Update CI + enable https

[noissue]

.ci/ansible/smash-config.json

@@ -12,13 +12,13 @@
       "hostname": "pulp",
       "roles": {
         "api": {
-          "port": 80,
-          "scheme": "http",
+          "port": 443,
+          "scheme": "https",
           "service": "nginx"
         },
         "content": {
-          "port": 80,
-          "scheme": "http",
+          "port": 443,
+          "scheme": "https",
           "service": "pulp_content_app"
         },
         "pulp resource manager": {},

.github/template_gitref

@@ -1 +1 @@
-2021.04.08-82-g8378090
+2021.04.08-85-gb17367d

.github/workflows/ci.yml

@@ -125,7 +125,7 @@ jobs:
         if: failure()
         run: |
           echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate"
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

.github/workflows/nightly.yml

@@ -106,7 +106,7 @@ jobs:
       - name: After failure
         if: failure()
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true
@@ -217,7 +217,7 @@ jobs:
       - name: After failure
         if: failure()
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

.github/workflows/release.yml

@@ -177,7 +177,7 @@ jobs:
       - name: After failure
         if: failure()
         run: |
-          http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true
+          http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true
           docker images || true
           docker ps -a || true
           docker logs pulp || true

.github/workflows/scripts/before_install.sh

@@ -115,7 +115,7 @@ fi
 
 cd pulp-cli
 pip install -e .
-pulp config create --base-url http://pulp --location tests/cli.toml --no-verify-ssl
+pulp config create --base-url https://pulp --location tests/cli.toml 
 mkdir ~/.config/pulp
 cp tests/cli.toml ~/.config/pulp/cli.toml
 cd ..

.github/workflows/scripts/install.sh

@@ -70,8 +70,10 @@ fi
 
 cat >> vars/main.yaml << VARSYAML
 pulp_settings: {"allowed_content_checksums": ["sha1", "sha224", "sha256", "sha384", "sha512"], "allowed_export_paths": ["/tmp"], "allowed_import_paths": ["/tmp"]}
-pulp_scheme: http
-pulp_container_tag: latest
+pulp_scheme: https
+
+pulp_container_tag: https
+
 VARSYAML
 
 if [ "$TEST" = "s3" ]; then
@@ -91,6 +93,21 @@ fi
 
 ansible-playbook build_container.yaml
 ansible-playbook start_container.yaml
+echo ::group::SSL
+# Copy pulp CA
+sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt
+
+# Hack: adding pulp CA to certifi.where()
+CERTIFI=$(python -c 'import certifi; print(certifi.where())')
+cat /usr/local/share/ca-certificates/pulp_webserver.crt | sudo tee -a $CERTIFI
+
+# Hack: adding pulp CA to default CA file
+CERT=$(python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)')
+cat $CERTIFI | sudo tee -a $CERT
+
+# Updating certs
+sudo update-ca-certificates
+echo ::endgroup::
 
 echo ::group::PIP_LIST
 cmd_prefix bash -c "pip3 list && pip3 install pipdeptree && pipdeptree"

.github/workflows/scripts/install_python_client.sh

@@ -9,7 +9,7 @@
 
 set -euv
 
-export PULP_URL="${PULP_URL:-http://pulp}"
+export PULP_URL="${PULP_URL:-https://pulp}"
 
 # make sure this script runs at the repo root
 cd "$(dirname "$(realpath -e "$0")")"/../../..

.github/workflows/scripts/install_ruby_client.sh

@@ -12,7 +12,7 @@ set -euv
 # make sure this script runs at the repo root
 cd "$(dirname "$(realpath -e "$0")")"/../../..
 
-export PULP_URL="${PULP_URL:-http://pulp}"
+export PULP_URL="${PULP_URL:-https://pulp}"
 
 export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin container --arg legacy_plugin pulp_container -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version')
 export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)"

.github/workflows/scripts/post_docs_test.sh

@@ -3,7 +3,7 @@
 # make sure this script runs at the repo root
 cd "$(dirname "$(realpath -e "$0")")"/../../..
 
-export BASE_ADDR=http://pulp.example.com:80
+export BASE_ADDR=https://pulp.example.com:443
 
 cd docs/_scripts/
 bash ./docs_check.sh

.github/workflows/scripts/pre_before_script.sh

@@ -15,4 +15,5 @@ login admin
 password password
 " >> ~/.netrc
 
-sed -i 's/http:\/\/pulp/http:\/\/pulp.example.com/g' $PWD/.github/workflows/scripts/script.sh
+sed -i 's/https:\/\/pulp/https:\/\/pulp.example.com/g' $PWD/.github/workflows/scripts/script.sh
+sed -i 's/\"hostname\": \"pulp\",/\"hostname\": \"pulp.example.com\",/g' ~/.config/pulp_smash/settings.json

.github/workflows/scripts/script.sh

@@ -26,7 +26,7 @@ export FUNC_TEST_SCRIPT=$PWD/.github/workflows/scripts/func_test_script.sh
 export DJANGO_SETTINGS_MODULE=pulpcore.app.settings
 export PULP_SETTINGS=$PWD/.ci/ansible/settings/settings.py
 
-export PULP_URL="http://pulp"
+export PULP_URL="https://pulp"
 
 if [[ "$TEST" = "docs" ]]; then
   cd docs

.github/workflows/update_ci.yml

@@ -38,12 +38,12 @@ jobs:
         with:
           committer: pulpbot <pulp-infra@redhat.com>
           author: pulpbot <pulp-infra@redhat.com>
-          branch: ${{ github.event.inputs.release }}-update-ci-files
-          base: ${{ github.event.inputs.release }}
-          title: 'Update CI for ${{ github.event.inputs.release }}'
+          branch: ${GITHUB_REF#refs/heads/}-update-ci-files
+          base: ${GITHUB_REF#refs/heads/}
+          title: 'Update CI for ${GITHUB_REF#refs/heads/}'
           body: '[noissue]'
           commit-message: |
-            Update CI files for ${{ github.event.inputs.release }}'
+            Update CI files for ${GITHUB_REF#refs/heads/}
 
             [noissue]
           delete-branch: true

template_config.yml

@@ -1,9 +1,8 @@
 # This config represents the latest values used when running the plugin-template. Any settings that
 # were not present before running plugin-template have been added with their default values.
 
-# generated with plugin_template@2021.04.08-82-g8378090
+# generated with plugin_template@2021.04.08-85-gb17367d
 
-additional_plugins: []
 additional_repos: []
 all: false
 black: true
@@ -44,7 +43,7 @@ plugin_default_branch: master
 plugin_name: pulp_container
 plugin_snake: pulp_container
 publish_docs_to_pulpprojectdotorg: true
-pulp_scheme: http
+pulp_scheme: https
 pulp_settings:
   allowed_content_checksums:
   - sha1
@@ -61,6 +60,7 @@ pulpcore_pip_version_specifier: null
 pulpprojectdotorg_key_id: aa499d7938ed
 pydocstyle: true
 pypi_username: pulp
+python_version: '3.8'
 redmine_project: pulp_container
 release_user: pulpbot
 sync_ci: true