From 39118f7da2d671c209d8ce066f970bd12c55e4c7 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 27 Sep 2024 16:07:41 +0100 Subject: [PATCH 1/2] feat: update `kayobe-automation` submodule and `workflows` Upgrade both the submodule used by `kayobe-automation` and the workflows collection that can generate `GitHub` workflows. Changes include: - Run config-diff in parallel - Automation detect vaulted files for config-diff - Add support for running hooks that use roles - Improvements to Tempest including the ability to run only failed tests - Use less verbose input descriptions - Bump up and pin the version of Actions and containers used by the workflows --- .automation | 2 +- etc/kayobe/ansible/requirements.yml | 2 +- ...te-kayobe-automation-55fc9c5c380d819c.yaml | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml diff --git a/.automation b/.automation index 7eefdb99fe..86b28403f6 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit 7eefdb99fe60df8eeac63004878ab4d44eb6d6ba +Subproject commit 86b28403f682b8cb3a783299e02899ec7224913f diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml index 2bb4047ce7..144cc3ac81 100644 --- a/etc/kayobe/ansible/requirements.yml +++ b/etc/kayobe/ansible/requirements.yml @@ -11,7 +11,7 @@ collections: - name: stackhpc.hashicorp version: 2.5.1 - name: stackhpc.kayobe_workflows - version: 1.0.3 + version: 1.1.0 roles: - src: stackhpc.vxlan - name: ansible-lockdown.ubuntu22_cis diff --git a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml new file mode 100644 index 0000000000..04c4f72938 --- /dev/null +++ b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml @@ -0,0 +1,19 @@ +--- +features: + - | + Upgrades kayobe-automation submodule to ``86b2840``. + Upgrades kayobe-workflows collection to ``v1.1.0``. + Kayobe-automation config-diff now runs in parallel and generates both + the old and new configuration at the same time. This should improve + config-diff wait times. +deprecations: + - | + Kayobe-automation will now automatically detected vaulted files for the + purpose of config-diff therefore, ``KAYOBE_CONFIG_SECRET_PATHS_EXTRA`` and + ``KAYOBE_CONFIG_VAULTED_FILES_PATHS_EXTRA`` are no longer used +security: + - | + The upgraded kayobe-workflows collection increases the version of various + Actions and containers used within GitHub based workflows, including increasing + Docker in Docker to version ``27.3.1`` thus removing the vunerabilities present + in ``24.0-git``. From 3b2ec1e7c27e52c15bb916586fca439ed08244c4 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 30 Sep 2024 10:52:28 +0100 Subject: [PATCH 2/2] Update releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml Co-authored-by: Matt Crees --- .automation | 2 +- .../run-books/pulp-sync-content.sh | 29 +++++++++++++++++++ ...te-kayobe-automation-55fc9c5c380d819c.yaml | 8 +++-- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100755 .automation.conf/run-books/pulp-sync-content.sh diff --git a/.automation b/.automation index 86b28403f6..7676aa89f0 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit 86b28403f682b8cb3a783299e02899ec7224913f +Subproject commit 7676aa89f0fde7291a846179c8820a8acc5c69ce diff --git a/.automation.conf/run-books/pulp-sync-content.sh b/.automation.conf/run-books/pulp-sync-content.sh new file mode 100755 index 0000000000..97ff18e9fa --- /dev/null +++ b/.automation.conf/run-books/pulp-sync-content.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +set -euE +set -o pipefail + +PARENT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +KAYOBE_AUTOMATION_DIR="$(realpath "${PARENT}/../../.automation")" + +function main { + if [ "${PULP_DO_CONTAINER_SYNC:-}" = true ]; then + ${KAYOBE_AUTOMATION_DIR}/scripts/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/pulp-container-sync.yml' -e stackhpc_pulp_images_kolla_filter="${PULP_KOLLA_FILTER:-}" + fi + if [ "${PULP_DO_CONTAINER_PUBLISH:-}" = true ]; then + ${KAYOBE_AUTOMATION_DIR}/scripts/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/pulp-container-publish.yml' -e stackhpc_pulp_images_kolla_filter="${PULP_KOLLA_FILTER:-}" + fi + if [ "${PULP_DO_REPO_SYNC:-}" = true ]; then + ${KAYOBE_AUTOMATION_DIR}/scripts/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/pulp-repo-sync.yml' + fi + if [ "${PULP_DO_REPO_PUBLISH:-}" = true ]; then + ${KAYOBE_AUTOMATION_DIR}/scripts/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/pulp-repo-publish.yml' + fi + if [ "${PULP_DO_REPO_PROMOTE:-}" = true ]; then + ${KAYOBE_AUTOMATION_DIR}/scripts/playbook-run.sh '$KAYOBE_CONFIG_PATH/ansible/pulp-repo-promote-production.yml' + fi +} + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main +fi diff --git a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml index 04c4f72938..f8e2e32a36 100644 --- a/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml +++ b/releasenotes/notes/update-kayobe-automation-55fc9c5c380d819c.yaml @@ -1,14 +1,18 @@ --- features: - | - Upgrades kayobe-automation submodule to ``86b2840``. + Upgrades kayobe-automation submodule to ``7676aa8``. + Upgrades kayobe-workflows collection to ``v1.1.0``. + Kayobe-automation config-diff now runs in parallel and generates both the old and new configuration at the same time. This should improve config-diff wait times. + + Add support for the `pulp-sync-content` run book. deprecations: - | - Kayobe-automation will now automatically detected vaulted files for the + Kayobe-automation will now automatically detect vaulted files for the purpose of config-diff therefore, ``KAYOBE_CONFIG_SECRET_PATHS_EXTRA`` and ``KAYOBE_CONFIG_VAULTED_FILES_PATHS_EXTRA`` are no longer used security: