This role will do basic checks to confirm that the node is
sufficiently up to continue afer a reboot.
Change-Id: Iebf474c9351e4246d7ab2072b48a50e93dbf0b94
This is a copy of prepare-workspace-git except that it imports
test-mirror-workspace-git-repos. This is for base job testing.
Change-Id: I4ef3e4376c9e958761c165836c4fb546157e237a
This adds roles that, similar to add-build-sshkey, create a per-build
WinRM certificate, install it on remote windows nodes, and then switch
to using the certificate in Ansible for authentication. A second role
is included which can clean up the cert which is useful for static
nodes.
Since winrm certificates must be acessible within the bubblewrap
container, these roles can be used to restrict the system-wide winrm
cert to trusted playbooks while untrusted playbooks will only have access
to the per-build cert (with appropriate configuration of the executor).
Change-Id: I4efe25594c2f543886a000aa02fb0a38683a43cb
To match change I2870450ffd02f55509fcc1297d050b09deafbfb9 in Zuul.
This does not use the versioning feature due to the nature of this repo.
This also corrects a reference which is now an error.
Change-Id: Ia1d31df932b447f11bc588925de9974d4f6dfc7d
FIPS needs to be enabled before test-setup is run, as enabling
FIPS requires the node to be rebooted, test-setup needs to run and
setup the environment after the reboot.
Change-Id: I6fecb9c6e917d1a36b2b82c1b02098eed4323ac7
This patch adds a new multinode job definition that enables
FIPS mode prior to multinode configuration.
In order to enable FIPS mode, the OS boot procedure need to be
changed to enable the appropriate kernel flag. This modification
has effect only after system reboot.
The default behavior of this job is to always enable FIPS mode.
Change-Id: I6f1365837d9ed2ba82c391a20f9094c9ef0e6c4e
Signed-off-by: Douglas Viroel <dviroel@redhat.com>
Update the deprecation policy to indicate that zuul-jobs is no
longer tested with EOL platforms. Also explicitly switch the minimum
Python 3 documented to 3.6, and add a note to the tox-py34 and
tox-py35 jobs mentioning that they're no longer directly tested.
Move those jobs to the deprecated jobs list as well, to help
reinforce the point that their continued use is not recommended.
Change-Id: I2edbf8ea010caf7a7641e0d88f360965fc0b96ab
SetupTools 58 dropped support for its old use_2to3 option, which has
started surfacing a number of ancient Python packages in need of
updates. In this case, the last full release of funcparserlib (which
is a transitive dependency by way of blockdiag by way of
sphinxcontrib-blockdiag) was in 2013, but luckily they have an alpha
release which we can pin explicitly and pull in as a temporary
workaround to get docs builds going again.
Change-Id: I6903eeac2c479e2da795c1dbd215cdee33d09fd7
Role copied and modified from ensure-podman
As focal doesn't exist for project atomic ppa [1]
Install is performed from opensuse repository only
[1] http://ppa.launchpad.net/projectatomic/ppa/ubuntu/dists/
Change-Id: I72fc2e68768664b80c39bd47295330131337d8b5
This new role will be used to replace our upload-docker-image role in
the future.
Change-Id: I0e2b0cca6575255520aa6d4d48a12128ab5f46cc
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This reverts commit 51a8ed8e95a2240547b0128701cc8acf6ba8bbcc.
This has a typo ("exector"). The fix is obvious, but the bigger
issue is that it was not caught in testing, even though the main
purpose of the change was to re-enable tests. We should understand
why it wasn't caught in testing and resolve that before fixing and
unreverting.
Change-Id: I3ed407546fecc52d4a039f7959c0521511e6a00b
Ansible doens't really have a great built-in way to modify a json file
(unlike ini files). The extant docker role does what seems to be the
usual standard, which is slurp in the file, parse it and then write it
back out.
In a follow-on change (I338616c41a65b007d56648fdab6da2a6a6b909f4) we
need to set some more values in the docker configuration .json file,
which made me think it's generic enough that we can have a role to
basically run read the file, |combine and write it back out.
This adds such a role with various options, and converts the existing
json configuration update in ensure-docker to use it.
Change-Id: I155a409945e0175249cf2dc630b839c7a97fb452
This reverts commit 69a238df46ca81e8890ebb2ace7addcbb4852911.
The role is re-written with executor-safe methods.
Depends-On: https://review.opendev.org/753222
Change-Id: I0b52eff66bfdca776e0e5c426bf1fc57deb3fc49
Add a role to install Rust via the rustup tool. It defaults to
installing globally, which avoids having to worry too much about
setting paths for follow-on jobs.
Packaged Rust and the upstream rustup install tool can live together,
and there's various documentation about it. Thus I've made this such
that we can expand it with packaged Rust support if there is a need,
but I have not implemented that yet.
Change-Id: I32f9b285904a7036f9a80ada8a49fa9cf31b5163
We're not actually following this. Let's either update
the docs to reflect on how os specific tasks are handled
or update the roles to follow the guidelines.
Change-Id: I9b987efaf597acd34cbcacccd37415dd205a7fba
Adds terraform roles to install and execute terraform.
Supports adding an override.tf file to override configuration in CI
which is useful to let zuul handle module reposity authentication
instead of setting up credentials on the remote during the job.
Also returns the execution plan back as a comment for 'terraform plan'
to make it easy for reviewers.
Change-Id: I3b4f2bac7f055a0c0f9cb7888b4146ac9c007d25
This change enables a kubectl connection job to just remove the
zuul sshkey, without using the add-build-sshkey role which doesn't
work on pod. To do that, this change moves the sshagent_remove_key
task to a new role and makes add-build-sshkey use the new role.
Change-Id: I5e7288592cad303df919220259f5a360bf522f64
There's no reason to not just build the tarball when we build the
content.
Set the default value for node_version in the base job.
Change-Id: Ifb3e5138e9ae19ec3de9250f1828fc07230ef739
Adds a role to let users define a manifest of artifacts located
in zuul-output/artifacts that should be uploaded to pre defined
artifactory instances.
Change-Id: I00dc0302e85ce59b3808f6e62e2bcdadf2e41fde
Some javascript operations, like running tests for web-apps, need
browsers. Javascript packages that are not targetting browsers
do not.
Make a -browser version that installs the browsers and xvfb, and
a non-browser version that does not.
Change-Id: I33c12cb0d9516bdffef7d8d04af4dbcb03ed8355
The pre-playbook for the javascript jobs got complex. Extract it
to a role so we can better document it.
Also - stop installing javascript depends in pre - the depends
declared in a patch should be tested as part of the patch.
Change-Id: I50a483f223620cd3f9ecd82887062cfc9ac64b7f
We have a bunch of jobs that are built around the npm role, but
for projects using yarn, that can lead to ignoring yarn.lock.
For projects with a yarn.lock, we can assume the user wants to
use yarn. Make a new js-package-manager role that can detect
if that's the case and otherwise use npm. Make an js_build_tool
parameter that allows the user to override that auto-detection.
Make a whole new suite of jobs that do this behavior, do not have
npm in their name, and default to the latest node LTS, version 14.
Don't install yarn if we're not going to use yarn. Also allow people
who want to use yarn but don't have a yarn.lock to override
js_build_tool everywhere we do that logic.
Mark the old jobs deprecated.
Shift the npm and yarn roles to use the new js-package-manager role
with defaults set.
Change-Id: I8013228ca05607a69f390a9bb75991fc6543f865
