mirror of
https://github.com/ansible/awx.git
synced 2026-01-10 15:32:07 -03:30
f1e5cadce7
* 🧪 Unpersist Git creds @ cov combine job This is one of the things Zizmor [[1]] warns about. [1]: https://docs.zizmor.sh * 🧪 Download all coverage artifacts in one go * 🧪 Delegate artifact garbage collection to GH This is implemented by setting the retention days input to 1 on the initial upload. Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <webknjaz@redhat.com>
308 lines
10 KiB
YAML
308 lines
10 KiB
YAML
---
|
|
name: CI
|
|
env:
|
|
LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting
|
|
CI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
DEV_DOCKER_OWNER: ${{ github.repository_owner }}
|
|
COMPOSE_TAG: ${{ github.base_ref || 'devel' }}
|
|
on:
|
|
pull_request:
|
|
jobs:
|
|
common-tests:
|
|
name: ${{ matrix.tests.name }}
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
tests:
|
|
- name: api-test
|
|
command: /start_tests.sh
|
|
- name: api-migrations
|
|
command: /start_tests.sh test_migrations
|
|
- name: api-lint
|
|
command: /var/lib/awx/venv/awx/bin/tox -e linters
|
|
- name: api-swagger
|
|
command: /start_tests.sh swagger
|
|
- name: awx-collection
|
|
command: /start_tests.sh test_collection_all
|
|
- name: api-schema
|
|
command: /start_tests.sh detect-schema-change SCHEMA_DIFF_BASE_BRANCH=${{ github.event.pull_request.base.ref }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false
|
|
|
|
- name: Build awx_devel image for running checks
|
|
uses: ./.github/actions/awx_devel_image
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
private-github-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
|
|
|
|
- name: Run check ${{ matrix.tests.name }}
|
|
run: AWX_DOCKER_CMD='${{ matrix.tests.command }}' make docker-runner
|
|
|
|
dev-env:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- uses: ./.github/actions/run_awx_devel
|
|
id: awx
|
|
with:
|
|
build-ui: false
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
private-github-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
|
|
|
|
- name: Run live dev env tests
|
|
run: docker exec tools_awx_1 /bin/bash -c "make live_test"
|
|
|
|
awx-operator:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
env:
|
|
DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
|
|
steps:
|
|
- name: Checkout awx
|
|
uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false
|
|
path: awx
|
|
|
|
- name: Checkout awx-operator
|
|
uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false\
|
|
repository: ansible/awx-operator
|
|
path: awx-operator
|
|
|
|
- name: Get python version from Makefile
|
|
working-directory: awx
|
|
run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV
|
|
|
|
- name: Install python ${{ env.py_version }}
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: ${{ env.py_version }}
|
|
|
|
- name: Install playbook dependencies
|
|
run: |
|
|
python3 -m pip install docker
|
|
|
|
- name: Generate placeholder SSH private key if SSH auth for private repos is not needed
|
|
id: generate_key
|
|
shell: bash
|
|
run: |
|
|
if [[ -z "${{ secrets.PRIVATE_GITHUB_KEY }}" ]]; then
|
|
ssh-keygen -t ed25519 -C "github-actions" -N "" -f ~/.ssh/id_ed25519
|
|
echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
|
|
cat ~/.ssh/id_ed25519 >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "SSH_PRIVATE_KEY<<EOF" >> $GITHUB_OUTPUT
|
|
echo "${{ secrets.PRIVATE_GITHUB_KEY }}" >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Add private GitHub key to SSH agent
|
|
uses: webfactory/ssh-agent@v0.9.0
|
|
with:
|
|
ssh-private-key: ${{ steps.generate_key.outputs.SSH_PRIVATE_KEY }}
|
|
|
|
- name: Build AWX image
|
|
working-directory: awx
|
|
run: |
|
|
VERSION=`make version-for-buildyml` make awx-kube-build
|
|
env:
|
|
COMPOSE_TAG: ci
|
|
DEV_DOCKER_TAG_BASE: local
|
|
HEADLESS: yes
|
|
|
|
- name: Run test deployment with awx-operator
|
|
working-directory: awx-operator
|
|
run: |
|
|
python3 -m pip install -r molecule/requirements.txt
|
|
ansible-galaxy collection install -r molecule/requirements.yml
|
|
sudo rm -f $(which kustomize)
|
|
make kustomize
|
|
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule -v test -s kind -- --skip-tags=replicas
|
|
env:
|
|
AWX_TEST_IMAGE: local/awx
|
|
AWX_TEST_VERSION: ci
|
|
AWX_EE_TEST_IMAGE: quay.io/ansible/awx-ee:latest
|
|
STORE_DEBUG_OUTPUT: true
|
|
|
|
- name: Upload debug output
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: awx-operator-debug-output
|
|
path: ${{ env.DEBUG_OUTPUT_DIR }}
|
|
|
|
collection-sanity:
|
|
name: awx_collection sanity
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
ansible:
|
|
- stable-2.17
|
|
# - devel
|
|
steps:
|
|
- name: Perform sanity testing
|
|
uses: ansible-community/ansible-test-gh-action@release/v1
|
|
with:
|
|
ansible-core-version: ${{ matrix.ansible }}
|
|
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
|
collection-root: awx_collection
|
|
pre-test-cmd: >-
|
|
ansible-playbook
|
|
-i localhost,
|
|
tools/template_galaxy.yml
|
|
-e collection_package=awx
|
|
-e collection_namespace=awx
|
|
-e collection_version=1.0.0
|
|
-e '{"awx_template_version": false}'
|
|
testing-type: sanity
|
|
|
|
- name: Upload awx jUnit test reports to the unified dashboard
|
|
if: >-
|
|
!cancelled()
|
|
&& steps.make-run.outputs.test-result-files != ''
|
|
&& github.event_name == 'push'
|
|
&& env.UPSTREAM_REPOSITORY_ID == github.repository_id
|
|
&& github.ref_name == github.event.repository.default_branch
|
|
run: |
|
|
for junit_file in $(echo '${{ steps.make-run.outputs.test-result-files }}' | sed 's/,/ /')
|
|
do
|
|
curl \
|
|
-v \
|
|
--user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}" \
|
|
--form "xunit_xml=@${junit_file}" \
|
|
--form "component_name=awx" \
|
|
--form "git_commit_sha=${{ github.sha }}" \
|
|
--form "git_repository_url=https://github.com/${{ github.repository }}" \
|
|
"${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/"
|
|
done
|
|
|
|
collection-integration:
|
|
name: awx_collection integration
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
target-regex:
|
|
- name: a-h
|
|
regex: ^[a-h]
|
|
- name: i-p
|
|
regex: ^[i-p]
|
|
- name: r-z0-9
|
|
regex: ^[r-z0-9]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
show-progress: false
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- uses: ./.github/actions/run_awx_devel
|
|
id: awx
|
|
with:
|
|
build-ui: false
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
private-github-key: ${{ secrets.PRIVATE_GITHUB_KEY }}
|
|
|
|
- name: Install dependencies for running tests
|
|
run: |
|
|
python3 -m pip install -e ./awxkit/
|
|
python3 -m pip install -r awx_collection/requirements.txt
|
|
|
|
- name: Run integration tests
|
|
run: |
|
|
echo "::remove-matcher owner=python::" # Disable annoying annotations from setup-python
|
|
echo '[general]' > ~/.tower_cli.cfg
|
|
echo 'host = https://${{ steps.awx.outputs.ip }}:8043' >> ~/.tower_cli.cfg
|
|
echo 'oauth_token = ${{ steps.awx.outputs.admin-token }}' >> ~/.tower_cli.cfg
|
|
echo 'verify_ssl = false' >> ~/.tower_cli.cfg
|
|
TARGETS="$(ls awx_collection/tests/integration/targets | grep '${{ matrix.target-regex.regex }}' | tr '\n' ' ')"
|
|
make COLLECTION_VERSION=100.100.100-git COLLECTION_TEST_TARGET="--coverage --requirements $TARGETS" test_collection_integration
|
|
env:
|
|
ANSIBLE_TEST_PREFER_PODMAN: 1
|
|
|
|
# Upload coverage report as artifact
|
|
- uses: actions/upload-artifact@v4
|
|
if: always()
|
|
with:
|
|
name: coverage-${{ matrix.target-regex.name }}
|
|
path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/
|
|
retention-days: 1
|
|
|
|
- uses: ./.github/actions/upload_awx_devel_logs
|
|
if: always()
|
|
with:
|
|
log-filename: collection-integration-${{ matrix.target-regex.name }}.log
|
|
|
|
collection-integration-coverage-combine:
|
|
name: combine awx_collection integration coverage
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
needs:
|
|
- collection-integration
|
|
strategy:
|
|
fail-fast: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
show-progress: false
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- name: Upgrade ansible-core
|
|
run: python3 -m pip install --upgrade ansible-core
|
|
|
|
- name: Download coverage artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
merge-multiple: true
|
|
path: coverage
|
|
pattern: coverage-*
|
|
|
|
- name: Combine coverage
|
|
run: |
|
|
make COLLECTION_VERSION=100.100.100-git install_collection
|
|
mkdir -p ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage
|
|
cp -rv coverage/* ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/
|
|
cd ~/.ansible/collections/ansible_collections/awx/awx
|
|
ansible-test coverage combine --requirements
|
|
ansible-test coverage html
|
|
echo '## AWX Collection Integration Coverage' >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
ansible-test coverage report >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
echo >> $GITHUB_STEP_SUMMARY
|
|
echo '## AWX Collection Integration Coverage HTML' >> $GITHUB_STEP_SUMMARY
|
|
echo 'Download the HTML artifacts to view the coverage report.' >> $GITHUB_STEP_SUMMARY
|
|
|
|
- name: Upload coverage report as artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: awx-collection-integration-coverage-html
|
|
path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/reports/coverage
|