-
Notifications
You must be signed in to change notification settings - Fork 22
279 lines (271 loc) · 9.5 KB
/
test.yml
File metadata and controls
279 lines (271 loc) · 9.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
---
name: Test
on:
push:
branches:
- master
pull_request:
concurrency:
group: ${{ github.ref_name }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Run ansible-lint on src
uses: ansible/ansible-lint@main
with:
requirements_file: requirements.yml
working_directory: src
setup_python: false
- name: Run ansible-lint on development
uses: ansible/ansible-lint@main
with:
requirements_file: requirements.yml
working_directory: development
setup_python: false
tests:
strategy:
fail-fast: false
matrix:
certificate_source:
- default
- installer
security:
- none
database:
- internal
box:
- centos/stream9
- centos/stream10
exclude:
- certificate_source: installer
box: centos/stream10
include:
- certificate_source: default
security: fapolicyd
database: internal
box: centos/stream9
- certificate_source: default
security: none
database: external
box: centos/stream9
runs-on: ubuntu-24.04
env:
FOREMANCTL_BASE_BOX: ${{ matrix.box }}
name: "Tests (certificates: ${{ matrix.certificate_source }}, database: ${{ matrix.database }}, security: ${{ matrix.security }}, box: ${{ matrix.box }})"
steps:
- name: generate artifact suffix
run: echo "ARTIFACT_SUFFIX=$(echo '${{ matrix.certificate_source }}-${{ matrix.security }}-${{ matrix.database }}-${{ matrix.box }}' | tr -cd '[:alnum:]-')" >> "${GITHUB_ENV}"
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start --vms "quadlet client ${{ matrix.database == 'external' && 'database' || '' }}"
- name: Configure remote-database
if: matrix.database == 'external'
run: |
./forge remote-database
- name: Configure repositories
run: |
./forge setup-repositories
- name: Create installer certificates
if: contains(matrix.certificate_source, 'installer')
run: |
./forge installer-certs
- name: Setup security mode ${{ matrix.security }}
if: matrix.security != 'none'
run: |
./forge security --mode ${{ matrix.security }}
- name: Apply fapolicyd workarounds
# https://access.redhat.com/solutions/7072618 / https://issues.redhat.com/browse/RHEL-37912
# https://github.com/theforeman/foreman-fapolicyd/blob/develop/15-foreman-container.rules
if: matrix.security == 'fapolicyd'
run: |
vagrant ssh --command "echo 'allow perm=any pattern=ld_so exe=/usr/bin/crun : path=/usr/lib64/libsystemd.so.0' | sudo tee -a /etc/fapolicyd/rules.d/15-foremanctl.rules" quadlet
vagrant ssh --command "echo 'allow perm=any all : dir=/home/vagrant/.ansible/tmp/' | sudo tee -a /etc/fapolicyd/rules.d/15-foremanctl.rules" quadlet
vagrant ssh quadlet -- sudo systemctl restart fapolicyd
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run deployment
run: |
./foremanctl deploy --certificate-source=${{ matrix.certificate_source }} ${{ matrix.database == 'external' && '--database-mode=external --database-host=database.example.com --database-ssl-ca $(pwd)/.var/lib/foremanctl/db-ca.crt --database-ssl-mode verify-full' || '' }} --foreman-initial-admin-password=changeme --tuning development
- name: Add optional feature - hammer
run: |
./foremanctl deploy --add-feature hammer
- name: Add optional feature - foreman-proxy
run: |
./foremanctl deploy --add-feature foreman-proxy
- name: Add optional features - azure_rm, google
run: |
./foremanctl deploy --add-feature azure_rm --add-feature google
- name: Run tests
run: |
./forge test --pytest-args="--certificate-source=${{ matrix.certificate_source }} --database-mode=${{ matrix.database }}"
- name: Run smoker
run: |
./forge smoker
- name: Archive smoker report
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: smoker-${{ env.ARTIFACT_SUFFIX }}
path: "/home/runner/smoker/report/"
- name: Generate sos reports
if: ${{ always() }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: sosreport-${{ env.ARTIFACT_SUFFIX }}
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
devel-tests:
strategy:
fail-fast: false
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start
- name: Configure repositories
run: |
./forge setup-repositories
- name: Run deployment
run: |
./forge deploy-dev --foreman-development-enabled-plugin foreman_ansible
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
upgrade:
strategy:
fail-fast: false
matrix:
upgrade_from:
- '3.18'
upgrade_to:
- 'nightly'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start
- name: Configure repositories
run: |
./forge setup-repositories
- name: Configure base version
run: |
sed -i '/container_tag_stream:/ s/:.*/: "${{ matrix.upgrade_from }}"/' src/vars/images.yml
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run deployment
run: |
./foremanctl deploy --foreman-initial-admin-password=changeme --tuning development
- name: Add optional feature - hammer
run: |
./foremanctl deploy --add-feature hammer
- name: Add optional feature - foreman-proxy
run: |
./foremanctl deploy --add-feature foreman-proxy
- name: Add optional features - azure_rm, google
run: |
./foremanctl deploy --add-feature azure_rm --add-feature google
- name: Stop services
run:
vagrant ssh quadlet -- sudo systemctl stop foreman.target
- name: Configure upgrade version
run: |
sed -i '/container_tag_stream:/ s/:.*/: "${{ matrix.upgrade_to }}"/' src/vars/images.yml
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run deployment
run: |
./foremanctl deploy
- name: Run tests
run: |
./forge test
- name: Generate sos reports
if: ${{ always() }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: sosreport-upgrade
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
# A dummy job that you can mark as a required check instead of each individual test
test-suite:
if: always()
needs:
- tests
- devel-tests
- upgrade
- ansible-lint
runs-on: ubuntu-latest
name: Test suite
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}