fixed validate cert settings issue #2291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Pull Request | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| merge_group: | |
| jobs: | |
| ansible-lint: | |
| name: Ansible-lint Check | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install ansible-lint | |
| # Install ansible-lint from same branch as GHA | |
| run: > | |
| pip install | |
| "ansible-lint[lock] @ | |
| git+https://github.com/ansible/ansible-lint@v6" | |
| - name: Install requirements for plugins | |
| run: pip install junitparser junit_xml jmespath | |
| - name: Compare current branch vs main branch | |
| # Run ansible-lint on this branch then compare vs main branch | |
| run: | | |
| set +e | |
| set -x | |
| # fix randomness | |
| export PYTHONHASHSEED=42 | |
| git checkout -b branch | |
| git fetch --unshallow origin main | |
| cmd="hack/ansible-lint.sh -d" | |
| # don't want to annotate through GHA | |
| unset GITHUB_ACTIONS | |
| echo "=== Incoming branch ===" | |
| $cmd | tee branch.output | |
| git checkout main | |
| echo "=== Main branch ===" | |
| $cmd | tee main.output | |
| export GITHUB_ACTIONS=true | |
| set +ex | |
| # remove line numbers | |
| sed -i -r 's/:[0-9]+:/::/' branch.output main.output | |
| # export diff sans headers | |
| diff -u0 branch.output main.output | tail -n +3 > diff.raw | |
| # Get warnings out of the diff | |
| grep -P '\x1B\[33m|\(warning\)(\x1B\[0m)?$' diff.raw > diff.warnings | |
| grep -vP '\x1B\[33m|\(warning\)(\x1B\[0m)?$' diff.raw > diff.output | |
| echo "## Improvements over main branch:" | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```diff' >> ${GITHUB_STEP_SUMMARY} | |
| grep '^+' diff.output | | |
| sed -e 's/^+/+FIXED: /' | | |
| sed -r 's/\x1B\[[0-9]{1,2}(;[0-9]{1,2})?[mGK]//g' | | |
| tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```' >> ${GITHUB_STEP_SUMMARY} | |
| echo "## Regressions from main branch:" | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```diff' >> ${GITHUB_STEP_SUMMARY} | |
| grep '^-' diff.output | | |
| sed -e 's/^-/-ERROR: /' | | |
| sed -r 's/\x1B\[[0-9]{1,2}(;[0-9]{1,2})?[mGK]//g' | | |
| tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```' >> ${GITHUB_STEP_SUMMARY} | |
| echo "## Warnings from main branch:" | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```diff' >> ${GITHUB_STEP_SUMMARY} | |
| grep '^-' diff.warnings | | |
| sed -e 's/^-/-WARNING: /' | | |
| sed -r 's/\x1B\[[0-9]{1,2}(;[0-9]{1,2})?[mGK]//g' | | |
| tee -a ${GITHUB_STEP_SUMMARY} | |
| echo '```' >> ${GITHUB_STEP_SUMMARY} | |
| if grep -q '^-' diff.output; then | |
| echo "> Fix regressions listed above" | tee -a ${GITHUB_STEP_SUMMARY} | |
| exit 1 | |
| fi | |
| sanity: | |
| name: Sanity Check | |
| strategy: | |
| matrix: | |
| ansible: | |
| - stable-2.9 # used by DCI on RHEL8 | |
| - stable-2.17 # latest stable version | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ${{ matrix.ansible }}/ansible_collections/redhatci/ocp | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install ansible-base ${{ matrix.ansible }} | |
| run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check | |
| # Fail when new errors appear | |
| - name: Run ansible-test sanity/units | |
| run: | | |
| set -x | |
| # Prefer using podman over docker | |
| apt-get download podman-docker | |
| sudo dpkg --force-all -i podman-docker*.deb 2>/dev/null | |
| EXCLUDE="--exclude hack/ --exclude plugins/modules/nmcli.py" | |
| git checkout -b branch | |
| git fetch --unshallow origin main | |
| # extract all the supported python versions from the error message, excluding 3.5 | |
| PY_VERS=$(ansible-test sanity $EXCLUDE --verbose --docker --python 1.0 --color --coverage --failure-ok 2>&1 | | |
| grep -Po "invalid.*?\K'3.*\d'" | | |
| tr -d ,\' | | |
| sed -e 's/3.5 //g') | |
| for version in $PY_VERS; do | |
| ansible-test sanity $EXCLUDE --verbose --docker --python $version --color --coverage --failure-ok | |
| ansible-test units $EXCLUDE --verbose --docker --python $version --color --coverage || : | |
| done 2> >(tee -a branch.output >&2) | |
| git checkout main | |
| for version in $PY_VERS; do | |
| ansible-test sanity $EXCLUDE --verbose --docker --python $version --color --coverage --failure-ok | |
| ansible-test units $EXCLUDE --verbose --docker --python $version --color --coverage || : | |
| done 2> main.output 1>/dev/null | |
| for key in branch main; do | |
| grep -E "((ERROR|FATAL):|FAILED )" "$key.output" | | |
| grep -v "issue(s) which need to be resolved\|See error output above for details.\|Command \"ansible-doc -t module .*\" returned exit status .*\." | | |
| sed -r 's/\x1B\[[0-9]{1,2}[mGK]//g' > "$key.errors" | |
| done | |
| # remove line numbers | |
| sed -i -E -e 's/:[0-9]+:/:/' -e 's/:[0-9]+:/:/' branch.errors main.errors | |
| set +ex | |
| echo "## Improvements are listed below" | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo "\`\`\`diff" >> ${GITHUB_STEP_SUMMARY} | |
| diff -u0 branch.errors main.errors | grep '^+[^+]' | sed -e 's/ERROR/FIXED/' | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo "\`\`\`" >> ${GITHUB_STEP_SUMMARY} | |
| echo "## Regressions are listed below" | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo "\`\`\`diff" >> ${GITHUB_STEP_SUMMARY} | |
| diff -u0 branch.errors main.errors | grep '^-[^-]' | tee -a ${GITHUB_STEP_SUMMARY} | |
| echo "\`\`\`" >> ${GITHUB_STEP_SUMMARY} | |
| if diff -u0 branch.errors main.errors | grep -q '^-[^-]'; then | |
| echo "> Fix the regression errors listed above" | tee -a ${GITHUB_STEP_SUMMARY} | |
| exit 1 | |
| fi | |
| working-directory: ${{ matrix.ansible }}/ansible_collections/redhatci/ocp | |
| check-all-dependencies-are-merged: | |
| name: "Check all dependencies are merged" | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check all dependent Pull Requests are merged | |
| uses: depends-on/depends-on-action@main | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| check-unmerged-pr: true | |
| check-docs: | |
| name: Check version, documentation and README | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Check roles are documented in main README | |
| run: | | |
| echo "# Missing roles in README" > ${GITHUB_STEP_SUMMARY} | |
| for role in $(ls roles); do | |
| if ! grep -q "^\[redhatci\.ocp\.${role}" README.md; then | |
| echo "- Missing: ${role}" | tee -a ${GITHUB_STEP_SUMMARY} | |
| fi | |
| done | |
| if grep -q Missing: ${GITHUB_STEP_SUMMARY}; then | |
| exit 1 | |
| fi | |
| - name: Check versions are consistent between rpm spec and galaxy.yml | |
| run: | | |
| echo "# Inconsistent versions" > ${GITHUB_STEP_SUMMARY} | |
| spec_version=$(grep Version: ansible-collection-redhatci-ocp.spec | awk '{print $2}' | cut -d. -f1,2) | |
| galaxy_version=$(grep version: galaxy.yml | awk '{print $2}' | cut -d. -f1,2) | |
| if [ "$spec_version" != "$galaxy_version" ]; then | |
| echo "- Inconsistent: rpm spec: ${spec_version} galaxy: ${galaxy_version}" | tee -a ${GITHUB_STEP_SUMMARY} | |
| exit 1 | |
| fi | |
| ... |