-
Notifications
You must be signed in to change notification settings - Fork 37
469 lines (458 loc) · 15.9 KB
/
Copy pathtest.yml
File metadata and controls
469 lines (458 loc) · 15.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
---
name: Test
on:
push:
branches:
- master
- '*-stable'
pull_request:
concurrency:
group: ${{ github.ref_name }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Run ansible-lint on src
uses: ansible/ansible-lint@main
with:
requirements_file: requirements.yml
working_directory: src
setup_python: false
- name: Run ansible-lint on development
uses: ansible/ansible-lint@main
with:
requirements_file: requirements.yml
working_directory: development
setup_python: false
python-lint:
name: Python Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Install dependencies
run: |
pip install --upgrade pip
pip install ruff
- name: Run ruff
run: ruff check --output-format=github tests/ src/ development/scripts/ inventories/
tests:
strategy:
fail-fast: false
matrix:
certificate_source:
- default
security:
- none
database:
- internal
box:
- centos/stream9
- centos/stream10
iop:
- enabled
include:
- certificate_source: default
security: fapolicyd
database: internal
box: centos/stream9
iop: disabled
- certificate_source: default
security: none
database: external
box: centos/stream9
iop: disabled
- certificate_source: custom_server
security: none
database: internal
box: centos/stream9
runs-on: ubuntu-24.04
env:
FOREMANCTL_BASE_BOX: ${{ matrix.box }}
name: "Tests (certificates: ${{ matrix.certificate_source }}, database: ${{ matrix.database }}, security: ${{ matrix.security }}, box: ${{ matrix.box }}, iop: ${{ matrix.iop }})"
steps:
- name: generate artifact suffix
run: echo "ARTIFACT_SUFFIX=$(echo '${{ matrix.certificate_source }}-${{ matrix.security }}-${{ matrix.database }}-${{ matrix.box }}-iop${{ matrix.iop }}' | tr -cd '[:alnum:]-')" >> "${GITHUB_ENV}"
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
with:
configure_dns: true
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start --vms "quadlet client ${{ matrix.database == 'external' && 'database' || '' }}"
- name: Configure remote-database
if: matrix.database == 'external'
run: |
./forge remote-database
- name: Configure repositories
run: |
./forge setup-repositories
- name: Create custom certificates
if: matrix.certificate_source == 'custom_server'
run: |
./forge custom-certs
- name: Setup security mode ${{ matrix.security }}
if: matrix.security != 'none'
run: |
./forge security --mode ${{ matrix.security }}
- name: Apply fapolicyd workarounds
# https://access.redhat.com/solutions/7072618 / https://issues.redhat.com/browse/RHEL-37912
# https://github.com/theforeman/foreman-fapolicyd/blob/develop/15-foreman-container.rules
if: matrix.security == 'fapolicyd'
run: |
vagrant ssh --command "echo 'allow perm=any pattern=ld_so exe=/usr/bin/crun : path=/usr/lib64/libsystemd.so.0' | sudo tee -a /etc/fapolicyd/rules.d/15-foremanctl.rules" quadlet
vagrant ssh --command "echo 'allow perm=any all : dir=/home/vagrant/.ansible/tmp/' | sudo tee -a /etc/fapolicyd/rules.d/15-foremanctl.rules" quadlet
vagrant ssh quadlet -- sudo systemctl restart fapolicyd
- name: Run image pull
run: |
./foremanctl pull-images ${{ matrix.database == 'external' && '--database-mode=external' || '' }}
- name: Run deployment
run: |
./foremanctl deploy \
--certificate-source=${{ matrix.certificate_source }} \
${{ matrix.database == 'external' && '--database-mode=external --database-host=database.example.com --database-ssl-ca $(pwd)/.var/lib/foremanctl/db-ca.crt --database-ssl-mode verify-full' || '' }} \
${{ matrix.certificate_source == 'custom_server' && '--certificate-server-certificate /root/custom-certificates/certs/quadlet.example.com.crt --certificate-server-key /root/custom-certificates/private/quadlet.example.com.key --certificate-server-ca-certificate /root/custom-certificates/certs/ca.crt' || '' }} \
--initial-admin-password=changeme \
--initial-organization "Foreman CI" \
--initial-location "Internet" \
--tuning development \
--content-import-path /custom/import \
--content-export-path /custom/export
- name: Deploy features
run: |
./foremanctl deploy \
--add-feature hammer \
--add-feature foreman-proxy \
--add-feature azure-rm \
--add-feature google \
--add-feature remote-execution \
--add-feature bmc \
${{ matrix.iop == 'enabled' && '--add-feature iop' || '' }}
- name: Run tests
run: |
./forge test
- name: Run smoker
run: |
./forge smoker
- name: Archive smoker report
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: smoker-${{ env.ARTIFACT_SUFFIX }}
path: "/home/runner/smoker/report/"
- name: Generate sos reports
if: ${{ always() && matrix.security != 'fapolicyd' }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() && matrix.security != 'fapolicyd' }}
uses: actions/upload-artifact@v7
with:
name: sosreport-${{ env.ARTIFACT_SUFFIX }}
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
devel-tests:
strategy:
fail-fast: false
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start
- name: Configure repositories
run: |
./forge setup-repositories
- name: Run deployment
run: |
./forge deploy-dev --foreman-development-enabled-plugin foreman_ansible --add-feature foreman-proxy --add-feature hammer
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
upgrade:
strategy:
fail-fast: false
matrix:
upgrade_from:
- '2.y-stable'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
with:
ref: ${{ matrix.upgrade_from }}
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start
- name: Configure repositories
run: |
./forge setup-repositories
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run deployment
run: |
./foremanctl deploy \
--initial-admin-password=changeme \
--initial-organization "Foreman CI" \
--initial-location "Internet" \
--tuning development
- name: Deploy features
run: |
./foremanctl deploy \
--add-feature hammer \
--add-feature foreman-proxy \
--add-feature azure-rm \
--add-feature google \
--add-feature remote-execution
- name: Stop services
run:
vagrant ssh quadlet -- sudo systemctl stop foreman.target
- name: Switch foremanctl version
run: |
git fetch origin ${{ github.ref }}
git checkout FETCH_HEAD
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run deployment
run: |
./foremanctl deploy
- name: Run health check
run: |
./foremanctl health
- name: Run tests
run: |
./forge test
- name: Generate sos reports
if: ${{ always() }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: sosreport-upgrade
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
## limits ssh access and adds the ssh public key for the user which triggered the workflow
limit-access-to-actor: true
## If no one connects after 5 minutes, shut down server.
wait-timeout-minutes: 5
migration:
strategy:
fail-fast: false
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start --vms "quadlet client"
- name: Configure repositories
run: |
./forge setup-repositories
- name: Mock foreman-installer environment
run: |
./forge mock-installer
- name: Run image pull
run: |
./foremanctl pull-images
- name: Run migration preview
run: |
mkdir -p .var/lib/foremanctl
./foremanctl migrate
- name: Run migration
run: |
./foremanctl migrate --apply
- name: Run deployment
run: |
./foremanctl deploy \
--tuning development \
--add-feature hammer \
--add-feature foreman-proxy \
--add-feature azure-rm \
--add-feature google \
--add-feature remote-execution
- name: Run tests
run: |
./forge test
- name: Run smoker
run: |
./forge smoker
- name: Archive smoker report
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: smoker-migration
path: "/home/runner/smoker/report/"
- name: Generate sos reports
if: ${{ always() }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: sosreport-migration
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
limit-access-to-actor: true
wait-timeout-minutes: 5
foreman-proxy-content-tests:
strategy:
fail-fast: false
matrix:
certificate_source:
- default
- custom_server
runs-on: ubuntu-24.04
name: "Tests Proxy Deployment"
steps:
- uses: actions/checkout@v7
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Setup libvirt for Vagrant
uses: voxpupuli/setup-vagrant@v0
with:
configure_dns: true
- name: Install Ansible
run: pip install --upgrade ansible-core
- name: Setup environment
run: ./setup-environment
- name: Start VMs
run: |
./forge vms start --vms "quadlet proxy"
- name: Run image pull
run: |
./foremanctl pull-images
- name: Create custom certificates
if: matrix.certificate_source == 'custom_server'
run: |
./forge custom-certs
./forge custom-certs --hostname proxy.example.com
- name: Deploy Katello on quadlet
run: |
./foremanctl deploy \
--certificate-source=${{ matrix.certificate_source }} \
${{ matrix.certificate_source == 'custom_server' && '--certificate-server-certificate /root/custom-certificates/certs/quadlet.example.com.crt --certificate-server-key /root/custom-certificates/private/quadlet.example.com.key --certificate-server-ca-certificate /root/custom-certificates/certs/ca.crt' || '' }} \
--initial-admin-password=changeme \
--tuning development \
--add-feature foreman-proxy
- name: Remove old parameters.yaml
run: rm -f .var/lib/foremanctl/parameters.yaml
- name: Generate certificates bundle on quadlet
run: |
./foremanctl certificate-bundle proxy.example.com \
--certificate-source=${{ matrix.certificate_source }} \
${{ matrix.certificate_source == 'custom_server' && '--certificate-server-certificate /root/custom-certificates/certs/proxy.example.com.crt --certificate-server-key /root/custom-certificates/private/proxy.example.com.key' || '' }}
- name: Fetch certificates bundle from quadlet
run: |
./forge fetch-bundle proxy.example.com
- name: Deploy content proxy
run: |
./foremanctl deploy-proxy \
--flavor foreman-proxy-content \
--certificate-bundle $(pwd)/.var/lib/foremanctl/proxy.example.com.tar.gz \
--foreman-fqdn quadlet.example.com
- name: Run tests
run: |
./forge test --pytest-args="--server-hostname=proxy"
- name: Generate sos reports
if: ${{ always() }}
run: ./forge sos
- name: Archive sos reports
if: ${{ always() }}
uses: actions/upload-artifact@v7
with:
name: sosreport-proxy-content
path: sos/
- name: Setup upterm session
if: ${{ failure() }}
uses: owenthereal/action-upterm@v1
with:
limit-access-to-actor: true
wait-timeout-minutes: 5
# A dummy job that you can mark as a required check instead of each individual test
test-suite:
if: always()
needs:
- tests
- devel-tests
- upgrade
- migration
- foreman-proxy-content-tests
- ansible-lint
- python-lint
runs-on: ubuntu-latest
name: Test suite
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}