RubyGems - simp-beaker-helpers - Versions diffs - 1.32.1 → 1.33.0 - Mend

simp-beaker-helpers 1.32.1 → 1.33.0

Files changed (16) hide show

checksums.yaml +4 -4
data/.github/workflows/pr_acceptance.yml +4 -4
data/.github/workflows/pr_tests.yml +1 -1
data/.github/workflows/tag_deploy_rubygem.yml +2 -2
data/.rspec +0 -1
data/.rubocop.yml +166 -165
data/CHANGELOG.md +4 -0
data/Gemfile +16 -20
data/README.md +7 -0
data/lib/simp/beaker_helpers/version.rb +3 -1
data/lib/simp/beaker_helpers.rb +9 -4
data/simp-beaker-helpers.gemspec +17 -16
metadata +44 -39
data/.github/workflows/pr_glci.yml +0 -190
data/.github/workflows/pr_glci_cleanup.yml +0 -105
data/.github/workflows/pr_glci_manual.yml +0 -143

data/.github/workflows/pr_glci_cleanup.yml DELETED Viewed

@@ -1,105 +0,0 @@
-# When a PR is closed, clean up any associated GitLab CI pipelines & branch
-#
-# * Cancels all GLCI pipelines associated with the PR HEAD ref (branch)
-# * Removes the PR HEAD branch from the corresponding gitlab.com/org/ project
-#
-# ------------------------------------------------------------------------------
-#
-#             NOTICE: **This file is maintained with puppetsync**
-#
-# This file is updated automatically as part of a standardized asset baseline.
-#
-# The next baseline sync will overwrite any local changes to this file!
-#
-# ==============================================================================
-#
-# GitHub Action Secrets variables available for this pipeline:
-#
-#   GitHub Secret variable    Type      Notes
-#   ------------------------  --------  ----------------------------------------
-#   GITLAB_API_PRIVATE_TOKEN  Secure    Should have `api` scope
-#   GITLAB_API_URL            Optional
-#
-#   The secure vars will be filtered in GitHub Actions log output, and aren't
-#   provided to untrusted builds (i.e, triggered by PR from another repository)
-#
-# ------------------------------------------------------------------------------
-#
-# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
-#
----
-name: PR GLCI Cleanup
-on:
-  pull_request_target:
-    types: [closed]
-jobs:
-  cleanup-glci-branch:
-    name: 'Clean up GLCI'
-    # This conditional provides an extra safety control, in case the workflow's
-    # `on` section is inadventently modified without considering the security
-    # implications.
-    if: github.event_name == 'pull_request_target' && github.event.action == 'closed'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
-      - name: Trigger CI when user has Repo Permissions
-        env:
-          GITLAB_SERVER_URL: ${{ secrets.GITLAB_SERVER_URL }} # https://gitlab.com
-          GITLAB_API_URL: ${{ secrets.GITLAB_API_URL }}       # https://gitlab.com/api/v4
-          GITLAB_ORG: ${{ github.event.organization.login }}
-          GITLAB_API_PRIVATE_TOKEN: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
-          GIT_BRANCH: ${{ github.event.pull_request.head.ref }}
-        run: |
-          GITLAB_SERVER_URL="${GITLAB_SERVER_URL:-https://gitlab.com}"
-          GITLAB_API_URL="${GITLAB_API_URL:-${GITLAB_SERVER_URL}/api/v4}"
-          GIT_BRANCH="${GIT_BRANCH:-GITHUB_HEAD_REF}"
-          GITXXB_REPO_NAME="${GITHUB_REPOSITORY/$GITHUB_REPOSITORY_OWNER\//}"
-          GITLAB_PROJECT_ID="${GITLAB_ORG}%2F${GITXXB_REPO_NAME}"
-          # --http1.0 avoids an HTTP/2 load balancing issue when run from GA
-          CURL_CMD=(curl --http1.0 --fail --silent --show-error \
-            --header "Authorization: Bearer $GITLAB_API_PRIVATE_TOKEN" \
-            --header "Content-Type: application/json" \
-            --header "Accept: application/json" \
-          )
-          # Cancel any active/pending GitLab CI pipelines for the same project+branch
-          active_pipeline_ids=()
-          for pipe_status in created waiting_for_resource preparing pending running; do
-            echo "  ---- checking for CI pipelines with status '$pipe_status' for project '$GITLAB_PROJECT_ID', branch '$GIT_BRANCH'"
-            url="${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines?ref=${GIT_BRANCH}&status=${pipe_status}"
-            active_pipelines="$("${CURL_CMD[@]}" "$url" | jq -r '.[] | .id , .web_url')"
-            active_pipeline_ids+=($(echo "$active_pipelines" | grep -E '^[0-9]*$'))
-            printf "$active_pipelines\n\n"
-          done
-          if [ "${#active_pipeline_ids[@]}" -gt 0 ]; then
-            printf "\nFound %s active pipeline ids:\n" "${#active_pipeline_ids[@]}"
-            echo "${active_pipeline_ids[@]}"
-            for pipe_id in "${active_pipeline_ids[@]}"; do
-              printf "\n  ------ Cancelling pipeline ID %s...\n" "$pipe_id"
-              "${CURL_CMD[@]}" --request POST "${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines/${pipe_id}/cancel"
-            done
-          else
-            echo No active pipelines found
-          fi
-          echo "== Removing $GIT_BRANCH from gitlab"
-          git remote add gitlab "https://oauth2:${GITLAB_API_PRIVATE_TOKEN}@${GITLAB_SERVER_URL#*://}/${GITLAB_ORG}/${GITXXB_REPO_NAME}.git"
-          git push gitlab ":${GIT_BRANCH}" -f || : # attempt to un-weird GLCI's `changed` tracking
-###  examine_contexts:
-###    name: 'Examine Context contents'
-###    if: always()
-###    runs-on: ubuntu-latest
-###    steps:
-###      - name: Dump contexts
-###        env:
-###          GITHUB_CONTEXT: ${{ toJson(github) }}
-###        run: echo "$GITHUB_CONTEXT"
-###        run: echo "$ENV_CONTEXT"
-###      - name: Dump env vars
-###        run: env | sort

data/.github/workflows/pr_glci_manual.yml DELETED Viewed

@@ -1,143 +0,0 @@
-# Manually trigger GLCI pipelines for a PR
-# ------------------------------------------------------------------------------
-#
-#             NOTICE: **This file is maintained with puppetsync**
-# This file is updated automatically as part of a standardized asset baseline.
-#
-# The next baseline sync will overwrite any local changes to this file!
-#
-# ==============================================================================
-#
-# This pipeline uses the following GitHub Action Secrets:
-#
-#   GitHub Secret variable    Type      Notes
-#   ------------------------  --------  ----------------------------------------
-#   GITLAB_API_PRIVATE_TOKEN  Required  GitLab token (should have `api` scope)
-#   NO_SCOPE_GITHUB_TOKEN     Required  GitHub token (should have no scopes)
-#   GITLAB_SERVER_URL         Optional  Specify a GL server other than gitlab.com
-#   The secure vars will be filtered in GitHub Actions log output, and aren't
-#   provided to untrusted builds (i.e, triggered by PR from another repository)
-#
-# ------------------------------------------------------------------------------
-#
-# NOTES:
-#   It is necessary to provide NO_SCOPE_GITHUB_TOKEN because $secrets.GITHUB_AUTO
-#   is NOT provide to manually-triggered (`workflow_dispatch`) events, in order
-#   to prevent recursive triggers between workflows
-#
-#   Reference:
-#
-#   https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
----
-name: 'Manual: PR GLCI'
-on:
-  workflow_dispatch:
-    inputs:
-      pr_number:
-        description: "PR number to trigger GLCI"
-        required: true
-jobs:
-  glci-syntax:
-    name: '.gitlab-ci.yml Syntax'
-    runs-on: ubuntu-latest
-    outputs:
-      valid: ${{ steps.validate-glci-file.outputs.valid }}
-      pr_head_ref: ${{ steps.get-pr.outputs.pr_head_ref }}
-      pr_head_sha: ${{ steps.get-pr.outputs.pr_head_sha }}
-      pr_head_label: ${{ steps.get-pr.outputs.pr_head_label }}
-      pr_head_full_name: ${{ steps.get-pr.outputs.pr_full_name }}
-    steps:
-      - uses: actions/github-script@v6
-        id: get-pr
-        with:
-          github-token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
-          # See:
-          #   - https://octokit.github.io/rest.js/
-          script: |
-            console.log(`== pr number: ${context.payload.inputs.pr_number}`)
-            const pr = await github.request('get /repos/{owner}/{repo}/pulls/{pull_number}', {
-              headers: {
-                accept: 'application/vnd.github.v3+json'
-              },
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.payload.inputs.pr_number
-            });
-            console.log("\n\n== pr\n");
-            console.log(pr);
-            console.log("\n\n== pr.data.head\n");
-            console.log(pr.data.head);
-            console.log(pr.status);
-            // PR must have been returned
-            if ( pr.status != 200 ) {
-              //#console.log(`::error ::Error looking up PR \#${context.payload.inputs.pr_number}: HTTP Response ${pr.status}`)
-              return(false)
-            }
-            // TODO: should either of these conditions really prevent a GLCI trigger?
-            if ( pr.data.state != 'open' ) {
-              console.log(`::error ::PR# ${context.payload.inputs.pr_number} is not open`)
-            }
-            if ( pr.data.merged ) {
-              console.log(`::error ::PR# ${context.payload.inputs.pr_number} is already merged`)
-            }
-            core.setOutput( 'pr_head_sha', pr.data.head.sha )
-            core.setOutput( 'pr_head_ref', pr.data.head.ref )
-            core.setOutput( 'pr_head_label', pr.data.head.label )
-            core.setOutput( 'pr_head_full_name', pr.data.head.full_name )
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{ steps.get-pr.outputs.pr_head_full_name }}
-          ref: ${{ steps.get-pr.outputs.pr_head_sha }}
-          token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
-          clean: true
-      - name: 'Validate GLCI file syntax'
-        id: validate-glci-file
-        uses: simp/github-action-gitlab-ci-syntax-check@main
-        with:
-          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
-          gitlab_api_url: ${{ secrets.GITLAB_API_URL }}       # https://gitlab.com/api/v4
-  trigger-when-user-has-repo-permissions:
-    name: 'Trigger CI'
-    needs: [ glci-syntax ]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{ needs.glci-syntax.outputs.pr_head_full_name }}
-          ref: ${{ needs.glci-syntax.outputs.pr_head_sha }}
-          token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
-          fetch-depth: 0  # Need full checkout to push to gitlab mirror
-          clean: true
-      - name: Trigger CI when user has Repo Permissions
-        uses: simp/github-action-gitlab-ci-pipeline-trigger@v1
-        with:
-          git_hashref:  ${{ needs.glci-syntax.outputs.pr_head_sha }}
-          git_branch: ${{ needs.glci-syntax.outputs.pr_head_ref }}
-          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
-          gitlab_group: ${{ github.event.organization.login }}
-          github_repository: ${{ github.repository }}
-          github_repository_owner: ${{ github.repository_owner }}
-###  examine_contexts:
-###    needs: [ glci-syntax ]
-###    name: 'Examine Context contents'
-###    if: always()
-###    runs-on: ubuntu-latest
-###    steps:
-###      - name: Dump contexts
-###        env:
-###          GITHUB_CONTEXT: ${{ toJson(github) }}
-###        run: echo "$GITHUB_CONTEXT"
-###      - name: Dump 'needs' context
-###        env:
-###          ENV_CONTEXT: ${{ toJson(needs) }}
-###        run: echo "$ENV_CONTEXT"
-###      - name: Dump env vars
-###        run: env | sort