From 4e8a0e456b8ca4f390b0b90d3318f91d99627ae6 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 28 Apr 2025 12:39:28 +0200 Subject: [PATCH] Prepare basic 3.0.0 setup (#870) * Drop support for ansible-core < 2.17. * Galaxy can show included content nowadays. (Not perfect, but a lot better than before.) * This should have been removed a long time ago. --- .azure-pipelines/azure-pipelines.yml | 72 +----- .github/workflows/ansible-test.yml | 291 ---------------------- README.md | 64 +---- changelogs/fragments/870-ansible-core.yml | 5 + meta/runtime.yml | 2 +- tests/unit/requirements.txt | 7 +- tests/utils/constraints.txt | 10 - 7 files changed, 10 insertions(+), 441 deletions(-) delete mode 100644 .github/workflows/ansible-test.yml create mode 100644 changelogs/fragments/870-ansible-core.yml diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index c460c236..32e26c50 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -83,17 +83,6 @@ stages: test: '2.17/sanity/1' - name: Units test: '2.17/units/1' - - stage: Ansible_2_16 - displayName: Sanity & Units 2.16 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - targets: - - name: Sanity - test: '2.16/sanity/1' - - name: Units - test: '2.16/units/1' ### Docker - stage: Docker_devel displayName: Docker devel @@ -146,23 +135,6 @@ stages: groups: - 1 - 2 - - stage: Docker_2_16 - displayName: Docker 2.16 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.16/linux/{0} - targets: - - name: Fedora 38 - test: fedora38 - - name: openSUSE 15 - test: opensuse15 - - name: Alpine 3 - test: alpine3 - groups: - - 1 - - 2 ### Community Docker - stage: Docker_community_devel @@ -253,27 +225,6 @@ stages: groups: - 1 - 2 - - stage: Remote_2_16 - displayName: Remote 2.16 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.16/{0} - targets: - - name: macOS 13.2 - test: macos/13.2 - - name: RHEL 9.2 - test: rhel/9.2 - - name: RHEL 8.8 - test: rhel/8.8 - - name: RHEL 7.9 - test: rhel/7.9 - # - name: FreeBSD 13.2 - # test: freebsd/13.2 - groups: - - 1 - - 2 ### Generic - stage: Generic_devel displayName: Generic devel @@ -285,8 +236,8 @@ stages: testFormat: devel/generic/{0} targets: - test: "3.8" - # - test: "3.9" - # - test: "3.10" + - test: "3.9" + - test: "3.10" - test: "3.11" - test: "3.13" groups: @@ -320,21 +271,6 @@ stages: groups: - 1 - 2 - - stage: Generic_2_16 - displayName: Generic 2.16 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.16/generic/{0} - targets: - - test: "2.7" - - test: "3.6" - - test: "3.11" - groups: - - 1 - - 2 ## Finally @@ -344,20 +280,16 @@ stages: - Ansible_devel - Ansible_2_18 - Ansible_2_17 - - Ansible_2_16 - Remote_devel_extra_vms - Remote_devel - Remote_2_18 - Remote_2_17 - - Remote_2_16 - Docker_devel - Docker_2_18 - Docker_2_17 - - Docker_2_16 - Docker_community_devel - Generic_devel - Generic_2_18 - Generic_2_17 - - Generic_2_16 jobs: - template: templates/coverage.yml diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml deleted file mode 100644 index baa08c54..00000000 --- a/.github/workflows/ansible-test.yml +++ /dev/null @@ -1,291 +0,0 @@ ---- -# Copyright (c) Ansible Project -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -# For the comprehensive list of the inputs supported by the ansible-community/ansible-test-gh-action GitHub Action, see -# https://github.com/marketplace/actions/ansible-test - -name: EOL CI -'on': - # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests - push: - branches: - - main - - stable-* - pull_request: - # Run EOL CI once per day (at 09:00 UTC) - schedule: - - cron: '0 9 * * *' - -concurrency: - # Make sure there is at most one active run per PR, but do not cancel any non-PR runs - group: ${{ github.workflow }}-${{ (github.head_ref && github.event.number) || github.run_id }} - cancel-in-progress: true - -jobs: - sanity: - name: EOL Sanity (Ⓐ${{ matrix.ansible }}) - strategy: - matrix: - ansible: - - '2.9' - - '2.10' - - '2.11' - - '2.12' - - '2.13' - - '2.14' - - '2.15' - runs-on: ubuntu-latest - steps: - - name: Perform sanity testing - uses: felixfontein/ansible-test-gh-action@main - with: - ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }} - ansible-core-version: stable-${{ matrix.ansible }} - codecov-token: ${{ secrets.CODECOV_TOKEN }} - coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} - pre-test-cmd: >- - git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools - pull-request-change-detection: 'true' - testing-type: sanity - - units: - runs-on: ubuntu-latest - name: EOL Units (Ⓐ${{ matrix.ansible }}) - strategy: - # As soon as the first unit test fails, cancel the others to free up the CI queue - fail-fast: true - matrix: - ansible: - - '2.9' - - '2.10' - - '2.11' - - '2.12' - - '2.13' - - '2.14' - - '2.15' - - steps: - - name: >- - Perform unit testing against - Ansible version ${{ matrix.ansible }} - uses: felixfontein/ansible-test-gh-action@main - with: - ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }} - ansible-core-version: stable-${{ matrix.ansible }} - codecov-token: ${{ secrets.CODECOV_TOKEN }} - coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} - pre-test-cmd: >- - git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools - pull-request-change-detection: 'true' - testing-type: units - - integration: - runs-on: ubuntu-latest - name: EOL I (Ⓐ${{ matrix.ansible }}+${{ matrix.docker }}+py${{ matrix.python }}:${{ matrix.target }}) - strategy: - fail-fast: false - matrix: - ansible: - - '' - docker: - - '' - python: - - '' - target: - - '' - exclude: - - ansible: '' - include: - # 2.9 - - ansible: '2.9' - docker: ubuntu1804 - python: '' - target: azp/posix/1/ - - ansible: '2.9' - docker: ubuntu1804 - python: '' - target: azp/posix/2/ - - ansible: '2.9' - docker: default - python: '2.7' - target: azp/generic/1/ - - ansible: '2.9' - docker: default - python: '2.7' - target: azp/generic/2/ - # 2.10 - - ansible: '2.10' - docker: centos6 - python: '' - target: azp/posix/1/ - - ansible: '2.10' - docker: centos6 - python: '' - target: azp/posix/2/ - - ansible: '2.10' - docker: default - python: '3.6' - target: azp/generic/1/ - - ansible: '2.10' - docker: default - python: '3.6' - target: azp/generic/2/ - # 2.11 - - ansible: '2.11' - docker: alpine3 - python: '' - target: azp/posix/1/ - - ansible: '2.11' - docker: alpine3 - python: '' - target: azp/posix/2/ - - ansible: '2.11' - docker: default - python: '3.8' - target: azp/generic/1/ - - ansible: '2.11' - docker: default - python: '3.8' - target: azp/generic/2/ - # 2.12 - - ansible: '2.12' - docker: centos6 - python: '' - target: azp/posix/1/ - - ansible: '2.12' - docker: centos6 - python: '' - target: azp/posix/2/ - - ansible: '2.12' - docker: fedora33 - python: '' - target: azp/posix/1/ - - ansible: '2.12' - docker: fedora33 - python: '' - target: azp/posix/2/ - - ansible: '2.12' - docker: default - python: '2.6' - target: azp/generic/1/ - - ansible: '2.12' - docker: default - python: '3.9' - target: azp/generic/2/ - # 2.13 - - ansible: '2.13' - docker: opensuse15py2 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: opensuse15py2 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: fedora35 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: fedora35 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: fedora34 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: fedora34 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: ubuntu1804 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: ubuntu1804 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: alpine3 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: alpine3 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: default - python: '3.8' - target: azp/generic/1/ - - ansible: '2.13' - docker: default - python: '3.8' - target: azp/generic/2/ - # 2.14 - - ansible: '2.14' - docker: ubuntu2004 - python: '' - target: azp/posix/1/ - - ansible: '2.14' - docker: ubuntu2004 - python: '' - target: azp/posix/2/ - - ansible: '2.14' - docker: default - python: '3.9' - target: azp/generic/1/ - - ansible: '2.14' - docker: default - python: '3.9' - target: azp/generic/2/ - # 2.15 - - ansible: '2.15' - docker: fedora37 - python: '' - target: azp/posix/1/ - - ansible: '2.15' - docker: fedora37 - python: '' - target: azp/posix/2/ - - ansible: '2.15' - docker: default - python: '3.5' - target: azp/generic/1/ - - ansible: '2.15' - docker: default - python: '3.5' - target: azp/generic/2/ - - ansible: '2.15' - docker: default - python: '3.10' - target: azp/generic/1/ - - ansible: '2.15' - docker: default - python: '3.10' - target: azp/generic/2/ - - steps: - - name: >- - Perform integration testing against - Ansible version ${{ matrix.ansible }} - under Python ${{ matrix.python }} - uses: felixfontein/ansible-test-gh-action@main - with: - ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }} - ansible-core-version: stable-${{ matrix.ansible }} - codecov-token: ${{ secrets.CODECOV_TOKEN }} - coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} - docker-image: ${{ matrix.docker }} - integration-continue-on-error: 'false' - integration-diff: 'false' - integration-retry-on-error: 'true' - pre-test-cmd: >- - git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools - ; - git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general - pull-request-change-detection: 'true' - target: ${{ matrix.target }} - target-python-version: ${{ matrix.python }} - testing-type: integration diff --git a/README.md b/README.md index feb30b81..938e3070 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ SPDX-License-Identifier: GPL-3.0-or-later [![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/crypto/) [![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21) -[![EOL CI](https://github.com/ansible-collections/community.crypto/actions/workflows/ansible-test.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions) [![Nox CI](https://github.com/ansible-collections/community.crypto/actions/workflows/nox.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.crypto/actions) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.crypto)](https://codecov.io/gh/ansible-collections/community.crypto) [![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.crypto)](https://api.reuse.software/info/github.com/ansible-collections/community.crypto) @@ -40,7 +39,7 @@ For more information about communication, see the [Ansible communication guide]( ## Tested with Ansible -Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, ansible-core-2.17, and ansible-core 2.18 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported. +Tested with the current ansible-core-2.17, ansible-core 2.18, and ansible-core 2.19 releases and the current development version of ansible-core. Ansible-core versions before 2.17 are not supported; please use community.crypto 2.x.y with these. ## External requirements @@ -58,59 +57,6 @@ We also separately publish [**latest commit** collection documentation](https:// If you use the Ansible package and do not update collections independently, use **latest**. If you install or update this collection directly from Galaxy, use **devel**. If you are looking to contribute, use **latest commit**. -## Included content - -- OpenSSL / PKI modules and plugins: - - certificate_complete_chain module - - openssl_csr_info module and filter - - openssl_csr_pipe module - - openssl_csr module - - openssl_dhparam module - - openssl_pkcs12 module - - openssl_privatekey_convert module - - openssl_privatekey_info module and filter - - openssl_privatekey_pipe module - - openssl_privatekey module - - openssl_publickey_info module and filter - - openssl_publickey module - - openssl_signature_info module - - openssl_signature module - - split_pem filter - - x509_certificate_convert module - - x509_certificate_info module and filter - - x509_certificate_pipe module - - x509_certificate module - - x509_crl_info module and filter - - x509_crl module -- OpenSSH modules and plugins: - - openssh_cert module - - openssh_keypair module -- ACME modules and plugins: - - acme_account_info module - - acme_account module - - acme_ari_info module - - acme_certificate module - - acme_certificate_deactivate_authz module - - acme_certificate_order_create module - - acme_certificate_order_finalize module - - acme_certificate_order_info module - - acme_certificate_order_validate module - - acme_certificate_revoke module - - acme_challenge_cert_helper module - - acme_inspect module -- ECS modules and plugins: - - ecs_certificate module - - ecs_domain module -- GnuPG modules and plugins: - - gpg_fingerprint lookup and filter -- Miscellaneous modules and plugins: - - crypto_info module - - get_certificate module - - luks_device module - - parse_serial and to_serial filters - -You can also find a list of all modules and plugins with documentation on the [Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/crypto/), or the [latest commit collection documentation](https://ansible-collections.github.io/community.crypto/branch/main/). - ## Using this collection Before using the crypto community collection, you need to install the collection with the `ansible-galaxy` CLI: @@ -147,14 +93,6 @@ See the [changelog](https://github.com/ansible-collections/community.crypto/blob We plan to regularly release minor and patch versions, whenever new features are added or bugs fixed. Our collection follows [semantic versioning](https://semver.org/), so breaking changes will only happen in major releases. -Most modules will drop PyOpenSSL support in version 2.0.0 of the collection, i.e. in the next major version. We currently plan to release 2.0.0 somewhen during 2021. Around then, the supported versions of the most common distributions will contain a new enough version of ``cryptography``. - -Once 2.0.0 has been released, bugfixes will still be backported to 1.0.0 for some time, and some features might also be backported. If we do not want to backport something ourselves because we think it is not worth the effort, backport PRs by non-maintainers are usually accepted. - -In 2.0.0, the following notable features will be removed: -* PyOpenSSL backends of all modules, except ``openssl_pkcs12`` which does not have a ``cryptography`` backend due to lack of support of PKCS#12 functionality in ``cryptography``. -* The ``assertonly`` provider of ``x509_certificate`` will be removed. - ## More information - [Ansible Collection overview](https://github.com/ansible-collections/overview) diff --git a/changelogs/fragments/870-ansible-core.yml b/changelogs/fragments/870-ansible-core.yml new file mode 100644 index 00000000..3b4eb3e0 --- /dev/null +++ b/changelogs/fragments/870-ansible-core.yml @@ -0,0 +1,5 @@ +removed_features: + - "community.crypto no longer supports Ansible 2.9, ansible-base 2.10, and ansible-core versions 2.11, 2.12, 2.13, 2.14, 2.15, and 2.16. + While content from this collection might still work with some older versions of ansible-core, it will not work with any Python version + before 3.7 + (https://github.com/ansible-collections/community.crypto/pull/870)." diff --git a/meta/runtime.yml b/meta/runtime.yml index b1f1800a..11be8b48 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -3,7 +3,7 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -requires_ansible: '>=2.9.10' +requires_ansible: '>=2.17.0' action_groups: acme: diff --git a/tests/unit/requirements.txt b/tests/unit/requirements.txt index 68e73f69..db710898 100644 --- a/tests/unit/requirements.txt +++ b/tests/unit/requirements.txt @@ -4,10 +4,5 @@ bcrypt cryptography +freezegun idna -ipaddress ; python_version < '3.0' - -freezegun == 0.3.10 ; python_version < '2.7' -freezegun ; python_version >= '2.7' -unittest2 ; python_version < '2.7' -importlib ; python_version < '2.7' diff --git a/tests/utils/constraints.txt b/tests/utils/constraints.txt index a25c3b3e..10ef9f7a 100644 --- a/tests/utils/constraints.txt +++ b/tests/utils/constraints.txt @@ -4,14 +4,4 @@ coverage >= 4.2, < 5.0.0, != 4.3.2 ; python_version <= '3.7' # features in 4.2+ required, avoid known bug in 4.3.2 on python 2.6, coverage 5.0+ incompatible coverage >= 4.5.4, < 5.0.0 ; python_version > '3.7' # coverage had a bug in < 4.5.4 that would cause unit tests to hang in Python 3.8, coverage 5.0+ incompatible -cryptography < 2.2 ; python_version < '2.7' # cryptography 2.2 drops support for python 2.6 -cryptography >= 3.0, < 3.4 ; python_version < '3.5' # cryptography 3.4 drops support for python 2.7 -cryptography >= 3.0, < 3.3 ; python_version == '3.5' # cryptography 3.3 drops support for python 3.5 -urllib3 < 1.24 ; python_version < '2.7' # urllib3 1.24 and later require python 2.7 or later -idna < 2.6, >= 2.5 # linode requires idna < 2.9, >= 2.5, requests requires idna < 2.6, but cryptography will cause the latest version to be installed instead -requests < 2.20.0 ; python_version < '2.7' # requests 2.20.0 drops support for python 2.6 -virtualenv < 16.0.0 ; python_version < '2.7' # virtualenv 16.0.0 and later require python 2.7 or later -pyopenssl < 18.0.0 ; python_version < '2.7' # pyOpenSSL 18.0.0 and later require python 2.7 or later -pyopenssl < 22.0.0 ; python_version < '3.6' # pyOpenSSL 22.0.0 and later require python 3.6 or later -setuptools < 45 ; python_version <= '2.7' # setuptools 45 and later require python 3.5 or later cffi >= 1.14.2, != 1.14.3 # Yanked version which older versions of pip will still install: