lint execution.	.ansible-lint

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• In both ansible-lint.yml and ansible-test.yml, consider moving the pip3 install ... tox-lsr step to after actions/setup-python so tox/tox-lsr are installed into the matrix Python environment instead of the default system interpreter.
• The tox-lsr@3.18.0 pin is now duplicated across several workflows; consider centralizing this version (e.g., via a reusable workflow or a shared env variable) to make future upgrades less error-prone.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In both `ansible-lint.yml` and `ansible-test.yml`, consider moving the `pip3 install ... tox-lsr` step to after `actions/setup-python` so tox/tox-lsr are installed into the matrix Python environment instead of the default system interpreter.
- The `tox-lsr@3.18.0` pin is now duplicated across several workflows; consider centralizing this version (e.g., via a reusable workflow or a shared env variable) to make future upgrades less error-prone.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}