diff --git a/.github/workflows/check-scripts-updates.yml b/.github/workflows/check-scripts-updates.yml new file mode 100644 index 0000000..589912e --- /dev/null +++ b/.github/workflows/check-scripts-updates.yml @@ -0,0 +1,33 @@ +name: Check Script and Playbook Updates + +on: + push: + paths: + - 'scripts/**' + +jobs: + check-updates: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Check for Matching Updates in Scripts and Playbooks + run: | + #!/bin/bash + set -e + + # Get list of changed files in last commit + changed_files=$(git diff --name-only HEAD HEAD~1) + + # Check if any files in scripts/ were updated (excluding wrap_scripts_in_yaml.py) + scripts_updated=$(echo "$changed_files" | grep -v 'wrap_scripts_in_yaml.py' | grep 'scripts/') + + # Check if any files in playbooks/ were updated + playbooks_updated=$(echo "$changed_files" | grep 'playbooks/') + + if [[ -n "$scripts_updated" && -z "$playbooks_updated" ]]; then + echo "Files in scripts/ were updated without corresponding updates in playbooks/" + exit 1 + fi + + echo "Check passed" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bce7b4a..1e0fdea 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,6 +29,12 @@ repos: "-sn", # Don't display the score "--rcfile=.pylintrc", # Link to your config file ] + - id: wrap-scripts-in-yaml + name: wrap-scripts-in-yaml + entry: python scripts/wrap_scripts_in_yaml.py + language: python + files: scripts/.*\.py$ + - repo: https://github.com/gitleaks/gitleaks rev: v8.18.0 diff --git a/scripts/leapp_upgrade.py b/scripts/leapp_upgrade.py index fe2dbd7..0aaedf6 100644 --- a/scripts/leapp_upgrade.py +++ b/scripts/leapp_upgrade.py @@ -7,7 +7,7 @@ TXT_REPORT_PATH = "/var/log/leapp/leapp-report.txt" REBOOT_GUIDANCE_MESSAGE = "A reboot is required to continue. Please reboot your system." -# Based on https://github.com/oamg/leapp/blob/master/report-schema-v110.json#L211 +# Based on https:/ /github.com/oamg/leapp/blob/master/report-schema-v110.json#L211 STATUS_CODE = { "high": 3, "medium": 2, diff --git a/scripts/wrap_scripts_in_yaml.py b/scripts/wrap_scripts_in_yaml.py new file mode 100644 index 0000000..3b8f700 --- /dev/null +++ b/scripts/wrap_scripts_in_yaml.py @@ -0,0 +1,54 @@ +""" +This file serves to be run during a pre-commit hook to wrap all scripts/ files +in yaml and convert them to ansible playbooks placed under playbooks/ folder. +""" + +import re +import sys +from pathlib import Path + + +def wrap_script_in_yaml(python_file): + yaml_file_path = f"playbooks/{Path(python_file).stem}_script.yaml" + yaml_content = generate_yaml_content(python_file) + + if not Path(yaml_file_path).exists() or open(yaml_file_path).read() != yaml_content: + with open(yaml_file_path, "w") as yaml_file: + yaml_file.write(yaml_content) + return True + return False + + +def generate_yaml_content(python_file): + with open(python_file, "r") as py_file: + content = "- name: Leapp pre-upgrade for rhc-worker-script\n" + content += " vars:\n" + content += " insights_signature: !!binary |\n" + content += " needs signature\n" + content += ' insights_signature_exclude: "/vars/insights_signature"\n' + content += " interpreter: /usr/bin/python\n" + content += " content: |\n" + for line in py_file: + content += f" {line}" + content += " content_vars:\n" + return content + + +def main(): + changes_detected = False + for filename in sys.argv[1:]: + if re.match(r"scripts/.*.py$", filename): + if filename == f"scripts/{Path(__file__).name}": + continue + if wrap_script_in_yaml(filename): + changes_detected = True + + if changes_detected: + print( + "Changes detected in ansible playbooks (coming from scripts). Please stage them and commit again." + ) + sys.exit(1) + + +if __name__ == "__main__": + main()