Update the deprecation policy to indicate that zuul-jobs is no
longer tested with EOL platforms. Also explicitly switch the minimum
Python 3 documented to 3.6, and add a note to the tox-py34 and
tox-py35 jobs mentioning that they're no longer directly tested.
Move those jobs to the deprecated jobs list as well, to help
reinforce the point that their continued use is not recommended.
Change-Id: I2edbf8ea010caf7a7641e0d88f360965fc0b96ab
In change Iafeb88eaf9a596603ad4d2134a4574345d5189ab we fixed a bug
with handling of `tox --showconfig -vv` in the siblings tasks for
the tox role. This arose because of the desire to add tox_extra_args
to all tox invocations in Ibfe77f67e43135ae5af7588d6859b8b3dbd4c3ca
because we currently set a default of '-vv' for the tox_extra_args
rolevar. This fix could easily regress in the future if we were to
ever change the default value, so explicitly test with it in the
zuul-jobs-test-tox job by adding it to the python/tox test playbook.
Change-Id: Ib6ddf7d188904193a5ecd520acac1d676e5d78ae
When the tox role was introduced, a tox_extra_args rolevar was
included allowing the tox command line to be extended with arbitrary
options. When siblings functionality was added, tox_extra_args did
not get included in its separate tox invocations. If a project has a
particular situation where some aspect of tox's functionality must
be overridden in order to work, doing so through tox_extra_args
needs to apply to every tox invocation, including siblings installs.
Change-Id: Ibfe77f67e43135ae5af7588d6859b8b3dbd4c3ca
Unfortunately, when tox combines --showconfig with verbosity options
like -vv, some non-config output gets streamed to stdout before the
configuration is emitted. Filter this preamble in
tox_install_sibling_packages by discarding any initial lines of
output before the first section heading.
Also extend get_envlist() to deal with the fact that additional
verbosity adds a [tox] section in the --showconfig output, which it
was previously relying on to determine whether the config had been
filtered to a subset of env sections. Instead also check the
tox.args string to determine whether a -e option was passed on the
command line.
Change-Id: Iafeb88eaf9a596603ad4d2134a4574345d5189ab
In some situations, projects may not keep a tox.ini in the root
directory of their repository, or may even have multiple tox
configuration files. Allow the location and name of the config to be
overridden explicitly through the use of a new rolevar.
Change-Id: I1927142e6d9fa75e96902ae001c8ca98d69c7443
SetupTools 58 dropped support for its old use_2to3 option, which has
started surfacing a number of ancient Python packages in need of
updates. In this case, the last full release of funcparserlib (which
is a transitive dependency by way of blockdiag by way of
sphinxcontrib-blockdiag) was in 2013, but luckily they have an alpha
release which we can pin explicitly and pull in as a temporary
workaround to get docs builds going again.
Change-Id: I6903eeac2c479e2da795c1dbd215cdee33d09fd7
Ubuntu Xenial reached end of standard support almost 6 months ago.
Its default python3 is 3.5, which new versions of many libraries are
dropping support for as that hit EOL earlier this month. We are now
faced with a situation where we cannot test the fetch-sphinx-tarball
role on Xenial because latest SetupTools breaks old funcparserlib
(indirectly needed for our blockdiag and seqdiag elements in
zuul-jobs' docker-image.rst), and the only funcparserlib release
which is installable has dropped Python 3.5 support.
Cease running Ubuntu Xenial platform and Python 3.5 tests for
changes to zuul-jobs now. This is a soft removal, since we're not
actually removing Xenial platform checks from playbooks or roles
yet, nor removing the tox-py35 job definition.
Change-Id: I46b9b887427133147481e92a1e7c523e6592fd2d
Our Google Cloud log upload role relies on google-cloud-storage,
which in turn needs protobuf. Unfortunately, protobuf dropped Python
2.7 and 3.5 support in its 3.18.0 release, so we use an environment
marker to pin it in our test requirements.
Change-Id: I89caf4e36850fc4a912b76d75f368144ddb5e15f
Work around lack of SNI support in old distutils versions shipped
with Python on platforms like CentOS 7 and Ubuntu 16.04 LTS by
installing PBR first so that distutils won't be compelled to do so.
Warehouse (PyPI) ceased supporting clients without SNI support in
March of this year.
Change-Id: Ic741d9a87c2ca3a5249cd03c3cbd38e2ad1f46a1
Avoid false-positive CI testing with tox where misconfigured tox
projects end-up skipping tests or running with different python
version than the required one.
While use of this option on development machine may be ok, when
executed in CI context, we never want to be relaxed about what
we test and which versions of python we use.
I seen projects running with wrong version of python for months
before someone discovered that a different version of python
was used on CI.
Change-Id: I5be9bce86833db11afd7072e477ccaf42658bf99
It seems like BuildKit is the next generation, but not likely to be
enabled by default soon (https://github.com/moby/moby/issues/40379).
Add a flag so people who want to use its features can easily opt-in.
Change-Id: I862819959c77a557199f64b4d42109bc7915959c
We have seen instances where type -p (s)testr seems to return with a
leading blank line which confuses ansible later when trying to use the
first line of output as the path to (s)testr. Address this by chomping
with grep -v ^$. Additionally use type -P instead of -p to ensure we
always get a path even when the command may be an alias or builtin.
Change-Id: Ibffe1e1499eca18ef5dc3904fe222a55242b827d
The official podman ubuntu install guide[1] tells to install podman from
Kubic project repo for ubuntu Bionic and Focal. And project atomic PPA
repo[2] is deprecated.
But Kubic repo only provides x86_64 deb packages for Bionic. For non x86_64
platforms use project atomic PPA repo on Bionic.
Also add a job zuul-jobs-test-ensure-podman-ubuntu-focal.
[1] https://podman.io/getting-started/installation
[2] https://launchpad.net/~projectatomic/+archive/ubuntu/ppa
Change-Id: I402adf1866e4bb8f3b388216bc48b9927e1388b1
This option is ignored by Zuul as of release 4.7.0
This change is safe to merge now, as it won't break older versions.
Change-Id: I29d943462524b44cd04943df42838944fd43535d
We've seen a case where we can still push and pull tags from dockerhub,
but the web UI and API seem out of sync with the actual registry. In
this case, we would like to continue, even though it will leave some
unused tags in the repo (they can be cleaned up later if they ever
show up).
Change-Id: If000163a321c869c46cfed4233c2ea42c3e8471b
So that tests which use ZooKeeper can issue the 4-letter-word
debug commands, make sure they are enabled in the zoo.cfg file.
Change-Id: Ib614e918e02306564c2ed6adb4ec350e40df9043
When trying to upload .gz files, we do not set the ContentEncoding
argument to upload_fileobj but leave it as None. The upload then fails
because NoneType is not allowed. Therefore, leave out this parameter,
and also the ContentType parameter, from the extra args completely if
they are not set.
Change-Id: I601944ac83d5e823aa4dcfd0db880a38474288af
The case where this isn't set isn't exercised by the tests, so we missed
this. We need to supply an empty list of artifacts to iterate over if
there are no zuul artifacts.
Change-Id: I082e3546ddc0ff57386063a4f697ae6584db9f90
Now that the opendev buildset registry job is fixed by the parent
change, these jobs can be re-added.
Change-Id: I0b904f552e377a8135e028106aa0b863d5094c04
Because buildset registries may be used by jobs that finish before other
jobs are finished using the buildset registry we must be careful not to
expose the registry credentials in the jobs that finish sooner.
Otherwise logs for the earlier job runs could potentially be used to
poison the registry for later jobs.
This is likely currently incomplete. Other Zuulians should look over it
carefully to ensure we're covering all the bases here.
The cases I've identified so far are:
* Setting facts that include passwords
* Reading and writing to files that include passwords (as content may be
logged)
* Calling modules with passwords passed as arguments (the module
invocation is logged)
I've also set no_log on zuul_return that passes up credentials because
while the logging for zuul_return is minimal today, I don't want to
count on it remaining that way.
We also use the yet to be merged secret_data attribute on zuul_return to
ensure that zuul_return itself does not expose anything unwanted.
Finally it would be great if others could check over the use of
buildset_registry variables to make sure there aren't any that got
missed. One thing I'm not sure of is whether or not when conditionals
get logged and if we need to be careful about their use too.
Temporarily remove some buildset-regitry jobs which are in a catch-22.
Change-Id: I2dea683e27f00b99a7766bf830981bf91b925265
This adds new lines between tasks, to make it a little easier to read.
Change-Id: I78ac55027fec58eabd95f097ff9946fa6b2cff9d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Fedora 32 is now EOL, we should test against the newly released
version of Fedora which is 34.
The podman job is made non-voting while we investigate issues running
as non-root.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/795604
Change-Id: I962a123e1fbf68f064a197700d0fd0da239fca72
Technically dnf doesn't require dnf-plugins-core so it's possible "dnf
copr" may not work. Our Fedora 34 images aren't pre-installing it
(something we should probably fix) but this should be fine as a
generic saftey bootstrap anyway.
Change-Id: I8a645f582f5955c93b4e115ad8bed7c46def5c82
This change enables using fetch-translation role along with
the fetch-output role. By default the role still synchronizes
artifacts back to the executor.
Change-Id: I85c021706c1fa20f8d28b3a1f56c9435ac3836d5
The `helm init` command fails under releases of Helm prior to 2.17.0
due to the fact that the stable charts have been moved[1].
Helm 2 is EOL and ideally this should be bumped to Helm 3 at some point,
but that is a bigger exercise that will require notifying all users
so this minor bump should improve overall UX without affecting users.
[1]: https://helm.sh/blog/new-location-stable-incubator-charts/
Change-Id: Ica60f3225bd7bb3f9cce0af27b486604bfb9b2d5
Properties can be used to tag files.
When another system is using a property filter, being able to set
the properties for zuul artifacts is very convenient.
Change-Id: Ib16ca0f6b532649daa77aa26a8ffa29b78429b71