-
Notifications
You must be signed in to change notification settings - Fork 120
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #237 from RedHat-EMEA-SSA-Team/devel - Release 202…
…2-12-17 Merge Devel into Master - Release 2022-12-17 * Bump openshift version to 4.11.12 * Update ansible-automation-platform to 2.3 * Fixed problem with `ansible_python_interpreter` during `00-provision-hetzner.yml` * Added new option `hetzner_size_of_libvirt_images` * Added new option `redhat_subscription_activationkey`, `redhat_subscription_org_id`, `redhat_subscription_pool` to handle Red Hat entitlement during `01-prepare-host.yml` * Introduce `artifacts_dir` * Change ssh public key and kubeconfig handling to support remote execution * Handling reboot after new kernel is installed * [Added support for remote execution (execute playbooks on your laptop)](remote-execution.md) * Added `install_config_capabilities` configuration * Added Gandi as a DNS provider * [Added instructions for RHEL9 image creation](hetzner_rhel9.md) * Added Rocky Linux 9 support
- Loading branch information
Showing
56 changed files
with
1,485 additions
and
391 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| FROM registry.access.redhat.com/ubi9/python-39:latest | ||
|
|
||
| RUN pip install pre-commit | ||
|
|
||
| WORKDIR /workdir | ||
| CMD pre-commit run --all-files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| --- | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| name: linter | ||
| annotations: | ||
| # The event we are targeting as seen from the webhook payload | ||
| # this can be an array too, i.e: [pull_request, push] | ||
| pipelinesascode.tekton.dev/on-event: "[pull_request]" | ||
|
|
||
| # The branch or tag we are targeting (ie: main, refs/tags/*) | ||
| pipelinesascode.tekton.dev/on-target-branch: "[master,devel]" | ||
|
|
||
| # Fetch the git-clone task from hub, we are able to reference later on it | ||
| # with taskRef and it will automatically be embedded into our pipeline. | ||
| pipelinesascode.tekton.dev/task: "git-clone" | ||
|
|
||
|
|
||
| # Use maven task from hub | ||
| # pipelinesascode.tekton.dev/task-1: "[pre-commit]" | ||
|
|
||
| # You can add more tasks in here to reuse, browse the one you like from here | ||
| # https://hub.tekton.dev/ | ||
| # example: | ||
| # pipelinesascode.tekton.dev/task-2: "[github-add-labels]" | ||
| pipelinesascode.tekton.dev/task-2: "[.tekton/tasks/github-add-comment.yaml]" | ||
|
|
||
| # How many runs we want to keep attached to this event | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| spec: | ||
| params: | ||
| # The variable with brackets are special to Pipelines as Code | ||
| # They will automatically be expanded with the events from Github. | ||
| - name: repo_url | ||
| value: "{{ repo_url }}" | ||
| - name: revision | ||
| value: "{{ revision }}" | ||
| - name: pull_request_number | ||
| value: "{{ pull_request_number }}" | ||
| - name: git_auth_secret | ||
| value: "{{ git_auth_secret }}" | ||
| pipelineSpec: | ||
| params: | ||
| - name: repo_url | ||
| - name: revision | ||
| - name: pull_request_number | ||
| - name: git_auth_secret | ||
| workspaces: | ||
| - name: source | ||
| - name: basic-auth | ||
| tasks: | ||
| - name: fetch-repository | ||
| taskRef: | ||
| name: git-clone | ||
| kind: ClusterTask | ||
| workspaces: | ||
| - name: output | ||
| workspace: source | ||
| - name: basic-auth | ||
| workspace: basic-auth | ||
| params: | ||
| - name: url | ||
| value: $(params.repo_url) | ||
| - name: revision | ||
| value: $(params.revision) | ||
| # Customize this task if you like, or just do a taskRef | ||
| # to one of the hub task. | ||
| - name: pre-commit | ||
| runAfter: | ||
| - fetch-repository | ||
| workspaces: | ||
| - name: source | ||
| workspace: source | ||
| taskSpec: | ||
| results: | ||
| - name: linter-output | ||
| description: Output of pre-commit run | ||
| workspaces: | ||
| - name: source | ||
| steps: | ||
| - name: pre-commit | ||
| image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-pre-commit:latest | ||
| workingDir: $(workspaces.source.path) | ||
| script: | | ||
| set -euxo pipefail | ||
| echo -e ' 💀 There was an error during pre-commit / linter:\n\n```' \ | ||
| > $(workspaces.source.path)/notify-linter-on-failure.txt | ||
| pre-commit run --color=never --all-files \ | ||
| | sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g" \ | ||
| | tee -a $(workspaces.source.path)/notify-linter-on-failure.txt | ||
| RC=$? | ||
| echo "Return code $RC" | ||
| echo -e '\n```\n' \ | ||
| > $(workspaces.source.path)/notify-linter-on-failure.txt | ||
| exit $? | ||
| finally: | ||
| - name: notify-linter-on-failure | ||
| workspaces: | ||
| - name: comment-file | ||
| workspace: source | ||
| when: | ||
| - input: $(tasks.pre-commit.status) | ||
| operator: in | ||
| values: ["Failed"] | ||
| params: | ||
| - name: REQUEST_URL | ||
| value: "$(params.repo_url)/pull/$(params.pull_request_number)" | ||
| - name: PAC_GITHUB_SECRET | ||
| value: "$(params.git_auth_secret)" | ||
| - name: COMMENT_OR_FILE | ||
| value: "notify-linter-on-failure.txt" | ||
| taskRef: | ||
| name: github-add-comment | ||
|
|
||
| workspaces: | ||
| - name: source | ||
| volumeClaimTemplate: | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| # This workspace will inject secret to help the git-clone task to be able to | ||
| # checkout the private repositories | ||
| - name: basic-auth | ||
| secret: | ||
| secretName: "{{ git_auth_secret }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,200 @@ | ||
| --- | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: Task | ||
| metadata: | ||
| name: github-add-comment | ||
| labels: | ||
| app.kubernetes.io/version: "0.7" | ||
| annotations: | ||
| tekton.dev/categories: Git | ||
| tekton.dev/pipelines.minVersion: "0.17.0" | ||
| tekton.dev/tags: github | ||
| tekton.dev/displayName: "add github comment" | ||
| tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le" | ||
| spec: | ||
| description: >- | ||
| This Task will add a comment to a pull request or an issue. | ||
| It can take either a filename or a comment as input and can | ||
| post the comment back to GitHub accordingly. | ||
| workspaces: | ||
| - name: comment-file | ||
| optional: true | ||
| description: The optional workspace containing comment file to be posted. | ||
|
|
||
| results: | ||
| - name: OLD_COMMENT | ||
| description: The old text of the comment, if any. | ||
|
|
||
| - name: NEW_COMMENT | ||
| description: The new text of the comment, if any. | ||
|
|
||
| params: | ||
| - name: GITHUB_HOST_URL | ||
| description: | | ||
| The GitHub host, adjust this if you run a GitHub enteprise. | ||
| default: "api.github.com" | ||
| type: string | ||
|
|
||
| - name: API_PATH_PREFIX | ||
| description: | | ||
| The API path prefix, GitHub Enterprise has a prefix e.g. /api/v3 | ||
| default: "" | ||
| type: string | ||
|
|
||
| - name: REQUEST_URL | ||
| description: | | ||
| The GitHub issue or pull request URL where we want to add a new | ||
| comment. | ||
| type: string | ||
|
|
||
| - name: COMMENT_OR_FILE | ||
| description: | | ||
| The actual comment to add or the filename containing comment to post. | ||
| type: string | ||
|
|
||
| - name: PAC_GITHUB_SECRET | ||
| description: | | ||
| The name of the Kubernetes Secret that contains the GitHub token. | ||
| type: string | ||
|
|
||
| - name: PAC_GITHUB_SECRET_KEY | ||
| description: | | ||
| The key within the Kubernetes Secret that contains the GitHub token. | ||
| type: string | ||
| default: .git-credentials | ||
|
|
||
| - name: AUTH_TYPE | ||
| description: | | ||
| The type of authentication to use. You could use the less secure "Basic" for example | ||
| type: string | ||
| default: Bearer | ||
|
|
||
| - name: COMMENT_TAG | ||
| description: | | ||
| An invisible tag to be added into the comment. The tag is made | ||
| invisible by embedding in an an HTML comment. The tag allows for later | ||
| retrieval of the comment, and it allows replacing an existing comment. | ||
| type: string | ||
| default: "" | ||
|
|
||
| - name: REPLACE | ||
| description: | | ||
| When a tag is specified, and `REPLACE` is `true`, look for a comment | ||
| with a matching tag and replace it with the new comment. | ||
| type: string | ||
| default: "false" # Alternative value: "true" | ||
|
|
||
| steps: | ||
| - name: post-comment | ||
| workingDir: $(workspaces.comment-file.path) | ||
| env: | ||
| - name: GIT_CREDENTIALS | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: $(params.PAC_GITHUB_SECRET) | ||
| key: $(params.PAC_GITHUB_SECRET_KEY) | ||
|
|
||
| image: registry.access.redhat.com/ubi8/ubi-minimal:8.2 | ||
| script: | | ||
| #!/usr/libexec/platform-python | ||
| import json | ||
| import os | ||
| import http.client | ||
| import sys | ||
| import urllib.parse | ||
| bearer = urllib.parse.urlparse(os.environ["GIT_CREDENTIALS"]) | ||
| authHeader = "$(params.AUTH_TYPE) " + bearer.password | ||
| split_url = urllib.parse.urlparse( | ||
| "$(params.REQUEST_URL)").path.split("/") | ||
| # This will convert https://github.com/foo/bar/pull/202 to | ||
| # api url path /repos/foo/issues/ | ||
| api_url = "{base}/repos/{package}/issues/{id}".format( | ||
| base="$(params.API_PATH_PREFIX)", package="/".join(split_url[1:3]), id=split_url[-1]) | ||
| # Only support FILE on my case | ||
| commentParamValue = """$(params.COMMENT_OR_FILE)""" | ||
| # check if workspace is bound and parameter passed is a filename or not | ||
| if "$(workspaces.comment-file.bound)" == "true" and os.path.exists(commentParamValue): | ||
| commentParamValue = open(commentParamValue, "r").read() | ||
| else: | ||
| commentParamValue = """ 😱 An unexpected error has occurred, please check log files.""" | ||
| # If a tag was specified, append it to the comment | ||
| if "$(params.COMMENT_TAG)": | ||
| commentParamValue += "<!-- {tag} -->".format(tag="$(params.COMMENT_TAG)") | ||
| data = { | ||
| "body": commentParamValue, | ||
| } | ||
| # This is for our fake github server | ||
| if "$(params.GITHUB_HOST_URL)".startswith("http://"): | ||
| conn = http.client.HTTPConnection("$(params.GITHUB_HOST_URL)".replace("http://", "")) | ||
| else: | ||
| conn = http.client.HTTPSConnection("$(params.GITHUB_HOST_URL)") | ||
| # If REPLACE is true, we need to search for comments first | ||
| matching_comment = "" | ||
| if "$(params.REPLACE)" == "true": | ||
| if not "$(params.COMMENT_TAG)": | ||
| print("REPLACE requested but no COMMENT_TAG specified") | ||
| sys.exit(1) | ||
| r = conn.request( | ||
| "GET", | ||
| api_url + "/comments", | ||
| headers={ | ||
| "User-Agent": "TektonCD, the peaceful cat", | ||
| "Authorization": authHeader, | ||
| }) | ||
| resp = conn.getresponse() | ||
| if not str(resp.status).startswith("2"): | ||
| print("Error: %d" % (resp.status)) | ||
| print(resp.read()) | ||
| sys.exit(1) | ||
| print(resp.status) | ||
| comments = json.loads(resp.read()) | ||
| print(comments) | ||
| # If more than one comment is found take the last one | ||
| matching_comment = [x for x in comments if '$(params.COMMENT_TAG)' in x['body']][-1:] | ||
| if matching_comment: | ||
| with open("$(results.OLD_COMMENT.path)", "w") as result_old: | ||
| result_old.write(str(matching_comment[0])) | ||
| matching_comment = matching_comment[0]['url'] | ||
| if matching_comment: | ||
| method = "PATCH" | ||
| target_url = urllib.parse.urlparse(matching_comment).path | ||
| else: | ||
| method = "POST" | ||
| target_url = api_url + "/comments" | ||
| print("Sending this data to GitHub with {}: ".format(method)) | ||
| print(data) | ||
| r = conn.request( | ||
| method, | ||
| target_url, | ||
| body=json.dumps(data), | ||
| headers={ | ||
| "User-Agent": "TektonCD, the peaceful cat", | ||
| "Authorization": authHeader, | ||
| }) | ||
| resp = conn.getresponse() | ||
| if not str(resp.status).startswith("2"): | ||
| print("Error: %d" % (resp.status)) | ||
| print(resp.read()) | ||
| sys.exit(1) | ||
| else: | ||
| with open("$(results.NEW_COMMENT.path)", "wb") as result_new: | ||
| result_new.write(resp.read()) | ||
| print("a GitHub comment has been {} to $(params.REQUEST_URL)".format( | ||
| "updated" if matching_comment else "added")) |
Oops, something went wrong.