summaryrefslogtreecommitdiffstats
path: root/.github/workflows/ci.yml
blob: e0627af4a6312d434a914dca9b88080d6f1c00d8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
---
name: CI
env:
  LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting
  CI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  DEV_DOCKER_OWNER: ${{ github.repository_owner }}
  COMPOSE_TAG: ${{ github.base_ref || 'devel' }}
  UPSTREAM_REPOSITORY_ID: 91594105
on:
  pull_request:
  push:
    branches:
      - devel  # needed to publish code coverage post-merge
jobs:
  common-tests:
    name: ${{ matrix.tests.name }}
    runs-on: ubuntu-latest
    timeout-minutes: 60
    permissions:
      packages: write
      contents: read
    strategy:
      fail-fast: false
      matrix:
        tests:
          - name: api-test
            command: /start_tests.sh test_coverage
            coverage-upload-name: ""
          - name: api-migrations
            command: /start_tests.sh test_migrations
            coverage-upload-name: ""
          - name: api-lint
            command: /var/lib/awx/venv/awx/bin/tox -e linters
            coverage-upload-name: ""
          - name: api-swagger
            command: /start_tests.sh swagger
            coverage-upload-name: ""
          - name: awx-collection
            command: /start_tests.sh test_collection_all
            coverage-upload-name: "awx-collection"
          - name: api-schema
            command: >-
              /start_tests.sh detect-schema-change SCHEMA_DIFF_BASE_BRANCH=${{
                github.event.pull_request.base.ref || github.ref_name
              }}
            coverage-upload-name: ""

    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - name: Build awx_devel image for running checks
        uses: ./.github/actions/awx_devel_image
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Run check ${{ matrix.tests.name }}
        id: make-run
        run: >-
          AWX_DOCKER_ARGS='-e GITHUB_ACTIONS -e GITHUB_OUTPUT -v "${GITHUB_OUTPUT}:${GITHUB_OUTPUT}:rw,Z"'
          AWX_DOCKER_CMD='${{ matrix.tests.command }}'
          make docker-runner

      - name: Upload test coverage to Codecov
        if: >-
          !cancelled()
          && steps.make-run.outputs.cov-report-files != ''
        uses: codecov/codecov-action@v4
        with:
          fail_ci_if_error: >-
            ${{
              toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id)
            }}
          files: >-
            ${{ steps.make-run.outputs.cov-report-files }}
          flags: >-
            CI-GHA,
            pytest,
            OS-${{
              runner.os
            }}
          token: ${{ secrets.CODECOV_TOKEN }}
      - name: Upload test results to Codecov
        if: >-
          !cancelled()
          && steps.make-run.outputs.test-result-files != ''
        uses: codecov/test-results-action@v1
        with:
          fail_ci_if_error: >-
            ${{
              toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id)
            }}
          files: >-
            ${{ steps.make-run.outputs.test-result-files }}
          flags: >-
            CI-GHA,
            pytest,
            OS-${{
              runner.os
            }}
          token: ${{ secrets.CODECOV_TOKEN }}

      - name: Upload awx jUnit test reports
        if: >-
          !cancelled()
          && steps.make-run.outputs.test-result-files != ''
          && github.event_name == 'push'
          && env.UPSTREAM_REPOSITORY_ID == github.repository_id
          && github.ref_name == github.event.repository.default_branch
        run: |
          for junit_file in $(echo '${{ steps.make-run.outputs.test-result-files }}' | sed 's/,/ /')
          do
              curl \
                -v \
                --user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}" \
                --form "xunit_xml=@${junit_file}" \
                --form "component_name=${{ matrix.tests.coverage-upload-name || 'awx' }}" \
                --form "git_commit_sha=${{ github.sha }}" \
                --form "git_repository_url=https://github.com/${{ github.repository }}" \
                "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/"
          done

  dev-env:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'

      - uses: ./.github/actions/run_awx_devel
        id: awx
        with:
          build-ui: false
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Run live dev env tests
        run: docker exec tools_awx_1 /bin/bash -c "make live_test"

      - uses: ./.github/actions/upload_awx_devel_logs
        if: always()
        with:
          log-filename: live-tests.log

  awx-operator:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    env:
      DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
    steps:
      - name: Checkout awx
        uses: actions/checkout@v4
        with:
          show-progress: false
          path: awx

      - name: Checkout awx-operator
        uses: actions/checkout@v4
        with:
          show-progress: false\
          repository: ansible/awx-operator
          path: awx-operator

      - name: Get python version from Makefile
        working-directory: awx
        run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV

      - name: Install python ${{ env.py_version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ env.py_version }}

      - name: Install playbook dependencies
        run: |
          python3 -m pip install docker

      - name: Build AWX image
        working-directory: awx
        run: |
          VERSION=`make version-for-buildyml` make awx-kube-build
        env:
          COMPOSE_TAG: ci
          DEV_DOCKER_TAG_BASE: local
          HEADLESS: yes

      - name: Run test deployment with awx-operator
        working-directory: awx-operator
        run: |
          python3 -m pip install -r molecule/requirements.txt
          python3 -m pip install PyYAML # for awx/tools/scripts/rewrite-awx-operator-requirements.py
          $(realpath ../awx/tools/scripts/rewrite-awx-operator-requirements.py) molecule/requirements.yml $(realpath ../awx)
          ansible-galaxy collection install -r molecule/requirements.yml
          sudo rm -f $(which kustomize)
          make kustomize
          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule -v test -s kind -- --skip-tags=replicas
        env:
          AWX_TEST_IMAGE: local/awx
          AWX_TEST_VERSION: ci
          AWX_EE_TEST_IMAGE: quay.io/ansible/awx-ee:latest
          STORE_DEBUG_OUTPUT: true

      - name: Upload debug output
        if: failure()
        uses: actions/upload-artifact@v3
        with:
          name: awx-operator-debug-output
          path: ${{ env.DEBUG_OUTPUT_DIR }}

  collection-sanity:
    name: awx_collection sanity
    runs-on: ubuntu-latest
    timeout-minutes: 30
    strategy:
      fail-fast: false
      matrix:
        ansible:
          - stable-2.17
          # - devel
    steps:
      - name: Perform sanity testing
        uses: ansible-community/ansible-test-gh-action@release/v1
        with:
          ansible-core-version: ${{ matrix.ansible }}
          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          collection-root: awx_collection
          pre-test-cmd: >-
            ansible-playbook
            -i localhost,
            tools/template_galaxy.yml
            -e collection_package=awx
            -e collection_namespace=awx
            -e collection_version=1.0.0
            -e '{"awx_template_version": false}'
          testing-type: sanity

      - name: Upload awx jUnit test reports to the unified dashboard
        if: >-
          !cancelled()
          && steps.make-run.outputs.test-result-files != ''
          && github.event_name == 'push'
          && env.UPSTREAM_REPOSITORY_ID == github.repository_id
          && github.ref_name == github.event.repository.default_branch
        run: |
          for junit_file in $(echo '${{ steps.make-run.outputs.test-result-files }}' | sed 's/,/ /')
          do
              curl \
                -v \
                --user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}" \
                --form "xunit_xml=@${junit_file}" \
                --form "component_name=awx" \
                --form "git_commit_sha=${{ github.sha }}" \
                --form "git_repository_url=https://github.com/${{ github.repository }}" \
                "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/"
          done

  collection-integration:
    name: awx_collection integration
    runs-on: ubuntu-latest
    timeout-minutes: 60
    strategy:
      fail-fast: false
      matrix:
        target-regex:
          - name: a-h
            regex: ^[a-h]
          - name: i-p
            regex: ^[i-p]
          - name: r-z0-9
            regex: ^[r-z0-9]
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'

      - uses: ./.github/actions/run_awx_devel
        id: awx
        with:
          build-ui: false
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install dependencies for running tests
        run: |
          python3 -m pip install -e ./awxkit/
          python3 -m pip install -r awx_collection/requirements.txt

      - name: Run integration tests
        id: make-run
        run: |
          echo "::remove-matcher owner=python::"  # Disable annoying annotations from setup-python
          echo '[general]' > ~/.tower_cli.cfg
          echo 'host = https://${{ steps.awx.outputs.ip }}:8043' >> ~/.tower_cli.cfg
          echo 'username = admin' >> ~/.tower_cli.cfg
          echo 'password = password' >> ~/.tower_cli.cfg
          echo 'verify_ssl = false' >> ~/.tower_cli.cfg
          TARGETS="$(ls awx_collection/tests/integration/targets | grep '${{ matrix.target-regex.regex }}' | tr '\n' ' ')"
          make COLLECTION_VERSION=100.100.100-git COLLECTION_TEST_TARGET="--requirements $TARGETS" test_collection_integration
        env:
          ANSIBLE_TEST_PREFER_PODMAN: 1

      - name: Upload test coverage to Codecov
        if: >-
          !cancelled()
          && steps.make-run.outputs.cov-report-files != ''
        uses: codecov/codecov-action@v4
        with:
          fail_ci_if_error: >-
            ${{
              toJSON(env.UPSTREAM_REPOSITORY_ID == github.repository_id)
            }}
          files: >-
            ${{ steps.make-run.outputs.cov-report-files }}
          flags: >-
            CI-GHA,
            ansible-test,
            integration,
            OS-${{
              runner.os
            }}
          token: ${{ secrets.CODECOV_TOKEN }}

      # Upload coverage report as artifact
      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: coverage-${{ matrix.target-regex.name }}
          path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/

      - uses: ./.github/actions/upload_awx_devel_logs
        if: always()
        with:
          log-filename: collection-integration-${{ matrix.target-regex.name }}.log

  collection-integration-coverage-combine:
    name: combine awx_collection integration coverage
    runs-on: ubuntu-latest
    timeout-minutes: 10
    needs:
      - collection-integration
    strategy:
      fail-fast: false
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false

      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'

      - name: Upgrade ansible-core
        run: python3 -m pip install --upgrade ansible-core

      - name: Download coverage artifacts
        uses: actions/download-artifact@v3
        with:
          path: coverage

      - name: Combine coverage
        run: |
          make COLLECTION_VERSION=100.100.100-git install_collection
          mkdir -p ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage
          cd coverage
          for i in coverage-*; do
            cp -rv $i/* ~/.ansible/collections/ansible_collections/awx/awx/tests/output/coverage/
          done
          cd ~/.ansible/collections/ansible_collections/awx/awx
          ansible-test coverage combine --requirements
          ansible-test coverage html
          echo '## AWX Collection Integration Coverage' >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          ansible-test coverage report >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          echo >> $GITHUB_STEP_SUMMARY
          echo '## AWX Collection Integration Coverage HTML' >> $GITHUB_STEP_SUMMARY
          echo 'Download the HTML artifacts to view the coverage report.' >> $GITHUB_STEP_SUMMARY

      # This is a huge hack, there's no official action for removing artifacts currently.
      # Also ACTIONS_RUNTIME_URL and ACTIONS_RUNTIME_TOKEN aren't available in normal run
      # steps, so we have to use github-script to get them.
      #
      # The advantage of doing this, though, is that we save on artifact storage space.

      - name: Get secret artifact runtime URL
        uses: actions/github-script@v6
        id: get-runtime-url
        with:
          result-encoding: string
          script: |
            const { ACTIONS_RUNTIME_URL } = process.env;
            return ACTIONS_RUNTIME_URL;

      - name: Get secret artifact runtime token
        uses: actions/github-script@v6
        id: get-runtime-token
        with:
          result-encoding: string
          script: |
            const { ACTIONS_RUNTIME_TOKEN } = process.env;
            return ACTIONS_RUNTIME_TOKEN;

      - name: Remove intermediary artifacts
        env:
          ACTIONS_RUNTIME_URL: ${{ steps.get-runtime-url.outputs.result }}
          ACTIONS_RUNTIME_TOKEN: ${{ steps.get-runtime-token.outputs.result }}
        run: |
          echo "::add-mask::${ACTIONS_RUNTIME_TOKEN}"
          artifacts=$(
            curl -H "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" \
              ${ACTIONS_RUNTIME_URL}_apis/pipelines/workflows/${{ github.run_id }}/artifacts?api-version=6.0-preview \
            | jq -r '.value | .[] | select(.name | startswith("coverage-")) | .url'
          )

          for artifact in $artifacts; do
            curl -i -X DELETE -H "Accept: application/json;api-version=6.0-preview" -H "Authorization: Bearer $ACTIONS_RUNTIME_TOKEN" "$artifact"
          done

      - name: Upload coverage report as artifact
        uses: actions/upload-artifact@v3
        with:
          name: awx-collection-integration-coverage-html
          path: ~/.ansible/collections/ansible_collections/awx/awx/tests/output/reports/coverage