diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index faa2b02192..74d3f955f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,10 @@ --- name: CI env: - BRANCH: ${{ github.base_ref || 'devel' }} LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting + CI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEV_DOCKER_TAG_BASE: ghcr.io/${{ github.repository_owner }} + COMPOSE_TAG: ${{ github.base_ref || 'devel' }} on: pull_request: jobs: @@ -18,85 +20,33 @@ jobs: tests: - name: api-test command: /start_tests.sh - label: Run API Tests - name: api-lint command: /var/lib/awx/venv/awx/bin/tox -e linters - label: Run API Linters - name: api-swagger command: /start_tests.sh swagger - label: Generate API Reference - name: awx-collection command: /start_tests.sh test_collection_all - label: Run Collection Tests - name: api-schema - label: Check API Schema command: /start_tests.sh detect-schema-change SCHEMA_DIFF_BASE_BRANCH=${{ github.event.pull_request.base.ref }} - name: ui-lint - label: Run UI Linters command: make ui-lint - name: ui-test-screens - label: Run UI Screens Tests command: make ui-test-screens - name: ui-test-general - label: Run UI General Tests command: make ui-test-general steps: - uses: actions/checkout@v2 - - name: Get python version from Makefile - run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV + - name: Run check ${{ matrix.tests.name }} + run: AWX_DOCKER_CMD='${{ matrix.tests.command }}' make github_ci_runner - - name: Install python ${{ env.py_version }} - uses: actions/setup-python@v2 - with: - python-version: ${{ env.py_version }} - - - name: Log in to registry - run: | - echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Pre-pull image to warm build cache - run: | - docker pull ghcr.io/${{ github.repository_owner }}/awx_devel:${{ env.BRANCH }} || : - - - name: Build image - run: | - DEV_DOCKER_TAG_BASE=ghcr.io/${{ github.repository_owner }} COMPOSE_TAG=${{ env.BRANCH }} make docker-compose-build - - - name: ${{ matrix.texts.label }} - run: | - docker run -u $(id -u) --rm -v ${{ github.workspace}}:/awx_devel/:Z \ - --workdir=/awx_devel ghcr.io/${{ github.repository_owner }}/awx_devel:${{ env.BRANCH }} ${{ matrix.tests.command }} dev-env: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Get python version from Makefile - run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV - - - name: Install python ${{ env.py_version }} - uses: actions/setup-python@v2 - with: - python-version: ${{ env.py_version }} - - - name: Log in to registry - run: | - echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Pre-pull image to warm build cache - run: | - docker pull ghcr.io/${{ github.repository_owner }}/awx_devel:${{ env.BRANCH }} || : - - - name: Build image - run: | - DEV_DOCKER_TAG_BASE=ghcr.io/${{ github.repository_owner }} COMPOSE_TAG=${{ env.BRANCH }} make docker-compose-build - - name: Run smoke test - run: | - export DEV_DOCKER_TAG_BASE=ghcr.io/${{ github.repository_owner }} - export COMPOSE_TAG=${{ env.BRANCH }} - ansible-playbook tools/docker-compose/ansible/smoke-test.yml -e repo_dir=$(pwd) -v + run: make github_ci_setup && ansible-playbook tools/docker-compose/ansible/smoke-test.yml -v awx-operator: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 1185666e76..896dcf2c6c 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ I18N_FLAG_FILE = .i18n_built sdist \ ui-release ui-devel \ VERSION PYTHON_VERSION docker-compose-sources \ - .git/hooks/pre-commit + .git/hooks/pre-commit github_ci_setup github_ci_runner clean-tmp: rm -rf tmp/ @@ -301,6 +301,21 @@ test: cd awxkit && $(VENV_BASE)/awx/bin/tox -re py3 awx-manage check_migrations --dry-run --check -n 'missing_migration_file' +## Login to Github container image registry, pull image, then build image. +github_ci_setup: + # GITHUB_ACTOR is automatic github actions env var + # CI_GITHUB_TOKEN is defined in .github files + echo $(CI_GITHUB_TOKEN) | docker login ghcr.io -u $(GITHUB_ACTOR) --password-stdin + docker pull $(DEVEL_IMAGE_NAME) || : # Pre-pull image to warm build cache + make docker-compose-build + +## Runs AWX_DOCKER_CMD inside a new docker container. +docker-runner: + docker run -u $(shell id -u) --rm -v $(shell pwd):/awx_devel/:Z --workdir=/awx_devel $(DEVEL_IMAGE_NAME) $(AWX_DOCKER_CMD) + +## Builds image and runs AWX_DOCKER_CMD in it, mainly for .github checks. +github_ci_runner: github_ci_setup docker-runner + test_collection: rm -f $(shell ls -d $(VENV_BASE)/awx/lib/python* | head -n 1)/no-global-site-packages.txt if [ "$(VENV_BASE)" ]; then \ diff --git a/awx/sso/tests/functional/test_backends.py b/awx/sso/tests/functional/test_backends.py new file mode 100644 index 0000000000..a0d2c31da3 --- /dev/null +++ b/awx/sso/tests/functional/test_backends.py @@ -0,0 +1,115 @@ +import pytest +from awx.sso.backends import _update_m2m_from_groups + + +class MockLDAPGroups(object): + def is_member_of(self, group_dn): + return bool(group_dn) + + +class MockLDAPUser(object): + def _get_groups(self): + return MockLDAPGroups() + + +@pytest.mark.parametrize( + "setting, expected_result", + [ + (True, True), + ('something', True), + (False, False), + ('', False), + ], +) +def test_mock_objects(setting, expected_result): + ldap_user = MockLDAPUser() + assert ldap_user._get_groups().is_member_of(setting) == expected_result + + +@pytest.mark.parametrize( + "opts, remove, expected_result", + [ + # In these case we will pass no opts so we should get None as a return in all cases + ( + None, + False, + None, + ), + ( + None, + True, + None, + ), + # Next lets test with empty opts ([]) This should return False if remove is True and None otherwise + ( + [], + True, + False, + ), + ( + [], + False, + None, + ), + # Next opts is True, this will always return True + ( + True, + True, + True, + ), + ( + True, + False, + True, + ), + # If we get only a non-string as an option we hit a continue and will either return None or False depending on the remove flag + ( + [32], + False, + None, + ), + ( + [32], + True, + False, + ), + # Finally we need to test whether or not a user should be allowed in or not. + # We use a mock class for ldap_user that simply returns true/false based on the otps + ( + ['true'], + False, + True, + ), + # In this test we are going to pass a string to test the part of the code that coverts strings into array, this should give us True + ( + 'something', + True, + True, + ), + ( + [''], + False, + None, + ), + ( + False, + True, + False, + ), + # Empty strings are considered opts == None and will result in None or False based on the remove flag + ( + '', + True, + False, + ), + ( + '', + False, + None, + ), + ], +) +@pytest.mark.django_db +def test__update_m2m_from_groups(opts, remove, expected_result): + ldap_user = MockLDAPUser() + assert expected_result == _update_m2m_from_groups(ldap_user, opts, remove) diff --git a/awx_collection/plugins/modules/project.py b/awx_collection/plugins/modules/project.py index f67d774aef..97713a267f 100644 --- a/awx_collection/plugins/modules/project.py +++ b/awx_collection/plugins/modules/project.py @@ -388,7 +388,7 @@ def main(): project_fields['organization'] = org_id if scm_type == '' and local_path is not None: - project_fields['local_path'] = local_path + project_fields['local_path'] = local_path if scm_update_cache_timeout not in (0, None) and scm_update_on_launch is not True: module.warn('scm_update_cache_timeout will be ignored since scm_update_on_launch was not set to true') diff --git a/licenses/python-future.txt b/licenses/python-future.txt index c4dfd4b013..4c904dba8f 100644 --- a/licenses/python-future.txt +++ b/licenses/python-future.txt @@ -1,4 +1,4 @@ -Copyright (c) 2013-2016 Python Charmers Pty Ltd, Australia +Copyright (c) 2013-2019 Python Charmers Pty Ltd, Australia Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/licenses/wheel.txt b/licenses/wheel.txt index c3441e6cc8..a31470f14c 100644 --- a/licenses/wheel.txt +++ b/licenses/wheel.txt @@ -1,7 +1,6 @@ -"wheel" copyright (c) 2012-2014 Daniel Holth and -contributors. +MIT License -The MIT License +Copyright (c) 2012 Daniel Holth and contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff --git a/requirements/requirements.in b/requirements/requirements.in index f58baf032e..e66ce702cc 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -25,7 +25,7 @@ django-taggit djangorestframework==3.13.1 djangorestframework-yaml filelock -GitPython +GitPython>=3.1.30 # CVE-2022-24439 hiredis==2.0.0 # see UPGRADE BLOCKERs irc jinja2 @@ -55,7 +55,7 @@ twilio twisted[tls] uWSGI uwsgitop -wheel +wheel>=0.38.1 # CVE-2022-40898 pip==21.2.4 # see UPGRADE BLOCKERs setuptools # see UPGRADE BLOCKERs setuptools_scm[toml] # see UPGRADE BLOCKERs, xmlsec build dep diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 7293ebd046..a8bd03a801 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -154,7 +154,7 @@ frozenlist==1.3.3 # django-radius gitdb==4.0.10 # via gitpython -gitpython==3.1.29 +gitpython==3.1.30 # via -r /awx_devel/requirements/requirements.in google-auth==2.14.1 # via kubernetes diff --git a/tools/docker-compose/ansible/smoke-test.yml b/tools/docker-compose/ansible/smoke-test.yml index 79b0fc2ee2..f4002c8567 100644 --- a/tools/docker-compose/ansible/smoke-test.yml +++ b/tools/docker-compose/ansible/smoke-test.yml @@ -17,7 +17,7 @@ environment: COMPOSE_UP_OPTS: -d args: - chdir: "{{ repo_dir }}" + chdir: "{{ playbook_dir }}/../../../" # Takes a while for migrations to finish - name: Wait for the dev environment to be ready