From e9bbfecbfa63762273a687e4bcaf5900c98c3d97 Mon Sep 17 00:00:00 2001 From: Fabricio Aguiar Date: Tue, 27 Jul 2021 11:08:46 -0300 Subject: [PATCH] Update CI + enable https [noissue] --- .ci/ansible/smash-config.json | 8 +++---- .github/template_gitref | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/scripts/before_install.sh | 2 +- .github/workflows/scripts/install.sh | 21 +++++++++++++++++-- .../scripts/install_python_client.sh | 2 +- .../workflows/scripts/install_ruby_client.sh | 2 +- .github/workflows/scripts/post_docs_test.sh | 2 +- .../workflows/scripts/pre_before_script.sh | 3 ++- .github/workflows/scripts/script.sh | 2 +- .github/workflows/update_ci.yml | 8 +++---- template_config.yml | 6 +++--- 14 files changed, 42 insertions(+), 24 deletions(-) diff --git a/.ci/ansible/smash-config.json b/.ci/ansible/smash-config.json index 9af43820b..308fe38b9 100644 --- a/.ci/ansible/smash-config.json +++ b/.ci/ansible/smash-config.json @@ -12,13 +12,13 @@ "hostname": "pulp", "roles": { "api": { - "port": 80, - "scheme": "http", + "port": 443, + "scheme": "https", "service": "nginx" }, "content": { - "port": 80, - "scheme": "http", + "port": 443, + "scheme": "https", "service": "pulp_content_app" }, "pulp resource manager": {}, diff --git a/.github/template_gitref b/.github/template_gitref index 1d5b885ba..d67c54c4b 100644 --- a/.github/template_gitref +++ b/.github/template_gitref @@ -1 +1 @@ -2021.04.08-82-g8378090 +2021.04.08-85-gb17367d diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4dbc4340b..52bb726eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -125,7 +125,7 @@ jobs: if: failure() run: | echo "Need to debug? Please check: https://github.com/marketplace/actions/debugging-with-tmate" - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 974c9270a..c43aaa928 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -106,7 +106,7 @@ jobs: - name: After failure if: failure() run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true @@ -217,7 +217,7 @@ jobs: - name: After failure if: failure() run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd9b9b001..2320a0f97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -177,7 +177,7 @@ jobs: - name: After failure if: failure() run: | - http --timeout 30 --check-status --pretty format --print hb http://pulp/pulp/api/v3/status/ || true + http --timeout 30 --check-status --pretty format --print hb https://pulp/pulp/api/v3/status/ || true docker images || true docker ps -a || true docker logs pulp || true diff --git a/.github/workflows/scripts/before_install.sh b/.github/workflows/scripts/before_install.sh index f73fadbf9..12b66db69 100755 --- a/.github/workflows/scripts/before_install.sh +++ b/.github/workflows/scripts/before_install.sh @@ -115,7 +115,7 @@ fi cd pulp-cli pip install -e . -pulp config create --base-url http://pulp --location tests/cli.toml --no-verify-ssl +pulp config create --base-url https://pulp --location tests/cli.toml mkdir ~/.config/pulp cp tests/cli.toml ~/.config/pulp/cli.toml cd .. diff --git a/.github/workflows/scripts/install.sh b/.github/workflows/scripts/install.sh index d19f9d2e6..63c80f012 100755 --- a/.github/workflows/scripts/install.sh +++ b/.github/workflows/scripts/install.sh @@ -70,8 +70,10 @@ fi cat >> vars/main.yaml << VARSYAML pulp_settings: {"allowed_content_checksums": ["sha1", "sha224", "sha256", "sha384", "sha512"], "allowed_export_paths": ["/tmp"], "allowed_import_paths": ["/tmp"]} -pulp_scheme: http -pulp_container_tag: latest +pulp_scheme: https + +pulp_container_tag: https + VARSYAML if [ "$TEST" = "s3" ]; then @@ -91,6 +93,21 @@ fi ansible-playbook build_container.yaml ansible-playbook start_container.yaml +echo ::group::SSL +# Copy pulp CA +sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt + +# Hack: adding pulp CA to certifi.where() +CERTIFI=$(python -c 'import certifi; print(certifi.where())') +cat /usr/local/share/ca-certificates/pulp_webserver.crt | sudo tee -a $CERTIFI + +# Hack: adding pulp CA to default CA file +CERT=$(python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)') +cat $CERTIFI | sudo tee -a $CERT + +# Updating certs +sudo update-ca-certificates +echo ::endgroup:: echo ::group::PIP_LIST cmd_prefix bash -c "pip3 list && pip3 install pipdeptree && pipdeptree" diff --git a/.github/workflows/scripts/install_python_client.sh b/.github/workflows/scripts/install_python_client.sh index dfe65c0fc..919ba540f 100755 --- a/.github/workflows/scripts/install_python_client.sh +++ b/.github/workflows/scripts/install_python_client.sh @@ -9,7 +9,7 @@ set -euv -export PULP_URL="${PULP_URL:-http://pulp}" +export PULP_URL="${PULP_URL:-https://pulp}" # make sure this script runs at the repo root cd "$(dirname "$(realpath -e "$0")")"/../../.. diff --git a/.github/workflows/scripts/install_ruby_client.sh b/.github/workflows/scripts/install_ruby_client.sh index edfd23586..663ad0447 100755 --- a/.github/workflows/scripts/install_ruby_client.sh +++ b/.github/workflows/scripts/install_ruby_client.sh @@ -12,7 +12,7 @@ set -euv # make sure this script runs at the repo root cd "$(dirname "$(realpath -e "$0")")"/../../.. -export PULP_URL="${PULP_URL:-http://pulp}" +export PULP_URL="${PULP_URL:-https://pulp}" export REPORTED_VERSION=$(http $PULP_URL/pulp/api/v3/status/ | jq --arg plugin container --arg legacy_plugin pulp_container -r '.versions[] | select(.component == $plugin or .component == $legacy_plugin) | .version') export DESCRIPTION="$(git describe --all --exact-match `git rev-parse HEAD`)" diff --git a/.github/workflows/scripts/post_docs_test.sh b/.github/workflows/scripts/post_docs_test.sh index b0dba080b..d008aee9c 100755 --- a/.github/workflows/scripts/post_docs_test.sh +++ b/.github/workflows/scripts/post_docs_test.sh @@ -3,7 +3,7 @@ # make sure this script runs at the repo root cd "$(dirname "$(realpath -e "$0")")"/../../.. -export BASE_ADDR=http://pulp.example.com:80 +export BASE_ADDR=https://pulp.example.com:443 cd docs/_scripts/ bash ./docs_check.sh diff --git a/.github/workflows/scripts/pre_before_script.sh b/.github/workflows/scripts/pre_before_script.sh index 2ef065114..427763aec 100644 --- a/.github/workflows/scripts/pre_before_script.sh +++ b/.github/workflows/scripts/pre_before_script.sh @@ -15,4 +15,5 @@ login admin password password " >> ~/.netrc -sed -i 's/http:\/\/pulp/http:\/\/pulp.example.com/g' $PWD/.github/workflows/scripts/script.sh +sed -i 's/https:\/\/pulp/https:\/\/pulp.example.com/g' $PWD/.github/workflows/scripts/script.sh +sed -i 's/\"hostname\": \"pulp\",/\"hostname\": \"pulp.example.com\",/g' ~/.config/pulp_smash/settings.json diff --git a/.github/workflows/scripts/script.sh b/.github/workflows/scripts/script.sh index 28a3eed10..107902139 100755 --- a/.github/workflows/scripts/script.sh +++ b/.github/workflows/scripts/script.sh @@ -26,7 +26,7 @@ export FUNC_TEST_SCRIPT=$PWD/.github/workflows/scripts/func_test_script.sh export DJANGO_SETTINGS_MODULE=pulpcore.app.settings export PULP_SETTINGS=$PWD/.ci/ansible/settings/settings.py -export PULP_URL="http://pulp" +export PULP_URL="https://pulp" if [[ "$TEST" = "docs" ]]; then cd docs diff --git a/.github/workflows/update_ci.yml b/.github/workflows/update_ci.yml index 5bed95565..9b68b1266 100644 --- a/.github/workflows/update_ci.yml +++ b/.github/workflows/update_ci.yml @@ -38,12 +38,12 @@ jobs: with: committer: pulpbot author: pulpbot - branch: ${{ github.event.inputs.release }}-update-ci-files - base: ${{ github.event.inputs.release }} - title: 'Update CI for ${{ github.event.inputs.release }}' + branch: ${GITHUB_REF#refs/heads/}-update-ci-files + base: ${GITHUB_REF#refs/heads/} + title: 'Update CI for ${GITHUB_REF#refs/heads/}' body: '[noissue]' commit-message: | - Update CI files for ${{ github.event.inputs.release }}' + Update CI files for ${GITHUB_REF#refs/heads/} [noissue] delete-branch: true diff --git a/template_config.yml b/template_config.yml index ad85f5ecc..284303655 100644 --- a/template_config.yml +++ b/template_config.yml @@ -1,9 +1,8 @@ # This config represents the latest values used when running the plugin-template. Any settings that # were not present before running plugin-template have been added with their default values. -# generated with plugin_template@2021.04.08-82-g8378090 +# generated with plugin_template@2021.04.08-85-gb17367d -additional_plugins: [] additional_repos: [] all: false black: true @@ -44,7 +43,7 @@ plugin_default_branch: master plugin_name: pulp_container plugin_snake: pulp_container publish_docs_to_pulpprojectdotorg: true -pulp_scheme: http +pulp_scheme: https pulp_settings: allowed_content_checksums: - sha1 @@ -61,6 +60,7 @@ pulpcore_pip_version_specifier: null pulpprojectdotorg_key_id: aa499d7938ed pydocstyle: true pypi_username: pulp +python_version: '3.8' redmine_project: pulp_container release_user: pulpbot sync_ci: true