From 64f7c8811409b087ae5d170f7a9e4678fcedd6ff Mon Sep 17 00:00:00 2001 From: Matthew Fernandez Date: Tue, 6 May 2025 14:24:25 -0600 Subject: [PATCH] Refactor pre commit (#237) Wheee! --- .ansible-lint | 8 +++++++- .github/README.md | 25 +++++++++++++++++++++++ .github/workflows/pre-commit.yml | 24 +++++++++++++--------- .github/workflows/run-pc.sh | 24 ++++++++++++++++++++++ .pre-commit-config.yaml | 9 ++++----- .pre-commit-gh.yml | 30 ++++++++++++++++++++++++++++ ansible.cfg | 2 +- windows/helpdesk_new_user_portal.yml | 2 +- windows/join_ad_domain.yml | 4 ++-- 9 files changed, 109 insertions(+), 19 deletions(-) create mode 100644 .github/README.md create mode 100755 .github/workflows/run-pc.sh create mode 100644 .pre-commit-gh.yml diff --git a/.ansible-lint b/.ansible-lint index 7880f33..cedb09a 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,10 +1,16 @@ --- profile: production -offline: false +offline: true skip_list: - "galaxy[no-changelog]" +warn_list: + # seems to be a bug, see https://github.com/ansible/ansible-lint/issues/4172 + - "fqcn[canonical]" + # @matferna: really not sure why lint thinks it can't find jmespath, it is installed and functional + - "jinja[invalid]" + exclude_paths: # would be better to move the roles here to the top-level roles directory - collections/ansible_collections/demo/compliance/roles/ diff --git a/.github/README.md b/.github/README.md new file mode 100644 index 0000000..b9b4490 --- /dev/null +++ b/.github/README.md @@ -0,0 +1,25 @@ +# GitHub Actions +## Background +We want to make attempts to run our integration tests in the same manner wether using GitHub actions or on a developers's machine locally. For this reason, the tests are curated to run using conatiner images. As of this writing, two images exist which we would like to test against: + - quay.io/ansible-product-demos/apd-ee-24:latest + - quay.io/ansible-product-demos/apd-ee-25:latest + +These images are built given the structure defined in their respective EE [definitions][../execution_environments]. Because they differ (mainly due to their python versions), each gets some special handling. + +## Troubleshooting GitHub Actions + +### Interactive +It is likely the most straight-forward approach to interactively debug issues. The following podman command can be run from the project root directory to replicate the GitHub action: +``` +podman run \ + --user root \ + -v $(pwd):/runner:Z \ + -it \ + \ + /bin/bash +``` +`` is one of `quay.io/ansible-product-demos/apd-ee-25:latest`, `quay.io/ansible-product-demos/apd-ee-24:latest` +It is not exact because GitHub seems to run closer to a sidecar container paradigm, and uses docker instead of podman, but hopefully it's close enough. + +For the 24 EE, the python interpreriter verions is set for our pre-commit script like so: `USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh` +The 25 EE is similary run but without the need for this variable: `./.github/workflows/run-pc.sh` diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 3e8ac7e..7dcc362 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -4,17 +4,23 @@ on: - push - pull_request_target -env: - ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN }} - ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN }} - jobs: - pre-commit: - name: pre-commit + pre-commit-25: + container: + image: quay.io/ansible-product-demos/apd-ee-25 + options: --user root runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - - uses: pre-commit/action@v3.0.1 + - run: ./.github/workflows/run-pc.sh + shell: bash + pre-commit-24: + container: + image: quay.io/ansible-product-demos/apd-ee-24 + options: --user root + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh + shell: bash -... diff --git a/.github/workflows/run-pc.sh b/.github/workflows/run-pc.sh new file mode 100755 index 0000000..b188b7f --- /dev/null +++ b/.github/workflows/run-pc.sh @@ -0,0 +1,24 @@ +#!/bin/bash -x + +dnf install git-lfs -y + +PYTHON_VARIANT="${USE_PYTHON:-python3.11}" +PATH="$PATH:$HOME/.local/bin" + +# intsall pip +eval "${PYTHON_VARIANT} -m pip install --user --upgrade pip" + +# try to fix 2.4 incompatibility +eval "${PYTHON_VARIANT} -m pip install --user --upgrade setuptools wheel twine check-wheel-contents" + +# intsall pre-commit +eval "${PYTHON_VARIANT} -m pip install --user pre-commit" + +# view pip packages +eval "${PYTHON_VARIANT} -m pip freeze --local" + +# fix permissions on directory +git config --global --add safe.directory $(pwd) + +# run pre-commit +pre-commit run --config $(pwd)/.pre-commit-gh.yml --show-diff-on-failure --color=always diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b528eac..c6930a6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,13 +14,12 @@ repos: - id: check-json - id: check-symlinks - - repo: https://github.com/ansible/ansible-lint.git - # get latest release tag from https://github.com/ansible/ansible-lint/releases/ - rev: v6.20.3 + - repo: local hooks: - id: ansible-lint - additional_dependencies: - - jmespath + name: ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25:latest --mode stdout + language: python + entry: bash -c "ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25 -v --force-color --mode stdout" - repo: https://github.com/psf/black-pre-commit-mirror rev: 23.11.0 diff --git a/.pre-commit-gh.yml b/.pre-commit-gh.yml new file mode 100644 index 0000000..b528eac --- /dev/null +++ b/.pre-commit-gh.yml @@ -0,0 +1,30 @@ +--- +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace + exclude: rhel[89]STIG/.*$ + + - id: check-yaml + exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$ + args: [--unsafe] # see https://github.com/pre-commit/pre-commit-hooks/issues/273 + + - id: check-toml + - id: check-json + - id: check-symlinks + + - repo: https://github.com/ansible/ansible-lint.git + # get latest release tag from https://github.com/ansible/ansible-lint/releases/ + rev: v6.20.3 + hooks: + - id: ansible-lint + additional_dependencies: + - jmespath + + - repo: https://github.com/psf/black-pre-commit-mirror + rev: 23.11.0 + hooks: + - id: black + exclude: rhel[89]STIG/.*$ +... diff --git a/ansible.cfg b/ansible.cfg index 31f9730..3df4d11 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -collections_path=./collections +collections_path=./collections:/usr/share/ansible/collections roles_path=./roles [galaxy] diff --git a/windows/helpdesk_new_user_portal.yml b/windows/helpdesk_new_user_portal.yml index 6666048..7799f96 100644 --- a/windows/helpdesk_new_user_portal.yml +++ b/windows/helpdesk_new_user_portal.yml @@ -10,7 +10,7 @@ # Example result: ['&Qw2|E[-'] - name: Create new user - community.windows.win_domain_user: + microsoft.ad.user: name: "{{ firstname }} {{ surname }}" firstname: "{{ firstname }}" surname: "{{ surname }}" diff --git a/windows/join_ad_domain.yml b/windows/join_ad_domain.yml index e282af7..7bfff73 100644 --- a/windows/join_ad_domain.yml +++ b/windows/join_ad_domain.yml @@ -16,7 +16,7 @@ - name: Ensure Demo OU exists run_once: true delegate_to: "{{ domain_controller }}" - community.windows.win_domain_ou: + microsoft.ad.ou: name: Demo state: present @@ -26,7 +26,7 @@ - name: Join ansible.local domain register: r_domain_membership - ansible.windows.win_domain_membership: + microsoft.ad.membership: dns_domain_name: ansible.local hostname: "{{ inventory_hostname.split('.')[0] }}" domain_admin_user: "{{ ansible_user }}@ansible.local"