From c347a2a881318b2da0efc40fa3ba7624508deef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Max=20H=C3=B6sel?= Date: Mon, 12 Feb 2024 22:39:11 +0100 Subject: [PATCH] fix ci, remove support for outdated distros --- .config/ansible-lint.yaml | 21 ++++ .config/molecule/config.yml | 28 ++++++ .github/workflows/ci.yml | 17 ++-- .github/workflows/rennovate.json5 | 5 + .gitignore | 156 +++++++++++++++++++++++++++++- README.md | 5 +- handlers/main.yml | 6 +- meta/argument_specs.yml | 8 +- meta/main.yml | 9 +- molecule/default/converge.yml | 2 +- molecule/default/molecule.yml | 75 +++++--------- molecule/default/prepare.yml | 6 -- requirements.txt | 5 + tasks/check.yml | 8 +- tasks/main.yml | 5 +- tox.ini | 31 +++--- 16 files changed, 277 insertions(+), 110 deletions(-) create mode 100644 .config/ansible-lint.yaml create mode 100644 .config/molecule/config.yml create mode 100644 .github/workflows/rennovate.json5 create mode 100644 requirements.txt diff --git a/.config/ansible-lint.yaml b/.config/ansible-lint.yaml new file mode 100644 index 0000000..258e391 --- /dev/null +++ b/.config/ansible-lint.yaml @@ -0,0 +1,21 @@ +--- +# Don't automatically install roles from galaxy +offline: true + +exclude_paths: + - ".cache" + - tests/integration/targets/ + - .github/ + +# Unfortunately, warnings only show up when running ansible-lint normally, not during pre-commit +warn_list: + - "name[missing]" # this is *sometimes* okay, like with a block or simple include + +skip_list: + - "key-order[task]" # Lots of false positives from this one, any equals sign in a command will trigger it + - "no-free-form" # ... really? + - "galaxy[version-incorrect]" # This errors on 0.x versions, which we are totally okay with + - "fqcn-builtins" # While we should migrate away from the old builtins, this is in no way urgent + - "name[casing]" # too noisy, does not account for names starting with variable names + - "name[play]" # The only plays in a collection are going to be molecule plays, which already have a name through their filename + - "var-naming[no-role-prefix]" # we started out with postfix_ instead of postfix_nullclient. not worth breaking compatibility for diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml new file mode 100644 index 0000000..b0a3d8d --- /dev/null +++ b/.config/molecule/config.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +provisioner: + name: ansible + env: + ANSIBLE_PIPELINING: true + +scenario: + test_sequence: + - destroy + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - check # also run check mode in regular tests + - side_effect + - verify + - destroy + +verifier: + name: ansible diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1fff3e..4d4a620 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,30 +4,31 @@ on: pull_request: workflow_dispatch: -defaults: - run: - working-directory: postfix_nullclient - jobs: lint: name: "CI" runs-on: ubuntu-latest + strategy: + matrix: + job: + - molecule-ansible8 + - molecule-ansible9 + - lint steps: - name: Check out codebase uses: actions/checkout@v2 with: fetch-depth: 0 - path: postfix_nullclient - name: Set up Python 3 uses: actions/setup-python@v2 with: - python-version: "3.8" + python-version: "3.12" - name: Set up pip run: pip3 install --upgrade pip - name: Install tox - run: sudo apt update && sudo apt install -y tox + run: sudo apt update && sudo apt -y install tox - name: Run Tox - run: tox + run: tox -e ${{ matrix.job }} diff --git a/.github/workflows/rennovate.json5 b/.github/workflows/rennovate.json5 new file mode 100644 index 0000000..4574387 --- /dev/null +++ b/.github/workflows/rennovate.json5 @@ -0,0 +1,5 @@ +{ + "extends": [ + "github>maxhoesel-ansible/.github:renovate-config" + ] +} diff --git a/.gitignore b/.gitignore index c58748f..587b531 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,154 @@ -.cache -.tox +.vscode/ + +### Ansible ### +*.retry + +### Python ### +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/Nox +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +pytestdebug.log + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ +doc/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.Nox +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv* +venv*/ +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ +pythonenv* + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# profiling data +.prof + +# Ansible collection archives +*.tar.gz +docs/ansible_collections/ + +# Don't commit ephermal integration config +tests/integration/integration_config.yml +collections + +# CI files +results +split-tests diff --git a/README.md b/README.md index 15c9e0e..d452fec 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,8 @@ Requirements - A recent Ansible version. This role supports the 2 most recent major Ansible releases. Older versions might still work, but are not supported - A host running: - - Ubuntu 18.04 LTS or newer - - Debian 10 or newer - - Arch Linux + - Ubuntu 20.04 LTS or newer + - Debian 11 or newer - Other distributions may work, but are not supported (Feel free to add support with a PR!) Role Variables diff --git a/handlers/main.yml b/handlers/main.yml index b72d9b1..63aff2f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,9 +1,11 @@ --- -# handlers file for postfix_nullclient +# code: language=ansible - name: restart postfix service: name: postfix state: restarted + become: yes -- name: rehash sasl_passwd +- name: rehash sasl_passwd # noqa no-changed-when command: "postmap {{ postfix_config_path }}/{{ postfix_sasl_file }}" + become: yes diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml index 5c96bfd..78fa62a 100644 --- a/meta/argument_specs.yml +++ b/meta/argument_specs.yml @@ -4,14 +4,14 @@ argument_specs: options: postfix_relayhost: type: str - required: yes + required: true description: Hostname or IP address of the host to send mails to postfix_port: type: int description: Optionally overwite the automatically selecteed port (see README.md) postfix_relayhost_auth: type: bool - default: yes + default: true description: Set to yes if you need to login with a username and password postfix_relayhost_username: type: str @@ -22,7 +22,7 @@ argument_specs: postfix_tls: type: bool description: Whether to use TLS when connecting to the relayhost - default: yes + default: true postfix_tls_mode: type: str choices: ["SSL/TLS", "STARTTLS"] @@ -30,7 +30,7 @@ argument_specs: default: "SSL/TLS" postfix_tls_verify_cert: type: bool - default: yes + default: true description: Whether to verify the remote TLS cert. Only turn this off if you want to use a self-signed certificate and know what you are doing postfix_tls_custom_cafile: type: str diff --git a/meta/main.yml b/meta/main.yml index 4cc23c6..92af4ca 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -4,17 +4,16 @@ galaxy_info: role_name: postfix_nullclient license: license GPL-3.0-or-later - - min_ansible_version: 2.9 - + min_ansible_version: "2.9" platforms: - name: Ubuntu versions: - - bionic - focal + - jammy - name: Debian versions: - - buster + - bullseye + - bookworm galaxy_tags: ["postfix"] diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 931cb3f..92f0bb8 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,7 +4,7 @@ tasks: - name: "Include postfix_nullclient" include_role: - name: "postfix_nullclient" + name: "maxhoesel.postfix_nullclient" vars: postfix_relayhost: mail.invalid.tld postfix_relayhost_username: test@invalid.tld diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 948e551..f90d928 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,74 +1,45 @@ --- -dependency: - name: galaxy -driver: - name: docker platforms: - # Note on containers: - # - We use the images provided by geerlingguy, as they provide out-of-the-box - # support for Ansible and systemd (needed to test service management). - # - The containers run as privileged containers so that we can - # use systemd functionality. This *should* be possible with unpriliged - # containers as well, but is quite the headache. - - name: postfix-nullclient-ubuntu-20 - image: "geerlingguy/docker-ubuntu2004-ansible" + - name: postfix-nullclient-ubuntu-222 + image: "geerlingguy/docker-ubuntu2204-ansible" groups: - ubuntu volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host privileged: true override_command: false pre_build_image: true - - name: postfix-nullclient-ubuntu-18 - image: "geerlingguy/docker-ubuntu1804-ansible" + + - name: postfix-nullclient-ubuntu-20 + image: "geerlingguy/docker-ubuntu2004-ansible" groups: - ubuntu volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host privileged: true override_command: false pre_build_image: true - - name: postfix-nullclient-debian-10 - image: "geerlingguy/docker-debian10-ansible" + + - name: postfix-nullclient-debian-12 + image: "geerlingguy/docker-debian12-ansible" groups: - debian volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host privileged: true override_command: false pre_build_image: true - - name: postfix-nullclient-arch - image: "archlinux:base" - command: /sbin/init - tmpfs: - - /run - - /tmp + + - name: postfix-nullclient-debian-11 + image: "geerlingguy/docker-debian11-ansible" + groups: + - debian volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host privileged: true - -provisioner: - name: ansible - config_options: - ssh_connection: - pipelining: yes - defaults: - forks: 15 - -scenario: - test_sequence: - - lint - - destroy - - dependency - - syntax - - create - - prepare - - converge - - idempotence - - check # also run check mode in regular tests - - side_effect - - verify - - destroy - -verifier: - name: ansible + override_command: false + pre_build_image: true diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 41fc0a0..3c07f7b 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,9 +1,3 @@ -- hosts: postfix-nullclient-arch - gather_facts: false - tasks: - - name: Install python3 # noqa no-changed-when - raw: pacman -Sy python --noconfirm - - hosts: "ubuntu:debian" tasks: - name: Update apt cache diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e4ce34d --- /dev/null +++ b/requirements.txt @@ -0,0 +1,5 @@ +# Requirements for running the tests for this role +molecule==6.0.3 +molecule-plugins[docker]==23.5.3 +ansible-lint==24.2.0 +tox==4.12.1 diff --git a/tasks/check.yml b/tasks/check.yml index e9ed148..b3b384d 100644 --- a/tasks/check.yml +++ b/tasks/check.yml @@ -1,10 +1,4 @@ -- name: Verify that required parameters are set - assert: - that: - - postfix_relayhost is defined - - postfix_relayhost | length > 0 - when: ansible_version.string is version('2.11.1', '<') - +# code: language=ansible - name: Verify that multi-instance list or search pattern is set assert: that: postfix_multi_instance_list or postfix_multi_instance_search_path diff --git a/tasks/main.yml b/tasks/main.yml index 4e67710..9f1f895 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,7 @@ --- -# tasks file for postfix_nullclient -- include: check.yml +# code: language=ansible +- name: Perform checks + ansible.builtin.include_tasks: check.yml - name: Load OS-Specific vars include_vars: "{{ ansible_os_family }}.yml" diff --git a/tox.ini b/tox.ini index f3bb621..ebef2f0 100644 --- a/tox.ini +++ b/tox.ini @@ -1,28 +1,23 @@ [tox] -envlist= -requires = - tox-ansible>=1.0,<2.0 skipsdist = True - -[ansible] -ansible = 4,5 -python = 3 +requires = + tox>=4 +env_list = + molecule-ansible{8,9},lint [testenv] -#deps = -# roles: docker>=4.4,<5.0 -# roles: molecule-docker>=0.3,<0.4 -# lint_all: ansible-lint>=5.0,<6.0 +deps = + -r requirements.txt + molecule-ansible8: ansible>=8,<9 + molecule-ansible9: ansible>=9,<10 passenv = HOME setenv = PY_COLORS = 1 ANSIBLE_FORCE_COLOR = 1 -#[testenv:lint] -#description = Lint Ansible roles and git commits -#deps = -# ansible>=4,<5 -# ansible-lint>=5.0,<6.0 -#commands = -# ansible-lint -vv +[testenv:molecule-ansible{8,9}] +commands = molecule test + +[testenv:lint] +commands = ansible-lint