simp-beaker-helpers 1.32.0 → 1.33.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile CHANGED
@@ -1,7 +1,6 @@
1
- # ------------------------------------------------------------------------------
2
- # NOTE: SIMP Puppet rake tasks support ruby 2.1.9
3
- # ------------------------------------------------------------------------------
4
- gem_sources = ENV.fetch('GEM_SERVERS','https://rubygems.org').split(/[, ]+/)
1
+ # frozen_string_literal: true
2
+
3
+ gem_sources = ENV.fetch('GEM_SERVERS', 'https://rubygems.org').split(%r{[, ]+})
5
4
 
6
5
  gem_sources.each { |gem_source| source gem_source }
7
6
 
@@ -9,13 +8,12 @@ gem_sources.each { |gem_source| source gem_source }
9
8
  gemspec
10
9
 
11
10
  # mandatory gems
12
- gem 'bundler'
13
11
  gem 'rake'
14
12
 
15
13
  group :system_tests do
16
- beaker_gem_options = ENV.fetch('BEAKER_GEM_OPTIONS', ['>= 4.28.1', '< 6.0.0'])
14
+ beaker_gem_options = ENV.fetch('BEAKER_GEM_OPTIONS', ['>= 4.28.1', '< 7.0.0'])
17
15
 
18
- if "#{beaker_gem_options}".include?(':')
16
+ if beaker_gem_options.to_s.include?(':')
19
17
  # Just pass in BEAKER_GEM_OPTIONS as a string that would represent the usual
20
18
  # hash of options.
21
19
  #
@@ -24,28 +22,26 @@ group :system_tests do
24
22
  # No, this isn't robust, but it's not really an 'every day' sort of thing
25
23
  # and safer than an `eval`
26
24
  begin
27
- gem 'beaker', Hash[
28
- beaker_gem_options.split(',').map do |x| # Split passed options on k/v pairs
29
- x.gsub('"', '').strip.split(/:\s|\s+=>\s+/) # Allow for either format hash keys
30
- end.map do |k,v|
31
- [
32
- k.delete(':').to_sym, # Convert all keys to symbols
33
- v.strip
34
- ]
35
- end
25
+ beaker_gem_options = Hash[
26
+ beaker_gem_options.split(',').
27
+ # Split passed options on k/v pairs
28
+ map { |x| x.gsub('"', '').strip.split(%r{:\s|\s+=>\s+}) }. # Allow for either format hash keys
29
+ map { |k, v| [k.delete(':').to_sym, v.strip] } # Convert all keys to symbols
36
30
  ] # Convert the whole thing to a valid Hash
37
- rescue => e
31
+ rescue StandardError => e
38
32
  raise "Invalid BEAKER_GEM_OPTIONS: '#{beaker_gem_options}' => '#{e}'"
39
33
  end
40
- else
41
- gem 'beaker', beaker_gem_options
42
34
  end
43
35
 
36
+ gem 'beaker', beaker_gem_options
37
+
38
+ gem 'bcrypt_pbkdf'
44
39
  gem 'beaker-rspec'
45
40
  gem 'beaker-windows'
41
+ gem 'ed25519'
46
42
  gem 'net-ssh'
47
43
  gem 'puppet', ENV.fetch('PUPPET_VERSION', ['>= 7.0.0', '< 9.0.0'])
44
+ gem 'puppetlabs_spec_helper', '>= 4.0.0', '< 8.0.0'
48
45
  gem 'rubocop'
49
46
  gem 'rubocop-rspec'
50
- gem 'puppetlabs_spec_helper', '>= 4.0.0', '< 7.0.0'
51
47
  end
data/README.md CHANGED
@@ -47,6 +47,7 @@ Methods to assist beaker acceptance tests for SIMP.
47
47
  * [BEAKER_RHSM_USER](#beaker_rhsm_user)
48
48
  * [BEAKER_RHSM_PASS](#beaker_rhsm_pass)
49
49
  * [BEAKER_inspec_version](#beaker_inspec_version)
50
+ * [BEAKER_RHSM_UNSUBSCRIBE](#beaker_rhsm_unsubscribe)
50
51
  * [Examples](#examples)
51
52
  * [Prep OS, Generate and copy PKI certs to each SUT](#prep-os-generate-and-copy-pki-certs-to-each-sut)
52
53
  * [Specify the version of Puppet to run in the SUTs](#specify-the-version-of-puppet-to-run-in-the-suts)
@@ -466,6 +467,12 @@ The version of InSpec to use when running inspec tests. Currently hard-coded to
466
467
 
467
468
  Set to 'latest' to use the latest available in the upstream repos.
468
469
 
470
+ #### BEAKER_RHSM_UNSUBSCRIBE
471
+
472
+ By default the system is unsubscribed from RHSM.
473
+
474
+ Set to 'False' to disable this behavior.
475
+
469
476
  ## Examples
470
477
 
471
478
  ### Prep OS, Generate and copy PKI certs to each SUT
@@ -1,5 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Simp; end
2
4
 
3
5
  module Simp::BeakerHelpers
4
- VERSION = '1.32.0'
6
+ VERSION = '1.33.0'
5
7
  end
@@ -259,7 +259,8 @@ module Simp::BeakerHelpers
259
259
  end
260
260
 
261
261
  # Ensure that Hashes return as Hash objects
262
- found_fact.is_a?(OpenStruct) ? found_fact.marshal_dump : found_fact
262
+ # OpenStruct objects have a marshal_dump method
263
+ found_fact.respond_to?(:marshal_dump) ? found_fact.marshal_dump : found_fact
263
264
  end
264
265
 
265
266
  # Returns the modulepath on the SUT, as an Array
@@ -676,7 +677,6 @@ module Simp::BeakerHelpers
676
677
 
677
678
  if os_info['name'] == 'RedHat' && ENV['BEAKER_RHSM_USER'] && ENV['BEAKER_RHSM_PASS']
678
679
  if os_maj_rel == '7'
679
- on sut, %{subscription-manager repos --enable "rhel-*-optional-rpms"}
680
680
  on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
681
681
  on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
682
682
  end
@@ -800,7 +800,9 @@ module Simp::BeakerHelpers
800
800
 
801
801
  RSpec.configure do |c|
802
802
  c.after(:all) do
803
- rhel_rhsm_unsubscribe(sut)
803
+ unless ENV['BEAKER_RHSM_UNSUBSCRIBE'] == 'false'
804
+ rhel_rhsm_unsubscribe(sut)
805
+ end
804
806
  end
805
807
  end
806
808
  end
@@ -846,7 +848,6 @@ module Simp::BeakerHelpers
846
848
  :repo_list => {
847
849
  '7' => [
848
850
  'rhel-7-server-extras-rpms',
849
- 'rhel-7-server-optional-rpms',
850
851
  'rhel-7-server-rh-common-rpms',
851
852
  'rhel-7-server-rpms',
852
853
  'rhel-7-server-supplementary-rpms'
@@ -854,6 +855,10 @@ module Simp::BeakerHelpers
854
855
  '8' => [
855
856
  'rhel-8-for-x86_64-baseos-rpms',
856
857
  'rhel-8-for-x86_64-supplementary-rpms'
858
+ ],
859
+ '9' => [
860
+ 'rhel-9-for-x86_64-appstream-rpms',
861
+ 'rhel-9-for-x86_64-baseos-rpms'
857
862
  ]
858
863
  }
859
864
  }
@@ -1,5 +1,6 @@
1
- # -*- encoding: utf-8 -*-
2
- $LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
1
+ # frozen_string_literal: true
2
+
3
+ $LOAD_PATH.unshift File.expand_path('lib', __dir__)
3
4
  require 'simp/beaker_helpers/version'
4
5
  require 'date'
5
6
 
@@ -7,31 +8,31 @@ Gem::Specification.new do |s|
7
8
  s.name = 'simp-beaker-helpers'
8
9
  s.date = Date.today.to_s
9
10
  s.summary = 'beaker helper methods for SIMP'
10
- s.description = <<-EOF
11
+ s.description = <<~END_DESCRIPTION
11
12
  Beaker helper methods to help scaffold SIMP acceptance tests
12
- EOF
13
+ END_DESCRIPTION
13
14
  s.version = Simp::BeakerHelpers::VERSION
14
15
  s.license = 'Apache-2.0'
15
- s.authors = ['Chris Tessmer','Trevor Vaughan']
16
+ s.authors = ['Chris Tessmer', 'Trevor Vaughan']
16
17
  s.email = 'simp@simp-project.org'
17
18
  s.homepage = 'https://github.com/simp/rubygem-simp-beaker-helpers'
18
19
  s.metadata = {
19
- 'issue_tracker' => 'https://github.com/simp/rubygem-simp-beaker-helpers/issues'
20
- }
20
+ 'issue_tracker' => 'https://github.com/simp/rubygem-simp-beaker-helpers/issues'
21
+ }
21
22
 
22
- s.required_ruby_version = '>= 2.3.0'
23
+ s.required_ruby_version = '>= 2.7.0'
23
24
 
24
- s.add_runtime_dependency 'beaker', ['>= 4.17.0', '< 6.0.0']
25
- s.add_runtime_dependency 'beaker-rspec', '~> 8.0'
26
- s.add_runtime_dependency 'beaker-puppet', ['>= 1.18.14', '< 3.0.0']
25
+ s.add_runtime_dependency 'beaker', ['>= 4.17.0', '< 7.0.0']
27
26
  s.add_runtime_dependency 'beaker-docker', ['>= 0.8.3', '< 3.0.0']
28
- s.add_runtime_dependency 'docker-api', ['>= 2.1.0', '< 3.0.0']
27
+ s.add_runtime_dependency 'beaker-puppet', ['>= 1.18.14', '< 5.0.0']
28
+ s.add_runtime_dependency 'beaker-rspec', '~> 8.0'
29
29
  s.add_runtime_dependency 'beaker-vagrant', ['>= 0.6.4', '< 2.0.0']
30
- s.add_runtime_dependency 'highline', '~> 2.0'
30
+ s.add_runtime_dependency 'docker-api', ['>= 2.1.0', '< 3.0.0']
31
+ s.add_runtime_dependency 'highline', ['>= 2.0', '< 4.0.0']
31
32
  s.add_runtime_dependency 'nokogiri', '~> 1.8'
32
33
 
33
34
  ### s.files = Dir['Rakefile', '{bin,lib,spec}/**/*', 'README*', 'LICENSE*'] & `git ls-files -z .`.split("\0")
34
- s.files = `git ls-files`.split("\n")
35
- s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
36
- s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
35
+ s.files = %x(git ls-files).split("\n")
36
+ s.test_files = %x(git ls-files -- {test,spec,features}/*).split("\n")
37
+ s.executables = %x(git ls-files -- bin/*).split("\n").map { |f| File.basename(f) }
37
38
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: simp-beaker-helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.32.0
4
+ version: 1.33.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-08-24 00:00:00.000000000 Z
12
+ date: 2024-06-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: beaker
@@ -20,7 +20,7 @@ dependencies:
20
20
  version: 4.17.0
21
21
  - - "<"
22
22
  - !ruby/object:Gem::Version
23
- version: 6.0.0
23
+ version: 7.0.0
24
24
  type: :runtime
25
25
  prerelease: false
26
26
  version_requirements: !ruby/object:Gem::Requirement
@@ -30,21 +30,27 @@ dependencies:
30
30
  version: 4.17.0
31
31
  - - "<"
32
32
  - !ruby/object:Gem::Version
33
- version: 6.0.0
33
+ version: 7.0.0
34
34
  - !ruby/object:Gem::Dependency
35
- name: beaker-rspec
35
+ name: beaker-docker
36
36
  requirement: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '8.0'
40
+ version: 0.8.3
41
+ - - "<"
42
+ - !ruby/object:Gem::Version
43
+ version: 3.0.0
41
44
  type: :runtime
42
45
  prerelease: false
43
46
  version_requirements: !ruby/object:Gem::Requirement
44
47
  requirements:
45
- - - "~>"
48
+ - - ">="
46
49
  - !ruby/object:Gem::Version
47
- version: '8.0'
50
+ version: 0.8.3
51
+ - - "<"
52
+ - !ruby/object:Gem::Version
53
+ version: 3.0.0
48
54
  - !ruby/object:Gem::Dependency
49
55
  name: beaker-puppet
50
56
  requirement: !ruby/object:Gem::Requirement
@@ -54,7 +60,7 @@ dependencies:
54
60
  version: 1.18.14
55
61
  - - "<"
56
62
  - !ruby/object:Gem::Version
57
- version: 3.0.0
63
+ version: 5.0.0
58
64
  type: :runtime
59
65
  prerelease: false
60
66
  version_requirements: !ruby/object:Gem::Requirement
@@ -64,81 +70,81 @@ dependencies:
64
70
  version: 1.18.14
65
71
  - - "<"
66
72
  - !ruby/object:Gem::Version
67
- version: 3.0.0
73
+ version: 5.0.0
68
74
  - !ruby/object:Gem::Dependency
69
- name: beaker-docker
75
+ name: beaker-rspec
70
76
  requirement: !ruby/object:Gem::Requirement
71
77
  requirements:
72
- - - ">="
73
- - !ruby/object:Gem::Version
74
- version: 0.8.3
75
- - - "<"
78
+ - - "~>"
76
79
  - !ruby/object:Gem::Version
77
- version: 3.0.0
80
+ version: '8.0'
78
81
  type: :runtime
79
82
  prerelease: false
80
83
  version_requirements: !ruby/object:Gem::Requirement
81
84
  requirements:
82
- - - ">="
83
- - !ruby/object:Gem::Version
84
- version: 0.8.3
85
- - - "<"
85
+ - - "~>"
86
86
  - !ruby/object:Gem::Version
87
- version: 3.0.0
87
+ version: '8.0'
88
88
  - !ruby/object:Gem::Dependency
89
- name: docker-api
89
+ name: beaker-vagrant
90
90
  requirement: !ruby/object:Gem::Requirement
91
91
  requirements:
92
92
  - - ">="
93
93
  - !ruby/object:Gem::Version
94
- version: 2.1.0
94
+ version: 0.6.4
95
95
  - - "<"
96
96
  - !ruby/object:Gem::Version
97
- version: 3.0.0
97
+ version: 2.0.0
98
98
  type: :runtime
99
99
  prerelease: false
100
100
  version_requirements: !ruby/object:Gem::Requirement
101
101
  requirements:
102
102
  - - ">="
103
103
  - !ruby/object:Gem::Version
104
- version: 2.1.0
104
+ version: 0.6.4
105
105
  - - "<"
106
106
  - !ruby/object:Gem::Version
107
- version: 3.0.0
107
+ version: 2.0.0
108
108
  - !ruby/object:Gem::Dependency
109
- name: beaker-vagrant
109
+ name: docker-api
110
110
  requirement: !ruby/object:Gem::Requirement
111
111
  requirements:
112
112
  - - ">="
113
113
  - !ruby/object:Gem::Version
114
- version: 0.6.4
114
+ version: 2.1.0
115
115
  - - "<"
116
116
  - !ruby/object:Gem::Version
117
- version: 2.0.0
117
+ version: 3.0.0
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: 0.6.4
124
+ version: 2.1.0
125
125
  - - "<"
126
126
  - !ruby/object:Gem::Version
127
- version: 2.0.0
127
+ version: 3.0.0
128
128
  - !ruby/object:Gem::Dependency
129
129
  name: highline
130
130
  requirement: !ruby/object:Gem::Requirement
131
131
  requirements:
132
- - - "~>"
132
+ - - ">="
133
133
  - !ruby/object:Gem::Version
134
134
  version: '2.0'
135
+ - - "<"
136
+ - !ruby/object:Gem::Version
137
+ version: 4.0.0
135
138
  type: :runtime
136
139
  prerelease: false
137
140
  version_requirements: !ruby/object:Gem::Requirement
138
141
  requirements:
139
- - - "~>"
142
+ - - ">="
140
143
  - !ruby/object:Gem::Version
141
144
  version: '2.0'
145
+ - - "<"
146
+ - !ruby/object:Gem::Version
147
+ version: 4.0.0
142
148
  - !ruby/object:Gem::Dependency
143
149
  name: nokogiri
144
150
  requirement: !ruby/object:Gem::Requirement
@@ -153,7 +159,9 @@ dependencies:
153
159
  - - "~>"
154
160
  - !ruby/object:Gem::Version
155
161
  version: '1.8'
156
- description: " Beaker helper methods to help scaffold SIMP acceptance tests\n"
162
+ description: 'Beaker helper methods to help scaffold SIMP acceptance tests
163
+
164
+ '
157
165
  email: simp@simp-project.org
158
166
  executables: []
159
167
  extensions: []
@@ -164,9 +172,6 @@ files:
164
172
  - ".github/workflows.local.json"
165
173
  - ".github/workflows/add_new_issue_to_triage_project.yml"
166
174
  - ".github/workflows/pr_acceptance.yml"
167
- - ".github/workflows/pr_glci.yml"
168
- - ".github/workflows/pr_glci_cleanup.yml"
169
- - ".github/workflows/pr_glci_manual.yml"
170
175
  - ".github/workflows/pr_tests.yml"
171
176
  - ".github/workflows/tag_deploy_rubygem.yml"
172
177
  - ".gitignore"
@@ -247,7 +252,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
247
252
  requirements:
248
253
  - - ">="
249
254
  - !ruby/object:Gem::Version
250
- version: 2.3.0
255
+ version: 2.7.0
251
256
  required_rubygems_version: !ruby/object:Gem::Requirement
252
257
  requirements:
253
258
  - - ">="
@@ -1,190 +0,0 @@
1
- # Push/Trigger a GitLab CI pipeline for the PR HEAD, **ONLY IF:**
2
- #
3
- # 1. The .gitlab-ci.yaml file exists and validates
4
- # 2. The PR submitter has write access to the target repository.
5
- #
6
- # ------------------------------------------------------------------------------
7
- #
8
- # NOTICE: **This file is maintained with puppetsync**
9
- #
10
- # This file is updated automatically as part of a puppet module baseline.
11
- #
12
- # The next baseline sync will overwrite any local changes to this file!
13
- #
14
- # ==============================================================================
15
- #
16
- # GitHub Action Secrets variables available for this pipeline:
17
- #
18
- # GitHub Secret variable Type Notes
19
- # ------------------------ -------- ----------------------------------------
20
- # GITLAB_API_PRIVATE_TOKEN Secure Should have `api` scope
21
- # GITLAB_API_URL Optional
22
- #
23
- # The secure vars will be filtered in GitHub Actions log output, and aren't
24
- # provided to untrusted builds (i.e, triggered by PR from another repository)
25
- #
26
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
27
- # WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
28
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!V!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
29
- #
30
- # DO NOT MODIFY this workflow, unless you **REALLY** know what you are doing.
31
- #
32
- # This workflow bypasses some of the built-in protections of the
33
- # `pull_request_target` event by explicitly checking out the PR's **HEAD**.
34
- # Without being VERY CAREFUL, this could easily allow a malcious PR
35
- # contributor the chance to access secrets or a GITHUB_TOKEN with write scope!!
36
- #
37
- # The jobs in this workflow are designed to handle this safely -- but DO NOT
38
- # assume any alterations will also be safe.
39
- #
40
- # For general information, see:
41
- #
42
- # https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target
43
- #
44
- # For further information, or if ANY of this seems confusing or unecessary:
45
- #
46
- # ASK FOR ASSISTANCE **BEFORE** ATTEMPTING TO MODIFY THIS WORKFLOW.
47
- #
48
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
49
- # WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
50
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!V!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
51
- #
52
- # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
53
- #
54
- ---
55
- name: PR GLCI
56
- on:
57
- pull_request_target:
58
- types: [opened, reopened, synchronize]
59
-
60
- jobs:
61
-
62
- # The ONLY reason we can validate the PR HEAD's content safely here is that
63
- # we restrict ourselves to sending data elsewhere.
64
- glci-syntax:
65
- name: '.gitlab-ci.yml Syntax'
66
- runs-on: ubuntu-latest
67
- outputs:
68
- valid: ${{ steps.validate-glci-file.outputs.valid }}
69
- steps:
70
- - uses: actions/checkout@v3
71
- with:
72
- repository: ${{ github.event.pull_request.head.repo.full_name }}
73
- ref: ${{ github.event.pull_request.head.ref }}
74
- - name: 'Validate GLCI file syntax'
75
- id: validate-glci-file
76
- uses: simp/github-action-gitlab-ci-syntax-check@main
77
- with:
78
- gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
79
- gitlab_api_url: ${{ secrets.GITLAB_API_URL }} # https://gitlab.com/api/v4
80
-
81
- contributor-permissions:
82
- name: 'PR contributor check'
83
- runs-on: ubuntu-latest
84
- outputs:
85
- permitted: ${{ steps.user-repo-permissions.outputs.permitted }}
86
- steps:
87
- - uses: actions/github-script@v6
88
- id: user-repo-permissions
89
- with:
90
- github-token: ${{secrets.GITHUB_TOKEN}}
91
- # See:
92
- # - https://octokit.github.io/rest.js/
93
- # - https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#get-repository-permissions-for-a-user
94
- script: |
95
- const project_permission = await github.request('GET /repos/{owner}/{repo}/collaborators/{username}/permission', {
96
- headers: {
97
- accept: 'application/vnd.github.v3+json'
98
- },
99
- owner: context.repo.owner,
100
- repo: context.repo.repo,
101
- username: context.payload.sender.login,
102
- })
103
- const has_write_access = perm_lvl => (perm_lvl == "admin" || perm_lvl == "write" )
104
- const write_access_desc = perm_bool => (perm_bool ? "PERMISSION OK" : "PERMISSION DENIED" )
105
- if( has_write_access(project_permission.data.permission )){
106
- core.setOutput( 'permitted', 'true' )
107
- } else {
108
- core.setOutput( 'permitted', 'false' )
109
- console.log(`::error ::payload user '${context.payload.sender.login}' does not have CI trigger permission for '${context.repository}; not triggering external CI'`)
110
- }
111
- console.log(`== payload user '${context.payload.sender.login}' CI trigger permission for '${context.repo.owner}': ${write_access_desc(has_write_access(project_permission.data.permission))}`)
112
-
113
-
114
- trigger-when-user-has-repo-permissions:
115
- name: 'Trigger CI [trusted users only]'
116
- needs: [ glci-syntax, contributor-permissions ]
117
- # This conditional provides an extra safety control, in case the workflow's
118
- # `on` section is inadventently modified without considering the security
119
- # implications.
120
- #
121
- # This job will ONLY trigger on:
122
- #
123
- # - [x] pull_request_target event: github.event_name == 'pull_request_target'
124
- # AND:
125
- # - [x] Newly-opened PRs: github.event.action == 'opened'
126
- # - [x] Re-opened PRs: github.event.action == 'reopened'
127
- # - [x] Commits are added to PR: github.event.action == 'synchronize'
128
- # AND:
129
- # - [x] .gitlab-ci.yml exists/ok: needs.glci-syntax.outputs.valid == 'true'
130
- #
131
- # [Not implemented] It should NEVER trigger on:
132
- #
133
- # - [ ] Merged PRs: github.event.pull_request.merged == 'false'
134
- # - (the downstream GitLab mirror will take care of that)
135
- # - Not implemented: For some reason, this conditional always fails
136
- # - Unnecessary if on>pull_request_target>types doesn't include 'closed'
137
- if: github.event_name == 'pull_request_target' && ( github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' ) && github.event.pull_request.merged != 'true' && needs.glci-syntax.outputs.valid == 'true' && needs.contributor-permissions.outputs.permitted == 'true'
138
- runs-on: ubuntu-latest
139
- steps:
140
- # Things we'd like to do:
141
- # - [ ] if there's no GitLab mirror, make one
142
- # - [ ] if there's no GitLab <-> GitHub integration, make one
143
- # - [ ] if there's no PR check on the main GitHub branch, make one (?)
144
- # - [x] Cancel any GLCI pipelines already pending/running for this branch
145
- # - "created|waiting_for_resource|preparing|pending|running"
146
- # - Exception: don't cancel existing pipeline for our own commit
147
- # - [x] if PR: force-push branch to GitLab
148
- - uses: actions/checkout@v3
149
- if: needs.contributor-permissions.outputs.permitted == 'true'
150
- with:
151
- clean: true
152
- fetch-depth: 0 # Need full checkout to push to gitlab mirror
153
- repository: ${{ github.event.pull_request.head.repo.full_name }}
154
- ref: ${{ github.event.pull_request.head.ref }}
155
-
156
- - name: Trigger CI when user has Repo Permissions
157
- if: needs.contributor-permissions.outputs.permitted == 'true'
158
- uses: simp/github-action-gitlab-ci-pipeline-trigger@v1
159
- with:
160
- git_branch: ${{ github.event.pull_request.head.ref }} # TODO check for/avoid protected branches?
161
- git_hashref: ${{ github.event.pull_request.head.sha }}
162
- gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
163
- gitlab_group: ${{ github.event.organization.login }}
164
- github_repository: ${{ github.repository }}
165
- github_repository_owner: ${{ github.repository_owner }}
166
-
167
- - name: When user does NOT have Repo Permissions
168
- if: needs.contributor-permissions.outputs.permitted == 'false'
169
- continue-on-error: true
170
- run: |
171
- echo "Ending gracefully; Contributor $GITHUB_ACTOR does not have permission to trigger CI"
172
- false
173
-
174
- ### examine_contexts:
175
- ### name: 'Examine Context contents'
176
- ### if: always()
177
- ### runs-on: ubuntu-latest
178
- ### needs: [ glci-syntax, contributor-permissions ]
179
- ### steps:
180
- ### - name: Dump contexts
181
- ### env:
182
- ### GITHUB_CONTEXT: ${{ toJson(github) }}
183
- ### run: echo "$GITHUB_CONTEXT"
184
- ### - name: Dump needs context
185
- ### env:
186
- ### ENV_CONTEXT: ${{ toJson(needs) }}
187
- ### run: echo "$ENV_CONTEXT"
188
- ### - name: Dump env vars
189
- ### run: env | sort
190
-