Merge pull request #515 from maxamillion/tests/azure_pipelines

remove old pipelines, run sanity in pipelines because we're dropping zuul

SUMMARY

remove old pipelines, run sanity in pipelines because we're dropping zuul

ISSUE TYPE


Bugfix Pull Request

.azure-pipelines/azure-pipelines.yml

@@ -36,12 +36,79 @@ variables:
 resources:
   containers:
     - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:3.0.0
+      image: quay.io/ansible/azure-pipelines-test-container:main
 
 pool: Standard
 
 stages:
 
+  - stage: Sanity_devel
+    displayName: Ansible devel sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: "devel/{0}"
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+#           - name: Lint
+#             test: lint
+  - stage: Sanity_2_16
+    displayName: Ansible 2.16 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: "2.16/{0}"
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+  - stage: Sanity_2_15
+    displayName: Ansible 2.15 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: "2.15/{0}"
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+  - stage: Sanity_2_14
+    displayName: Ansible 2.14 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: "2.14/{0}"
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+  - stage: Sanity_2_9
+    displayName: Ansible 2.9 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: "2.9/{0}"
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
 ## Docker
   - stage: Docker_devel
     displayName: Docker devel
@@ -50,6 +117,37 @@ stages:
       - template: templates/matrix.yml
         parameters:
           testFormat: devel/linux/{0}/1
+          targets:
+            - name: Fedora 39
+              test: fedora39
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+  - stage: Docker_2_16
+    displayName: Docker 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.16/linux/{0}/1
+          targets:
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 38
+              test: fedora38
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+
+  - stage: Docker_2_15
+    displayName: Docker 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/linux/{0}/1
           targets:
             - name: CentOS 7
               test: centos7
@@ -79,88 +177,6 @@ stages:
               test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
-  - stage: Docker_2_13
-    displayName: Docker 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/linux/{0}/1
-          targets:
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 34
-              test: fedora34
-            - name: Fedora 35
-              test: fedora35
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 18.04
-              test: ubuntu1804
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-  - stage: Docker_2_12
-    displayName: Docker 2.12
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.12/linux/{0}/1
-          targets:
-            - name: CentOS 6
-              test: centos6
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 33
-              test: fedora33
-            - name: Fedora 34
-              test: fedora34
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 18.04
-              test: ubuntu1804
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-  - stage: Docker_2_11
-    displayName: Docker 2.11
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.11/linux/{0}/1
-          targets:
-            - name: CentOS 6
-              test: centos6
-            - name: CentOS 7
-              test: centos7
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 18.04
-              test: ubuntu1804
-  - stage: Docker_2_10
-    displayName: Docker 2.10
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.10/linux/{0}/1
-          targets:
-            - name: CentOS 6
-              test: centos6
-            - name: CentOS 7
-              test: centos7
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 16.04
-              test: ubuntu1604
-            - name: Ubuntu 18.04
-              test: ubuntu1804
   - stage: Docker_2_9
     displayName: Docker 2.9
     dependsOn: []
@@ -191,18 +207,43 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: MacOS 13.2
+            - name: RHEL 9.3
-              test: macos/13.2
+              test: rhel/9.3
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
+  - stage: Remote_2_16
+    displayName: Remote 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.16/{0}/1
+          targets:
+            - name: RHEL 8.8
+              test: rhel/8.8
+            - name: RHEL 9.2
+              test: rhel/9.2
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
+
+  - stage: Remote_2_15
+    displayName: Remote 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/{0}/1
+          targets:
             - name: RHEL 7.9
               test: rhel/7.9
             - name: RHEL 8.7
               test: rhel/8.7
             - name: RHEL 9.1
               test: rhel/9.1
-            - name: FreeBSD 12.4
-              test: freebsd/12.4
             - name: FreeBSD 13.1
               test: freebsd/13.1
+            - name: FreeBSD 12.4
+              test: freebsd/12.4
   - stage: Remote_2_14
     displayName: Remote 2.14
     dependsOn: []
@@ -211,84 +252,14 @@ stages:
         parameters:
           testFormat: 2.14/{0}/1
           targets:
-            - name: MacOS 12.0
-              test: macos/12.0
             - name: RHEL 7.9
               test: rhel/7.9
             - name: RHEL 8.6
               test: rhel/8.6
-            - name: RHEL 9.0
-              test: rhel/9.0
-            - name: FreeBSD 12.3
-              test: freebsd/12.3
             - name: FreeBSD 13.1
               test: freebsd/13.1
-  - stage: Remote_2_13
+            - name: FreeBSD 12.4
-    displayName: Remote 2.13
+              test: freebsd/12.4
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/{0}/1
-          targets:
-            - name: MacOS 12.0
-              test: macos/12.0
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.5
-              test: rhel/8.5
-            - name: FreeBSD 12.3
-              test: freebsd/12.3
-            - name: FreeBSD 13.0
-              test: freebsd/13.0
-  - stage: Remote_2_12
-    displayName: Remote 2.12
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.12/{0}/1
-          targets:
-            - name: MacOS 11.1
-              test: macos/11.1
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.4
-              test: rhel/8.4
-            - name: FreeBSD 12.2
-              test: freebsd/12.2
-            - name: FreeBSD 13.0
-              test: freebsd/13.0
-  - stage: Remote_2_11
-    displayName: Remote 2.11
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.11/{0}/1
-          targets:
-            - name: MacOS 11.1
-              test: macos/11.1
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.3
-              test: rhel/8.3
-            - name: FreeBSD 12.2
-              test: freebsd/12.2
-  - stage: Remote_2_10
-    displayName: Remote 2.10
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.10/{0}/1
-          targets:
-            - name: OS X 10.11
-              test: osx/10.11
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.2
-              test: rhel/8.2
   - stage: Remote_2_9
     displayName: Remote 2.9
     dependsOn: []
@@ -297,8 +268,6 @@ stages:
         parameters:
           testFormat: 2.9/{0}/1
           targets:
-            - name: OS X 10.11
-              test: osx/10.11
             - name: RHEL 7.9
               test: rhel/7.9
             - name: RHEL 8.1
@@ -309,18 +278,19 @@ stages:
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
+      - Sanity_2_9
       - Remote_2_9
       - Docker_2_9
-      - Remote_2_10
+      - Sanity_2_14
-      - Docker_2_10
-      - Remote_2_11
-      - Docker_2_11
-      - Remote_2_12
-      - Docker_2_12
-      - Remote_2_13
-      - Docker_2_13
       - Remote_2_14
       - Docker_2_14
+      - Sanity_2_15
+      - Remote_2_15
+      - Docker_2_15
+      - Sanity_2_16
+      - Remote_2_16
+      - Docker_2_16
+      - Sanity_devel
       - Remote_devel
       - Docker_devel
     jobs:

CHANGELOG.rst

@@ -5,6 +5,24 @@ ansible.posix Release Notes
 .. contents:: Topics
 
 
+v1.5.4
+======
+
+Minor Changes
+-------------
+
+- json and jsonl - Add the ``ANSIBLE_JSON_INDENT`` parameter
+- json and jsonl - Add the ``path`` attribute into the play and task output
+
+Bugfixes
+--------
+
+- Fix sysctl integration test failing on newer versions of core. Previously NoneType was allowable, now it fails to convert to a str type.
+- Support new sanity test for the ansible-core devel branch CI test (https://github.com/ansible-collections/ansible.posix/issues/446).
+- firewall - Fix issue where adding an interface to a zone would fail when the daemon is offline
+- firewall - Fix issue where opening a specific port resulted in opening the whole protocol of the specified port
+- firewalld - Consider value of masquerade and icmp_block_inversion parameters when a boolean like value is passed
+
 v1.5.2
 ======
 

changelogs/changelog.yaml

@@ -321,3 +321,29 @@ releases:
     - 434-fix-rhel_facts-exit_json.yml
     - 535-add-jsonl-callback.yml
     release_date: '2023-04-07'
+  1.5.4:
+    changes:
+      bugfixes:
+      - Fix sysctl integration test failing on newer versions of core. Previously
+        NoneType was allowable, now it fails to convert to a str type.
+      - Support new sanity test for the ansible-core devel branch CI test (https://github.com/ansible-collections/ansible.posix/issues/446).
+      - firewall - Fix issue where adding an interface to a zone would fail when the
+        daemon is offline
+      - firewall - Fix issue where opening a specific port resulted in opening the
+        whole protocol of the specified port
+      - firewalld - Consider value of masquerade and icmp_block_inversion parameters
+        when a boolean like value is passed
+      minor_changes:
+      - json and jsonl - Add the ``ANSIBLE_JSON_INDENT`` parameter
+      - json and jsonl - Add the ``path`` attribute into the play and task output
+    fragments:
+    - 343-fix-profile_tasks-callback-documentation.yml
+    - 402_firewall_fix_offline_interface_add.yml
+    - 404_firewalld_masquerade_icmp_block_inversion_bugfixes.yml
+    - 440-json-add-path-field.yaml
+    - 441-json-add-indent-parameter.yaml
+    - 445_ci_support_stable-215.yml
+    - 448_support_new_sanity_test.yml
+    - 451_firewall_fix_protocol_parameter.yml
+    - 456_sysctl_fix_nonetype.yml
+    release_date: '2023-05-10'

changelogs/fragments/460-respawn.yaml

@@ -0,0 +1,10 @@
+---
+minor_changes:
+  - "seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
+    (https://github.com/ansible-collections/ansible.posix/pull/460)."
+  - "selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
+    (https://github.com/ansible-collections/ansible.posix/pull/460)."
+  - "firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
+    (https://github.com/ansible-collections/ansible.posix/pull/460)."
+  - "firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
+    (https://github.com/ansible-collections/ansible.posix/pull/460)."

changelogs/fragments/466-tests.yml

@@ -0,0 +1,2 @@
+trivial:
+  - "Fix integration tests so they work with ansible-core devel / 2.16 (https://github.com/ansible-collections/ansible.posix/pull/466)."

changelogs/fragments/477_ci_update.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - "Drop Python3.9 and update versions of RHEL,Fedora and FreeBSD for ansible-core:devel test(https://github.com/ansible-collections/ansible.posix/issues/476)."

changelogs/fragments/487_ci_update.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - "Drop FreeBSD12.4 from CI for ansible-core:devel(https://github.com/ansible-collections/ansible.posix/issues/486)."

changelogs/fragments/508_ci_update.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - "Refactoring remote CI targets."

changelogs/fragments/510_ci_update.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - "Replace Fedora 38 with 39 for container test(https://github.com/ansible-collections/ansible.posix/issues/509)."

changelogs/fragments/test-reqs.yml

@@ -0,0 +1,2 @@
+trivial:
+  - "Move Galaxy test requirements from old transitional format in tests/requirements.yml to standard Ansible Galaxy requirements files in tests/integration/requirements.yml and tests/unit/requirements.yml."

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: ansible
 name: posix
-version: 1.5.2
+version: 1.5.4
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

plugins/callback/json.py

@@ -25,6 +25,16 @@ DOCUMENTATION = '''
           - key: show_custom_stats
             section: defaults
         type: bool
+      json_indent:
+        name: Use indenting for the JSON output
+        description: 'If specified, use this many spaces for indenting in the JSON output. If <= 0, write to a single line.'
+        default: 4
+        env:
+          - name: ANSIBLE_JSON_INDENT
+        ini:
+          - key: json_indent
+            section: defaults
+        type: integer
     notes:
       - When using a strategy such as free, host_pinned, or a custom strategy, host results will
         be added to new task results in ``.plays[].tasks[]``. As such, there will exist duplicate
@@ -61,12 +71,19 @@ class CallbackModule(CallbackBase):
         self._task_map = {}
         self._is_lockstep = False
 
+        self.set_options()
+
+        self._json_indent = self.get_option('json_indent')
+        if self._json_indent <= 0:
+            self._json_indent = None
+
     def _new_play(self, play):
         self._is_lockstep = play.strategy in LOCKSTEP_CALLBACKS
         return {
             'play': {
                 'name': play.get_name(),
                 'id': to_text(play._uuid),
+                'path': to_text(play.get_path()),
                 'duration': {
                     'start': current_time()
                 }
@@ -79,6 +96,7 @@ class CallbackModule(CallbackBase):
             'task': {
                 'name': task.get_name(),
                 'id': to_text(task._uuid),
+                'path': to_text(task.get_path()),
                 'duration': {
                     'start': current_time()
                 }
@@ -143,7 +161,7 @@ class CallbackModule(CallbackBase):
             'global_custom_stats': global_custom_stats,
         }
 
-        self._display.display(json.dumps(output, cls=AnsibleJSONEncoder, indent=4, sort_keys=True))
+        self._display.display(json.dumps(output, cls=AnsibleJSONEncoder, indent=self._json_indent, sort_keys=True))
 
     def _record_task_result(self, on_info, result, **kwargs):
         """This function is used as a partial to add failed/skipped info in a single method"""

plugins/callback/jsonl.py

@@ -26,6 +26,16 @@ DOCUMENTATION = '''
           - key: show_custom_stats
             section: defaults
         type: bool
+      json_indent:
+        name: Use indenting for the JSON output
+        description: 'If specified, use this many spaces for indenting in the JSON output. If not specified or <= 0, write to a single line.'
+        default: 0
+        env:
+          - name: ANSIBLE_JSON_INDENT
+        ini:
+          - key: json_indent
+            section: defaults
+        type: integer
     notes:
       - When using a strategy such as free, host_pinned, or a custom strategy, host results will
         be added to new task results in ``.plays[].tasks[]``. As such, there will exist duplicate
@@ -63,12 +73,19 @@ class CallbackModule(CallbackBase):
         self._task_map = {}
         self._is_lockstep = False
 
+        self.set_options()
+
+        self._json_indent = self.get_option('json_indent')
+        if self._json_indent <= 0:
+            self._json_indent = None
+
     def _new_play(self, play):
         self._is_lockstep = play.strategy in LOCKSTEP_CALLBACKS
         return {
             'play': {
                 'name': play.get_name(),
                 'id': to_text(play._uuid),
+                'path': to_text(play.get_path()),
                 'duration': {
                     'start': current_time()
                 }
@@ -81,6 +98,7 @@ class CallbackModule(CallbackBase):
             'task': {
                 'name': task.get_name(),
                 'id': to_text(task._uuid),
+                'path': to_text(task.get_path()),
                 'duration': {
                     'start': current_time()
                 }
@@ -156,7 +174,7 @@ class CallbackModule(CallbackBase):
     def _write_event(self, event_name, output):
         output['_event'] = event_name
         output['_timestamp'] = current_time()
-        self._display.display(json.dumps(output, cls=AnsibleJSONEncoder, separators=',:', sort_keys=True))
+        self._display.display(json.dumps(output, cls=AnsibleJSONEncoder, indent=self._json_indent, separators=',:', sort_keys=True))
 
     def _record_task_result(self, event_name, on_info, result, **kwargs):
         """This function is used as a partial to add failed/skipped info in a single method"""

plugins/callback/profile_tasks.py

@@ -17,7 +17,7 @@ DOCUMENTATION = '''
       - Ansible callback plugin for timing individual tasks and overall execution time.
       - "Mashup of 2 excellent original works: https://github.com/jlafon/ansible-profile,
          https://github.com/junaid18183/ansible_home/blob/master/ansible_plugins/callback_plugins/timestamp.py.old"
-      - "Format: C(<task start timestamp> (<length of previous task>) <current elapsed playbook execution time>)"
+      - "Format: C(<task start timestamp>) C(<length of previous task>) C(<current elapsed playbook execution time>)"
       - It also lists the top/bottom time consuming tasks in the summary (configurable)
       - Before 2.4 only the environment variables were available for configuration.
     requirements:

plugins/module_utils/_respawn.py

@@ -0,0 +1,45 @@
+# Copyright (c) 2023 Maxwell G <maxwell@gtmx.me>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+"""
+Helpers to respawn a module to run using the system interpreter
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+try:
+    from ansible.module_utils.common import respawn
+except ImportError:
+    HAS_RESPAWN_UTIL = False
+else:
+    HAS_RESPAWN_UTIL = True
+
+
+SYSTEM_PYTHON_INTERPRETERS = (
+    "/usr/bin/libexec/platform-python",
+    "/usr/bin/python3",
+    "/usr/bin/python2",
+    "/usr/bin/python",
+)
+
+
+def respawn_module(module):
+    """
+    Respawn an ansible module to using the first interpreter in
+    SYSTEM_PYTHON_INTERPRETERS that contains `module`.
+
+    Args:
+        module (str): Name of python module to search for
+
+    Returns:
+        Returns None if the module cannot be respawned.
+    """
+    if respawn.has_respawned():
+        return
+    interpreter = respawn.probe_interpreters_for_module(
+        SYSTEM_PYTHON_INTERPRETERS, module
+    )
+    if interpreter:
+        respawn.respawn_module(interpreter)

plugins/module_utils/firewalld.py

@@ -5,6 +5,7 @@
 
 from __future__ import absolute_import, division, print_function
 from ansible_collections.ansible.posix.plugins.module_utils.version import LooseVersion
+from ansible_collections.ansible.posix.plugins.module_utils._respawn import respawn_module, HAS_RESPAWN_UTIL
 from ansible.module_utils.basic import missing_required_lib
 
 __metaclass__ = type
@@ -314,6 +315,8 @@ class FirewallTransaction(object):
                         installed version (%s) likely too old. Requires firewalld >= 0.2.11" % FW_VERSION)
 
         if import_failure:
+            if HAS_RESPAWN_UTIL:
+                respawn_module("firewall")
             module.fail_json(
                 msg=missing_required_lib('firewall') + '. Version 0.2.11 or newer required (0.3.9 or newer for offline operations)'
             )

plugins/modules/firewalld.py

@@ -520,6 +520,7 @@ class InterfaceTransaction(FirewallTransaction):
                 old_zone_obj = self.fw.config.get_zone(zone)
                 if interface in old_zone_obj.interfaces:
                     iface_zone_objs.append(old_zone_obj)
+
             if len(iface_zone_objs) > 1:
                 # Even it shouldn't happen, it's actually possible that
                 # the same interface is in several zone XML files
@@ -529,11 +530,10 @@ class InterfaceTransaction(FirewallTransaction):
                         len(iface_zone_objs)
                     )
                 )
+            elif len(iface_zone_objs) == 1 and iface_zone_objs[0].name != self.zone:
                 old_zone_obj = iface_zone_objs[0]
-            if old_zone_obj.name != self.zone:
+                old_zone_config = self.fw.config.get_zone_config(old_zone_obj)
-                old_zone_settings = FirewallClientZoneSettings(
+                old_zone_settings = FirewallClientZoneSettings(list(old_zone_config))
-                    self.fw.config.get_zone_config(old_zone_obj)
-                )
                 old_zone_settings.removeInterface(interface)    # remove from old
                 self.fw.config.set_zone_config(
                     old_zone_obj,
@@ -856,15 +856,16 @@ def main():
     zone = module.params['zone']
     target = module.params['target']
 
+    port = None
     if module.params['port'] is not None:
         if '/' in module.params['port']:
-            port, protocol = module.params['port'].strip().split('/')
+            port, port_protocol = module.params['port'].strip().split('/')
         else:
-            protocol = None
+            port_protocol = None
-        if not protocol:
+        if not port_protocol:
             module.fail_json(msg='improper port format (missing protocol?)')
     else:
-        port = None
+        port_protocol = None
 
     port_forward_toaddr = ''
     port_forward = None
@@ -907,12 +908,21 @@ def main():
             msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
 
     if icmp_block_inversion is not None:
+        # Type of icmp_block_inversion will be changed to boolean in a future release.
+        icmp_block_inversion_status = True
+        try:
+            icmp_block_inversion_status = boolean(icmp_block_inversion, True)
+        except TypeError:
+            module.warn('The value of the icmp_block_inversion option is "%s". '
+                        'The type of the option will be changed from string to boolean in a future release. '
+                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
+        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
 
         transaction = IcmpBlockInversionTransaction(
             module,
             action_args=(),
             zone=zone,
-            desired_state=desired_state,
+            desired_state=expected_state,
             permanent=permanent,
             immediate=immediate,
         )
@@ -922,14 +932,6 @@ def main():
         if changed is True:
             msgs.append("Changed icmp-block-inversion %s to %s" % (icmp_block_inversion, desired_state))
 
-        # Type of icmp_block_inversion will be changed to boolean in a future release.
-        try:
-            boolean(icmp_block_inversion, True)
-        except TypeError:
-            module.warn('The value of the icmp_block_inversion option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
-
     if service is not None:
 
         transaction = ServiceTransaction(
@@ -980,7 +982,7 @@ def main():
 
         transaction = PortTransaction(
             module,
-            action_args=(port, protocol, timeout),
+            action_args=(port, port_protocol, timeout),
             zone=zone,
             desired_state=desired_state,
             permanent=permanent,
@@ -992,7 +994,7 @@ def main():
         if changed is True:
             msgs.append(
                 "Changed port %s to %s" % (
-                    "%s/%s" % (port, protocol), desired_state
+                    "%s/%s" % (port, port_protocol), desired_state
                 )
             )
 
@@ -1050,12 +1052,21 @@ def main():
         msgs = msgs + transaction_msgs
 
     if masquerade is not None:
+        # Type of masquerade will be changed to boolean in a future release.
+        masquerade_status = True
+        try:
+            masquerade_status = boolean(masquerade, True)
+        except TypeError:
+            module.warn('The value of the masquerade option is "%s". '
+                        'The type of the option will be changed from string to boolean in a future release. '
+                        'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
 
+        expected_state = 'enabled' if (desired_state == 'enabled') == masquerade_status else 'disabled'
         transaction = MasqueradeTransaction(
             module,
             action_args=(),
             zone=zone,
-            desired_state=desired_state,
+            desired_state=expected_state,
             permanent=permanent,
             immediate=immediate,
         )
@@ -1063,14 +1074,6 @@ def main():
         changed, transaction_msgs = transaction.run()
         msgs = msgs + transaction_msgs
 
-        # Type of masquerade will be changed to boolean in a future release.
-        try:
-            boolean(masquerade, True)
-        except TypeError:
-            module.warn('The value of the masquerade option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
-
     if target is not None:
 
         transaction = ZoneTargetTransaction(

plugins/modules/firewalld_info.py

@@ -211,6 +211,7 @@ firewalld_info:
 
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils._text import to_native
+from ansible_collections.ansible.posix.plugins.module_utils._respawn import respawn_module, HAS_RESPAWN_UTIL
 from ansible_collections.ansible.posix.plugins.module_utils.version import StrictVersion
 
 
@@ -322,6 +323,12 @@ def main():
     )
 
     # Exit with failure message if requirements modules are not installed.
+    if not HAS_DBUS and not HAS_FIREWALLD and HAS_RESPAWN_UTIL:
+        # Only respawn the module if both libraries are missing.
+        # If only one is available, then usage of the "wrong" (i.e. not the system one)
+        # python interpreter is likely not the problem.
+        respawn_module("firewall")
+
     if not HAS_DBUS:
         module.fail_json(msg=missing_required_lib('python-dbus'))
     if not HAS_FIREWALLD:

plugins/modules/seboolean.py

@@ -75,6 +75,7 @@ except ImportError:
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils.six import binary_type
 from ansible.module_utils._text import to_bytes, to_text
+from ansible_collections.ansible.posix.plugins.module_utils._respawn import respawn_module, HAS_RESPAWN_UTIL
 
 
 def get_runtime_status(ignore_selinux_state=False):
@@ -281,6 +282,12 @@ def main():
         supports_check_mode=True,
     )
 
+    if not HAVE_SELINUX and not HAVE_SEMANAGE and HAS_RESPAWN_UTIL:
+        # Only respawn the module if both libraries are missing.
+        # If only one is available, then usage of the "wrong" (i.e. not the system one)
+        # python interpreter is likely not the problem.
+        respawn_module("selinux")
+
     if not HAVE_SELINUX:
         module.fail_json(msg=missing_required_lib('libselinux-python'), exception=SELINUX_IMP_ERR)
 

plugins/modules/selinux.py

@@ -107,6 +107,8 @@ from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils.common.process import get_bin_path
 from ansible.module_utils.facts.utils import get_file_lines
 
+from ansible_collections.ansible.posix.plugins.module_utils._respawn import respawn_module, HAS_RESPAWN_UTIL
+
 
 # getter subroutines
 def get_config_state(configfile):
@@ -236,6 +238,8 @@ def main():
     )
 
     if not HAS_SELINUX:
+        if HAS_RESPAWN_UTIL:
+            respawn_module("selinux")
         module.fail_json(msg=missing_required_lib('libselinux-python'), exception=SELINUX_IMP_ERR)
 
     # global vars

tests/integration/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+- community.general

tests/integration/targets/acl/tasks/main.yml

@@ -17,7 +17,7 @@
 
 - block:
 
-  - include: acl.yml
+  - include_tasks: acl.yml
     when: ansible_system == 'Linux'  # TODO enable acls mount option on FreeBSD to test it there too
 
   always:

tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml

@@ -0,0 +1,172 @@
+# Test playbook for the firewalld module - icmp block inversion operations
+# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Icmp block inversion enabled when icmp block inversion is truthy and state is enabled
+  block:
+  - name: Testing enable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: yes
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: yes
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Icmp block inversion disabled when icmp block inversion is falsy and state is enabled
+  block:
+  - name: Testing disable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: no
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: no
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Icmp block inversion enabled when icmp block inversion is falsy and state is disabled
+  block:
+  - name: Testing enable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: no
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: no
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Icmp block inversion disabled when icmp block inversion is truthy and state is disabled
+  block:
+  - name: Testing disable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: yes
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: yes
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
+- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
+  block:
+  - name: Testing enable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: 'some string'
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: 'some string'
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert icmp block inversion is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
+  block:
+  - name: Testing disable icmp block inversion
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: 'some string'
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable icmp block inversion (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      icmp_block_inversion: 'some string'
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert icmp block inversion is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed

tests/integration/targets/firewalld/tasks/interface_test_cases.yml

@@ -0,0 +1,87 @@
+# Test playbook for the firewalld module - interface operations
+# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Validate adding interface
+  block:
+  - name: Add lo interface to trusted zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: trusted
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was added to trusted zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Add lo interface to trusted zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: trusted
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was added to trusted zone (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Validate moving interfaces
+  block:
+  - name: Move lo interface from trusted zone to internal zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: Assert lo was moved from trusted zone to internal zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Move lo interface from trusted zone to internal zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was moved from trusted zone to internal zone (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Validate removing interface
+  block:
+  - name: Remove lo interface from internal zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: disabled
+    register: result
+
+  - name: Assert lo interface was removed from internal zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Remove lo interface from internal zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: disabled
+    register: result
+
+  - name: Assert lo interface was removed from internal zone (verify not changed)
+    assert:
+      that:
+      - result is not changed

tests/integration/targets/firewalld/tasks/main.yml

@@ -10,11 +10,6 @@
         state: present
       # This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
 
-    - name: Check to make sure the firewalld python module is available.
-      shell: "{{ansible_python.executable}} -c 'import firewall'"
-      register: check_output
-      ignore_errors: true
-
     - name: Enable dbus-broker daemon
       service:
         name: dbus-broker
@@ -30,7 +25,6 @@
             state: started
 
         - import_tasks: run_all_tests.yml
-      when: check_output.rc == 0
 
     - name: Test Offline Operations
       block:
@@ -40,7 +34,6 @@
             state: stopped
 
         - import_tasks: run_all_tests.yml
-      when: check_output.rc == 0
 
   when:
   - ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')

tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml

@@ -0,0 +1,172 @@
+# Test playbook for the firewalld module - masquerade operations
+# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Masquerade enabled when masquerade is truthy and state is enabled
+  block:
+  - name: Testing enable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: yes
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: yes
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Masquerade disabled when masquerade is falsy and state is enabled
+  block:
+  - name: Testing disable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: no
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: no
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Masquerade enabled when masquerade is falsy and state is disabled
+  block:
+  - name: Testing enable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: no
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: no
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Masquerade disabled when masquerade is truthy and state is disabled
+  block:
+  - name: Testing disable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: yes
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: yes
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+# Validate backwards compatible behavior until masquerade is switched from string to boolean type
+- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
+  block:
+  - name: Testing enable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: 'some string'
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is enabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing enable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: 'some string'
+      permanent:  yes
+      state:      enabled
+    register: result
+
+  - name: assert masquerade is enabled (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
+  block:
+  - name: Testing disable masquerade
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: 'some string'
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is disabled
+    assert:
+      that:
+      - result is changed
+
+  - name: Testing disable masquerade (verify not changed)
+    ansible.posix.firewalld:
+      zone:       trusted
+      masquerade: 'some string'
+      permanent:  yes
+      state:      disabled
+    register: result
+
+  - name: assert masquerade is disabled (verify not changed)
+    assert:
+      that:
+      - result is not changed

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -27,3 +27,12 @@
 
 # firewalld port forwarding operation test cases
 - include_tasks: port_forward_test_cases.yml
+
+# firewalld masquerade operation test cases
+- include_tasks: masquerade_test_cases.yml
+
+# firewalld icmp block inversion operation test cases
+- include_tasks: icmp_block_inversion_test_cases.yml
+
+# firewalld interface operation test cases
+- include_tasks: interface_test_cases.yml

tests/integration/targets/seboolean/tasks/main.yml

@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
-- include: seboolean.yml
+- include_tasks: seboolean.yml
   when:
     - ansible_selinux is defined
     - ansible_selinux != False

tests/integration/targets/selinux/tasks/main.yml

@@ -23,13 +23,13 @@
     msg: SELinux is {{ ansible_selinux.status }}
   when: ansible_selinux is defined and ansible_selinux != False
 
-- include: selinux.yml
+- include_tasks: selinux.yml
   when:
     - ansible_selinux is defined
     - ansible_selinux != False
     - ansible_selinux.status == 'enabled'
 
-- include: selogin.yml
+- include_tasks: selogin.yml
   when:
     - ansible_selinux is defined
     - ansible_selinux != False

tests/integration/targets/sysctl/tasks/main.yml

@@ -170,7 +170,7 @@
 
     - name: Try sysctl with no name
       sysctl:
-        name:
+        name: ""
         value: 1
         sysctl_set: yes
       ignore_errors: True
@@ -180,7 +180,7 @@
       assert:
         that:
           - sysctl_no_name is failed
-          - "sysctl_no_name.msg == 'name cannot be None'"
+          - "sysctl_no_name.msg == 'name cannot be blank'"
 
     - name: Try sysctl with no value
       sysctl:

tests/requirements.yml

@@ -1,4 +0,0 @@
-integration_tests_dependencies:
-- community.general
-unit_tests_dependencies:
-- community.general

tests/sanity/ignore-2.10.txt

@@ -1,8 +0,0 @@
-plugins/modules/synchronize.py pylint:blacklisted-name
-plugins/modules/synchronize.py use-argspec-type-path
-plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
-plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
-plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
-plugins/modules/synchronize.py validate-modules:undocumented-parameter
-tests/utils/shippable/check_matrix.py replace-urlopen
-tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.11.txt

@@ -1,8 +0,0 @@
-plugins/modules/synchronize.py pylint:blacklisted-name
-plugins/modules/synchronize.py use-argspec-type-path
-plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
-plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
-plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
-plugins/modules/synchronize.py validate-modules:undocumented-parameter
-tests/utils/shippable/check_matrix.py replace-urlopen
-tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.16.txt

@@ -4,5 +4,4 @@ plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
 plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
 plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
 plugins/modules/synchronize.py validate-modules:undocumented-parameter
-tests/utils/shippable/check_matrix.py replace-urlopen
 tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.17.txt

@@ -4,5 +4,4 @@ plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
 plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
 plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
 plugins/modules/synchronize.py validate-modules:undocumented-parameter
-tests/utils/shippable/check_matrix.py replace-urlopen
 tests/utils/shippable/timing.py shebang

tests/unit/mock/loader.py

@@ -30,7 +30,7 @@ class DictDataLoader(DataLoader):
 
     def __init__(self, file_mapping=None):
         file_mapping = {} if file_mapping is None else file_mapping
-        assert type(file_mapping) == dict
+        assert isinstance(file_mapping, dict)
 
         super(DictDataLoader, self).__init__()
 

tests/unit/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+- community.general

tests/utils/shippable/lint.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -o pipefail -eux
+
+echo "${PATH/\~/${HOME}}"
+echo "${HOME}"
+command -v ansible
+
+pip install --upgrade --user pip
+pip install --upgrade --user ansible-lint
+
+PATH="${PATH/\~/${HOME}}" ansible-lint \
+                                    --exclude changelogs/ \
+                                    --profile=production

tests/utils/shippable/sanity.sh

@@ -1,7 +1,21 @@
 #!/usr/bin/env bash
 
+# Following logic in https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml
 set -o pipefail -eux
 
+if [ "${BASE_BRANCH:-}" ]; then
+    base_branch="origin/${BASE_BRANCH}"
+else
+    base_branch=""
+fi
+
+# Run sanity tests inside a Docker container.
+# The docker container has all the pinned dependencies that are
+# required and all Python versions Ansible supports.
+
+# See the documentation for the following GitHub action on
+# https://github.com/ansible-community/ansible-test-gh-action/blob/main/README.md
+
 # shellcheck disable=SC2086
 ansible-test sanity --color -v --junit ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} \
-    --docker
+    --docker --base-branch "${base_branch}" --allow-disabled

tests/utils/shippable/shippable.sh

@@ -145,9 +145,7 @@ function cleanup
         fi
 
         if [ "${process_coverage}" ]; then
-            # use python 3.7 for coverage to avoid running out of memory during coverage xml processing
+            python3 -m venv ~/ansible-venv
-            # only use it for coverage to avoid the additional overhead of setting up a virtual environment for a potential no-op job
-            virtualenv --python /usr/bin/python3.7 ~/ansible-venv
             set +ux
             . ~/ansible-venv/bin/activate
             set -ux

tests/utils/shippable/timing.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.7
+#!/usr/bin/env python3
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 

tests/utils/shippable/units.sh

@@ -2,109 +2,6 @@
 
 set -o pipefail -eux
 
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-version="${args[1]}"
-group="${args[2]}"
-
-if [[ "${COVERAGE:-}" == "--coverage" ]]; then
-    timeout=90
-else
-    timeout=30
-fi
-
-group1=()
-group2=()
-group3=()
-
-# create three groups by putting network tests into separate groups
-# add or remove network platforms as needed to balance the groups
-
-networks2=(
-    aireos
-    apconos
-    aruba
-    asa
-    avi
-    check_point
-    cloudengine
-    cloudvision
-    cnos
-    cumulus
-    dellos10
-    dellos6
-    dellos9
-    edgeos
-    edgeswitch
-    enos
-    eos
-    eric_eccli
-    exos
-    f5
-    fortimanager
-    frr
-    ftd
-    icx
-    ingate
-    ios
-    iosxr
-    ironware
-    itential
-    junos
-    netact
-    netscaler
-    netvisor
-    nos
-    nso
-    nuage
-    nxos
-    onyx
-    opx
-    ovs
-    radware
-    routeros
-    slxos
-    voss
-    vyos
-)
-
-networks3=(
-    fortios
-)
-
-for network in "${networks2[@]}"; do
-    test_path="test/units/modules/network/${network}/"
-
-    if [ -d "${test_path}" ]; then
-        group1+=(--exclude "${test_path}")
-        group2+=("${test_path}")
-    fi
-done
-
-for network in "${networks3[@]}"; do
-    test_path="test/units/modules/network/${network}/"
-
-    if [ -d "${test_path}" ]; then
-        group1+=(--exclude "${test_path}")
-        group3+=("${test_path}")
-    fi
-done
-
-case "${group}" in
-    1) options=("${group1[@]:+${group1[@]}}") ;;
-    2) options=("${group2[@]:+${group2[@]}}") ;;
-    3) options=("${group3[@]:+${group3[@]}}") ;;
-esac
-
-if [ ${#options[@]} -eq 0 ] && [ "${group}" -gt 1 ]; then
-    # allow collection migration unit tests for groups other than 1 to "pass" without updating shippable.yml or this script during migration
-    echo "No unit tests found for group ${group}."
-    exit
-fi
-
-ansible-test env --timeout "${timeout}" --color -v
-
 # shellcheck disable=SC2086
-ansible-test units --color -v --docker default --python "${version}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} \
+ansible-test units --color -v --docker default ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"}
-    "${options[@]:+${options[@]}}" \
+