diff --git a/.github/workflows/test-collection.yml b/.github/workflows/test-collection.yml new file mode 100644 index 0000000..50da212 --- /dev/null +++ b/.github/workflows/test-collection.yml @@ -0,0 +1,31 @@ +--- +name: Test stackhpc.kayobe_workflows collection +'on': + pull_request: + +jobs: + test: + name: Test github role + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v3 + + - name: Set up Python 3. + uses: actions/setup-python@v4 + with: + python-version: '3.x' + + - name: Install Ansible + run: pip3 install ansible + + - name: Test the playbook. + run: ansible-playbook tests/test.yml + env: + ANSIBLE_FORCE_COLOR: '1' + + - name: Upload workflows produced + uses: actions/upload-artifact@v3 + with: + name: github_kayobe_workflows + path: tests/.github/workflows diff --git a/roles/github/README.md b/roles/github/README.md index 988ee89..cc81f79 100644 --- a/roles/github/README.md +++ b/roles/github/README.md @@ -38,16 +38,37 @@ The following variables can be used to make small adjustments to the composition `github_runs_on`: control which runner can accept this workflow. See GitHub for more information on [runs-on](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on). -`github_image_url`: full URL of the kayobe container image complete with registry and tag. +`github_image_name`: name of the kayobe image defaults to `kayobe`. + +`github_image_tag`: tag used to select kayobe image defaults to `latest` `github_registry_username`: username used to authenticate with the docker registry. `github_registry_password`: password used to authenticate with the docker registry. +`github_kayobe_base_image`: select the base image used when building the kayobe docker image. Default is `quay.io/centos/centos:stream8` supports OpenStack Wallaby, Xena and Yoga. Zed and higher would require `quay.io/rockylinux/rockylinux:9`. + `github_kayobe_arguments`: a dictionary of arguments that can be used to override the default arguments found within `vars/main.yml`. For example if you wanted to change the value of `KAYOBE_ENVIRONMENT` from its default of `production` you can simply add `KAYOBE_ENVIRONMENT` to this dictionary and it will take precedence over the defaults. `github_*_hook:` see section [Template Hooks](#template-hooks) for information about this variables +`github_buildx_enable`: In some deployments the build kayobe docker image workflow has had difficulties successfully pushing the image to container registries such as Pulp if buildx has been used. It situations where failure to push images is been experienced a user might wish to disable buildx. Buildx is enabled by default. + +`github_buildx_inline_config`: provide configuration parameters to buildx. Useful for connecting to insecure docker registry. + +```yaml +github_buildx_inline_config: | + [registry."10.20.30.40:80"] + http = true + insecure = true +``` + +`github_buildx_enable_provenance`: whether or not to enable build attestations/provenence. This has been [noted](https://github.com/docker/build-push-action/releases/tag/v4.1.1) to cause issues with docker registries such as Pulp. Default to false. + +`github_timeout`: control how a long a job may run before being cancelled. Timeout is defined in minutes and defaults to 360 minutes (6 hours) + +`github_tempest_test_suites`: provide a list of load lists to be made available within the drop-down list for running tempest. Defaults to `default` and `tempest-full`. + If you wish to make more impactful changes such as which workflows are built and what they contain then see the list of dictionaries called `workflows` in `defaults/main.yml` `github_workflows:` is a list of dictionaries that contains each of the workflows described above. A given list element is made up of the following: @@ -80,8 +101,6 @@ github_build_kayobe_image: path_override: "{{ playbook_dir }}/templates/build-kayobe-docker-image.yml.j2" ``` - - Template Hooks -------------- diff --git a/roles/github/defaults/main.yml b/roles/github/defaults/main.yml index a68cb6e..660be0c 100644 --- a/roles/github/defaults/main.yml +++ b/roles/github/defaults/main.yml @@ -5,11 +5,15 @@ github_runs_on: self-hosted github_registry_url: ghcr.io -github_registry_username: ${{ github.actor }} +github_registry_username: !unsafe "${{ github.actor }}" -github_registry_password: ${{ secrets.GITHUB_TOKEN }} +github_registry_password: !unsafe "${{ secrets.GITHUB_TOKEN }}" -github_image_name: ${{ github.repository }}:latest +github_image_name: kayobe + +github_image_tag: latest + +github_kayobe_base_image: "quay.io/centos/centos:stream8" github_kayobe_arguments: {} @@ -19,25 +23,38 @@ github_kayobe_hook: "" github_final_hook: "" -github_kayobe_inputs: &github_kayobe_inputs +github_buildx_enabled: true + +github_buildx_inline_config: "" + +github_buildx_enable_provenance: false + +github_timeout: 360 + +github_tempest_test_suites: | + - default + - tempest-full + +github_kayobe_limit_input: | kayobeLimit: description: | The ansible limit to use when running kayobe playbooks. + +github_kayobe_tags_input: | kayobeTags: description: | The ansible tags to use when running kayobe playbooks. -github_kolla_inputs: &github_kolla_inputs +github_kolla_limit_input: | kollaLimit: description: | The ansible limit to use for kolla-ansible playbooks. + +github_kolla_tags_input: | kollaTags: description: | The ansible tags to use when running kolla-ansible playbooks. -github_combined_inputs: &github_combined_inputs - <<: [*github_kayobe_inputs, *github_kolla_inputs] - github_workflows: - "{{ github_build_kayobe_image }}" - "{{ github_run_kolla_config_diff }}" @@ -73,216 +90,138 @@ github_run_kolla_config_diff: github_run_infra_vm_host_configure: file_name: run-infra-vm-host-configure.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: infra github_run_infra_vm_host_package_update: file_name: run-infra-vm-host-package-update.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: infra github_run_infra_vm_provision: file_name: run-infra-vm-provision.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: infra github_run_infra_vm_service_deploy: file_name: run-infra-vm-service-deploy.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: infra github_run_network_connectivity_check: file_name: run-network-connectivity-check.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: network github_run_overcloud_container_image_pull: file_name: run-overcloud-container-image-pull.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}"] + concurrency_group: overcloud github_run_overcloud_database_backup: file_name: run-overcloud-database-backup.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}"] + concurrency_group: overcloud github_run_overcloud_host_configure: file_name: run-overcloud-host-configure.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}"] + concurrency_group: overcloud github_run_overcloud_host_package_update: file_name: run-overcloud-host-package-update.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: overcloud github_run_overcloud_inventory_discover: file_name: run-overcloud-inventory-discover.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - KAYOBE_AUTOMATION_PR_TARGET_BRANCH - - KAYOBE_AUTOMATION_PR_REMOTE - - KAYOBE_AUTOMATION_PR_GITHUB_USER - - KAYOBE_AUTOMATION_PR_AUTH_TOKEN - - KAYOBE_AUTOMATION_PR_TYPE - - KAYOBE_AUTOMATION_PR_TITLE - - KAYOBE_AUTOMATION_PR_URL - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kayobe_pull_request_arguments }}"] + concurrency_group: overcloud github_run_overcloud_provision: file_name: run-overcloud-provision.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: overcloud github_run_overcloud_service_deploy: file_name: run-overcloud-service-deploy.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - KAYOBE_AUTOMATION_PR_TARGET_BRANCH - - KAYOBE_AUTOMATION_PR_REMOTE - - KAYOBE_AUTOMATION_PR_GITHUB_USER - - KAYOBE_AUTOMATION_PR_AUTH_TOKEN - - KAYOBE_AUTOMATION_PR_TYPE - - KAYOBE_AUTOMATION_PR_TITLE - - KAYOBE_AUTOMATION_PR_URL - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}", "{{ github_kayobe_pull_request_arguments }}"] + concurrency_group: overcloud github_run_overcloud_service_upgrade: file_name: run-overcloud-service-upgrade.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - KAYOBE_AUTOMATION_PR_TARGET_BRANCH - - KAYOBE_AUTOMATION_PR_REMOTE - - KAYOBE_AUTOMATION_PR_GITHUB_USER - - KAYOBE_AUTOMATION_PR_AUTH_TOKEN - - KAYOBE_AUTOMATION_PR_TYPE - - KAYOBE_AUTOMATION_PR_TITLE - - KAYOBE_AUTOMATION_PR_URL - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}", "{{ github_kayobe_pull_request_arguments }}"] + concurrency_group: overcloud github_run_seed_host_configure: file_name: run-seed-host-configure.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}"] + concurrency_group: seed github_run_seed_host_package_update: file_name: run-seed-host-package-update.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: seed + github_run_seed_hypervisor_host_configure: file_name: run-seed-hypervisor-host-configure.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: seed github_run_seed_hypervisor_host_package_update: file_name: run-seed-hypervisor-host-package-update.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: seed github_run_seed_service_deploy: file_name: run-seed-service-deploy.yml trigger: - workflow_dispatch: *github_combined_inputs - arguments: - - KOLLA_TAGS - - KOLLA_LIMIT - - KAYOBE_TAGS - - KAYOBE_LIMIT - - KAYOBE_AUTOMATION_PR_TARGET_BRANCH - - KAYOBE_AUTOMATION_PR_REMOTE - - KAYOBE_AUTOMATION_PR_GITHUB_USER - - KAYOBE_AUTOMATION_PR_AUTH_TOKEN - - KAYOBE_AUTOMATION_PR_TYPE - - KAYOBE_AUTOMATION_PR_TITLE - - KAYOBE_AUTOMATION_PR_URL - - HOME + workflow_dispatch: ["{{ github_kolla_dispatch_inputs }}", "{{ github_kayobe_dispatch_inputs }}"] + arguments: ["{{ github_kayobe_task_arguments }}", "{{ github_kolla_task_arguments }}", "{{ github_kayobe_pull_request_arguments }}"] + concurrency_group: seed github_run_seed_vm_provision: file_name: run-seed-vm-provision.yml trigger: - workflow_dispatch: *github_kayobe_inputs - arguments: - - KAYOBE_TAGS - - KAYOBE_LIMIT - - HOME + workflow_dispatch: "{{ github_kayobe_dispatch_inputs }}" + arguments: "{{ github_kayobe_task_arguments }}" + concurrency_group: seed github_run_tempest: file_name: run-tempest.yml use_bespoke: true + test_suites: "{{ github_tempest_test_suites }}" diff --git a/roles/github/templates/build-kayobe-docker-image.yml.j2 b/roles/github/templates/build-kayobe-docker-image.yml.j2 index 058b025..9df472b 100644 --- a/roles/github/templates/build-kayobe-docker-image.yml.j2 +++ b/roles/github/templates/build-kayobe-docker-image.yml.j2 @@ -1,23 +1,20 @@ name: %% format_file_name(workflow.file_name, is_title=true) %% on: - push: - tags: - - '*' + workflow_dispatch: env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} KAYOBE_USER_UID: 1000 KAYOBE_USER_GID: 1000 jobs: %% format_file_name(workflow.file_name) %%: runs-on: %% github_runs_on %% - container: docker:git + container: + image: docker:24.0-git permissions: contents: read - packages: write + packages: %% 'write' if github_registry_url == 'ghcr.io' else 'none' %% steps: <% if github_checkout_hook | length >= 1 %> %% github_checkout_hook | indent(width=6, first=false) %% @@ -26,6 +23,7 @@ jobs: uses: actions/checkout@v3 with: submodules: true + path: docker-image-build - name: Log in to the Container registry uses: docker/login-action@v2 @@ -34,35 +32,39 @@ jobs: username: %% github_registry_username %% password: %% github_registry_password %% - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v4 - with: - flavor: | - latest=${{ !contains(github.ref, 'alpha') }} - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - +<% if github_buildx_enabled %> - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 with: - driver-opts: | - image=moby/buildkit:master + driver-opts: | + image=moby/buildkit:v0.12.1 +<% if github_buildx_inline_config | length >= 1 %> + config-inline: | + %% github_buildx_inline_config | indent(12) | trim %% +<% endif %> + version: v0.11.2 +<% endif %> <% if github_kayobe_hook | length >= 1 %> %% github_kayobe_hook | indent(width=6, first=false) %% <% endif %> - name: Build and push Docker image uses: docker/build-push-action@v4 with: - file: ./.automation/docker/kayobe/Dockerfile - context: . + file: ./docker-image-build/.automation/docker/kayobe/Dockerfile + context: docker-image-build build-args: | KAYOBE_DOCKER_SSH_CONFIG_PATH=.automation/docker/kayobe/ssh_config KAYOBE_USER_UID=${{ env.KAYOBE_USER_UID }} KAYOBE_USER_GID=${{ env.KAYOBE_USER_UID }} + BASE_IMAGE=%% github_kayobe_base_image %% push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: | + %% github_registry_url %%/%% github_image_name %%:latest + %% github_registry_url %%/%% github_image_name %%:${{ github.sha }} +<% if not github_buildx_enable_provenance %> + provenance: false +<% endif %> <% if github_final_hook | length >= 1 +%> %% github_final_hook | indent(width=6, first=false) -%% <% endif %> diff --git a/roles/github/templates/generic.yml.j2 b/roles/github/templates/generic.yml.j2 index 7b9d627..af2391a 100644 --- a/roles/github/templates/generic.yml.j2 +++ b/roles/github/templates/generic.yml.j2 @@ -4,13 +4,18 @@ jobs: %% format_file_name(workflow.file_name) %%: runs-on: %% github_runs_on %% permissions: - contents: read - packages: read + contents: %% 'write' if 'KAYOBE_AUTOMATION_PR_TYPE' in workflow.arguments | flatten else 'read' %% + packages: %% 'read' if github_registry_url == 'ghcr.io' else 'none' %% + pull-requests: %% 'write' if 'KAYOBE_AUTOMATION_PR_TYPE' in workflow.arguments | flatten else 'none' %% container: - image: %% github_registry_url %%/%% github_image_name %% + image: %% github_registry_url %%/%% github_image_name %%:%% github_image_tag %% credentials: username: %% github_registry_username %% password: %% github_registry_password %% + concurrency: + group: %% workflow.concurrency_group %% + cancel-in-progress: false + timeout-minutes: %% github_timeout %% steps: <% if github_checkout_hook | length >= 1 %> %% github_checkout_hook | indent(width=6, first=false) %% @@ -19,22 +24,26 @@ jobs: uses: actions/checkout@v3 with: submodules: true + path: kayobe-config <% if github_kayobe_hook | length >= 1 %> %% github_kayobe_hook | indent(width=6, first=false) %% <% endif %> - name: Symlink source checkout to expected location - run: sudo ln -s $PWD /src + run: sudo ln -s $PWD/kayobe-config /src - name: %% format_file_name(workflow.file_name, is_subtitle=true) %% run: | /src/.automation/pipeline/%% workflow.file_name[4:-4] %%.sh <%- if workflow.arguments is defined +%> env: - KAYOBE_ENVIRONMENT: '%% kayobe_arguments.KAYOBE_ENVIRONMENT | default(default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' - <%- for argument in workflow.arguments +%> - %% argument %%: '%% kayobe_arguments[argument] | default(default_kayobe_arguments[argument]) %%' + KAYOBE_ENVIRONMENT: '%% github_kayobe_arguments.KAYOBE_ENVIRONMENT | default(github_default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' + KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(github_default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' + KAYOBE_VAULT_PASSWORD: '%% github_kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(github_default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' + <%- for argument in workflow.arguments | flatten +%> + %% argument %%: '%% github_kayobe_arguments[argument] | default(github_default_kayobe_arguments[argument]) %%' <%- endfor +%> + HOME: '%% github_kayobe_arguments.HOME | default(github_default_kayobe_arguments.HOME) %%' <%- endif +%> <% if github_final_hook | length >= 1 +%> %% github_final_hook | indent(width=6, first=false) -%% diff --git a/roles/github/templates/header.yml.j2 b/roles/github/templates/header.yml.j2 index 8e81f84..966135d 100644 --- a/roles/github/templates/header.yml.j2 +++ b/roles/github/templates/header.yml.j2 @@ -10,15 +10,7 @@ on: workflow_dispatch: <%- if workflow.trigger['workflow_dispatch'] is not none +%> inputs: - <%- for input_name in workflow.trigger['workflow_dispatch'].keys() +%> - %% input_name %%: - <%- for property in workflow.trigger['workflow_dispatch'][input_name] +%> - <%- if property == 'description' +%> - %% property %%: | - %% workflow.trigger['workflow_dispatch'][input_name][property] | trim %% - <%- endif +%> - <%- endfor +%> - <%- endfor +%> + %% workflow.trigger['workflow_dispatch'] | flatten | join('') | indent(6) | trim %% <%- endif +%> <%- endif +%> <%- endfor +%> diff --git a/roles/github/templates/run-config-diff.yml.j2 b/roles/github/templates/run-config-diff.yml.j2 index e8a2d7c..fefe9c4 100644 --- a/roles/github/templates/run-config-diff.yml.j2 +++ b/roles/github/templates/run-config-diff.yml.j2 @@ -12,9 +12,9 @@ jobs: runs-on: %% github_runs_on %% permissions: contents: read - packages: read + packages: %% 'read' if github_registry_url == 'ghcr.io' else 'none' %% container: - image: %% github_registry_url %%/%% github_image_name %% + image: %% github_registry_url %%/%% github_image_name %%:%% github_image_tag %% credentials: username: %% github_registry_username %% password: %% github_registry_password %% @@ -26,6 +26,7 @@ jobs: uses: actions/checkout@v3 with: submodules: true + path: kayobe-config fetch-depth: 0 ref: ${{ github.ref }} @@ -34,17 +35,17 @@ jobs: <% endif %> - name: Copy checkout to expected location run: | - sudo cp -rf $GITHUB_WORKSPACE/ /src + sudo cp -rf $GITHUB_WORKSPACE/kayobe-config /src sudo chown stack:stack -Rf /src - name: Run config diff run: | sudo -E -u stack bash -c '/src/.automation/pipeline/config-diff.sh ${{ github.event.pull_request.base.sha }}' env: - KAYOBE_ENVIRONMENT: '%% kayobe_arguments.KAYOBE_ENVIRONMENT | default(default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' - KAYOBE_VAULT_PASSWORD: '%% kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' - KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' - HOME: '%% kayobe_arguments.HOME | default(default_kayobe_arguments.HOME) %%' + KAYOBE_ENVIRONMENT: '%% github_kayobe_arguments.KAYOBE_ENVIRONMENT | default(github_default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' + KAYOBE_VAULT_PASSWORD: '%% github_kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(github_default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' + KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(github_default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' + HOME: '%% github_kayobe_arguments.HOME | default(github_default_kayobe_arguments.HOME) %%' - name: Show summary of changes run: | diff --git a/roles/github/templates/run-tempest.yml.j2 b/roles/github/templates/run-tempest.yml.j2 index f5404ef..e5bbb1d 100644 --- a/roles/github/templates/run-tempest.yml.j2 +++ b/roles/github/templates/run-tempest.yml.j2 @@ -12,8 +12,7 @@ on: default: 'default' type: choice options: - - default - - tempest-full + %% workflow.test_suites | flatten | join('') | indent(10) | trim %% tempestPattern: description: | Limit tests to this regex. Takes precedence over testSuite. @@ -23,12 +22,16 @@ jobs: runs-on: %% github_runs_on %% permissions: contents: read - packages: read + packages: %% 'read' if github_registry_url == 'ghcr.io' else 'none' %% container: - image: %% github_registry_url %%/%% github_image_name %% + image: %% github_registry_url %%/%% github_image_name %%:%% github_image_tag %% credentials: username: %% github_registry_username %% password: %% github_registry_password %% + concurrency: + group: tempest + cancel-in-progress: false + timeout-minutes: %% github_timeout %% steps: <% if github_checkout_hook | length >= 1 %> %% github_checkout_hook | indent(width=6, first=false) %% @@ -36,10 +39,11 @@ jobs: - name: Checkout kayobe config uses: actions/checkout@v3 with: - submodules: true + submodules: true + path: kayobe-config - name: Symlink source checkout to expected location - run: sudo ln -s $PWD /src + run: sudo ln -s $PWD/kayobe-config /src <% if github_kayobe_hook | length >= 1 %> %% github_kayobe_hook | indent(width=6, first=false) %% @@ -49,10 +53,10 @@ jobs: source /src/.automation/functions && kayobe_install env: - KAYOBE_ENVIRONMENT: '%% kayobe_arguments.KAYOBE_ENVIRONMENT | default(default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' - KAYOBE_VAULT_PASSWORD: '%% kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' - KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' - HOME: '%% kayobe_arguments.HOME | default(default_kayobe_arguments.HOME) %%' + KAYOBE_ENVIRONMENT: '%% github_kayobe_arguments.KAYOBE_ENVIRONMENT | default(github_default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' + KAYOBE_VAULT_PASSWORD: '%% github_kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(github_default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' + KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(github_default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' + HOME: '%% github_kayobe_arguments.HOME | default(github_default_kayobe_arguments.HOME) %%' USER: stack - name: Symlink kolla into /src/etc @@ -62,17 +66,17 @@ jobs: - name: Run ${{ github.event.inputs.testSuite }} tempest testsuite run: | - /src/.automation/pipeline/tempest.sh + /src/.automation/pipeline/tempest.sh -e ansible_user=stack env: - KAYOBE_ENVIRONMENT: '%% github_kayobe_arguments.KAYOBE_ENVIRONMENT | default(default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' - KAYOBE_VAULT_PASSWORD: '%% github_kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' - KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' - KAYOBE_AUTOMATION_TEMPEST_LOADLIST: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_TEMPEST_LOADLIST | default(default_kayobe_arguments.KAYOBE_AUTOMATION_TEMPEST_LOADLIST) %%' - TEMPEST_PATTERN: '%% github_kayobe_arguments.TEMPEST_PATTERN | default(default_kayobe_arguments.TEMPEST_PATTERN) %%' - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY | default(default_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY) %%' - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_USERNAME: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_USERNAME | default(default_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_USERNAME) %%' - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_PASSWORD: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_PASSWORD | default(default_kayobe_arguments.KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_PASSWORD) %%' - HOME: '%% github_kayobe_arguments.HOME | default(default_kayobe_arguments.HOME) %%' + KAYOBE_ENVIRONMENT: '%% github_kayobe_arguments.KAYOBE_ENVIRONMENT | default(github_default_kayobe_arguments.KAYOBE_ENVIRONMENT) %%' + KAYOBE_VAULT_PASSWORD: '%% github_kayobe_arguments.KAYOBE_VAULT_PASSWORD | default(github_default_kayobe_arguments.KAYOBE_VAULT_PASSWORD) %%' + KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY | default(github_default_kayobe_arguments.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY) %%' + KAYOBE_AUTOMATION_TEMPEST_LOADLIST: '%% github_kayobe_arguments.KAYOBE_AUTOMATION_TEMPEST_LOADLIST | default(github_default_kayobe_arguments.KAYOBE_AUTOMATION_TEMPEST_LOADLIST) %%' + TEMPEST_PATTERN: '%% github_kayobe_arguments.TEMPEST_PATTERN | default(github_default_kayobe_arguments.TEMPEST_PATTERN) %%' + KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY: '%% github_registry_url %%' + KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_USERNAME: '%% github_registry_username %%' + KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_PASSWORD: '%% github_registry_password %%' + HOME: '%% github_kayobe_arguments.HOME | default(github_default_kayobe_arguments.HOME) %%' - name: Print stdout run: | diff --git a/roles/github/tests/inventory b/roles/github/tests/inventory deleted file mode 100644 index 2fbb50c..0000000 --- a/roles/github/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/roles/github/vars/main.yml b/roles/github/vars/main.yml index cade44b..d9f54b4 100644 --- a/roles/github/vars/main.yml +++ b/roles/github/vars/main.yml @@ -1,22 +1,44 @@ --- -default_kayobe_arguments: +github_default_kayobe_arguments: KAYOBE_ENVIRONMENT: production - KAYOBE_VAULT_PASSWORD: "${{ secrets.KAYOBE_VAULT_PASSWORD }}" - KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: "${{ secrets.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY }}" - KOLLA_LIMIT: "${{ github.event.inputs.kollaLimit }}" - KOLLA_TAGS: "${{ github.event.inputs.kollaTags }}" - KAYOBE_TAGS: "${{ github.event.inputs.kayobeTags }}" - KAYOBE_LIMIT: "${{ github.event.inputs.kayobeLimit }}" - KAYOBE_AUTOMATION_PR_TARGET_BRANCH: ${{ github.event.ref }} - KAYOBE_AUTOMATION_PR_REMOTE: https://${KAYOBE_AUTOMATION_PR_GITHUB_USER}:${KAYOBE_AUTOMATION_PR_AUTH_TOKEN}@github.com/${{ github.repository }} - KAYOBE_AUTOMATION_PR_GITHUB_USER: ${{ github.actor }} - KAYOBE_AUTOMATION_PR_AUTH_TOKEN: ${{ github.token }} + KAYOBE_VAULT_PASSWORD: !unsafe "${{ secrets.KAYOBE_VAULT_PASSWORD }}" + KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: !unsafe "${{ secrets.KAYOBE_AUTOMATION_SSH_PRIVATE_KEY }}" + KOLLA_LIMIT: !unsafe "${{ github.event.inputs.kollaLimit }}" + KOLLA_TAGS: !unsafe "${{ github.event.inputs.kollaTags }}" + KAYOBE_TAGS: !unsafe "${{ github.event.inputs.kayobeTags }}" + KAYOBE_LIMIT: !unsafe "${{ github.event.inputs.kayobeLimit }}" + KAYOBE_AUTOMATION_PR_TARGET_BRANCH: !unsafe ${{ github.event.ref }} + KAYOBE_AUTOMATION_PR_REMOTE: !unsafe https://${KAYOBE_AUTOMATION_PR_GITHUB_USER}:${KAYOBE_AUTOMATION_PR_AUTH_TOKEN}@github.com/${{ github.repository }} + KAYOBE_AUTOMATION_PR_GITHUB_USER: !unsafe ${{ github.actor }} + KAYOBE_AUTOMATION_PR_AUTH_TOKEN: !unsafe ${{ github.token }} KAYOBE_AUTOMATION_PR_TYPE: github - KAYOBE_AUTOMATION_PR_TITLE: "[kayobe-automation] ${{ github.workflow }} #${{ github.run_id }}" - KAYOBE_AUTOMATION_PR_URL: https://api.github.com/repos/${{ github.repository }}/pulls - KAYOBE_AUTOMATION_TEMPEST_LOADLIST: "${{ github.event.inputs.testSuite }}" - TEMPEST_PATTERN: "${{ github.event.inputs.tempestPattern }}" - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY: ghcr.io - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_USERNAME: ${{ github.actor }} - KAYOBE_AUTOMATION_RALLY_DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + KAYOBE_AUTOMATION_PR_TITLE: !unsafe "[kayobe-automation] ${{ github.workflow }} #${{ github.run_id }}" + KAYOBE_AUTOMATION_PR_URL: !unsafe https://api.github.com/repos/${{ github.repository }}/pulls + KAYOBE_AUTOMATION_TEMPEST_LOADLIST: !unsafe "${{ github.event.inputs.testSuite }}" + TEMPEST_PATTERN: !unsafe "${{ github.event.inputs.tempestPattern }}" HOME: /stack + +github_kayobe_dispatch_inputs: + - "{{ github_kayobe_limit_input }}" + - "{{ github_kayobe_tags_input }}" + +github_kolla_dispatch_inputs: + - "{{ github_kolla_tags_input }}" + - "{{ github_kolla_limit_input }}" + +github_kayobe_task_arguments: + - KAYOBE_TAGS + - KAYOBE_LIMIT + +github_kolla_task_arguments: + - KOLLA_TAGS + - KOLLA_LIMIT + +github_kayobe_pull_request_arguments: + - KAYOBE_AUTOMATION_PR_TARGET_BRANCH + - KAYOBE_AUTOMATION_PR_REMOTE + - KAYOBE_AUTOMATION_PR_GITHUB_USER + - KAYOBE_AUTOMATION_PR_AUTH_TOKEN + - KAYOBE_AUTOMATION_PR_TYPE + - KAYOBE_AUTOMATION_PR_TITLE + - KAYOBE_AUTOMATION_PR_URL diff --git a/tests/roles b/tests/roles new file mode 120000 index 0000000..d8c4472 --- /dev/null +++ b/tests/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/roles/github/tests/test.yml b/tests/test.yml similarity index 50% rename from roles/github/tests/test.yml rename to tests/test.yml index c8acd22..59fe65b 100644 --- a/roles/github/tests/test.yml +++ b/tests/test.yml @@ -1,6 +1,5 @@ --- -- name: Test github role +- name: Test `stackhpc.kayobe_automation` hosts: localhost - remote_user: root roles: - github