.github/workflows/gerrit-verify.yaml

   1 ---
   2 name: Gerrit Verify
   3
   4 # yamllint disable-line rule:truthy
   5 on:
   6   workflow_dispatch:
   7     inputs:
   8       GERRIT_BRANCH:
   9         description: "Branch that change is against"
  10         required: true
  11         type: string
  12       GERRIT_CHANGE_ID:
  13         description: "The ID for the change"
  14         required: true
  15         type: string
  16       GERRIT_CHANGE_NUMBER:
  17         description: "The Gerrit number"
  18         required: true
  19         type: string
  20       GERRIT_CHANGE_URL:
  21         description: "URL to the change"
  22         required: true
  23         type: string
  24       GERRIT_EVENT_TYPE:
  25         description: "Type of Gerrit event"
  26         required: true
  27         type: string
  28       GERRIT_PATCHSET_NUMBER:
  29         description: "The patch number for the change"
  30         required: true
  31         type: string
  32       GERRIT_PATCHSET_REVISION:
  33         description: "The revision sha"
  34         required: true
  35         type: string
  36       GERRIT_PROJECT:
  37         description: "Project in Gerrit"
  38         required: true
  39         type: string
  40       GERRIT_REFSPEC:
  41         description: "Gerrit refspec of change"
  42         required: true
  43         type: string
  44
  45 env:
  46   OS_CLOUD: "vex"
  47   PACKER_VERSION: "1.9.1"
  48
  49 concurrency:
  50   group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
  51   cancel-in-progress: true
  52
  53 jobs:
  54   prepare:
  55     runs-on: ubuntu-latest
  56     steps:
  57       - name: Clear votes
  58         uses: lfit/gerrit-review-action@v0.3
  59         with:
  60           host: ${{ vars.GERRIT_SERVER }}
  61           username: ${{ vars.GERRIT_SSH_USER }}
  62           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
  63           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
  64           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
  65           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
  66           vote-type: clear
  67       - name: Allow replication
  68         run: sleep 10s
  69
  70   actionlint:
  71     needs: prepare
  72     runs-on: ubuntu-latest
  73     steps:
  74       - uses: lfit/checkout-gerrit-change-action@57bf0435f739fbbc7ce4cc85c9c3b8a386c6f84b # v0.6
  75         with:
  76           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  77           delay: "0s"
  78       - name: Download actionlint
  79         id: get_actionlint
  80         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
  81         shell: bash
  82       - name: Check workflow files
  83         run: ${{ steps.get_actionlint.outputs.executable }} -color
  84         shell: bash
  85
  86   # run pre-commit tox env separately to get use of more parallel processing
  87   pre-commit:
  88     needs: prepare
  89     runs-on: ubuntu-latest
  90     steps:
  91       - uses: lfit/checkout-gerrit-change-action@57bf0435f739fbbc7ce4cc85c9c3b8a386c6f84b # v0.6
  92         with:
  93           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  94           delay: "0s"
  95       - uses: actions/setup-python@v4
  96         with:
  97           python-version: "3.11"
  98       - name: Run static analysis and format checkers
  99         run: pipx run pre-commit run --all-files --show-diff-on-failure
 100
 101   jjb-validation:
 102     needs: prepare
 103     runs-on: ubuntu-latest
 104     steps:
 105       - uses: lfit/checkout-gerrit-change-action@57bf0435f739fbbc7ce4cc85c9c3b8a386c6f84b # v0.6
 106         with:
 107           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 108           delay: "0s"
 109       - uses: actions/setup-python@v4
 110         id: setup-python
 111         with:
 112           python-version: "3.11"
 113       - name: Clone git submodules
 114         run: git submodule update --init
 115       - name: Run JJB Verify
 116         run: |
 117           python -m pip install --upgrade pip
 118           pip install jenkins-job-builder
 119           mkdir -p "${HOME}/.config/jenkins_jobs"
 120           cat << EOF > "${HOME}/.config/jenkins_jobs/jenkins_jobs.ini"
 121           [job_builder]
 122           ignore_cache=True
 123           keep_descriptions=False
 124           include_path=.
 125           recursive=True
 126           query_plugins_info=False
 127           config-xml=True
 128           EOF
 129           jenkins-jobs test -o archives/job-configs jjb/
 130
 131   tox-verify:
 132     needs: prepare
 133     runs-on: ubuntu-latest
 134     steps:
 135       - uses: lfit/checkout-gerrit-change-action@57bf0435f739fbbc7ce4cc85c9c3b8a386c6f84b # v0.6
 136         with:
 137           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 138           delay: "0s"
 139       - uses: actions/setup-python@v4
 140         id: setup-python
 141         with:
 142           python-version: "3.11"
 143       - name: Run tox
 144         run: >-
 145           pipx run tox
 146
 147   packer-validator:
 148     needs: prepare
 149     runs-on: ubuntu-latest
 150     steps:
 151       - name: Gerrit Checkout
 152         # yamllint disable-line rule:line-length
 153         uses: lfit/checkout-gerrit-change-action@57bf0435f739fbbc7ce4cc85c9c3b8a386c6f84b # v0.6
 154         with:
 155           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 156           delay: "0s"
 157       - name: Clone git submodules
 158         shell: bash
 159         run: git submodule update --init
 160       - name: Check for changes
 161         # yamllint disable-line rule:line-length
 162         uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
 163         id: changes
 164         with:
 165           base: ${{ inputs.GERRIT_BRANCH }}
 166           ref: ${{ inputs.GERRIT_PATCHSET_REVISION }}
 167           filters: |
 168             src:
 169               - 'packer/**'
 170       - name: Setup packer
 171         if: steps.changes.outputs.src == 'true'
 172         uses: hashicorp/setup-packer@main
 173         id: setup
 174         with:
 175           version: ${{ env.PACKER_VERSION }}
 176       - name: Create cloud-env file required for packer
 177         id: create-cloud-env-file
 178         if: steps.changes.outputs.src == 'true'
 179         shell: bash
 180         run: |
 181           echo "${{ secrets.CLOUDS_ENV_B64 }}" | base64 --decode \
 182                   > "${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl"
 183       - name: Create cloud.yaml file for openstack client
 184         id: create-cloud-yaml-file
 185         if: steps.changes.outputs.src == 'true'
 186         shell: bash
 187         run: |
 188           mkdir -p "$HOME/.config/openstack"
 189           echo "${{ secrets.CLOUDS_YAML_B64 }}" | base64 --decode \
 190                   > "$HOME/.config/openstack/clouds.yaml"
 191       - name: Setup Python
 192         if: steps.changes.outputs.src == 'true'
 193         # yamllint disable-line rule:line-length
 194         uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
 195         with:
 196           python-version: "3.11"
 197       - name: Install openstack deps
 198         id: install-openstack-deps
 199         if: steps.changes.outputs.src == 'true'
 200         shell: bash
 201         run: |
 202           python -m pip install --upgrade pip
 203           pip install python-openstackclient
 204           pip freeze
 205       - name: Verify packer files
 206         if: steps.changes.outputs.src == 'true'
 207         shell: bash
 208         run: |
 209           set -x
 210           cd packer
 211
 212           varfiles=(common-packer/vars/*.pkrvars.hcl)
 213           templates=(templates/*.pkr.hcl)
 214
 215           mkdir -p "${GITHUB_WORKSPACE}/logs"
 216           PACKER_LOGS_DIR="${GITHUB_WORKSPACE}/logs"
 217
 218           for varfile in "${varfiles[@]}"; do
 219               if [[ "$varfile" == *"cloud-env.json"* ]] || \
 220                  [[ "$varfile" == "vars/*.json" ]] || \
 221                  [[ "$varfile" == *"cloud-env.pkrvars.hcl"* ]] || \
 222                  [[ "$varfile" == *"cloud-env-aws.pkrvars.hcl"* ]] || \
 223                  [[ "$varfile" == "vars/*.pkrvars.hcl" ]]; then
 224                   continue
 225               fi
 226
 227               echo "::group::$varfile"
 228               echo "-----> Test var: $varfile"
 229               for template in "${templates[@]}"; do
 230                   if [[ "$template" == *"variables.pkr.hcl"* ]] || \
 231                      [[ "$template" == *"variables.auto.pkr.hcl"* ]]; then
 232                       continue
 233                   fi
 234
 235                   if [[ "${template#*.}" == "pkr.hcl" ]]; then
 236                       echo "packer init $template ..."
 237                       packer init "$template"
 238                   fi
 239
 240                   LOG_FILE="packer-validate-${varfile##*/}-${template##*/}.log"
 241                   export PACKER_LOG="yes"
 242                   export PACKER_LOG_PATH="$PACKER_LOGS_DIR/$LOG_FILE"
 243                   if output=$(OS_CLOUD=${{ env.OS_CLOUD }} packer validate \
 244                         -var-file="${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" \
 245                         -var-file="$varfile" "$template"); then
 246                       echo "$template: $output"
 247                   else
 248                       echo "$template: $output"
 249                       exit 1
 250                   fi
 251               done
 252               echo "::endgroup::"
 253           done
 254
 255   vote:
 256     if: ${{ always() }}
 257     needs:
 258       [
 259         prepare,
 260         actionlint,
 261         pre-commit,
 262         jjb-validation,
 263         tox-verify,
 264         packer-validator,
 265       ]
 266     runs-on: ubuntu-latest
 267     steps:
 268       - uses: technote-space/workflow-conclusion-action@v3
 269       - name: Set vote
 270         uses: lfit/gerrit-review-action@v0.3
 271         with:
 272           host: ${{ vars.GERRIT_SERVER }}
 273           username: ${{ vars.GERRIT_SSH_USER }}
 274           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
 275           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
 276           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
 277           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
 278           vote-type: ${{ env.WORKFLOW_CONCLUSION }}