airship/pegleg
Code Issues Proposed changes
Files
ba7c902af5fcb6c0073e54cad63e2c86a50af74b
pegleg/tools/gate/roles/airship-run-script-set/tasks/main.yaml
Sergiy Markin ba7c902af5 Image updates for CVE 
This PS updates image during build process to get
rid of the CVEs and bumps up helm vertion to
3.17.3.

In order to decrease the image size *-dev libs are
installed only when needed to build/install Python
packages.

Change-Id: I23f56b986875e1dc4c76fd7bc06fd49a30900967
2025-04-24 20:49:15 +00:00

85 lines
4.4 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- block:
- name: "Run script set {{ workload }}"
shell: |
set -xe;
{{ gate_script_path }}
loop: "{{ workload }}"
loop_control:
loop_var: gate_script_path
pause: 5
args:
chdir: "{{ zuul.project.src_dir }}/{{ gate_scripts_relative_path }}"
environment:
CEPH_OSD_DATA_DEVICE: "{{ ceph_osd_data_device }}"
POD_NETWORK_CIDR: "{{ kubeadm.pod_network_cidr }}"
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
OSH_PATH: "{{ zuul_osh_relative_path | default('../openstack-helm/') }}"
OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('../openstack-helm-infra/') }}"
OPENSTACK_RELEASE: "{{ osh_params.openstack_release | default('') }}"
CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}"
PL_SITE: "{{ site | default('airskiff') }}"
HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz') }}"
HTK_COMMIT: "{{ HTK_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('cfff60ec10a6c386f38db79bb9f59a552c2b032f') }}"
OSH_COMMIT: "{{ OSH_COMMIT | default('2d9457e34ca4200ed631466bd87569b0214c92e7') }}"
COREDNS_VERSION: "{{ coredns_version | default('v1.11.1') }}"
DISTRO: "{{ DISTRO | default('ubuntu_focal') }}"
DOCKER_REGISTRY: "{{ DOCKER_REGISTRY | default('quay.io') }}"
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
CLONE_ARMADA: "{{ CLONE_ARMADA | default('true') }}"
CLONE_DECKHAND: "{{ CLONE_DECKHAND | default('true') }}"
CLONE_SHIPYARD: "{{ CLONE_SHIPYARD | default('true') }}"
CLONE_PORTHOLE: "{{ CLONE_PORTHOLE | default('true') }}"
CLONE_PROMENADE: "{{ CLONE_PROMENADE | default('true') }}"
CLONE_MAAS: "{{ CLONE_MAAS | default('true') }}"
CLONE_OSH: "{{ CLONE_OSH | default('true') }}"
MAKE_ARMADA_IMAGES: "{{ MAKE_ARMADA_IMAGES | default('false') }}"
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
MAKE_SHIPYARD_IMAGES: "{{ MAKE_SHIPYARD_IMAGES | default('false') }}"
MAKE_DECKHAND_IMAGES: "{{ MAKE_DECKHAND_IMAGES | default('false') }}"
MAKE_PORTHOLE_IMAGES: "{{ MAKE_PORTHOLE_IMAGES | default('false') }}"
MAKE_PROMENADE_IMAGES: "{{ MAKE_PROMENADE_IMAGES | default('false') }}"
# NOTE(aostapenko) using bigger than async_status timeout due to async_status issue with
# not recognizing timed out jobs: https://github.com/ansible/ansible/issues/25637
async: 3600
poll: 0
register: async_results
- name: Wait for script set to finish
async_status:
jid: '{{ item.ansible_job_id }}'
register: jobs
until: jobs.finished
delay: 5
retries: 360
loop: "{{ async_results.results }}"
always:
- name: Print script set output
shell: |
# NOTE(aostapenko) safely retrieving items for the unlikely case if jobs timed out in async_status
echo 'STDOUT:\n{{ item.get("stdout") | regex_replace("\'", "") }}\nSTDERR:\n{{ item.get("stderr") | regex_replace("\'", "") }}'
loop: "{{ jobs.results }}"
...
View Git Blame Copy Permalink