Refactor pre commit (#237)

Wheee!
2025-05-06 14:24:25 -06:00
parent 4285a68f3e
commit 64f7c88114
9 changed files with 109 additions and 19 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,10 +1,16 @@
 ---
 profile: production
-offline: false
+offline: true

 skip_list:
  - "galaxy[no-changelog]"

+warn_list:
+  # seems to be a bug, see https://github.com/ansible/ansible-lint/issues/4172
+  - "fqcn[canonical]"
+  # @matferna: really not sure why lint thinks it can't find jmespath, it is installed and functional
+  - "jinja[invalid]"
+
 exclude_paths:
  # would be better to move the roles here to the top-level roles directory
  - collections/ansible_collections/demo/compliance/roles/
--- a/.github/README.md
+++ b/.github/README.md
@@ -0,0 +1,25 @@
+# GitHub Actions
+## Background
+We want to make attempts to run our integration tests in the same manner wether using GitHub actions or on a developers's machine locally. For this reason, the tests are curated to run using conatiner images. As of this writing, two images exist which we would like to test against:
+  - quay.io/ansible-product-demos/apd-ee-24:latest
+  - quay.io/ansible-product-demos/apd-ee-25:latest
+
+These images are built given the structure defined in their respective EE [definitions][../execution_environments]. Because they differ (mainly due to their python versions), each gets some special handling.
+
+## Troubleshooting GitHub Actions
+
+### Interactive
+It is likely the most straight-forward approach to interactively debug issues. The following podman command can be run from the project root directory to replicate the GitHub action:
+```
+podman run \
+           --user root  \
+           -v $(pwd):/runner:Z \
+           -it \
+           <image> \
+           /bin/bash
+```
+`<image>` is one of `quay.io/ansible-product-demos/apd-ee-25:latest`, `quay.io/ansible-product-demos/apd-ee-24:latest`  
+It is not exact because GitHub seems to run closer to a sidecar container paradigm, and uses docker instead of podman, but hopefully it's close enough.
+
+For the 24 EE, the python interpreriter verions is set for our pre-commit script like so: `USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh`
+The 25 EE is similary run but without the need for this variable: `./.github/workflows/run-pc.sh`
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -4,17 +4,23 @@ on:
 - push
 - pull_request_target

-env:
-  ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN }}
-  ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN }}
-
 jobs:
-  pre-commit:
-    name: pre-commit
+  pre-commit-25:
+    container:
+      image: quay.io/ansible-product-demos/apd-ee-25
+      options: --user root
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
-    - uses: pre-commit/action@v3.0.1
+    - run: ./.github/workflows/run-pc.sh
+      shell: bash
+  pre-commit-24:
+    container:
+      image: quay.io/ansible-product-demos/apd-ee-24
+      options: --user root
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - run: USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh
+      shell: bash

-...
--- a/.github/workflows/run-pc.sh
+++ b/.github/workflows/run-pc.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -x
+
+dnf install git-lfs -y
+
+PYTHON_VARIANT="${USE_PYTHON:-python3.11}"
+PATH="$PATH:$HOME/.local/bin"
+
+# intsall pip
+eval "${PYTHON_VARIANT} -m pip install --user --upgrade pip"
+
+# try to fix 2.4 incompatibility 
+eval "${PYTHON_VARIANT} -m pip install --user --upgrade setuptools wheel twine check-wheel-contents"
+
+# intsall pre-commit
+eval "${PYTHON_VARIANT} -m pip install --user pre-commit"
+
+# view pip packages
+eval "${PYTHON_VARIANT} -m pip freeze --local"
+
+# fix permissions on directory
+git config --global --add safe.directory $(pwd)
+
+# run pre-commit
+pre-commit run --config $(pwd)/.pre-commit-gh.yml --show-diff-on-failure --color=always 
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,13 +14,12 @@ repos:
      - id: check-json
      - id: check-symlinks

-  - repo: https://github.com/ansible/ansible-lint.git
-    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
-    rev: v6.20.3
+  - repo: local
    hooks:
      - id: ansible-lint
-        additional_dependencies:
-          - jmespath
+        name: ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25:latest --mode stdout
+        language: python
+        entry: bash -c "ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25 -v --force-color --mode stdout"

  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.11.0
--- a/.pre-commit-gh.yml
+++ b/.pre-commit-gh.yml
@@ -0,0 +1,30 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: rhel[89]STIG/.*$
+
+      - id: check-yaml
+        exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$
+        args: [--unsafe]   # see https://github.com/pre-commit/pre-commit-hooks/issues/273
+
+      - id: check-toml
+      - id: check-json
+      - id: check-symlinks
+
+  - repo: https://github.com/ansible/ansible-lint.git
+    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
+    rev: v6.20.3
+    hooks:
+      - id: ansible-lint
+        additional_dependencies:
+          - jmespath
+
+  - repo: https://github.com/psf/black-pre-commit-mirror
+    rev: 23.11.0
+    hooks:
+      - id: black
+        exclude: rhel[89]STIG/.*$
+...
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-collections_path=./collections
+collections_path=./collections:/usr/share/ansible/collections
 roles_path=./roles

 [galaxy]
--- a/windows/helpdesk_new_user_portal.yml
+++ b/windows/helpdesk_new_user_portal.yml
@@ -10,7 +10,7 @@
        # Example result: ['&Qw2|E[-']

    - name: Create new user
-      community.windows.win_domain_user:
+      microsoft.ad.user:
        name: "{{ firstname }} {{ surname }}"
        firstname: "{{ firstname }}"
        surname: "{{ surname }}"
--- a/windows/join_ad_domain.yml
+++ b/windows/join_ad_domain.yml
@@ -16,7 +16,7 @@
    - name: Ensure Demo OU exists
      run_once: true
      delegate_to: "{{ domain_controller }}"
-      community.windows.win_domain_ou:
+      microsoft.ad.ou:
        name: Demo
        state: present

@@ -26,7 +26,7 @@

    - name: Join ansible.local domain
      register: r_domain_membership
-      ansible.windows.win_domain_membership:
+      microsoft.ad.membership:
        dns_domain_name: ansible.local
        hostname: "{{ inventory_hostname.split('.')[0] }}"
        domain_admin_user: "{{ ansible_user }}@ansible.local"