diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8a2c4ca3..b75f7397 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -206,6 +206,22 @@ jobs: PIP_DISABLE_PIP_VERSION_CHECK: 1 PIP_NO_PYTHON_VERSION_WARNING: 1 steps: + - name: Set run type (normal, scheduled, release) + id: set-run-type + uses: actions/github-script@v6 + with: + result-encoding: string + script: | + var result + if ("${{ github.event_name }}" == "schedule") { + result = "scheduled" + } else if ("${{ github.head_ref }}".match(/^release_/)) { + result = "release" + } else { + result = "normal" + } + console.log(result) + return result - name: Checkout repo uses: actions/checkout@v4 with: @@ -222,42 +238,37 @@ jobs: - name: Install the package and its dependents env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make install - name: Show installed package versions - env: - PACKAGE_LEVEL: ${{ matrix.package_level }} run: | echo "Installed Python packages:" pip list - name: Development setup env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make develop - name: Show installed package versions - env: - PACKAGE_LEVEL: ${{ matrix.package_level }} run: | echo "Installed Python packages:" pip list - name: Show package dependency tree - env: - PACKAGE_LEVEL: ${{ matrix.package_level }} run: | echo "Package dependency tree of installed Python packages:" python -m pipdeptree --all - name: Run docs env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make docs - name: Check that module .rst files are up to date # Because the Ansible rst generator changed its output over time, we only # check this on the latest Python release with latest package levels. if: ${{ matrix.python-version == '3.11' && matrix.package_level == 'latest' }} - env: - PACKAGE_LEVEL: ${{ matrix.package_level }} run: | bash -c "if ! git diff --exit-code HEAD docs/source/modules; then echo 'Error: Module .rst files are not up to date in this PR. Run make docslocal to update.'; @@ -266,6 +277,7 @@ jobs: - name: Run check env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make check - name: Run sanity @@ -274,22 +286,26 @@ jobs: if: ${{ ! ( matrix.python-version == '2.7' ) }} env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make sanity - name: Run ansible_lint env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make ansible_lint - name: Run unit/function test env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} # TESTCASES: test_partition.py run: | make test - name: Run mocked end2end test env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} # TESTCASES: test_partition.py run: | make end2end_mocked @@ -309,11 +325,13 @@ jobs: - name: Run check_reqs env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make check_reqs - name: Run safety env: PACKAGE_LEVEL: ${{ matrix.package_level }} + RUN_TYPE: ${{ steps.set-run-type.outputs.result }} run: | make safety diff --git a/Makefile b/Makefile index 8c67a8ee..aaa201b7 100644 --- a/Makefile +++ b/Makefile @@ -46,6 +46,11 @@ else endif endif +# Run type (normal, scheduled, release) +ifndef RUN_TYPE + RUN_TYPE := normal +endif + # Determine OS platform make runs on ifeq ($(OS),Windows_NT) PLATFORM := Windows @@ -480,7 +485,7 @@ ifeq ($(python_m_n_version),3.5) else @echo "Makefile: Running Safety for all packages" -$(call RM_FUNC,$@) - -safety check --policy-file $(safety_all_policy_file) -r minimum-constraints.txt --full-report + bash -c "safety check --policy-file $(safety_all_policy_file) -r minimum-constraints.txt --full-report || test '$(RUN_TYPE)' != 'release' || exit 1" echo "done" >$@ @echo "Makefile: Done running Safety" endif diff --git a/docs/source/development.rst b/docs/source/development.rst index 43ed50f7..676fa865 100644 --- a/docs/source/development.rst +++ b/docs/source/development.rst @@ -311,14 +311,27 @@ local clone of the zhmc-ansible-modules Git repo. make authors -6. Commit your changes and push the topic branch to the remote repo: +6. Run the Safety tool: + + .. code-block:: sh + + RUN_TYPE=release make safety + + When releasing a version, the safety run for all dependencies will fail + if there are any safety issues reported. In normal and scheduled runs, + safety issues reported for all dependencies will be ignored. + + If the safety run fails, you need to fix the safety issues that are + reported. + +7. Commit your changes and push the topic branch to the remote repo: .. code-block:: sh git commit -asm "Release ${MNU}" git push --set-upstream origin release_${MNU} -7. On GitHub, create a Pull Request for branch ``release_M.N.U``. +8. On GitHub, create a Pull Request for branch ``release_M.N.U``. Important: When creating Pull Requests, GitHub by default targets the ``master`` branch. When releasing based on a stable branch, you need to @@ -328,18 +341,18 @@ local clone of the zhmc-ansible-modules Git repo. tests for all defined environments, since it discovers by the branch name that this is a PR for a release. -8. On GitHub, once the checks for that Pull Request have succeeded, merge the +9. On GitHub, once the checks for that Pull Request have succeeded, merge the Pull Request (no review is needed). This automatically deletes the branch on GitHub. If the PR did not succeed, fix the issues. -9. On GitHub, close milestone ``M.N.U``. +10. On GitHub, close milestone ``M.N.U``. Verify that the milestone has no open items anymore. If it does have open items, investigate why and fix. -10. Publish the collection to Ansible Galaxy +11. Publish the collection to Ansible Galaxy .. code-block:: sh @@ -355,7 +368,7 @@ local clone of the zhmc-ansible-modules Git repo. it on Github, and finally creates a new stable branch on Github if the master branch was released. -11. Verify the publishing +12. Verify the publishing * Verify that the new version is available on Ansible Galaxy at https://galaxy.ansible.com/ibm/ibm_zhmc/ @@ -370,7 +383,7 @@ local clone of the zhmc-ansible-modules Git repo. * Verify that the new version has documentation on Github pages at https://zhmcclient.github.io/zhmc-ansible-modules/release_notes.html -12. Publish the collection to Ansible AutomationHub +13. Publish the collection to Ansible AutomationHub This needs to be done in addition to the prior publish step, and it has not successfully been automated as of today. diff --git a/docs/source/release_notes.rst b/docs/source/release_notes.rst index ed4c64ea..6baa8968 100644 --- a/docs/source/release_notes.rst +++ b/docs/source/release_notes.rst @@ -58,6 +58,9 @@ Availability: `AutomationHub`_, `Galaxy`_, `GitHub`_ minimum-constraints-install.txt file that is included by the existing minimum-constraints.txt file. (issue #939) +* The safety run for all dependencies now must succeed when the test workflow + is run for a release (i.e. branch name 'release_...'). + **Cleanup:** * Increased versions of GitHub Actions plugins to increase node.js runtime