--- name: Gerrit Verify # yamllint disable-line rule:truthy on: workflow_dispatch: inputs: GERRIT_BRANCH: description: "Branch that change is against" required: true type: string GERRIT_CHANGE_ID: description: "The ID for the change" required: true type: string GERRIT_CHANGE_NUMBER: description: "The Gerrit number" required: true type: string GERRIT_CHANGE_URL: description: "URL to the change" required: true type: string GERRIT_EVENT_TYPE: description: "Type of Gerrit event" required: true type: string GERRIT_PATCHSET_NUMBER: description: "The patch number for the change" required: true type: string GERRIT_PATCHSET_REVISION: description: "The revision sha" required: true type: string GERRIT_PROJECT: description: "Project in Gerrit" required: true type: string GERRIT_REFSPEC: description: "Gerrit refspec of change" required: true type: string env: OS_CLOUD: "vex" PACKER_VERSION: "1.9.1" concurrency: group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} cancel-in-progress: true jobs: prepare: runs-on: ubuntu-latest steps: - name: Clear votes uses: lfit/gerrit-review-action@v0.3 with: host: ${{ vars.GERRIT_SERVER }} username: ${{ vars.GERRIT_SSH_USER }} key: ${{ secrets.GERRIT_SSH_PRIVKEY }} known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} vote-type: clear - name: Allow replication run: sleep 10s actionlint: needs: prepare runs-on: ubuntu-latest steps: - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" - name: Download actionlint id: get_actionlint run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) shell: bash - name: Check workflow files run: ${{ steps.get_actionlint.outputs.executable }} -color shell: bash # run pre-commit tox env separately to get use of more parallel processing pre-commit: needs: prepare runs-on: ubuntu-latest steps: - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" - uses: actions/setup-python@v4 with: python-version: "3.11" - name: Run static analysis and format checkers run: pipx run pre-commit run --all-files --show-diff-on-failure jjb-validation: needs: prepare runs-on: ubuntu-latest steps: - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" - uses: actions/setup-python@v4 id: setup-python with: python-version: "3.11" - name: Clone git submodules run: git submodule update --init - name: Run JJB Verify run: | python -m pip install --upgrade pip pip install jenkins-job-builder mkdir -p "${HOME}/.config/jenkins_jobs" cat << EOF > "${HOME}/.config/jenkins_jobs/jenkins_jobs.ini" [job_builder] ignore_cache=True keep_descriptions=False include_path=. recursive=True query_plugins_info=False config-xml=True EOF jenkins-jobs test -o archives/job-configs jjb/ tox-verify: needs: prepare runs-on: ubuntu-latest steps: - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" - uses: actions/setup-python@v4 id: setup-python with: python-version: "3.11" - name: Run tox run: >- pipx run tox packer-validator: needs: prepare runs-on: ubuntu-latest steps: - name: Gerrit Checkout # yamllint disable-line rule:line-length uses: lfit/checkout-gerrit-change-action@70360ca2f8bee3e6a15224d8a03f8e017b1ac91f # v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" - name: Clone git submodules shell: bash run: git submodule update --init - name: Check for changes # yamllint disable-line rule:line-length uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: changes with: base: ${{ inputs.GERRIT_BRANCH }} ref: ${{ inputs.GERRIT_PATCHSET_REVISION }} filters: | src: - 'packer/**' - name: Setup packer if: steps.changes.outputs.src == 'true' uses: hashicorp/setup-packer@main id: setup with: version: ${{ env.PACKER_VERSION }} - name: Create cloud-env file required for packer id: create-cloud-env-file if: steps.changes.outputs.src == 'true' shell: bash run: | echo "${{ secrets.CLOUDS_ENV_B64 }}" | base64 --decode \ > "${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" - name: Create cloud.yaml file for openstack client id: create-cloud-yaml-file if: steps.changes.outputs.src == 'true' shell: bash run: | mkdir -p "$HOME/.config/openstack" echo "${{ secrets.CLOUDS_YAML_B64 }}" | base64 --decode \ > "$HOME/.config/openstack/clouds.yaml" - name: Setup Python if: steps.changes.outputs.src == 'true' # yamllint disable-line rule:line-length uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 with: python-version: "3.11" - name: Install openstack deps id: install-openstack-deps if: steps.changes.outputs.src == 'true' shell: bash run: | python -m pip install --upgrade pip pip install python-openstackclient pip freeze - name: Verify packer files if: steps.changes.outputs.src == 'true' shell: bash run: | set -x cd packer varfiles=(common-packer/vars/*.pkrvars.hcl) templates=(templates/*.pkr.hcl) mkdir -p "${GITHUB_WORKSPACE}/logs" PACKER_LOGS_DIR="${GITHUB_WORKSPACE}/logs" for varfile in "${varfiles[@]}"; do if [[ "$varfile" == *"cloud-env.json"* ]] || \ [[ "$varfile" == "vars/*.json" ]] || \ [[ "$varfile" == *"cloud-env.pkrvars.hcl"* ]] || \ [[ "$varfile" == *"cloud-env-aws.pkrvars.hcl"* ]] || \ [[ "$varfile" == "vars/*.pkrvars.hcl" ]]; then continue fi echo "::group::$varfile" echo "-----> Test var: $varfile" for template in "${templates[@]}"; do if [[ "$template" == *"variables.pkr.hcl"* ]] || \ [[ "$template" == *"variables.auto.pkr.hcl"* ]]; then continue fi if [[ "${template#*.}" == "pkr.hcl" ]]; then echo "packer init $template ..." packer init "$template" fi LOG_FILE="packer-validate-${varfile##*/}-${template##*/}.log" export PACKER_LOG="yes" export PACKER_LOG_PATH="$PACKER_LOGS_DIR/$LOG_FILE" if output=$(OS_CLOUD=${{ env.OS_CLOUD }} packer validate \ -var-file="${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" \ -var-file="$varfile" "$template"); then echo "$template: $output" else echo "$template: $output" exit 1 fi done echo "::endgroup::" done vote: if: ${{ always() }} needs: [ prepare, actionlint, pre-commit, jjb-validation, tox-verify, packer-validator, ] runs-on: ubuntu-latest steps: - uses: technote-space/workflow-conclusion-action@v3 - name: Set vote uses: lfit/gerrit-review-action@v0.3 with: host: ${{ vars.GERRIT_SERVER }} username: ${{ vars.GERRIT_SSH_USER }} key: ${{ secrets.GERRIT_SSH_PRIVKEY }} known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} vote-type: ${{ env.WORKFLOW_CONCLUSION }}