From f92c500de4786891bfc193700468b5b5e4b34f86 Mon Sep 17 00:00:00 2001 From: Felix Matouschek Date: Tue, 27 Feb 2024 18:56:18 +0100 Subject: [PATCH] .github: Cleanup actions Cleanup the .github actions: - Use the same syntax and/or commands where possible - Drop unnecessary parameters and steps / commands - In the all-green job ensure that all CI jobs passed - Update the naming of jobs - Review permissions and grant write permission only where necessary (repo is set to read-only by default) - Review installed dependencies (try to fix the failing docs job) - Run yamllint and fix findings - Replace deprecated set-output syntax Signed-off-by: Felix Matouschek --- .github/workflows/ci.yml | 56 ++++++++++------------ .github/workflows/docs.yml | 39 +++++++-------- .github/workflows/extra-docs-linting.yml | 17 +++---- .github/workflows/integration.yml | 61 +++++++++++++----------- .github/workflows/release.yml | 49 +++++++++++-------- 5 files changed, 113 insertions(+), 109 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9441c59..dc1ed20 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,59 +1,55 @@ +--- name: CI concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true +# yamllint disable-line rule:truthy on: push: branches: - main pull_request: workflow_dispatch: + # Run CI once per day (at 06:00 UTC) + # This ensures that even if there haven't been commits that we are still + # testing against latest version of ansible-test for each ansible-base version schedule: - - cron: '0 6 * * *' + - cron: "0 6 * * *" jobs: linter: runs-on: ubuntu-latest + env: + collection_dir: ansible_collections/kubevirt/core steps: + - name: Check out code uses: actions/checkout@v4 with: - path: ansible_collections/kubevirt/core + path: ${{ env.collection_dir }} fetch-depth: 0 - - run: | - mkdir -p /home/runner/.kube/ - cat <<- EOF > /home/runner/.kube/config - apiVersion: v1 - kind: Config - clusters: - - cluster: - server: http://localhost:12345 - name: default - contexts: - - context: - cluster: default - name: default - current-context: default - EOF + - name: Set up Python uses: actions/setup-python@v5 with: python-version: 3.x cache: pip + - name: Install yamllint, ansible run: | python -m pip install --upgrade pip pip install yamllint ansible-core ansible-lint + - name: Run linter run: | ansible-lint --version ansible-lint -v - working-directory: ./ansible_collections/kubevirt/core + working-directory: ${{ env.collection_dir }} + sanity: uses: ansible-network/github_actions/.github/workflows/sanity.yml@main needs: - linter with: - matrix_include: "[]" matrix_exclude: >- [ { @@ -77,6 +73,7 @@ jobs: "python-version": "3.9" } ] + unit-source: uses: ansible-network/github_actions/.github/workflows/unit_source.yml@main needs: @@ -105,33 +102,32 @@ jobs: "python-version": "3.9" } ] - collection_pre_install: '' + integration: uses: ./.github/workflows/integration.yml needs: - linter with: ansible_test_targets: >- - [ - "kubevirt_vm", - "kubevirt_vm_info", - "inventory_kubevirt" - ] - name: "integration" + [ + "kubevirt_vm", + "kubevirt_vm_info", + "inventory_kubevirt" + ] all_green: + runs-on: ubuntu-latest if: ${{ always() }} needs: + - linter - sanity - unit-source - integration - runs-on: ubuntu-latest steps: - run: >- python -c "assert set([ + '${{ needs.linter.result }}', + '${{ needs.sanity.result }}', '${{ needs.unit-source.result }}', '${{ needs.integration.result }}' ]) == {'success'}" - - run: >- - python -c "assert '${{ needs.sanity.result }}' - in ['success', 'failure']" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 4ebe1df..8119580 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,5 +1,6 @@ --- name: Documentation +# yamllint disable-line rule:truthy on: push: branches: @@ -8,27 +9,22 @@ on: - "[0-9]+.[0-9]+.[0-9]+" workflow_dispatch: -env: - COLORTERM: 'yes' - TERM: 'xterm-256color' - PYTEST_ADDOPTS: '--color=yes' - jobs: docs: runs-on: ubuntu-latest + # Do not run in private forks if: github.repository == 'kubevirt/kubevirt.core' permissions: - actions: write - checks: write contents: write - deployments: write - packages: write - pages: write + env: + collection_dir: ansible_collections/kubevirt/core + work_dir: /home/runner/.ansible/collections steps: + - name: Check out code uses: actions/checkout@v4 with: - path: ansible_collections/kubevirt/core + path: ${{ env.collection_dir }} fetch-depth: 0 - name: Set up Python @@ -39,16 +35,21 @@ jobs: - name: Install doc dependencies run: | - python -m pip install --upgrade pip - pip install -r ansible_collections/kubevirt/core/docs/requirements.txt - pip install -r ansible_collections/kubevirt/core/requirements.txt - ansible-galaxy collection install -r ansible_collections/kubevirt/core/requirements.yml -p /home/runner/.ansible/collections --force-with-deps + python -m pip install --upgrade pip setuptools + pip install \ + -r ${{ env.collection_dir }}/docs/requirements.txt + pip install \ + -r ${{ env.collection_dir }}/requirements.txt + mkdir -p ${{ env.work_dir }} + ansible-galaxy collection install \ + -r ${{ env.collection_dir }}/requirements.yml \ + -p ${{ env.work_dir }} --force-with-deps sudo apt install -y sed hub - - name: Create default collection path + - name: Move collection to work dir run: | - mkdir -p /home/runner/.ansible/ - cp -rp ${GITHUB_WORKSPACE}/ansible_collections /home/runner/.ansible/collections/ + cp -rp ansible_collections \ + ${{ env.work_dir }} - name: Create changelog and documentation uses: ansible-middleware/collection-docs-action@main @@ -60,7 +61,7 @@ jobs: commit_ghpages: true changelog_release: false generate_docs: true - path: /home/runner/.ansible/collections/ansible_collections/kubevirt/core + path: ${{ env.work_dir }}/${{ env.collection_dir }} token: ${{ secrets.GITHUB_TOKEN }} bot_email: kubevirtbot@redhat.com bot_account: kubevirt-bot diff --git a/.github/workflows/extra-docs-linting.yml b/.github/workflows/extra-docs-linting.yml index f9ef99b..37c0d71 100644 --- a/.github/workflows/extra-docs-linting.yml +++ b/.github/workflows/extra-docs-linting.yml @@ -1,24 +1,21 @@ -name: Lint extra docsite docs and links +--- +name: Lint docs +# yamllint disable-line rule:truthy on: - # Run CI against all pushes (direct commits, also merged PRs), Pull Requests push: branches: - main - - stable-* pull_request: # Run CI once per day (at 06:00 UTC) - # This ensures that even if there haven't been commits that we are still testing against latest version of ansible-test for each ansible-base version + # This ensures that even if there haven't been commits that we are still + # testing against latest version of ansible-test for each ansible-base version schedule: - - cron: '0 6 * * *' + - cron: "0 6 * * *" jobs: - docsite: - name: Lint extra docsite docs and links - permissions: - contents: read + linter: runs-on: ubuntu-latest steps: - - name: Check out code uses: actions/checkout@v4 diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index aaef3e7..1b53bcb 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -1,4 +1,6 @@ +--- name: Integration tests +# yamllint disable-line rule:truthy on: workflow_call: inputs: @@ -45,12 +47,13 @@ on: type: string jobs: integration: - env: - PY_COLORS: "1" - source: "./source" - core: "./core" - cloud_common: "./cloudcommon" - ansible_posix: "./ansible_posix" + name: >- + ${{ matrix.test-target }} / + py${{ matrix.python-version }} / + ${{ matrix.ansible-version }} + runs-on: ubuntu-latest + continue-on-error: >- + ${{ contains(fromJSON(inputs.unstable), matrix.ansible-version) }} strategy: fail-fast: false matrix: @@ -68,43 +71,44 @@ jobs: - "3.12" exclude: ${{ fromJSON(inputs.matrix_exclude) }} include: ${{ fromJSON(inputs.matrix_include) }} - runs-on: ubuntu-latest - continue-on-error: ${{ contains(fromJSON(inputs.unstable), matrix.ansible-version) }} - - name: "${{ matrix.test-target }} / py${{ matrix.python-version }} / ${{ matrix.ansible-version }}" + env: + source_directory: ./source steps: + - name: Checkout kubevirt.core repository + if: inputs.ansible_test_targets != '' uses: actions/checkout@v4 with: - path: ${{ env.source }} + path: ${{ env.source_directory }} fetch-depth: 0 - if: inputs.ansible_test_targets != '' - - name: install dependencies collection + - name: Install collection dependencies + if: inputs.ansible_test_targets != '' run: | - ansible-galaxy collection install ansible.posix --force --pre -p /home/runner/collections - ansible-galaxy collection install cloud.common --force --pre -p /home/runner/collections - ansible-galaxy collection install kubernetes.core --force --pre -p /home/runner/collections - if: inputs.ansible_test_targets != '' + ansible-galaxy collection install \ + -r ${{ env.source_directory }}/requirements.yml \ + -p /home/runner/collections --force-with-deps - - name: install kubevirt.core collection - id: install-collection + - name: Install kubevirt.core collection + id: install + if: inputs.ansible_test_targets != '' + # yamllint disable-line rule:line-length uses: ansible-network/github_actions/.github/actions/build_install_collection@main with: install_python_dependencies: true - source_path: ${{ env.source }} - if: inputs.ansible_test_targets != '' + source_path: ${{ env.source_directory }} - - name: install kind / kubectl + - name: Install kind / kubectl + if: inputs.ansible_test_targets != '' uses: helm/kind-action@v1.9.0 with: install_only: true - if: inputs.ansible_test_targets != '' - - name: deploy kubevirt + - name: Deploy kubevirt if: inputs.ansible_test_targets != '' + shell: bash run: >- - ${{ env.source }}/hack/e2e-setup.sh \ + ${{ env.source_directory }}/hack/e2e-setup.sh \ -v \ --configure-inotify-limits \ --configure-secondary-network \ @@ -114,19 +118,18 @@ jobs: --deploy-cnao \ --create-cluster \ --create-nad - shell: bash env: - CLUSTER_NAME: kv-testing KIND: kind KUBECTL: kubectl - name: Run integration tests + if: inputs.ansible_test_targets != '' + # yamllint disable-line rule:line-length uses: ansible-network/github_actions/.github/actions/ansible_test_integration@main with: - collection_path: ${{ steps.install-collection.outputs.collection_path }} + collection_path: ${{ steps.install.outputs.collection_path }} python_version: ${{ matrix.python-version }} ansible_version: ${{ matrix.ansible-version }} ansible_test_targets: ${{ matrix.test-target }} - if: inputs.ansible_test_targets != '' env: ANSIBLE_COLLECTIONS_PATHS: /home/runner/collections diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 92a979b..3f55110 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,22 +1,21 @@ --- name: Release collection +# yamllint disable-line rule:truthy on: workflow_dispatch: jobs: release: runs-on: ubuntu-latest + # Do not run in private forks if: github.repository == 'kubevirt/kubevirt.core' - permissions: - actions: write - checks: write - contents: write - deployments: write - packages: write - pages: write outputs: - tag_version: ${{ steps.get_version.outputs.TAG_VERSION }} + tag_version: ${{ steps.version.outputs.VERSION }} + permissions: + contents: write + actions: write steps: + - name: Checkout code uses: actions/checkout@v4 with: @@ -29,15 +28,19 @@ jobs: cache: pip - name: Get current version - id: get_version - run: echo "::set-output name=TAG_VERSION::$(grep version galaxy.yml | awk -F'"' '{ print $2 }')" + id: version + run: | + VERSION=$(grep version galaxy.yml | awk -F'"' '{ print $2 }') + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - name: Check if tag exists - id: check_tag - run: echo "::set-output name=TAG_EXISTS::$(git tag | grep ${{ steps.get_version.outputs.TAG_VERSION }})" + id: exists + run: | + EXISTS=$(git tag | grep ${{ steps.version.outputs.VERSION }}) + echo "EXISTS=$EXISTS" >> $GITHUB_OUTPUT - name: Fail if tag exists - if: ${{ steps.get_version.outputs.TAG_VERSION == steps.check_tag.outputs.TAG_EXISTS }} + if: ${{ steps.version.outputs.VERSION == steps.exists.outputs.EXISTS }} uses: actions/github-script@v7 with: script: | @@ -47,7 +50,8 @@ jobs: run: | python -m pip install --upgrade pip pip install ansible-core antsibull - ansible-galaxy collection install -r requirements.yml -p /home/runner/.ansible/collections --force-with-deps + ansible-galaxy collection install -r requirements.yml \ + -p /home/runner/.ansible/collections --force-with-deps sudo apt install -y sed hub - name: Build collection @@ -69,31 +73,34 @@ jobs: bot_account: kubevirt-bot - name: Publish collection + run: | + ansible-galaxy collection publish *.tar.gz \ + --api-key "$ANSIBLE_GALAXY_API_KEY" env: ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }} - run: | - ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY - name: Create release tag run: | git config user.name kubevirt-bot git config user.email kubevirtbot@redhat.com - git tag -a ${{ steps.get_version.outputs.TAG_VERSION }} -m "Release v${{ steps.get_version.outputs.TAG_VERSION }}" || true + git tag -a ${{ steps.version.outputs.VERSION }} \ + -m "Release v${{ steps.version.outputs.VERSION }}" || true git push origin --tags - name: Publish Release uses: softprops/action-gh-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - tag_name: ${{ steps.get_version.outputs.TAG_VERSION }} + tag_name: ${{ steps.version.outputs.VERSION }} files: "*.tar.gz" body_path: gh-release.md + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run docs workflow run: | gh workflow run docs.yml --ref main - gh workflow run docs.yml --ref ${{ steps.get_version.outputs.TAG_VERSION }} + gh workflow run docs.yml \ + --ref ${{ steps.version.outputs.VERSION }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}