voxpupuli / gha-puppet Goto Github PK
View Code? Open in Web Editor NEWReusable workflows to run Puppet tests within GitHub Actions
Reusable workflows to run Puppet tests within GitHub Actions
[acceptance] ~/github/puppet-alternatives $ be metadata2gha | grep beaker_setfiles
::set-output name=beaker_setfiles::[{"name":"Debian 10","value":"debian10-64"},{"name":"Debian 11","value":"debian11-64"},{"name":"Ubuntu 18.04","value":"ubuntu1804-64"},{"name":"Ubuntu 20.04","value":"ubuntu2004-64"},{"name":"CentOS 7","value":"centos7-64"},{"name":"CentOS 8","value":"centos8-64"}]
[acceptance] ~/github/puppet-alternatives $ be metadata2gha --pidfile-workaround false | grep beaker_setfiles
::set-output name=beaker_setfiles::[{"name":"Debian 10","value":"debian10-64"},{"name":"Debian 11","value":"debian11-64"},{"name":"Ubuntu 18.04","value":"ubuntu1804-64"},{"name":"Ubuntu 20.04","value":"ubuntu2004-64"},{"name":"CentOS 7","value":"centos7-64"},{"name":"CentOS 8","value":"centos8-64"}]
[acceptance] ~/github/puppet-alternatives $ be metadata2gha --pidfile-workaround CentOS | grep beaker_setfiles
::set-output name=beaker_setfiles::[{"name":"Debian 10","value":"debian10-64"},{"name":"Debian 11","value":"debian11-64"},{"name":"Ubuntu 18.04","value":"ubuntu1804-64"},{"name":"Ubuntu 20.04","value":"ubuntu2004-64"},{"name":"CentOS 7","value":"centos7-64{image=centos:7.6.1810}"}]
This was discovered while working on voxpupuli/puppet-alternatives#126
gha-puppet/.github/workflows/beaker.yml
Line 80 in 6602b90
It's possible to set a fact via environment variables. This is used in theforeman/puppet-pulpcore to run the entire test suite on multiple supported versions.
It would be great if this was also supported in gha-puppet.
I started with voxpupuli/puppet_metadata#35 which at least pushes the name generation into the gem. That gem already generates the matrix so this opens the path to generating a bigger matrix. Then it just needs a good way to specify the inputs and map it.
The release workflow is there, but right now it's untested and undocumented.
It's possible to create .github/workflow-templates
to make it easy for users to use our workflow, even if they don't use modulesync. This may make it easier new users to onboard.
Vox Pupuli uses https://github.com/voxpupuli/modulesync_config/blob/a87ca50493f5b1ac09956fd7f8c226cf6fc3165f/moduleroot/Gemfile.erb#L38-L39 or:
puppetversion = ENV['PUPPET_VERSION'] || '<%= @configs['puppet_version'] %>'
gem 'puppet', puppetversion, :require => false, :groups => [:test]
The Foreman uses puppetversion = ENV['PUPPET_VERSION'] || '<%= @configs['puppet_version'] %>'
gem 'puppet', puppetversion, :require => false, :groups => [:test] or:
gem 'puppet', ENV.key?('PUPPET_VERSION') ? "~> #{ENV['PUPPET_VERSION']}" : '>= 5.5', groups: ['development', 'test']
pdk-templates uses https://github.com/puppetlabs/pdk-templates/blob/b851eaa1db21ee695c07da1a9594a86403bfcc18/moduleroot/Gemfile.erb#L103-L109 or (summarized for readability):
def location_for(place_or_version, fake_version = nil)
git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?}
file_url_regex = %r{\Afile:\/\/(?<path>.*)}
if place_or_version && (git_url = place_or_version.match(git_url_regex))
[fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
else
[place_or_version, { require: false }]
end
end
puppet_version = ENV['PUPPET_GEM_VERSION']
gem_params = location_for(puppet_version)
gem 'puppet', *gem_params
So none of these really is the same:
PUPPET_VERSION
as the environment variable but PDK uses PUPPET_GEM_VERSION
~>
If these workflows are to be used by all, it would be good to align on a single convention.
PUPPET_GEM_VERSION
does have the benefit that it doesn't overlap with PUPPET_VERSION
which is also used in beaker-puppet_install_helper (https://github.com/puppetlabs/beaker-puppet_install_helper/blob/41c355b1f83fde562dd5bd6961e2e4eb8b81421c/lib/beaker/puppet_install_helper.rb#L128) which, while archived, is still used by Vox Pupuli and Foreman in their Beaker setups.
The job does more than only beaker tests, should the filename reflect that?
Hi,
It seems that voxpupuli/gha-puppet/.github/workflows/basic.yml@v1 fails now with an error related to Git syntax errors:
fatal: ls-files -i must be used with either -o or -c
This has been reported by other projects and seems related to a Git version that breaks backwards compatibility. This issue seems to affect Ubuntu 20.04 and 22.04 images. Here's another report of what seems to be the same issue:
The relevant raw logs from GitHub Action here:
2023-01-23T08:42:14.9307855Z Requested labels: ubuntu-latest
2023-01-23T08:42:14.9307894Z Job defined at: voxpupuli/gha-puppet/.github/workflows/basic.yml@refs/heads/v1
2023-01-23T08:42:14.9308042Z Reusable workflow chain:
2023-01-23T08:42:14.9308082Z Puppet-Finland/puppet-ipa/.github/workflows/ci.yml@refs/pull/51/merge (a6b9e583c969e253f014370a2d6b01607aacfb6a)
2023-01-23T08:42:14.9308123Z -> voxpupuli/gha-puppet/.github/workflows/basic.yml@refs/heads/v1 (a8fea30a9fcf14fd4cc9071c839e5a55d5dbab83)
2023-01-23T08:42:14.9308143Z Waiting for a runner to pick up this job...
2023-01-23T08:42:15.3069344Z Job is waiting for a hosted runner to come online.
2023-01-23T08:42:20.0951290Z Job is about to start running on the hosted runner: Hosted Agent (hosted)
2023-01-23T08:42:22.2513455Z Current runner version: '2.300.2'
2023-01-23T08:42:22.2547523Z ##[group]Operating System
2023-01-23T08:42:22.2548413Z Ubuntu
2023-01-23T08:42:22.2548716Z 22.04.1
2023-01-23T08:42:22.2548996Z LTS
2023-01-23T08:42:22.2549248Z ##[endgroup]
2023-01-23T08:42:22.2549569Z ##[group]Runner Image
2023-01-23T08:42:22.2549971Z Image: ubuntu-22.04
2023-01-23T08:42:22.2550251Z Version: 20230118.2
2023-01-23T08:42:22.2550763Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20230118.2/images/linux/Ubuntu2204-Readme.md
2023-01-23T08:42:22.2551397Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20230118.2
2023-01-23T08:42:22.2551804Z ##[endgroup]
--- snip ---
2023-01-23T08:42:22.2562884Z Prepare workflow directory
2023-01-23T08:42:22.3750447Z Prepare all required actions
2023-01-23T08:42:22.3931872Z Getting action download info
2023-01-23T08:42:22.6214970Z Download action repository 'actions/checkout@v3' (SHA:ac593985615ec2ede58e132d2e21d2b1cbd6127c)
2023-01-23T08:42:23.0219206Z Download action repository 'ruby/setup-ruby@v1' (SHA:ee26e27437bde475b19a6bf8cb73c9fa658876a2)
2023-01-23T08:42:23.3344054Z Uses: voxpupuli/gha-puppet/.github/workflows/basic.yml
--- snip ---
2023-01-23T08:42:35.9539098Z [36;1mbundle exec rake validate lint check[0m
2023-01-23T08:42:35.9592809Z shell: /usr/bin/bash -e {0}
2023-01-23T08:42:35.9593038Z env:
2023-01-23T08:42:35.9593325Z BUNDLE_WITHOUT: development:system_tests:release
2023-01-23T08:42:35.9593701Z ##[endgroup]
2023-01-23T08:42:37.0076470Z ruby -c lib/facter/ipa_server_version.rb
2023-01-23T08:42:37.0117439Z Syntax OK
2023-01-23T08:42:37.0126079Z ---> syntax:manifests
2023-01-23T08:42:37.3167538Z ---> syntax:templates
2023-01-23T08:42:37.3600457Z ---> syntax:hiera:yaml
2023-01-23T08:42:37.9234627Z fatal: ls-files -i must be used with either -o or -c
You can set up puppet-lint and GHA to upload in SARIF format. The explore workflows suggests the following workflow:
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# Puppet Lint tests Puppet code against the recommended Puppet language style guide.
# https://puppet.com/docs/puppet/7/style_guide.html
# Puppet Lint validates only code style; it does not validate syntax.
# To test syntax, use Puppet's puppet parser validate command.
# More details at https://github.com/puppetlabs/puppet-lint/
name: puppet-lint
on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '41 13 * * 2'
permissions:
contents: read
jobs:
puppet-lint:
name: Run puppet-lint scanning
runs-on: ubuntu-latest
permissions:
contents: read # for checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Ruby
uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
ruby-version: 2.7
bundler-cache: true
- name: Install puppet-lint
run: gem install puppet-lint
- name: Run puppet-lint
run: puppet-lint . --sarif > puppet-lint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: puppet-lint-results.sarif
wait-for-processing: true
Obviously we only care about the last 2 steps, but the permissions are also useful.
This may be nicer than annotations because it also shows up in code scans when run on the cron schedule.
Perhaps this is something that belongs in voxpupuli-test, perhaps somewhere in between.
I created a completely blank puppet module, copied over Gemfile and Rakefile verbatim, created the puppet.yml Github action file and upon creating a pull request, the Github action fails at "Setup Ruby". I believe this is because the Gemfile doesn't have a pointer to get the gems installed. I added the following to the top of the Gemfile:
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
re-ran the action and the "Setup Ruby" job passed.
The Gemfile at voxpupuli/puppet-chrony implies that the GEM_SOURCE needs to be set.
Modules such openvpn
and spiped
currently can't be modulesynced to use the shared actions as they require beaker setfiles with more than one host. eg https://github.com/voxpupuli/puppet-openvpn/blob/7ce40c3baa99b77880f8b5a9062bd36cc5557ad0/.github/workflows/ci.yml#L69-L85
I think the first step will be to decide what a new command line option to metadata2gha
would look like and then implement that change over in https://github.com/voxpupuli/puppet_metadata
eg. maybe something like the following
--multi-node-roles server,ma:client,a
would produce setfile values of the form
ubuntu1804-64server.ma{hostname=server}-ubuntu1804-64client.a{hostname=client}
I'm setting the hostname and the 'arbitrary-role' to be the same thing. Maybe that's too limited, but maybe if it's ok for 90% of the use-cases, then that's ok. Dunno.
The workflow uses environment variables to set the Puppet version (see #3 as well), but it also has some groups.
It also depends on puppetlabs_spec_helper, which is mentioned but not that it must be in Gemfile
.
It also relies on https://github.com/voxpupuli/puppet_metadata to be present since it needs to parse metadata.json
to generate the matrix.
gha-puppet/.github/workflows/basic.yml
Lines 40 to 42 in 6602b90
Perhaps the matrix generation should also be pushed in puppetlabs_spec_helper
as a rake task, since that's generally the interface anyway. If puppetlabs_spec_helper
has the right dependencies, it reduces the need to track things in Gemfile
.
In the release workflow (https://github.com/voxpupuli/gha-puppet/blob/v1/.github/workflows/release.yml) it uses deploy
but I'd say it's really release
. It was copied from Vox Pupuli's old release job, but should this be changed now?
I'm trying to use the gha-puppet reusable workflows for the first time and the parallel_tests are failing. I can only assume this is because the parallel_spec Gem is not installed.
I'm very green at this so I don't know where the solutions is. The output error when I have a completely generic project is:
Run ruby/setup-ruby@v1
Modifying PATH
Downloading Ruby
Extracting Ruby
Print Ruby version
Installing Bundler
> bundle install
/opt/hostedtoolcache/Ruby/3.0.5/x64/bin/bundle config --local path /home/runner/work/junk/junk/vendor/bundle
/opt/hostedtoolcache/Ruby/3.0.5/x64/bin/bundle lock
Fetching gem metadata from https://rubygems.org/.......
Could not find gem 'parallel_spec_standalone' in rubygems repository
https://rubygems.org/ or installed locally.
Error: The process '/opt/hostedtoolcache/Ruby/3.0.5/x64/bin/bundle' failed with exit code 7
I added "gem 'parallel_tests'" to my Gemfile and it seemed to make things better.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.