This partially reverts commit
3f961ce202d7d24e2944de09636b35cec9c13bf6.
This alternative installs wheel with the ensure-pip role instead of in
a separate role. wheel is very closely linked with pip install
operations so this isn't a large overreach of the role.
I suggest this for several reasons; firstly the python-wheel role
doesn't try to install packages, so we end up with mixed system pip
and upstream versions of wheel most of the time. This is the type of
thing that has proven problematic in the past. It also installs via
pip --user; something we've already had problems with tox when for
various reasons roles want to run this as non-zuul user. Using
ensure-pip we keep the packaged versions together.
[1] did try to install wheel with root, but during runtime which
didn't work due to sudo being revoked. This should work for the
existing build-python-release job, because it already includes
ensure-pip in pre-run via playbooks/python/pre.yaml
I believe our conclusion on the ensure-* roles was that requiring
root/become: for installation is OK, but we should have a no-op path
if the tools are found. This is consistent with that approach
(i.e. if you want wheel and can't do sudo, you should pre-install it
on your image using whatever you build that with).
This adds a check to the existing "is pip installed" check to also
check if wheel packages are available. If not we trigger the install
path.
This revealed some issues with RedHat.yaml -- we can always install
Python 3 (packages available for CentOS 7) so remove that check, and
if Ansible is running under Python 2; ensure we install the
dependencies too (not only if it is forced).
Update the documentation to describe that it will enable support for
bdist_wheel, and add a basic sanity test that wheels are produced by
pip. The existing build-python-release job is kept; although it is
modified to use the playbooks/python/pre.yaml playbook as the build
job does.
Change-Id: I2ab11bb45b6b2a49d54db39195228ab40141185c
[1] https://review.opendev.org/#/c/736001/5/roles/build-python-release/tasks/main.yaml
We can't do this all the time, because of rootless environments.
But sometimes people have root and want to be able to use something
from scripts from normal path.
Change-Id: I3f57a6108f8f53ebfdd12f04ecb3d8c68c5b4a60
This broke multiple zuul deployments. Please do not make changes without having tests on them.
This reverts commit fe4ce563f22b6f95b6df3e5404c4167685c1626a.
Change-Id: I0eac14d9c9c4e717883965e37fa6e3bbaf37f35a
This was introduced with Id8347b6b09735659a7ed9bbe7f9d2798fbec9620,
but is no longer necessary as the OpenDev images don't ship with
pip-and-virtualenv. Remove to avoid any ongoing confusion.
Change-Id: I87c4d949c9d9602dfa39023b337fa593f8fafde0
On CentOS 7, the python-pip package comes from EPEL. CentOS 8 and
Fedora don't have python-pip so it's safe to switch this to "yum" and
then we can use enablerepo.
Change-Id: I267f082b2db4e501299226f0033b5d940752d931
We need to rework this whole thing, becuase we need to install
wheel into a virtualenv so that we can do it without root. But
this should get us by until we can do that.
Change-Id: I2816a9c76a049f8986839c17c641d6cad541833d
In case of later upload failures, record the SHA2-256 checksum and
ASCII-armored OpenPGP signature of each signed artifact to the job's
output stream so they can later be used for manual uploading.
Change-Id: Ifd136b95357d499e088c5509fa57daf76a246cf4
This will only change the test role and can be used for validation.
We are facing some issues where the log upload to swift fails, but the
role is always succeeding. To get some more information about the
upload failures, we let the upload() method return those to the Ansible
module and provide them in the module's JSON result.
Change-Id: Ic54b877cd5ea58031e21e514eb3a7c50ea735795
The zuul.change variable isn't defined when run in a tag-based
release pipeline. Even though it's wrapped in a ternary operator,
it is still dereferenced even if it's not used. Make sure we
dereference it safely.
Change-Id: I215a003493603de99296035d77eee64cc66e83f1
Add a job that tests the build-container-image role as it would be
used in a tag-based release pipeline (as opposed to check or
gate+promote).
Also, correct an issue in the role where we assumed zuul.change
existed.
Change-Id: If2566764a52726ce45fff9b5e96ce9a42d513d8d
Adds terraform roles to install and execute terraform.
Supports adding an override.tf file to override configuration in CI
which is useful to let zuul handle module reposity authentication
instead of setting up credentials on the remote during the job.
Also returns the execution plan back as a comment for 'terraform plan'
to make it easy for reviewers.
Change-Id: I3b4f2bac7f055a0c0f9cb7888b4146ac9c007d25
This adds an option to the upload-docker-image role so that a job
can be written to run build-docker-image and upload-docker-image
in a release pipeline. This lets users build tagged docker images
from release tags rather than using the promote pipeline (which
may have built the image before a release git tag was applied).
Change-Id: Id28d0a85e02e56640911c44ddbfff7b38547b0b4
This was missed in I9bc55d771ec1828d374684d0ffe5ec1d1494773e because
I9650a869d39f5a09851784b6ac50962b77e7f59e was merged as a requested
cleanup. This recursive variable check should have been removed with
the revert.
Change-Id: I982b4f85b9ae151e9227743c2b0d13b20a1eda66
This reverts commit 7101fe7d1c13250415f5c6f6392c2a22720bbe43.
This unfortunately has a number of problems.
Firstly, the "Fail if no wget" fails when download_artifact_recurse
isn't set, because we didn't check for wget.
Also, the download doesn't work with some providers. wget asks for
gzip downloads with it's accept headers (which can't be turned off)
but the recursive download doesn't understand the gzipped index.html
file and thus doesn't find anything to walk. The "--compression=auto"
flag is available to overcome this, but is not widely supported (and
not supported on the executor). https://review.opendev.org/733728
attempted to work-around this but the problems with this approach seem
too much for now.
Change-Id: I9bc55d771ec1828d374684d0ffe5ec1d1494773e
Minikube provides addons and we can enable specific addons by passing the --addons arg when using minikube cli
Change-Id: I8d10e3a3dde1070b5c79406285035dacb59dddc8
- Do not insert an extra slash into the download URL, this breaks on
some storage providers.
- Do not try to uncompress *.xz files, libcurl cannot handle that
compression, also these are mostly journal files that are compressed
for a good reason.
- Mention the download directory again at the end, avoids needing to
scroll through umpteen log messages in order to find out the name of
the tmpdir generated at the start of the script.
Change-Id: I8eb674121a9808dfc8edfc14b8c3525a77b518ab
While making test with a node:
- with tox installed using "pip install --user" as a non-root user
- PATH modified using ~/.ssh/environment
- declared in nodepool to run as this non-root user
twine executable is not found:
using "command": twine is not found
using "shell" without /bin/bash: twine is not found
using "shell" with /bin/bash: twine is found!
Change-Id: Ia06218a830b5d44f04e0f10e0444be2cf9ad682e
While making test with a node:
- with tox installed using "pip install --user" as a non-root user
- PATH modified using ~/.ssh/environment
- declared in nodepool to run as this non-root user
tox checks produce an error:
"Check if tox is installed" evalues correctly (shell, bash)
"Output tox version" cannot find tox (command, no sh, no etc ...)
This change sets fact using the output of the first install check
Change-Id: I5886858bcd57afc8ea5fd121ad44bd82afb1a671
Also adds a check that makes sure the instance the artifact
is to be uploaded to is actually defined.
Change-Id: Ie80fa9869e49566dc39e815c10146d45724f5744
