zuul/zuul-jobs
Code Issues Proposed changes
fc8e68f0e9
zuul-jobs/test-playbooks/base-roles/fetch-zuul-cloner.yaml
Clark Boylan 44d2187e7f Disable base role testing that runs code on localhost 
The workspace setup role requires local code execution on the executor.
This is not allowed from an untrusted context so we disable it.

The previous assertions about the zuul-cloner setup depend on the
workspace setup running successfully. Disable those extra assertions.

subunit fetching role assertions grepped the html file for validity on
localhost. Disable this as well.

Change-Id: I7449749f50b6e4a34c4615b00836a7148e01c768
2020-07-22 15:32:18 -07:00

88 lines
2.7 KiB
YAML
Raw Blame History

- name: Test the fetch-zuul-cloner role
hosts: all
vars:
destination: "/usr/zuul-env/bin/zuul-cloner"
repo_src_dir: "{{ ansible_user_dir }}/src/opendev.org"
roles:
- role: fetch-zuul-cloner
post_tasks:
- name: Check that the directory exists
file:
path: "{{ destination | dirname }}"
state: directory
register: directory
- name: Check that the zuul-cloner shim exists
stat:
path: "{{ destination }}"
register: cloner
- name: Validate that the shim was installed successfully
assert:
that:
- directory is not changed
- directory is succeeded
- cloner.stat.exists
- cloner.stat.mode == "0755"
# Disabled as this depends on running workspace setup which requires
# being able to run code on the executor from an untrusted context and
# this is not allowed.
# - name: Zuul clone something in required-projects
# shell:
# executable: /bin/bash
# cmd: |
# CLONEMAP=`mktemp`
# function cleanup {
# rm -f $CLONEMAP
# }
# trap cleanup EXIT
# cat > $CLONEMAP << EOF
# clonemap:
# - name: opendev/base-jobs
# dest: {{ ansible_user_dir }}
# EOF
# /usr/zuul-env/bin/zuul-cloner -m $CLONEMAP \
# --cache-dir /opt/git https://opendev.org \
# opendev/base-jobs
# register: clone_with_required
# - name: Check if repository was cloned
# stat:
# path: "{{ ansible_user_dir }}/src/opendev.org/opendev/base-jobs"
# register: with_required_stat
- name: Zuul clone something not in required-projects
shell:
executable: /bin/bash
cmd: |
CLONEMAP=`mktemp`
function cleanup {
rm -f $CLONEMAP
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: jjb/jenkins-job-builder
dest: {{ ansible_user_dir }}
EOF
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP \
--cache-dir /opt/git https://git.openstack.org \
jjb/jenkins-job-builder
ignore_errors: yes
register: clone_without_required
- name: Check if repository was cloned
stat:
path: "{{ ansible_user_dir }}/src/git.openstack.org/jjb/jenkins-job-builder"
register: without_required_stat
- name: Validate zuul-cloner shim results
assert:
that:
# - clone_with_required is succeeded
# - clone_with_required is changed
# - with_required_stat.stat.exists
- clone_without_required is failed
- not without_required_stat.stat.exists
View Git Blame Copy Permalink