Remove LDAP authentication #10265
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting | |
CI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DEV_DOCKER_OWNER: ${{ github.repository_owner }} | |
COMPOSE_TAG: ${{ github.base_ref || 'devel' }} | |
UPSTREAM_REPOSITORY_ID: 91594105 | |
on: | |
pull_request: | |
push: | |
branches: | |
- devel # needed to publish code coverage post-merge | |
jobs: | |
common-tests: | |
name: ${{ matrix.tests.name }} | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
permissions: | |
packages: write | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
tests: | |
- name: api-test | |
command: /start_tests.sh test_coverage | |
coverage-upload-name: "" | |
- name: api-migrations | |
command: /start_tests.sh test_migrations | |
coverage-upload-name: "" | |
- name: api-lint | |
command: /var/lib/awx/venv/awx/bin/tox -e linters | |
coverage-upload-name: "" | |
- name: api-swagger | |
command: /start_tests.sh swagger | |
coverage-upload-name: "" | |
- name: awx-collection | |
command: /start_tests.sh test_collection_all | |
coverage-upload-name: "awx-collection" | |
- name: api-schema | |
command: >- | |
/start_tests.sh detect-schema-change SCHEMA_DIFF_BASE_BRANCH=${{ | |
github.event.pull_request.base.ref || github.ref_name | |
}} | |
coverage-upload-name: "" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build awx_devel image for running checks | |
uses: ./.github/actions/awx_devel_image | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run check ${{ matrix.tests.name }} | |
id: make-run | |
run: >- | |
AWX_DOCKER_ARGS='-e GITHUB_ACTIONS -e GITHUB_OUTPUT -v "${GITHUB_OUTPUT}:${GITHUB_OUTPUT}:rw,Z"' | |
AWX_DOCKER_CMD='${{ matrix.tests.command }}' | |
make docker-runner | |
- name: Upload test coverage to Codecov | |
if: >- | |
!cancelled() | |
&& steps.make-run.outputs.cov-report-files != '' | |
uses: codecov/codecov-action@v4 | |
with: | |
fail_ci_if_error: >- | |
${{ | |
toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id) | |
}} | |
files: >- | |
${{ steps.make-run.outputs.cov-report-files }} | |
flags: >- | |
CI-GHA, | |
pytest, | |
OS-${{ | |
runner.os | |
}} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Upload test results to Codecov | |
if: >- | |
!cancelled() | |
&& steps.make-run.outputs.test-result-files != '' | |
uses: codecov/test-results-action@v1 | |
with: | |
fail_ci_if_error: >- | |
${{ | |
toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id) | |
}} | |
files: >- | |
${{ steps.make-run.outputs.test-result-files }} | |
flags: >- | |
CI-GHA, | |
pytest, | |
OS-${{ | |
runner.os | |
}} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Upload awx jUnit test reports | |
if: >- | |
!cancelled() | |
&& steps.make-run.outputs.test-result-files != '' | |
&& github.event_name == 'push' | |
&& env.UPSTREAM_REPOSITORY_ID == github.repository_id | |
&& github.ref_name == github.event.repository.default_branch | |
run: | | |
for junit_file in $(echo '${{ steps.make-run.outputs.test-result-files }}' | sed 's/,/ /') | |
do | |
curl \ | |
-v \ | |
--user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}" \ | |
--form "xunit_xml=@${junit_file}" \ | |
--form "component_name=${{ matrix.tests.coverage-upload-name || 'awx' }}" \ | |
--form "git_commit_sha=${{ github.sha }}" \ | |
--form "git_repository_url=https://github.com/${{ github.repository }}" \ | |
"${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/" | |
done | |
dev-env: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- uses: ./.github/actions/run_awx_devel | |
id: awx | |
with: | |
build-ui: false | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run smoke test | |
run: ansible-playbook tools/docker-compose/ansible/smoke-test.yml -v | |
awx-operator: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
env: | |
DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test | |
steps: | |
- name: Checkout awx | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
path: awx | |
- name: Checkout awx-operator | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false\ | |
repository: ansible/awx-operator | |
path: awx-operator | |
- name: Get python version from Makefile | |
working-directory: awx | |
run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV | |
- name: Install python ${{ env.py_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.py_version }} | |
- name: Install playbook dependencies | |
run: | | |
python3 -m pip install docker | |
- name: Build AWX image | |
working-directory: awx | |
run: | | |
VERSION=`make version-for-buildyml` make awx-kube-build | |
env: | |
COMPOSE_TAG: ci | |
DEV_DOCKER_TAG_BASE: local | |
HEADLESS: yes | |
- name: Run test deployment with awx-operator | |
working-directory: awx-operator | |
run: | | |
python3 -m pip install -r molecule/requirements.txt | |
ansible-galaxy collection install -r molecule/requirements.yml | |
sudo rm -f $(which kustomize) | |
make kustomize | |
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule -v test -s kind -- --skip-tags=replicas | |
env: | |
AWX_TEST_IMAGE: local/awx | |
AWX_TEST_VERSION: ci | |
AWX_EE_TEST_IMAGE: quay.io/ansible/awx-ee:latest | |
STORE_DEBUG_OUTPUT: true | |
- name: Upload debug output | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: awx-operator-debug-output | |
path: ${{ env.DEBUG_OUTPUT_DIR }} | |
collection-sanity: | |
name: awx_collection sanity | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
ansible: | |
- stable-2.17 | |
# - devel | |
steps: | |
- name: Perform sanity testing | |
uses: ansible-community/ansible-test-gh-action@release/v1 | |
with: | |
ansible-core-version: ${{ matrix.ansible }} | |
codecov-token: ${{ secrets.CODECOV_TOKEN }} | |
collection-root: awx_collection | |
pre-test-cmd: >- | |
ansible-playbook | |
-i localhost, | |
tools/template_galaxy.yml | |
-e collection_package=awx | |
-e collection_namespace=awx | |
-e collection_version=1.0.0 | |
-e '{"awx_template_version": false}' | |
testing-type: sanity | |
- name: Upload awx jUnit test reports to the unified dashboard | |
if: >- | |
!cancelled() | |
&& steps.make-run.outputs.test-result-files != '' | |
&& github.event_name == 'push' | |
&& env.UPSTREAM_REPOSITORY_ID == github.repository_id | |
&& github.ref_name == github.event.repository.default_branch | |
run: | | |
for junit_file in $(echo '${{ steps.make-run.outputs.test-result-files }}' | sed 's/,/ /') | |
do | |
curl \ | |
-v \ | |
--user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}" \ | |
--form "xunit_xml=@${junit_file}" \ | |
--form "component_name=awx" \ | |
--form "git_commit_sha=${{ github.sha }}" \ | |
--form "git_repository_url=https://github.com/${{ github.repository }}" \ | |
"${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/" | |
done | |
collection-integration: | |
name: awx_collection integration | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
strategy: | |
fail-fast: false | |
matrix: | |
target-regex: | |
- name: a-h | |
regex: ^[a-h] | |
- name: i-p | |
regex: ^[i-p] | |
- name: r-z0-9 | |
regex: ^[r-z0-9] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- uses: ./.github/actions/run_awx_devel | |
id: awx | |
with: | |
build-ui: false | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install dependencies for running tests | |
run: | | |
python3 -m pip install -e ./awxkit/ | |
python3 -m pip install -r awx_collection/requirements.txt | |
- name: Run integration tests | |
id: make-run | |
run: | | |
echo "::remove-matcher owner=python::" # Disable annoying annotations from setup-python | |
echo '[general]' > ~/.tower_cli.cfg | |
echo 'host = https://${{ steps.awx.outputs.ip }}:8043' >> ~/.tower_cli.cfg | |
echo 'oauth_token = ${{ steps.awx.outputs.admin-token }}' >> ~/.tower_cli.cfg | |
echo 'verify_ssl = false' >> ~/.tower_cli.cfg | |
TARGETS="$(ls awx_collection/tests/integration/targets | grep '${{ matrix.target-regex.regex }}' | tr '\n' ' ')" | |
make COLLECTION_VERSION=100.100.100-git COLLECTION_TEST_TARGET="--requirements $TARGETS" test_collection_integration | |
env: | |
ANSIBLE_TEST_PREFER_PODMAN: 1 | |
- name: Upload test coverage to Codecov | |
if: >- | |
!cancelled() | |
&& steps.make-run.outputs.cov-report-files != '' | |
uses: codecov/codecov-action@v4 | |
with: | |
fail_ci_if_error: >- | |
${{ | |
toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id) | |
}} | |
files: >- | |
${{ steps.make-run.outputs.cov-report-files }} | |
flags: >- | |
CI-GHA, | |
ansible-test, | |
integration, | |
OS-${{ | |
runner.os | |
}} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
# Upload coverage report as artifact | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: coverage-${{ matrix.target-regex.name }} | |
path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/ | |
- uses: ./.github/actions/upload_awx_devel_logs | |
if: always() | |
with: | |
log-filename: collection-integration-${{ matrix.target-regex.name }}.log | |
collection-integration-coverage-combine: | |
name: combine awx_collection integration coverage | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: | |
- collection-integration | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Upgrade ansible-core | |
run: python3 -m pip install --upgrade ansible-core | |
- name: Download coverage artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
path: coverage | |
- name: Combine coverage | |
run: | | |
make COLLECTION_VERSION=100.100.100-git install_collection | |
mkdir -p ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage | |
cd coverage | |
for i in coverage-*; do | |
cp -rv $i/* ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/ | |
done | |
cd ~/.ansible/collections/ansible_collections/awx/awx | |
ansible-test coverage combine --requirements | |
ansible-test coverage html | |
echo '## AWX Collection Integration Coverage' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
ansible-test coverage report >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
echo >> $GITHUB_STEP_SUMMARY | |
echo '## AWX Collection Integration Coverage HTML' >> $GITHUB_STEP_SUMMARY | |
echo 'Download the HTML artifacts to view the coverage report.' >> $GITHUB_STEP_SUMMARY | |
# This is a huge hack, there's no official action for removing artifacts currently. | |
# Also ACTIONS_RUNTIME_URL and ACTIONS_RUNTIME_TOKEN aren't available in normal run | |
# steps, so we have to use github-script to get them. | |
# | |
# The advantage of doing this, though, is that we save on artifact storage space. | |
- name: Get secret artifact runtime URL | |
uses: actions/github-script@v6 | |
id: get-runtime-url | |
with: | |
result-encoding: string | |
script: | | |
const { ACTIONS_RUNTIME_URL } = process.env; | |
return ACTIONS_RUNTIME_URL; | |
- name: Get secret artifact runtime token | |
uses: actions/github-script@v6 | |
id: get-runtime-token | |
with: | |
result-encoding: string | |
script: | | |
const { ACTIONS_RUNTIME_TOKEN } = process.env; | |
return ACTIONS_RUNTIME_TOKEN; | |
- name: Remove intermediary artifacts | |
env: | |
ACTIONS_RUNTIME_URL: ${{ steps.get-runtime-url.outputs.result }} | |
ACTIONS_RUNTIME_TOKEN: ${{ steps.get-runtime-token.outputs.result }} | |
run: | | |
echo "::add-mask::${ACTIONS_RUNTIME_TOKEN}" | |
artifacts=$( | |
curl -H "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" \ | |
${ACTIONS_RUNTIME_URL}_apis/pipelines/workflows/${{ github.run_id }}/artifacts?api-version=6.0-preview \ | |
| jq -r '.value | .[] | select(.name | startswith("coverage-")) | .url' | |
) | |
for artifact in $artifacts; do | |
curl -i -X DELETE -H "Accept: application/json;api-version=6.0-preview" -H "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" "$artifact" | |
done | |
- name: Upload coverage report as artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: awx-collection-integration-coverage-html | |
path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/reports/coverage |