From a230f2618b82a92b931c506b6aa93940aa38032e Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:01:52 +0100 Subject: [PATCH 01/19] chore(deps): update build requirements. Closed https://github.com/EGI-Federation/ansible-role-ui/issues/18 Moved from to Signed-off-by: Bruce Becker --- requirements.txt | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 184b7ad..97f3032 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,3 @@ -molecule -pymarkdownlint -docker -jmespath -pytest-xdist \ No newline at end of file +ansible-dev-tools==25.1.0 +jmespath==1.0.1 +pytest-xdist==3.6.1 \ No newline at end of file From 6c110b744a5d510a27526885e5a07ca08d2b2126 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:30:38 +0100 Subject: [PATCH 02/19] docs: remove reference to community.egi.eu in CONTRIBUTING Signed-off-by: Bruce Becker --- .github/CONTRIBUTING.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 4c79f12..ce8155c 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -17,17 +17,17 @@ The maintainers recognise that contributions can be made in many forms, dependin We undertake to identify these contributions through consensus-building and recognise them as formal contributions to the project where applicable. Contributions may come in the form of: - - Feature or documentation requests, where they describe a need or gap - - Authoring or review of releases - - Direct authorship of code or documentation - - Identifying and fixing bugs +- Feature or documentation requests, where they describe a need or gap +- Authoring or review of releases +- Direct authorship of code or documentation +- Identifying and fixing bugs ## Contribution Process Before proposing a contribution via pull request, please ensure that an issue is open describing the need for your contribution. You will need to refer to this issue number when you submit the pull request. - - **It is recommended to make pull requests against release candidate branches, whenever features are involved**, instead of against the master branch. See [Release Cycle](#release-cycle) below. - - Pull requests to the master branch can be made in the case obvious fixes. See [Obvious Fix Policy](#obvious-fix-policy) +- **It is recommended to make pull requests against release candidate branches, whenever features are involved**, instead of against the master branch. See [Release Cycle](#release-cycle) below. +- Pull requests to the master branch can be made in the case obvious fixes. See [Obvious Fix Policy](#obvious-fix-policy) We have a 3 step process for contributions. From 99c1db6fb11678defa9b27956eb3c4f4a52ecfb3 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:49:24 +0100 Subject: [PATCH 03/19] chore: remove duplicate contributing file Signed-off-by: Bruce Becker --- CONTRIBUTING.md | 97 ------------------------------------------------- 1 file changed, 97 deletions(-) delete mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 23dbe83..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,97 +0,0 @@ -# Contributing - -Thank you for taking the time to contribute to this project. The maintainers -greatly appreciate the interest of contributors and rely on continued engagement -with the community to ensure that this project remains useful. We would like to -take steps to put contributors in the best possible position to have their -contributions accepted. Please take a few moments to read this short guide on -how to contribute; bear in mind that contributions regarding how to best -contribute are also welcome. - -## Feedback and Questions - -If you wish to discuss anything related to the project, please open a -[GitHub issue](https://github.com/EGI-Federation/ansible-role-ui/issues/new) or -start a topic on the [EGI Community Forum](https://community.egi.eu). The -maintainers will sometimes move issues off of GitHub to the community forum if -it is thought that longer, more open-ended discussion would be beneficial, -including a wider community scope. - -## Contribution Process - -Before proposing a contribution via pull request (PR), ideally there is an open -issue describing the need for your contribution (refer to this issue number when -you submit the pull request). We have a 3 steps process for contributions. - -1. Fork the project if you have not, and commit changes to a git branch -1. Create a GitHub Pull Request for your change, following the instructions in - the pull request template. -1. Perform a [Code Review](#code-review-process) with the maintainers on the - pull request. - -### Pull Request Requirements - -1. **Explain your contribution in plain language.** To assist the maintainers in - understanding and appreciating your pull request, please use the template to - explain _why_ you are making this contribution, rather than just _what_ the - contribution entails. - -### Code Review Process - -Code review takes place in GitHub pull requests. See -[this article](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) -if you're not familiar with GitHub Pull Requests. - -Once you open a pull request, maintainers will review your code using the -built-in code review process in GitHub PRs. The process at this point is as -follows: - -1. A maintainer will review your code and merge it if no changes are necessary. - Your change will be merged into the repository's `main` branch. -1. If a maintainer has feedback or questions on your changes then they will set - `request changes` in the review and provide an explanation. - -## Using git - -For collaboration purposes, it is best if you create a GitHub account and fork -the repository to your own account. Once you do this you will be able to push -your changes to your GitHub repository for others to see and use, and it will be -easier to send pull requests. - -### Branches and Commits - -You should submit your patch as a git branch named after the GitHub issue, such -as `#3`\. This is called a _topic branch_ and allows users to associate a branch -of code with the issue. - -It is a best practice to have your commit message have a _summary line_ that -includes the issue number, followed by an empty line and then a brief -description of the commit. This also helps other contributors understand the -purpose of changes to the code. - -```text - #3 - platform_family and style - - * use platform_family for platform checking - * update notifies syntax to "resource_type[resource_name]" instead of - resources() lookup - * GH-692 - delete config files dropped off by packages in conf.d - * dropped debian 4 support because all other platforms have the same - values, and it is older than "old stable" debian release -``` - -## Release cycle - -Main branch is always available. Tagged versions may be created as needed -following [Semantic Versioning](https://semver.org/) as far as applicable. - -## Community - -EGI benefits from a strong community of developers and system administrators, -and vice-versa. If you have any questions or if you would like to get involved -in the wider EGI community you can check out: - -- [EGI Community Forum](https://community.egi.eu/) -- [EGI site](https://www.egi.eu) - -**This file has been modified from the Chef Cookbook Contributing Guide**. From e4257f4cbe7a36348557abbc006bfbc997c2ecdd Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:52:16 +0100 Subject: [PATCH 04/19] docs: remove reference to community.egi.eu in CONTRIBUTING Signed-off-by: Bruce Becker --- .github/CONTRIBUTING.md | 43 ++++++++++++++++------------------------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index ce8155c..63bb94c 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -7,8 +7,7 @@ Please take a few moments to read this short guide on how to contribute; bear in ## Feedback and Questions -If you wish to discuss anything related to the project, please open an issue or start a topic on the [EGI Community Forum](https://community.egi.eu). -The maintainers will sometimes move issues off of GitHub to the community forum if it is thought that longer, more open-ended discussion would be beneficial, including a wider community scope. +If you wish to discuss anything related to the project, please open an issue. ## Kinds of contributions @@ -26,21 +25,21 @@ Contributions may come in the form of: Before proposing a contribution via pull request, please ensure that an issue is open describing the need for your contribution. You will need to refer to this issue number when you submit the pull request. + - **It is recommended to make pull requests against release candidate branches, whenever features are involved**, instead of against the master branch. See [Release Cycle](#release-cycle) below. - Pull requests to the master branch can be made in the case obvious fixes. See [Obvious Fix Policy](#obvious-fix-policy) We have a 3 step process for contributions. - 1. Fork the project if you have not, and commit changes to a git branch - 1. Create a GitHub Pull Request for your change, following the instructions in the pull request template. - 1. Perform a [Code Review](#code-review-process) with the maintainers on the pull request. +1. Fork the project if you have not, and commit changes to a git branch +1. Create a GitHub Pull Request for your change, following the instructions in the pull request template. +1. Perform a [Code Review](#code-review-process) with the maintainers on the pull request. ### Pull Request Requirements - 1. **Explain your contribution in plain language.** To assist the maintainers in understanding and appreciating your pull request, please use the template to explain _why_ you are making this contribution, rather than just _what_ the contribution entails. - 1. **This style guide is built to last.** We strive to ensure high quality and long-term applicability of the guide, ensuring that it stays up to date with the development of Ansible. - 1. **Tests.** We expect tests to pass before peer review will begin. - +1. **Explain your contribution in plain language.** To assist the maintainers in understanding and appreciating your pull request, please use the template to explain _why_ you are making this contribution, rather than just _what_ the contribution entails. +1. **This style guide is built to last.** We strive to ensure high quality and long-term applicability of the guide, ensuring that it stays up to date with the development of Ansible. +1. **Tests.** We expect tests to pass before peer review will begin. ### Code Review Process @@ -50,8 +49,7 @@ Once you open a pull request, maintainers will review your code using the built- 1. A maintainer will review your code and merge it if no changes are necessary. Your change will be merged into the repository's `master` branch and will be noted in the project's `CHANGELOG.md` at the time of release. 1. If want your contribution to motivate your inclusion in the authorship, please add a line to that effect in the pull request -2. If a maintainer has feedback or questions on your changes they they will set `request changes` in the review and provide an explanation. - +1. If a maintainer has feedback or questions on your changes they they will set `request changes` in the review and provide an explanation. ### Obvious Fix Policy @@ -84,17 +82,18 @@ Date: Wed Sep 18 11:44:40 2015 -0700 ## Using git -For collaboration purposes, it is best if you create a GitHub account and fork the repository to your own account. Once you do this you will be able to push your changes to your GitHub repository for others to see and use, and it will be easier to send pull requests. +For collaboration purposes, it is best if you create a GitHub account and fork the repository to your own account. +Once you do this you will be able to push your changes to your GitHub repository for others to see and use, and it will be easier to send pull requests. ### Branches and Commits -You should submit your patch as a git branch named after the Github issue, such as `#3`\. This is called a _topic branch_ and allows users to associate a branch of code with the ticket. +You should submit your patch as a git branch named after the Github issue, such as `#3`. +This is called a _topic branch_ and allows users to associate a branch of code with the ticket. It is a best practice to have your commit message have a _summary line_ that includes the ticket number, followed by an empty line and then a brief description of the commit. This also helps other contributors understand the purpose of changes to the code. ```text #3 - platform_family and style - * use platform_family for platform checking * update notifies syntax to "resource_type[resource_name]" instead of resources() lookup @@ -123,22 +122,14 @@ A `codemeta.json` must accompany each release accurately describing the research ## Contribution Do's and Don't's 1. Please do include tests for your contribution. -1. If you need help, ask on the [EGI Operations community](https://community.egi.eu/c/operations) 1. Please do indicate new platform (families) or platform versions in the commit message, and update the relevant ticket. -2. If a contribution adds new platforms or platform versions, indicate -3. such in the body of the commit message(s), and update the relevant issues. -4. When writing commit messages, it is helpful for others if you indicate the issue. +1. If a contribution adds new platforms or platform versions, indicate +1. such in the body of the commit message(s), and update the relevant issues. +1. When writing commit messages, it is helpful for others if you indicate the issue. ## Community -EGI benefits from a strong community of developers and system administrators, and vice-versa. If you have any questions or if you would like to get involved in the wider EGI community you can check out: - -- [EGI Community Forum](https://community.egi.eu/) -- [EGI website](https://www.egi.eu) - -Also here are some additional pointers to some Ansible documentation: +EGI benefits from a strong community of developers and system administrators, and vice-versa. If you have any questions or if you would like to get involved in the wider EGI community please contact EGI via the [EGI website](https://www.egi.eu/contact-us/) -- [Ansible Docs](https://docs.ansible.com/ansible) -- [Ansible Container Docs](https://docs.ansible.com/ansible-container) **This file has been modified from the Chef Cookbook Contributing Guide**. From cecf1f4bd5777e5c4f450d9e8f8576d801d77f3d Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:52:50 +0100 Subject: [PATCH 05/19] docs: remove reference to community.egi.eu in CONTRIBUTING Signed-off-by: Bruce Becker --- .github/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 63bb94c..0d47dc1 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -67,7 +67,7 @@ As a rule of thumb, changes are obvious fixes if they do not introduce any new f **Whenever you invoke the "obvious fix" rule, please say so in your commit message:** -``` +```text ------------------------------------------------------------------------ commit 370adb3f82d55d912b0cf9c1d1e99b132a8ed3b5 Author: Julia Child From 4101c47d38ee798c1151d1fa91cbe08f47892c87 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 08:58:04 +0100 Subject: [PATCH 06/19] chore: update gitignore from https://github.com/github/gitignore/blob/main/Python.gitignore Signed-off-by: Bruce Becker --- .gitignore | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) diff --git a/.gitignore b/.gitignore index 08a9b4d..dd6539e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,180 @@ +# Byte-compiled / optimized / DLL files __pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# UV +# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +#uv.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/latest/usage/project/#working-with-version-control +.pdm.toml +.pdm-python +.pdm-build/ + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +# Ruff stuff: +.ruff_cache/ + +# PyPI configuration file +.pypirc + .vscode molecule/default/pytestdebug.log + +# Ignore mega-linter reports +megalinter-reports/ From 17d3df1ba25385ef619125577e0139fd5c8ea165 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:02:10 +0100 Subject: [PATCH 07/19] chore: fix deprecated natural-language errors from super-linter Signed-off-by: Bruce Becker --- .github/CONTRIBUTING.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 0d47dc1..6e86911 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -45,7 +45,7 @@ We have a 3 step process for contributions. Code review takes place in GitHub pull requests. See [this article](https://help.github.com/articles/about-pull-requests/) if you're not familiar with GitHub Pull Requests. -Once you open a pull request, maintainers will review your code using the built-in code review process in Github PRs. The process at this point is as follows: +Once you open a pull request, maintainers will review your code using the built-in code review process in GitHub PRs. The process at this point is as follows: 1. A maintainer will review your code and merge it if no changes are necessary. Your change will be merged into the repository's `master` branch and will be noted in the project's `CHANGELOG.md` at the time of release. 1. If want your contribution to motivate your inclusion in the authorship, please add a line to that effect in the pull request @@ -58,9 +58,9 @@ Small contributions, such as fixing spelling errors, where the content is small As a rule of thumb, changes are obvious fixes if they do not introduce any new functionality or creative thinking. Assuming the change does not affect functionality, some common obvious fix examples include the following: - Spelling / grammar fixes -- Typo correction, white space and formatting changes +- Typo correction, whitespace and formatting changes - Comment clean up -- Bug fixes that change default return values or error codes stored in constants +- Bugfixes that change default return values or error codes stored in constants - Adding logging messages or debugging output - Changes to 'metadata' files like Gemfile, .gitignore, build scripts, etc. - Moving source files from one directory or package to another @@ -87,7 +87,7 @@ Once you do this you will be able to push your changes to your GitHub repository ### Branches and Commits -You should submit your patch as a git branch named after the Github issue, such as `#3`. +You should submit your patch as a git branch named after the GitHub issue, such as `#3`. This is called a _topic branch_ and allows users to associate a branch of code with the ticket. It is a best practice to have your commit message have a _summary line_ that includes the ticket number, followed by an empty line and then a brief description of the commit. This also helps other contributors understand the purpose of changes to the code. @@ -108,8 +108,8 @@ We follow the [Semantic Versioning](https://semver.org/) as far as applicable. This pattern says that software versions should take an `X.Y.Z` pattern where: - X is a major release, which may not be fully compatible with prior major releases -- Y is a minor release, which adds both new features and bug fixes -- Z is a patch release, which adds just bug fixes +- Y is a minor release, which adds both new features and bugfixes +- Z is a patch release, which adds just bugfixes Releases are generally performed after any bugfix / feature enhancement pull request merge. You can watch the Github repository for updates. The latest release will always point to the master branch, whilst release candidates will be done in version-specific branches, such as `v0.2.0-rc`. @@ -129,7 +129,7 @@ A `codemeta.json` must accompany each release accurately describing the research ## Community -EGI benefits from a strong community of developers and system administrators, and vice-versa. If you have any questions or if you would like to get involved in the wider EGI community please contact EGI via the [EGI website](https://www.egi.eu/contact-us/) +EGI benefits from a strong community of developers and system administrators, and vice-versa. If you have any questions or if you would like to get involved in the wider EGI community please contact EGI via the [EGI site](https://www.egi.eu/contact-us/) **This file has been modified from the Chef Cookbook Contributing Guide**. From 476334c8da4fbbac1f5848feb0561b4c9cf40c03 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:04:48 +0100 Subject: [PATCH 08/19] chore: add initial pre-commit configuration Signed-off-by: Bruce Becker --- .pre-commit-config.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..67cb5dc --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,13 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-added-large-files + - repo: https://github.com/oxsecurity/megalinter + rev: v8.4.1 # Git tag specifying the hook, not mega-linter-runner, version + hooks: + - id: megalinter-incremental # Faster, less thorough From 6c29e768b05752aa4ca3fc17bbff001b470e21f1 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:11:39 +0100 Subject: [PATCH 09/19] chore: thanks, ctrl-h Signed-off-by: Bruce Becker --- .github/CONTRIBUTING.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 6e86911..084a14c 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -45,7 +45,8 @@ We have a 3 step process for contributions. Code review takes place in GitHub pull requests. See [this article](https://help.github.com/articles/about-pull-requests/) if you're not familiar with GitHub Pull Requests. -Once you open a pull request, maintainers will review your code using the built-in code review process in GitHub PRs. The process at this point is as follows: +Once you open a pull request, maintainers will review your code using the built-in code review process in GitHub PRs. +The process at this point is as follows: 1. A maintainer will review your code and merge it if no changes are necessary. Your change will be merged into the repository's `master` branch and will be noted in the project's `CHANGELOG.md` at the time of release. 1. If want your contribution to motivate your inclusion in the authorship, please add a line to that effect in the pull request @@ -111,7 +112,7 @@ This pattern says that software versions should take an `X.Y.Z` pattern where: - Y is a minor release, which adds both new features and bugfixes - Z is a patch release, which adds just bugfixes -Releases are generally performed after any bugfix / feature enhancement pull request merge. You can watch the Github repository for updates. +Releases are generally performed after any bugfix / feature enhancement pull request merge. You can watch the GitHub repository for updates. The latest release will always point to the master branch, whilst release candidates will be done in version-specific branches, such as `v0.2.0-rc`. ### Publishing Releases From 2af788735e043b64abf0b2bf8f2ca9c112db69f9 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:22:45 +0100 Subject: [PATCH 10/19] chore(deps): add docker molecule plugin required for provisioning test env Signed-off-by: Bruce Becker --- requirements.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 97f3032..b37fa85 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ ansible-dev-tools==25.1.0 jmespath==1.0.1 -pytest-xdist==3.6.1 \ No newline at end of file +pytest-xdist==3.6.1 +pre_commit==4.1.0 +molecule-plugins[docker]==23.7.0 From 75a3b7f30d6eba0862efc34b92cda148f7f199dc Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:23:56 +0100 Subject: [PATCH 11/19] chore(pre-commit): add pip requirement sorted pre-commit hook Signed-off-by: Bruce Becker --- .pre-commit-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 67cb5dc..a87e52a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,6 +7,7 @@ repos: - id: trailing-whitespace - id: end-of-file-fixer - id: check-added-large-files + - id: requirements-txt-fixer - repo: https://github.com/oxsecurity/megalinter rev: v8.4.1 # Git tag specifying the hook, not mega-linter-runner, version hooks: From 715a6fe4a068aac23373f82d8b0d1c0f14689a35 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 09:30:38 +0100 Subject: [PATCH 12/19] chore: add namespace to galaxy meta Signed-off-by: Bruce Becker --- meta/main.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 6d88565..297cbc3 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -5,19 +5,13 @@ galaxy_info: company: EGI Foundation license: Apache-2.0 role_name: ui + namespace: egi-federation - min_ansible_version: 2.5 + min_ansible_version: "2.18" platforms: - name: EL versions: - - 6 - - 7 - # - name: Debian - # versions: - # - 8 - # - 9 - # - 10 - + - '8' galaxy_tags: - EGI - middleware From 138d92bded00666715f3de22dff1d01df204f67c Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 10:34:25 +0100 Subject: [PATCH 13/19] chore: add commitlint hook and configuraiton for conventional commits Signed-off-by: Bruce Becker --- .ansible-lint | 2 ++ .pre-commit-config.yaml | 8 ++++++++ commitlint.config.js | 1 + 3 files changed, 11 insertions(+) create mode 100644 .ansible-lint create mode 100644 commitlint.config.js diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..9cd2630 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,2 @@ +--- +profile: production diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a87e52a..d5914e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,3 +12,11 @@ repos: rev: v8.4.1 # Git tag specifying the hook, not mega-linter-runner, version hooks: - id: megalinter-incremental # Faster, less thorough + - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook + rev: v9.20.0 + hooks: + - id: commitlint + stages: + - commit-msg + additional_dependencies: + - '@commitlint/config-conventional' diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 0000000..3f5e287 --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1 @@ +export default { extends: ['@commitlint/config-conventional'] }; From e6c4476755c140c074172f2b7cbd78bfcbfad9c1 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 10:42:35 +0100 Subject: [PATCH 14/19] chore: update dependencies and remove travis config --- .github/CODE_OF_CONDUCT.md | 2 +- .gitignore | 3 + .zenodo.json | 90 ++++++++++++-------------- AUTHORS.md | 6 +- CODEOWNERS | 2 +- defaults/main.yml | 14 ++-- local.yml | 2 +- molecule/default/Dockerfile.j2 | 2 +- molecule/default/INSTALL.rst | 24 +++---- molecule/default/molecule.yml | 12 ++-- molecule/default/playbook.yml | 3 +- molecule/default/tests/QC_SEC_01.py | 5 +- molecule/default/tests/QC_SEC_05.py | 14 +++- molecule/default/tests/test.py | 3 +- molecule/default/tests/test_QC_DIST.py | 7 +- molecule/default/tests/test_default.py | 40 ++++++------ requirements.txt | 4 +- requirements.yml | 6 +- tasks/main.yml | 13 ++-- tests/inventory | 1 - travis-deprecated.yml | 40 ------------ 21 files changed, 130 insertions(+), 163 deletions(-) delete mode 100644 travis-deprecated.yml diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 92a0f06..da53106 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -76,7 +76,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the EGI Foundation team at contact@egi.eu. The team will +reported by contacting the EGI Foundation team at . The team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of diff --git a/.gitignore b/.gitignore index dd6539e..81e5f58 100644 --- a/.gitignore +++ b/.gitignore @@ -178,3 +178,6 @@ molecule/default/pytestdebug.log # Ignore mega-linter reports megalinter-reports/ + +# ignore cached ansible roles +.ansible diff --git a/.zenodo.json b/.zenodo.json index 2e546d5..6183f02 100644 --- a/.zenodo.json +++ b/.zenodo.json @@ -1,51 +1,45 @@ { - "license": "Apache-2.0", - "description": "

User Interface Role

\n\n

 

\n\n

This role provisions a UMD User Interface. It contains the client libraries of the middleware distribution, for interacting with the various infrastructure services, and is based on the VOMS-client role.

\n\n

Using

\n\n

This repository is kept under continuous integration. The role has been expressed into the UI container during the CI phase and can be immediately re-used, or can be applied to base images of your favourite platform - bare metal, cloud or local vms. A generic griduser has been created for you :smiley:. See the example playbook below.

\n\n

Docker

\n\n

Running the user interface in a Docker container can be done interactively, or by starting the container and execing commands in it:

\n\n
    \n\t
  1. First pull the container image: docker pull quay.io/egi/ui
    2. \n\t
  2. Don't forget to mount a volume with your user credentials : -v $HOME/.globus:/home/griduser/.globus
    3. \n\t
  3. Run interactively: docker run -u griduser -ti --rm --name ui -v $HOME/.globus:/home/griduser/.globus quay.io/egi/ui /bin/bash/ (enter the container and do gridcloud things)
    4. \n\t
  4. Run detached: docker run -d -t --rm --name ui quay.io/egi/ui /bin/bash -c 'while true ; do sleep 1000 ; done'\n\t
      \n\t\t
    1. run things in it: docker exec ui voms-proxy-init
      2. \n\t
    \n\t
    5. \n
\n\n

Requirements

\n\n

No particular requirements are needed, but a typical playbook will need the VOMS-client role

\n\n

Role Variables

\n\n

See defaults/main.yml

\n\n

Dependencies

\n\n\n\n

Example Playbook

\n\n
  - name: Converge\n    hosts: all\n    roles:\n      - { role: EGI-Foundation.umd, release: 4, ca_verification: false, tags: \"umd\" }\n      - { role: EGI-Foundation.voms-client, tags: \"voms\"}\n      - { role: ansible-role-ui, tags: \"ui\"}\n
\n\n

License

\n\n

Apache-2.0

\n\n

Author Information

\n\n
    \n\t
  • Pablo Orviz @orviz
    • \n\t
  • Bruce Becker @brucellino
    • \n
", - "language": "eng", - "title": "EGI-Federation/ansible-role-ui: Ansible Role: UMD user interface (v0.1.0)", - "keywords": [ - "Ansible", - "role", - "EGI", - "grid", - "middleware" - ], - "version": "v0.1.1", - "upload_type": "software", - "communities": [ - { - "identifier": "egi" - } - ], - "publication_date": "2018-10-02", - "creators": [ - { - "affiliation": "EGI Foundation", - "name": "Baptiste Grenier", - "orcid": "0000-0002-5686-3193" - }, - { - "orcid": "0000-0002-6607-7145", - "affiliation": "EGI Foundation", - "name": "Bruce Becker" - }, - { - "orcid": "0000-0002-2473-6405", - "name": "Pablo Orviz" - } - ], - "access_right": "open", - "related_identifiers": [ - { - "scheme": "url", + "license": "Apache-2.0", + "description": "

User Interface Role

\n\n

 

\n\n

This role provisions a UMD User Interface. It contains the client libraries of the middleware distribution, for interacting with the various infrastructure services, and is based on the VOMS-client role.

\n\n

Using

\n\n

This repository is kept under continuous integration. The role has been expressed into the UI container during the CI phase and can be immediately re-used, or can be applied to base images of your favourite platform - bare metal, cloud or local vms. A generic griduser has been created for you :smiley:. See the example playbook below.

\n\n

Docker

\n\n

Running the user interface in a Docker container can be done interactively, or by starting the container and execing commands in it:

\n\n
    \n\t
  1. First pull the container image: docker pull quay.io/egi/ui
    2. \n\t
  2. Don't forget to mount a volume with your user credentials : -v $HOME/.globus:/home/griduser/.globus
    3. \n\t
  3. Run interactively: docker run -u griduser -ti --rm --name ui -v $HOME/.globus:/home/griduser/.globus quay.io/egi/ui /bin/bash/ (enter the container and do gridcloud things)
    4. \n\t
  4. Run detached: docker run -d -t --rm --name ui quay.io/egi/ui /bin/bash -c 'while true ; do sleep 1000 ; done'\n\t
      \n\t\t
    1. run things in it: docker exec ui voms-proxy-init
      2. \n\t
    \n\t
    5. \n
\n\n

Requirements

\n\n

No particular requirements are needed, but a typical playbook will need the VOMS-client role

\n\n

Role Variables

\n\n

See defaults/main.yml

\n\n

Dependencies

\n\n\n\n

Example Playbook

\n\n
  - name: Converge\n    hosts: all\n    roles:\n      - { role: EGI-Foundation.umd, release: 4, ca_verification: false, tags: \"umd\" }\n      - { role: EGI-Foundation.voms-client, tags: \"voms\"}\n      - { role: ansible-role-ui, tags: \"ui\"}\n
\n\n

License

\n\n

Apache-2.0

\n\n

Author Information

\n\n
    \n\t
  • Pablo Orviz @orviz
    • \n\t
  • Bruce Becker @brucellino
    • \n
", + "language": "eng", + "title": "EGI-Federation/ansible-role-ui: Ansible Role: UMD user interface (v0.1.0)", + "keywords": ["Ansible", "role", "EGI", "grid", "middleware"], + "version": "v0.1.1", + "upload_type": "software", + "communities": [ + { + "identifier": "egi" + } + ], + "publication_date": "2018-10-02", + "creators": [ + { + "affiliation": "EGI Foundation", + "name": "Baptiste Grenier", + "orcid": "0000-0002-5686-3193" + }, + { + "orcid": "0000-0002-6607-7145", + "affiliation": "EGI Foundation", + "name": "Bruce Becker" + }, + { + "orcid": "0000-0002-2473-6405", + "name": "Pablo Orviz" + } + ], + "access_right": "open", + "related_identifiers": [ + { + "scheme": "url", - "identifier": "https://github.com/EGI-Federation/ansible-role-ui/tree/v0.1.1", - "relation": "isSupplementTo" - }, - { - "scheme": "doi", - "identifier": "10.5281/zenodo.1442700", - "relation": "isVersionOf" - } - ] + "identifier": "https://github.com/EGI-Federation/ansible-role-ui/tree/v0.1.1", + "relation": "isSupplementTo" + }, + { + "scheme": "doi", + "identifier": "10.5281/zenodo.1442700", + "relation": "isVersionOf" + } + ] } diff --git a/AUTHORS.md b/AUTHORS.md index 03ed7c4..e5ea8b3 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -1,6 +1,6 @@ -## Maintainers +# Maintainers -Baptiste Grenier +Baptiste Grenier @gwarf ## Original Authors @@ -9,4 +9,4 @@ Baptiste Grenier ## Contributors -See https://github.com/EGI-Federation//graphs/contributors +See [Contributors](https://github.com/EGI-Federation/ansible-role-ui/graphs/contributors) diff --git a/CODEOWNERS b/CODEOWNERS index 863c115..b1ac320 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -7,4 +7,4 @@ # These owners will be the default owners for everything in the repo. # Unless a later match takes precedence, they will be requested for # review when someone opens a pull request. -* @EGI-Federation/admins @EGI-Federation/sdis +* @EGI-Federation/admins @EGI-Federation/sdis diff --git a/defaults/main.yml b/defaults/main.yml index 511914b..de61029 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,24 +2,24 @@ # defaults file for ansible-ui prerequisites: redhat: - '7': + "7": - ui - '6': - - 'emi-ui' + "6": + - "emi-ui" missed_dependencies: redhat: - '7': + "7": - fts-client - xrootd-client - '6': + "6": - fts-client - xrootd-client install_optional_packages: true optional_packages: redhat: - '7': + "7": - openssh-clients - '6': + "6": - openssh-clients configured_groups: - name: gridusers diff --git a/local.yml b/local.yml index 675d717..f55333d 100644 --- a/local.yml +++ b/local.yml @@ -1,4 +1,4 @@ --- - hosts: all roles: - - ui + - ui diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 19692c2..847bb2d 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -7,7 +7,7 @@ FROM {{ item.image }} {% endif %} RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel bash && dnf clean all; \ elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst index e26493b..8118b0c 100644 --- a/molecule/default/INSTALL.rst +++ b/molecule/default/INSTALL.rst @@ -1,16 +1,18 @@ -******* -Install -******* +######### + Install +######### -Requirements -============ +************** + Requirements +************** -* Docker Engine -* docker-py +- Docker Engine +- docker-py -Install -======= +********* + Install +********* -.. code-block:: bash +.. code:: bash - $ sudo pip install docker-py + $ sudo pip install docker-py diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d687c45..0d10173 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,13 +3,11 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint platforms: - - name: ui-centos7 - image: quay.io/egi/voms-client:centos7 - - name: ui-centos6 - image: quay.io/egi/voms-client:centos6 + # - name: ui-centos7 + # image: quay.io/egi/voms-client:centos7 + - name: ui-almalinux9 + image: quay.io/egi/voms-client:almalinux9 provisioner: name: ansible config_options: @@ -24,5 +22,3 @@ verifier: # Parallel testing only possible with xdist options: n: 2 - lint: - name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index c9d87cf..dfb11b3 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -1,7 +1,8 @@ --- - name: Converge hosts: all + connection: docker roles: # - { role: EGI-Foundation.umd, release: 4, ca_verification: false, tags: "umd" } # - { role: EGI-Foundation.voms-client, tags: "voms"} - - { role: ansible-role-ui, tags: "ui"} + - { role: ansible-role-ui, tags: "ui" } diff --git a/molecule/default/tests/QC_SEC_01.py b/molecule/default/tests/QC_SEC_01.py index 0c565f1..0eba667 100644 --- a/molecule/default/tests/QC_SEC_01.py +++ b/molecule/default/tests/QC_SEC_01.py @@ -3,8 +3,9 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") def test_certs(host): - assert True \ No newline at end of file + assert True diff --git a/molecule/default/tests/QC_SEC_05.py b/molecule/default/tests/QC_SEC_05.py index c1ed7f9..ebf6a3b 100644 --- a/molecule/default/tests/QC_SEC_05.py +++ b/molecule/default/tests/QC_SEC_05.py @@ -1,5 +1,7 @@ import os + import testinfra.utils.ansible_runner + # See http://egi-qc.github.io/#SECURITY # World-writable files and directories are dangerous since they allows anyone # to modify them, several vulnerabilities in recent years have been due to @@ -15,10 +17,16 @@ # Logs and config files must not be world-writable. testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") # repoquery --requires -# HT +# HT def test_world_writable_files(host): - assert check_output("find /tmp -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \; |grep -v tmp") == '' + assert ( + check_output( + "find /tmp -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \; |grep -v tmp" + ) + == "" + ) diff --git a/molecule/default/tests/test.py b/molecule/default/tests/test.py index 17ce76f..f4ec02f 100644 --- a/molecule/default/tests/test.py +++ b/molecule/default/tests/test.py @@ -3,9 +3,8 @@ listfile = open("list.txt","rw") files = subprocess.call(["repoquery","--requires","ui"],stdout=listfile) -packages = listfile.read().splitlines() +packages = listfile.read().splitlines() print packages for p in packages: print p.rsplit('.')[0] - \ No newline at end of file diff --git a/molecule/default/tests/test_QC_DIST.py b/molecule/default/tests/test_QC_DIST.py index d38422c..b08a3e2 100644 --- a/molecule/default/tests/test_QC_DIST.py +++ b/molecule/default/tests/test_QC_DIST.py @@ -1,6 +1,8 @@ import os -import testinfra.utils.ansible_runner + import pytest +import testinfra.utils.ansible_runner + # See http://egi-qc.github.io/#INSTALLATION # Packages must install without issues in a machine configured without any # external repositories (valid repositories are the standard OS repo, UMD repo @@ -11,7 +13,8 @@ # signed for Debian-based distros) testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") def packages(): diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py index 77adfcf..d8021a2 100644 --- a/molecule/default/tests/test_default.py +++ b/molecule/default/tests/test_default.py @@ -1,39 +1,41 @@ import os + import pytest import testinfra.utils.ansible_runner + testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") def test_hosts_file(host): - f = host.file('/etc/hosts') + f = host.file("/etc/hosts") assert f.exists - assert f.user == 'root' - assert f.group == 'root' + assert f.user == "root" + assert f.group == "root" def test_griduser(host): - u = host.user('griduser') + u = host.user("griduser") - assert u.name == 'griduser' - assert u.group == 'gridusers' + assert u.name == "griduser" + assert u.group == "gridusers" - g = host.group('gridusers') + g = host.group("gridusers") assert g.exists def test_ssh_config(host): - if (host.package('openssh-clients').is_installed): - ssh_config_file = host.file('/etc/ssh/ssh_config') - assert not ssh_config_file.contains('arcfour') - assert ssh_config_file.contains('Protocol 2') - -@pytest.mark.parametrize('c', [ - 'voms-proxy-init', - 'voms-proxy-info', - 'voms-proxy-destroy' -]) -def test_voms_proxy(host,c): + if host.package("openssh-clients").is_installed: + ssh_config_file = host.file("/etc/ssh/ssh_config") + assert not ssh_config_file.contains("arcfour") + assert ssh_config_file.contains("Protocol 2") + + +@pytest.mark.parametrize( + "c", ["voms-proxy-init", "voms-proxy-info", "voms-proxy-destroy"] +) +def test_voms_proxy(host, c): assert host.exists(c) diff --git a/requirements.txt b/requirements.txt index b37fa85..9bc26ab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ ansible-dev-tools==25.1.0 jmespath==1.0.1 -pytest-xdist==3.6.1 -pre_commit==4.1.0 molecule-plugins[docker]==23.7.0 +pre_commit==4.1.0 +pytest-xdist==3.6.1 diff --git a/requirements.yml b/requirements.yml index be21cf9..3d93aaa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,5 @@ --- -- src: https://github.com/EGI-Foundation/ansible-role-umd +- src: https://github.com/EGI-Federation/ansible-role-umd name: EGI-Foundation.umd -- src: https://github.com/EGI-Foundation/ansible-role-VOMS-clients - name: EGI-Foundation.voms-clients +- src: https://github.com/EGI-Federation/ansible-role-VOMS-client + name: EGI-Foundation.voms-client diff --git a/tasks/main.yml b/tasks/main.yml index 0615ec6..3cd2fe8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,33 +1,33 @@ --- # tasks file for ansible-ui - name: Install metapackage - package: + ansible.builtin.package: name: "{{ item }}" state: present loop: "{{prerequisites[ansible_os_family | lower][ansible_distribution_major_version]}}" - name: Ensure extra packages as per spec - package: + ansible.builtin.package: name: "{{ item }}" state: present loop: "{{missed_dependencies[ansible_os_family |lower][ansible_distribution_major_version] }}" - name: Ensure optional packages if option is selected - package: + ansible.builtin.package: name: "{{ item }}" state: present loop: "{{ optional_packages[ansible_os_family |lower][ansible_distribution_major_version] }}" when: install_optional_packages - name: Ensure weak ciphers are not included by default - replace: + ansible.builtin.replace: path: /etc/ssh/ssh_config regexp: '^\#?\s+Ciphers.*$' replace: Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr validate: ssh -f %s -V - name: Ensure groups - group: + ansible.builtin.group: name: "{{ item.name }}" state: present gid: "{{ item.gid }}" @@ -35,7 +35,7 @@ loop: "{{configured_groups}}" - name: Add local users - user: + ansible.builtin.user: name: "{{ item.0['name'] }}" create_home: true ssh_key_bits: 2048 @@ -49,4 +49,3 @@ update_password: always shell: "{{ item.0['shell'] }}" loop: "{{ configured_users | zip(configured_groups)| list}}" - diff --git a/tests/inventory b/tests/inventory index 878877b..2fbb50c 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,2 +1 @@ localhost - diff --git a/travis-deprecated.yml b/travis-deprecated.yml deleted file mode 100644 index e3303b6..0000000 --- a/travis-deprecated.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -language: python -python: - - '2.7' -sudo: required -services: - - docker -env: - global: - - md_ignore: R1 - - secure: - matrix: - - SCENARIO='default' -before_install: -install: - - pip install -r requirements.txt -before_script: - - for file in `find . -maxdepth 2 -name "*.md"` ; do markdownlint --ignore $md_ignore $file ; done -script: - - molecule lint -s $SCENARIO - - molecule dependency -s $SCENARIO - - molecule syntax -s $SCENARIO - - molecule create -s $SCENARIO - - molecule converge -s $SCENARIO - - molecule verify -s $SCENARIO - - cd $TRAVIS_BUILD_DIR -after_success: - - docker commit ui-centos7 quay.io/egi/ui:centos7 - - docker commit ui-centos6 quay.io/egi/ui:centos6 - - docker login -u="egi+packerbot" -p=${QUAY_PASSWORD} quay.io - - docker push quay.io/egi/ui:centos6 - - docker push quay.io/egi/ui:centos7 -after_failure: -before_deploy: -deploy: -after_deploy: -after_script: - - molecule destroy -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ From fcc467201e9faa7112452513f34dd94c8350ebd3 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 11:22:23 +0100 Subject: [PATCH 15/19] chore: add megalinter config Signed-off-by: Bruce Becker --- .cspell.json | 15 +++++++++++++++ .mega-linter.yml | 27 +++++++++++++++++++++++++++ .pre-commit-config.yaml | 3 ++- 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 .cspell.json create mode 100644 .mega-linter.yml diff --git a/.cspell.json b/.cspell.json new file mode 100644 index 0000000..8951c15 --- /dev/null +++ b/.cspell.json @@ -0,0 +1,15 @@ +{ + "ignorePaths": [ + "**/node_modules/**", + "**/vscode-extension/**", + "**/.git/**", + "**/.pnpm-lock.json", + ".vscode", + "package-lock.json", + "megalinter-reports", + ".mega-linter.yml" + ], + "language": "en", + "version": "0.2", + "words": ["commitlint", "griduser", "gridusers", "localusers", "xrootd"] +} diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000..60e91b8 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,27 @@ +--- +# MegaLinter Configuration for the EGI User Interface Ansible role +# See https://megalinter.io/v8/config-file/ for details + +# This configuration is enabled locally via pre-commit hook. +# see pre-commit-config.yaml + +# Apply fixes found by the linter. See https://megalinter.io/v8/config-apply-fixes/ +APPLY_FIXES: all +FLAVOR_SUGGESTIONS: true +ENABLE: + - ANSIBLE + - PYTHON + - MARKDOWN + - YAML +ENABLE_LINTERS: + - ANSIBLE_ANSIBLE_LINT + - MARKDOWN_MARKDOWN_LINK_CHECK + - MARKDOWN_MARKDOWNLINT + - PYTHON_BLACK + - PYTHON_FLAKE8 + - REPOSITORY_CHECKOV + - REPOSITORY_KICS + - SPELL_CSPELL + - DOCKERFILE_HADOLINT + - JSON_PRETTIER +DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE: .*j2 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d5914e4..15230cd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,3 +1,4 @@ +--- # See https://pre-commit.com for more information # See https://pre-commit.com/hooks.html for more hooks repos: @@ -19,4 +20,4 @@ repos: stages: - commit-msg additional_dependencies: - - '@commitlint/config-conventional' + - "@commitlint/config-conventional" From a01e9eecfe2b42fc8f39339ed5701921e8a3f335 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 11:32:23 +0100 Subject: [PATCH 16/19] chore: fix checkov failures on dockerfile Signed-off-by: Bruce Becker --- .cspell.json | 3 ++- .github/workflows/check-links.yml | 2 +- .github/workflows/lint.yml | 2 +- defaults/main.yml | 14 +++++++------- meta/main.yml | 2 +- molecule/default/Dockerfile.j2 | 12 ++++++------ 6 files changed, 18 insertions(+), 17 deletions(-) diff --git a/.cspell.json b/.cspell.json index 8951c15..0968efb 100644 --- a/.cspell.json +++ b/.cspell.json @@ -7,7 +7,8 @@ ".vscode", "package-lock.json", "megalinter-reports", - ".mega-linter.yml" + ".mega-linter.yml", + ".github/workflows" ], "language": "en", "version": "0.2", diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 9fa2714..69d3072 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -2,7 +2,7 @@ name: Check links on: [push, pull_request] - +permissions: read-all jobs: markdown-link-check: name: Check links using markdown-link-check diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 77d9435..308316b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,7 +2,7 @@ name: Lint on: [push, pull_request] - +permissions: read-all jobs: super-lint: name: Lint with Super-Linter diff --git a/defaults/main.yml b/defaults/main.yml index de61029..a885959 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,24 +2,24 @@ # defaults file for ansible-ui prerequisites: redhat: - "7": + 7: - ui - "6": - - "emi-ui" + 6: + - emi-ui missed_dependencies: redhat: - "7": + 7: - fts-client - xrootd-client - "6": + 6: - fts-client - xrootd-client install_optional_packages: true optional_packages: redhat: - "7": + 7: - openssh-clients - "6": + 6: - openssh-clients configured_groups: - name: gridusers diff --git a/meta/main.yml b/meta/main.yml index 297cbc3..94ec54e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -11,7 +11,7 @@ galaxy_info: platforms: - name: EL versions: - - '8' + - "8" galaxy_tags: - EGI - middleware diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 847bb2d..d42c31f 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,9 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python python-devel bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python bash ca-certificates && xbps-remove -O; fi From cef7ec840f580a44a46cb28d07d65c1805e23433 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 12:23:21 +0100 Subject: [PATCH 17/19] test(default): set ansible roles path in default molecule scenario Signed-off-by: Bruce Becker --- .cspell.json | 16 ++++++++++++++-- .mega-linter.yml | 11 ++++------- molecule/default/Dockerfile.j2 | 2 +- molecule/default/converge.yml | 8 ++++++++ molecule/default/molecule.yml | 4 ++++ molecule/default/playbook.yml | 8 -------- molecule/default/tests/QC_SEC_05.py | 11 +++++------ molecule/default/tests/test.py | 9 ++++----- requirements.txt | 1 + 9 files changed, 41 insertions(+), 29 deletions(-) create mode 100644 molecule/default/converge.yml delete mode 100644 molecule/default/playbook.yml diff --git a/.cspell.json b/.cspell.json index 0968efb..4338afb 100644 --- a/.cspell.json +++ b/.cspell.json @@ -8,9 +8,21 @@ "package-lock.json", "megalinter-reports", ".mega-linter.yml", - ".github/workflows" + ".github/workflows/**", + ".github/*.md", + ".zenodo.json", + "AUTHORS.md", + "molecule/**", + "requirements*" ], "language": "en", "version": "0.2", - "words": ["commitlint", "griduser", "gridusers", "localusers", "xrootd"] + "words": [ + "zenodo", + "commitlint", + "griduser", + "gridusers", + "localusers", + "xrootd" + ] } diff --git a/.mega-linter.yml b/.mega-linter.yml index 60e91b8..374defb 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -8,20 +8,17 @@ # Apply fixes found by the linter. See https://megalinter.io/v8/config-apply-fixes/ APPLY_FIXES: all FLAVOR_SUGGESTIONS: true -ENABLE: - - ANSIBLE - - PYTHON - - MARKDOWN - - YAML ENABLE_LINTERS: - ANSIBLE_ANSIBLE_LINT - MARKDOWN_MARKDOWN_LINK_CHECK - MARKDOWN_MARKDOWNLINT - PYTHON_BLACK - PYTHON_FLAKE8 - - REPOSITORY_CHECKOV - - REPOSITORY_KICS + # - REPOSITORY_CHECKOV + # - REPOSITORY_KICS - SPELL_CSPELL - DOCKERFILE_HADOLINT - JSON_PRETTIER +DISABLE_LINTERS: + - YAML_V8R DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE: .*j2 diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index d42c31f..7334401 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -5,7 +5,7 @@ FROM {{ item.registry.url }}/{{ item.image }} {% else %} FROM {{ item.image }} {% endif %} - +USER root RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python bash ca-certificates && apt-get clean; \ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python python-devel bash && dnf clean all; \ elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..14a8135 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + connection: docker + roles: + - name: ansible-role-ui + tags: + - ui diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 0d10173..db3376f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,15 +10,19 @@ platforms: image: quay.io/egi/voms-client:almalinux9 provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../ config_options: defaults: stdout_callback: yaml + lint: name: ansible-lint scenario: name: default verifier: name: testinfra + enabled: true # Parallel testing only possible with xdist options: n: 2 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index dfb11b3..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Converge - hosts: all - connection: docker - roles: - # - { role: EGI-Foundation.umd, release: 4, ca_verification: false, tags: "umd" } - # - { role: EGI-Foundation.voms-client, tags: "voms"} - - { role: ansible-role-ui, tags: "ui" } diff --git a/molecule/default/tests/QC_SEC_05.py b/molecule/default/tests/QC_SEC_05.py index ebf6a3b..01e409d 100644 --- a/molecule/default/tests/QC_SEC_05.py +++ b/molecule/default/tests/QC_SEC_05.py @@ -1,6 +1,6 @@ import os -import testinfra.utils.ansible_runner +import testinfra # See http://egi-qc.github.io/#SECURITY # World-writable files and directories are dangerous since they allows anyone @@ -24,9 +24,8 @@ # repoquery --requires # HT def test_world_writable_files(host): - assert ( - check_output( - "find /tmp -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \; |grep -v tmp" - ) - == "" + cmd = ( + "find /tmp -type d ( -perm -g+w -or -perm -o+w ) " + + "-exec ls -adl {} ; |grep -v tmp" ) + assert testinfra.check_output(cmd) == "" diff --git a/molecule/default/tests/test.py b/molecule/default/tests/test.py index f4ec02f..ce13711 100644 --- a/molecule/default/tests/test.py +++ b/molecule/default/tests/test.py @@ -1,10 +1,9 @@ -import os import subprocess -listfile = open("list.txt","rw") -files = subprocess.call(["repoquery","--requires","ui"],stdout=listfile) +listfile = open("list.txt", "rw") +files = subprocess.call(["repoquery", "--requires", "ui"], stdout=listfile) packages = listfile.read().splitlines() -print packages +print(packages) for p in packages: - print p.rsplit('.')[0] + print(p.rsplit(".")[0]) diff --git a/requirements.txt b/requirements.txt index 9bc26ab..ab424f0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,4 +2,5 @@ ansible-dev-tools==25.1.0 jmespath==1.0.1 molecule-plugins[docker]==23.7.0 pre_commit==4.1.0 +pytest-testinfra==10.1.1 pytest-xdist==3.6.1 From 25fa7844bc6080df49a5849b3ac2c65635baeff0 Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 12:35:28 +0100 Subject: [PATCH 18/19] chore(deps): add pip to dependabot configuration Signed-off-by: Bruce Becker --- .github/dependabot.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8e85703..b79d36d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,7 +2,11 @@ version: 2 updates: # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" + - package-ecosystem: github-actions + directory: / schedule: - interval: "daily" + interval: weekly + - package-ecosystem: pip + directory: / + schedule: + interval: weekly From 3a2284e9c1bce75d97471319dd0f43c5b589d26c Mon Sep 17 00:00:00 2001 From: Bruce Becker Date: Sun, 2 Feb 2025 12:35:59 +0100 Subject: [PATCH 19/19] ci: replace super-linter with megalinter Signed-off-by: Bruce Becker --- .github/workflows/lint.yml | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 308316b..0f57edd 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -17,12 +17,30 @@ jobs: fetch-depth: 0 # Runs the Super-Linter action - - name: Run Super-Linter on new changes - uses: docker://ghcr.io/github/super-linter:slim-v4 + # - name: Run Super-Linter on new changes + # uses: docker://ghcr.io/github/super-linter:slim-v4 + # env: + # DEFAULT_BRANCH: main + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # Only check new or edited files + # VALIDATE_ALL_CODEBASE: false + # # Fail on errors + # DISABLE_ERRORS: false + - name: MegaLinter + id: ml + uses: oxsecurity/megalinter@v8.4.2 env: - DEFAULT_BRANCH: main + # All available variables are described in documentation + # https://megalinter.io/configuration/ + VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Only check new or edited files - VALIDATE_ALL_CODEBASE: false - # Fail on errors - DISABLE_ERRORS: false + + # Upload MegaLinter artifacts + - name: Archive production artifacts + if: success() || failure() + uses: actions/upload-artifact@v4.6.0 + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log