From a6e8eba4af6dc89ebea446b6f19237e71a537c61 Mon Sep 17 00:00:00 2001 From: Sergei Petrosian Date: Tue, 20 Aug 2024 12:16:42 +0200 Subject: [PATCH] ci: Add python unit tests Signed-off-by: Sergei Petrosian --- .github/workflows/codeql.yml | 48 ++++++++++++++ .github/workflows/python-unit-test.yml | 92 ++++++++++++++++++++++++++ .github/workflows/tft.yml | 2 +- README.md | 2 +- contributing.md | 31 +++++++++ 5 files changed, 173 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/python-unit-test.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..125722e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,48 @@ +--- +name: CodeQL +on: # yamllint disable-line rule:truthy + push: + branches: ["main"] + pull_request: + branches: ["main"] + merge_group: + branches: + - main + types: + - checks_requested + schedule: + - cron: 4 3 * * 2 +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [python] + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt update + sudo apt install -y git + - name: Checkout + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/python-unit-test.yml b/.github/workflows/python-unit-test.yml new file mode 100644 index 0000000..09df843 --- /dev/null +++ b/.github/workflows/python-unit-test.yml @@ -0,0 +1,92 @@ +--- +# yamllint disable rule:line-length +name: Python Unit Tests +on: # yamllint disable-line rule:truthy + pull_request: + merge_group: + branches: + - main + types: + - checks_requested + push: + branches: + - main + workflow_dispatch: +permissions: + contents: read +jobs: + python: + strategy: + matrix: + pyver_os: + - ver: "2.7" + os: ubuntu-20.04 + - ver: "3.6" + os: ubuntu-20.04 + - ver: "3.8" + os: ubuntu-latest + - ver: "3.9" + os: ubuntu-latest + - ver: "3.10" + os: ubuntu-latest + - ver: "3.11" + os: ubuntu-latest + runs-on: ${{ matrix.pyver_os.os }} + steps: + - name: Update git + run: | + set -euxo pipefail + sudo apt update + sudo apt install -y git + + - name: checkout PR + uses: actions/checkout@v4 + + - name: Set up Python 2.7 + if: ${{ matrix.pyver_os.ver == '2.7' }} + run: | + set -euxo pipefail + sudo apt install -y python2.7 + + - name: Set up Python 3 + if: ${{ matrix.pyver_os.ver != '2.7' }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.pyver_os.ver }} + + - name: Install platform dependencies, python, tox, tox-lsr + run: | + set -euxo pipefail + python -m pip install --upgrade pip + if [ "${{ matrix.pyver_os.ver }}" = 2.7 ]; then + # newer virtualenv cannot create python2 venvs + # newer tox requires newer virtualenv + tox='tox<4.15' + virtualenv='virtualenv<20.22.0' + else + tox=tox + virtualenv=virtualenv + fi + pip install "$tox" "$virtualenv" "git+https://github.com/linux-system-roles/tox-lsr@3.4.0" + # If you have additional OS dependency packages e.g. libcairo2-dev + # then put them in .github/config/ubuntu-requirements.txt, one + # package per line. + if [ -f .github/config/ubuntu-requirements.txt ]; then + sudo apt-get install -y $(cat .github/config/ubuntu-requirements.txt) + fi + + - name: Run unit tests + run: | + set -euxo pipefail + toxpyver=$(echo "${{ matrix.pyver_os.ver }}" | tr -d .) + toxenvs="py${toxpyver}" + # NOTE: The use of flake8, pylint, black with specific + # python envs is arbitrary and must be changed in tox-lsr + case "$toxpyver" in + 310) toxenvs="${toxenvs},coveralls,flake8,pylint,black" ;; + *) toxenvs="${toxenvs},coveralls" ;; + esac + TOXENV="$toxenvs" lsr_ci_runtox + + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@v4 diff --git a/.github/workflows/tft.yml b/.github/workflows/tft.yml index e39004c..1b27c04 100644 --- a/.github/workflows/tft.yml +++ b/.github/workflows/tft.yml @@ -123,7 +123,7 @@ jobs: ${{ matrix.platform }}-${{ matrix.ansible_version }}_$DATETIME/artifacts" ARTIFACTS_TARGET_DIR=/srv/pub/alt/linuxsystemroles/logs ARTIFACTS_DIR=$ARTIFACTS_TARGET_DIR/$ARTIFACTS_DIR_NAME - ARTIFACTS_URL=https://dl.fedoraproject.org/pub/alt/linuxsystemroles/logs/$ARTIFACTS_DIR_NAME + ARTIFACTS_URL=https://dl.fedoraproject.org/pub/alt/linuxsystemroles/logs$ARTIFACTS_DIR_NAME echo "DATETIME=$DATETIME" >> $GITHUB_OUTPUT echo "ARTIFACTS_DIR=$ARTIFACTS_DIR" >> $GITHUB_OUTPUT echo "ARTIFACTS_URL=$ARTIFACTS_URL" >> $GITHUB_OUTPUT diff --git a/README.md b/README.md index 6abffc8..c1cf886 100644 --- a/README.md +++ b/README.md @@ -455,4 +455,4 @@ See README-ostree.md MIT Based on [Ansible-sudoers](https://github.com/ahuffman/ansible-sudoers). -[![ansible-lint.yml](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/sudo/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/sudo/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/sudo/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/sudo/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/sudo/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/woke.yml) +[![ansible-lint.yml](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/sudo/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/codeql.yml) [![markdownlint.yml](https://github.com/linux-system-roles/sudo/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/sudo/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/python-unit-test.yml) [![shellcheck.yml](https://github.com/linux-system-roles/sudo/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/sudo/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/sudo/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/sudo/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/sudo/actions/workflows/woke.yml) diff --git a/contributing.md b/contributing.md index 05b5282..b8951a7 100644 --- a/contributing.md +++ b/contributing.md @@ -19,3 +19,34 @@ are likely to be suitable for new contributors! **Code** is managed on [Github](https://github.com/linux-system-roles/sudo), using [Pull Requests](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). + +## Python Code + +The Python code needs to be **compatible with the Python versions supported by +the role platform**. + +For example, see [meta](https://github.com/linux-system-roles/sudo/blob/main/meta/main.yml) +for the platforms supported by the role. + +If the role provides Ansible modules (code in `library/` or `module_utils/`) - +these run on the *managed* node, and typically[1] use the default system python: + +* EL6 - python 2.6 +* EL7 - python 2.7 or python 3.6 in some cases +* EL8 - python 3.6 +* EL9 - python 3.9 + +If the role provides some other sort of Ansible plugin such as a filter, test, +etc. - these run on the *control* node and typically use whatever version of +python that Ansible uses, which in many cases is *not* the system python, and +may be a modularity release such as python311. + +In general, it is a good idea to ensure the role python code works on all +versions of python supported by `tox-lsr` from py36 on, and on py27 if the role +supports EL7, and on py26 if the role supports EL6.[1] + +[1] Advanced users may set +[ansible_python_interpreter](https://docs.ansible.com/ansible/latest/reference_appendices/special_variables.html#term-ansible_python_interpreter) +to use a non-system python on the managed node, so it is a good idea to ensure +your code has broad python version compatibility, and do not assume your code +will only ever be run with the default system python.