I noticed this by accident when I ran ansible-lint over this repo from
an outside context; it didn't use the .yamllint in here and started
compalining about eof whitespace.
After scratching my head for a bit as to why this didn't fail here, I
realised we've allowed various newlines since the initial commit
I936fe2c997597972d884c5fc62655d28e8aaf8c5.
Remove this and just use the default eof rules, and fixup the
whitespace as required. This is fairly unimportant, but is nice for
consistency.
Change-Id: Idb46a1f39ba798b0bf70eaa27b4c6b4758ce3d26
This patch adds a new multinode job definition that enables
FIPS mode prior to multinode configuration.
In order to enable FIPS mode, the OS boot procedure need to be
changed to enable the appropriate kernel flag. This modification
has effect only after system reboot.
The default behavior of this job is to always enable FIPS mode.
Change-Id: I6f1365837d9ed2ba82c391a20f9094c9ef0e6c4e
Signed-off-by: Douglas Viroel <dviroel@redhat.com>
- moved vars file under vars to avoid failure to load file (newer
version raise error if you try to put vars outside vars/defaults as
it will assume they are broken playbooks.
- added missing file-modes on few tasks
Change-Id: I7217469d089b655ee16cd038391cffa4197c8c83
Part-Of: https://review.opendev.org/c/zuul/zuul-jobs/+/773245
This prepared for ansible-lint v5 which no longer has exceptions
for task naming, requiring all to be named.
Change-Id: I5e761d1e3836fa270d7afdcf01780320001f820d
Part-Of: #773245
Don't use a shell builtin: shell builtins aren't available since
'command' ansible module is used. Instead, fail with an explicit
error when the required test_command variable is not set.
Fix this error:
Ansible output: b'failed: [host] (item=exit 1) => {
"ansible_loop_var": "item",
"changed": false,
"cmd": "exit 1",
"item": "exit 1",
"msg": "[Errno 2] No such file or directory: 'exit': 'exit'",
"rc": 2
}
Change-Id: I88303f7302d7354ffc8b18e607b28349a9860a57
This error occurs when variables are null and
DEFAULT_JINJA2_NATIVE is enabled:
object of type 'NoneType' has no len()
Change-Id: I7c69be60b846c03e30a0a6e8893bf2f3a3d5e5b8
The job was relying on a security hole to execute untrusted command
on the executor (localhost). This change prevents failure after the
hole is fixed.
Change-Id: I910fb6e6a2659e77991111c8ce5a6b763556aeec
This change adds a new phoronix-test-suite/pre.yaml playbook to
ensure-phoronix-test-suite is installed.
Change-Id: I30d8cca408cca006a452db35cb4f40d4af526dec
This partially reverts commit
3f961ce202d7d24e2944de09636b35cec9c13bf6.
This alternative installs wheel with the ensure-pip role instead of in
a separate role. wheel is very closely linked with pip install
operations so this isn't a large overreach of the role.
I suggest this for several reasons; firstly the python-wheel role
doesn't try to install packages, so we end up with mixed system pip
and upstream versions of wheel most of the time. This is the type of
thing that has proven problematic in the past. It also installs via
pip --user; something we've already had problems with tox when for
various reasons roles want to run this as non-zuul user. Using
ensure-pip we keep the packaged versions together.
[1] did try to install wheel with root, but during runtime which
didn't work due to sudo being revoked. This should work for the
existing build-python-release job, because it already includes
ensure-pip in pre-run via playbooks/python/pre.yaml
I believe our conclusion on the ensure-* roles was that requiring
root/become: for installation is OK, but we should have a no-op path
if the tools are found. This is consistent with that approach
(i.e. if you want wheel and can't do sudo, you should pre-install it
on your image using whatever you build that with).
This adds a check to the existing "is pip installed" check to also
check if wheel packages are available. If not we trigger the install
path.
This revealed some issues with RedHat.yaml -- we can always install
Python 3 (packages available for CentOS 7) so remove that check, and
if Ansible is running under Python 2; ensure we install the
dependencies too (not only if it is forced).
Update the documentation to describe that it will enable support for
bdist_wheel, and add a basic sanity test that wheels are produced by
pip. The existing build-python-release job is kept; although it is
modified to use the playbooks/python/pre.yaml playbook as the build
job does.
Change-Id: I2ab11bb45b6b2a49d54db39195228ab40141185c
[1] https://review.opendev.org/#/c/736001/5/roles/build-python-release/tasks/main.yaml
Adds terraform roles to install and execute terraform.
Supports adding an override.tf file to override configuration in CI
which is useful to let zuul handle module reposity authentication
instead of setting up credentials on the remote during the job.
Also returns the execution plan back as a comment for 'terraform plan'
to make it easy for reviewers.
Change-Id: I3b4f2bac7f055a0c0f9cb7888b4146ac9c007d25
To make it so that a repo can host a simple command which is an
integration test of multiple projects, add the semi-standard
zuul_work_dir variable to the job.
Change-Id: I265469ac9c12c3a38a11b243f3ff747d27141f21
Some javascript operations, like running tests for web-apps, need
browsers. Javascript packages that are not targetting browsers
do not.
Make a -browser version that installs the browsers and xvfb, and
a non-browser version that does not.
Change-Id: I33c12cb0d9516bdffef7d8d04af4dbcb03ed8355
The pre-playbook for the javascript jobs got complex. Extract it
to a role so we can better document it.
Also - stop installing javascript depends in pre - the depends
declared in a patch should be tested as part of the patch.
Change-Id: I50a483f223620cd3f9ecd82887062cfc9ac64b7f
We have a bunch of jobs that are built around the npm role, but
for projects using yarn, that can lead to ignoring yarn.lock.
For projects with a yarn.lock, we can assume the user wants to
use yarn. Make a new js-package-manager role that can detect
if that's the case and otherwise use npm. Make an js_build_tool
parameter that allows the user to override that auto-detection.
Make a whole new suite of jobs that do this behavior, do not have
npm in their name, and default to the latest node LTS, version 14.
Don't install yarn if we're not going to use yarn. Also allow people
who want to use yarn but don't have a yarn.lock to override
js_build_tool everywhere we do that logic.
Mark the old jobs deprecated.
Shift the npm and yarn roles to use the new js-package-manager role
with defaults set.
Change-Id: I8013228ca05607a69f390a9bb75991fc6543f865
We currently run ensure-python after running ensure-tox which means that
both ensure-pip and ensure-tox ran against the system Python instead of
the version that's created by ensure-python.
Depends-On: https://review.opendev.org/726549
Change-Id: Id2100bb5f981944223063cf4b2a5a568cc1dc366
YARN needs a modern version of NodeJS and if we don't use the role
to get the latest version, we end up failing on most platforms that
ship an old version of it.
This patch also adds testing to validate that ensure-yarn alone works.
Co-Authored-By: Andreas Jaeger <aj@suse.com>
Change-Id: I83ac09bc5751c85c6f1eac550d289a300ca2255e
This adds a custom ansible-lint rule at .rules/ZuulJobsNamespaceLoopVar.py
that enforces the loop var policy described at:
https://zuul-ci.org/docs/zuul-jobs/policy.html#ansible-loops-in-roles
It also updates existing roles to follow the policy.
Change-Id: I92b2ff56a1c2702542fc07b316f1809087a4c92f
This change adds new jobs to run and combine phoronix test suite results.
Co-Authored-By: Nicolas Hicher <nhicher@redhat.com>
Change-Id: If94cdbd91c8d80393a71cd5c36690563de9edcd6
This patch adds a roles and jobs to run golangci-lint against a
a Golang project. It's a very popular tool for linting go code.
It also adds a simple framework which allows us to create dynamic
tests for file comments by defining a simple YAML file.
Change-Id: Ic8358541adaf7c3279383f0279cd3da7b446a6e0