Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin ansible-core to earlier than 2.16.3 #179

Merged
merged 3 commits into from
Mar 27, 2024
Merged

Pin ansible-core to earlier than 2.16.3 #179

merged 3 commits into from
Mar 27, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Mar 10, 2024
edited
Loading

🗣 Description

This pull request pins the ansible-core Python package's version to earlier than 2.16.3.

💭 Motivation and context

ansible-core 2.16.3 and later suffer from the bug discussed in ansible/ansible#82702, which breaks any symlinked files in vars, tasks, etc. for any Ansible role installed via ansible-galaxy. This results, e.g., in AMI build failures as seen in cisagov/openvpn-packer#101.

🧪 Testing

All automated testing passes in this pull request, and in cisagov/openvpn-packer#101 the build gets further than it did upon addition of a similar change via cisagov/skeleton-packer#311. (The build continues to fail, but for a different reason.)

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@jsf9k jsf9k added bug This issue or pull request addresses broken functionality dependencies Pull requests that update a dependency file kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release labels Mar 10, 2024
@jsf9k jsf9k self-assigned this Mar 10, 2024
@jsf9k jsf9k mentioned this pull request Mar 10, 2024
Merged
7 tasks
@jsf9k jsf9k marked this pull request as ready for review March 10, 2024 16:30
@jsf9k jsf9k requested a review from a team March 10, 2024 16:30
dav3r
dav3r approved these changes Mar 10, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 with one tiny change requested

requirements-test.txt Outdated Show resolved Hide resolved
mcdonnnj
mcdonnnj approved these changes Mar 10, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ✔

mcdonnnj
mcdonnnj requested changes Mar 19, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jsf9k Sorry this only came to me yesterday but I would like to add a dependabot ignore directive for this newly explicit dependency here:

skeleton-ansible-role/.github/dependabot.yml

Lines 27 to 30 in 1666745

# ignore:
# # Managed by cisagov/skeleton-ansible-role
# - dependency-name: ansible
# - dependency-name: ansible-lint

I don't know if it's strictly necessary but I would like to avoid a storm of dependabot PRs around this dependency downstream.

@jsf9k
Copy link
Member Author

jsf9k commented Mar 19, 2024

@jsf9k Sorry this only came to me yesterday but I would like to add a dependabot ignore directive for this newly explicit dependency here:

skeleton-ansible-role/.github/dependabot.yml

Lines 27 to 30 in 1666745

# ignore:
# # Managed by cisagov/skeleton-ansible-role
# - dependency-name: ansible
# - dependency-name: ansible-lint

I don't know if it's strictly necessary but I would like to avoid a storm of dependabot PRs around this dependency downstream.

Please see commit 13219ff.

@jsf9k jsf9k requested a review from mcdonnnj March 19, 2024 19:20
mcdonnnj
mcdonnnj approved these changes Mar 19, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval intensifies. :godmode:

@jsf9k
Copy link
Member Author

jsf9k commented Mar 19, 2024

See also cisagov/skeleton-packer#315.

@mcdonnnj mcdonnnj added this pull request to the merge queue Mar 27, 2024
@mcdonnnj mcdonnnj removed this pull request from the merge queue due to the queue being cleared Mar 27, 2024
@mcdonnnj mcdonnnj added this pull request to the merge queue Mar 27, 2024
@mcdonnnj mcdonnnj removed this pull request from the merge queue due to a manual request Mar 27, 2024
jsf9k and others added 3 commits March 27, 2024 04:15
@jsf9k @mcdonnnj
Pin ansible-core to earlier than 2.16.3
73cb512 
ansible-core 2.16.3 and later suffer from the bug discussed in
ansible/ansible#82702, which breaks any symlinked files in vars,
tasks, etc. for any Ansible role installed via ansible-galaxy.
@jsf9k @dav3r @mcdonnnj
Remove duplicated octothorpe
097026d 
Co-authored-by: dav3r <[email protected]>
@jsf9k @mcdonnnj
Add a Dependabot ignore directive for downstream repository
c61ebc7 
Co-authored-by: Nick <[email protected]>
@mcdonnnj mcdonnnj force-pushed the bugfix/pin-ansible-core branch from 13219ff to c61ebc7 Compare March 27, 2024 08:17
@mcdonnnj mcdonnnj added this pull request to the merge queue Mar 27, 2024
Merged via the queue into develop with commit 472b883 Mar 27, 2024
13 checks passed
@mcdonnnj mcdonnnj deleted the bugfix/pin-ansible-core branch March 27, 2024 08:29
@mcdonnnj mcdonnnj mentioned this pull request Apr 5, 2024
Merged
6 tasks
@jsf9k jsf9k mentioned this pull request May 4, 2024
Closed
7 tasks
cisagovbot pushed a commit that referenced this pull request Sep 25, 2024
@mcdonnnj
Merge pull request #179 from cisagov/improvement/add_pip-audit_pre-co…
5801cec 
…mmit_hook

Add a pre-commit hook to run `pip-audit`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

Assignees

@jsf9k jsf9k

@mcdonnnj mcdonnnj

Labels
bug This issue or pull request addresses broken functionality dependencies Pull requests that update a dependency file kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release
Projects
Next Kraken
Status: Done
Skeleton Maintenance
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsf9k @dav3r @mcdonnnj @dv4harr10