diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e66b8d83..8c384cf4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,24 @@ version: 2 updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + ignore: + - dependency-name: "actions/checkout" + update-types: ["version-update:semver-major"] + # Maintain dependencies for dockerfiles - package-ecosystem: docker - directory: "/" + directory: / + schedule: + interval: weekly + - package-ecosystem: pip + directory: "/tests" schedule: - interval: daily + interval: weekly open-pull-requests-limit: 10 + groups: + python: + patterns: + - "*" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..c736d164 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,13 @@ +name: Run lint and static analyis checks +on: + pull_request: + +concurrency: + group: lint-${{ github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + lint: + uses: plus3it/actions-workflows/.github/workflows/lint.yml@821d7899f1cf32b97306ef06ca1de31ae3274b7f + with: + tardigradelint-target: install/pip_requirements/tests/requirements.txt lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..2d5dee74 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,21 @@ +name: Create GitHub Release + +on: + # Run on demand + workflow_dispatch: + + # Run on push to main when .bumpversion.cfg version is updated + push: + branches: + - main + - master + paths: + - .bumpversion.cfg + +jobs: + release: + uses: plus3it/actions-workflows/.github/workflows/release.yml@821d7899f1cf32b97306ef06ca1de31ae3274b7f + secrets: + release-token: ${{ secrets.GH_RELEASES_TOKEN }} + with: + mockstacktest-enable: false diff --git a/.mergify.yml b/.mergify.yml index 4454b1ab..1d5138d3 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -2,7 +2,6 @@ pull_request_rules: - name: approve dependabot pull requests conditions: - author=dependabot[bot] - - status-success=Travis CI - Pull Request actions: review: type: APPROVE diff --git a/Makefile b/Makefile index 2bc9a5c4..e82122fe 100644 --- a/Makefile +++ b/Makefile @@ -1,75 +1,3 @@ -SHELL := /bin/bash +TFDOCS_PATH = spel -PACKER_ZIP ?= https://releases.hashicorp.com/packer/$(PACKER_VERSION)/packer_$(PACKER_VERSION)_linux_amd64.zip -PACKER_LOG ?= '1' -PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.log -CHECKPOINT_DISABLE ?= '1' -SPEL_CI ?= false -SPEL_BUILDERS ?= amazon-ebssurrogate.minimal-rhel-8-hvm,amazon-ebssurrogate.minimal-centos-8stream-hvm,amazon-ebssurrogate.minimal-ol-8-hvm -BUILDER_REGION = $(or $(PKR_VAR_aws_region),$(AWS_REGION)) -export PATH := $(HOME)/bin:$(PATH) - -export PKR_VAR_spel_deprecation_lifetime ?= 8760h - -# The `pre_build`, `build`, and `post_build` targets all use packer in a way that -# supports both Commercial and GovCloud partitions. For GovCloud, the `install` -# target is used to setup an aws profile with credentials retrieved from SSM. For -# the Commercial partition, the profile is created but the credentials are sourced -# from the execution environment (meaning your workstation or CodeBuild). - -# Due to the use of an aws profile, when running interactively, it is required -# to export AWS_PROFILE with a valid profile. For CodeBuild CI, it is set to $SPEL_IDENTIFIER, -# and `make install` will create it. - -.PHONY: all install pre_build build post_build docs -.EXPORT_ALL_VARIABLES: - -$(info SPEL_IDENTIFIER=$(SPEL_IDENTIFIER)) -$(info SPEL_VERSION=$(SPEL_VERSION)) - -ifndef SPEL_IDENTIFIER -$(error SPEL_IDENTIFIER is not set) -endif - -ifndef SPEL_VERSION -$(error SPEL_VERSION is not set) -else -$(shell mkdir -p ".spel/$(SPEL_VERSION)") -endif - -ifeq ($(SPEL_CI),true) -export PKR_VAR_aws_ami_groups = [] -export PKR_VAR_aws_ami_regions = ["$(BUILDER_REGION)"] -endif - -all: build - -docs/lint: - $(MAKE) -f Makefile.tardigrade-ci docs/lint - -docs/generate: - $(MAKE) -f Makefile.tardigrade-ci docs/generate - -install: - $(MAKE) -f Makefile.tardigrade-ci packer/install - bash -eo pipefail ./build/install.sh - -# The profile and region envs are used only by the `pre_build`, `build`, and `post_build` -# targets. For the region targets, do not use "?=" because we *always* want to -# override this in codebuild. We cannot set these in the buildspec because that -# breaks codebuild when building for GovCloud. -pre_build build post_build: export AWS_PROFILE ?= $(SPEL_IDENTIFIER) -pre_build build post_build: export AWS_DEFAULT_REGION := $(BUILDER_REGION) -pre_build build post_build: export AWS_REGION := $(BUILDER_REGION) - -# Set the source security group cidr -pre_build build post_build: export PKR_VAR_aws_temporary_security_group_source_cidrs = ["$(shell curl -sSL https://checkip.amazonaws.com)/32"] - -pre_build: - bash ./build/pre_build.sh - -build: pre_build - bash ./build/build.sh - -post_build: - bash ./build/post_build.sh +include $(shell test -f .tardigrade-ci || curl -sSL -o .tardigrade-ci "https://raw.githubusercontent.com/plus3it/tardigrade-ci/master/bootstrap/Makefile.bootstrap"; echo .tardigrade-ci) diff --git a/Makefile.spel b/Makefile.spel new file mode 100644 index 00000000..15ee7c60 --- /dev/null +++ b/Makefile.spel @@ -0,0 +1,75 @@ +SHELL := /bin/bash + +PACKER_ZIP ?= https://releases.hashicorp.com/packer/$(PACKER_VERSION)/packer_$(PACKER_VERSION)_linux_amd64.zip +PACKER_LOG ?= '1' +PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.log +CHECKPOINT_DISABLE ?= '1' +SPEL_CI ?= false +SPEL_BUILDERS ?= amazon-ebssurrogate.minimal-rhel-8-hvm,amazon-ebssurrogate.minimal-centos-8stream-hvm,amazon-ebssurrogate.minimal-ol-8-hvm +BUILDER_REGION = $(or $(PKR_VAR_aws_region),$(AWS_REGION)) +export PATH := $(HOME)/bin:$(PATH) + +export PKR_VAR_spel_deprecation_lifetime ?= 8760h + +# The `pre_build`, `build`, and `post_build` targets all use packer in a way that +# supports both Commercial and GovCloud partitions. For GovCloud, the `install` +# target is used to setup an aws profile with credentials retrieved from SSM. For +# the Commercial partition, the profile is created but the credentials are sourced +# from the execution environment (meaning your workstation or CodeBuild). + +# Due to the use of an aws profile, when running interactively, it is required +# to export AWS_PROFILE with a valid profile. For CodeBuild CI, it is set to $SPEL_IDENTIFIER, +# and `make install` will create it. + +.PHONY: all install pre_build build post_build docs +.EXPORT_ALL_VARIABLES: + +$(info SPEL_IDENTIFIER=$(SPEL_IDENTIFIER)) +$(info SPEL_VERSION=$(SPEL_VERSION)) + +ifndef SPEL_IDENTIFIER +$(error SPEL_IDENTIFIER is not set) +endif + +ifndef SPEL_VERSION +$(error SPEL_VERSION is not set) +else +$(shell mkdir -p ".spel/$(SPEL_VERSION)") +endif + +ifeq ($(SPEL_CI),true) +export PKR_VAR_aws_ami_groups = [] +export PKR_VAR_aws_ami_regions = ["$(BUILDER_REGION)"] +endif + +all: build + +docs/lint: + $(MAKE) -f Makefile docs/lint + +docs/generate: + $(MAKE) -f Makefile docs/generate + +install: + $(MAKE) -f Makefile packer/install + bash -eo pipefail ./build/install.sh + +# The profile and region envs are used only by the `pre_build`, `build`, and `post_build` +# targets. For the region targets, do not use "?=" because we *always* want to +# override this in codebuild. We cannot set these in the buildspec because that +# breaks codebuild when building for GovCloud. +pre_build build post_build: export AWS_PROFILE ?= $(SPEL_IDENTIFIER) +pre_build build post_build: export AWS_DEFAULT_REGION := $(BUILDER_REGION) +pre_build build post_build: export AWS_REGION := $(BUILDER_REGION) + +# Set the source security group cidr +pre_build build post_build: export PKR_VAR_aws_temporary_security_group_source_cidrs = ["$(shell curl -sSL https://checkip.amazonaws.com)/32"] + +pre_build: + bash ./build/pre_build.sh + +build: pre_build + bash ./build/build.sh + +post_build: + bash ./build/post_build.sh diff --git a/Makefile.tardigrade-ci b/Makefile.tardigrade-ci deleted file mode 100644 index e82122fe..00000000 --- a/Makefile.tardigrade-ci +++ /dev/null @@ -1,3 +0,0 @@ -TFDOCS_PATH = spel - -include $(shell test -f .tardigrade-ci || curl -sSL -o .tardigrade-ci "https://raw.githubusercontent.com/plus3it/tardigrade-ci/master/bootstrap/Makefile.bootstrap"; echo .tardigrade-ci) diff --git a/build/vagrant/Makefile b/build/vagrant/Makefile index 1ca650d2..70175b39 100644 --- a/build/vagrant/Makefile +++ b/build/vagrant/Makefile @@ -30,7 +30,7 @@ $(info SPEL_VERSION=$(SPEL_VERSION)) all: build install: - $(MAKE) -f ../../Makefile.tardigrade-ci packer/install + $(MAKE) -f ../../Makefile packer/install build: export PACKER_LOG = 1 build: export PACKER_LOG_PATH = .spel/$(SPEL_VERSION)/packer.build-spel-vagrant.log diff --git a/build/vagrant/build-spel-vagrant.sh b/build/vagrant/build-spel-vagrant.sh index b8bee33a..f08bc7a2 100644 --- a/build/vagrant/build-spel-vagrant.sh +++ b/build/vagrant/build-spel-vagrant.sh @@ -41,7 +41,7 @@ if [[ -n "${SPEL_REPO_COMMIT:-}" ]] ; then fi # install packer -make -f Makefile.tardigrade-ci packer/install +make packer/install # build vagrant box mkdir -p "${CLONE_DIR}/.spel/${SPEL_VERSION:?}/" diff --git a/buildspec.yml b/buildspec.yml index ecf90f2a..6a0482c3 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -16,13 +16,13 @@ phases: SPEL_VERSION=$(date +%Y.%m.dev%s) export SPEL_VERSION fi - - make install + - make -f Makefile.spel install build: commands: - - make build + - make -f Makefile.spel build post_build: commands: - - make post_build + - make -f Makefile.spel post_build - find . -type f \( -name '*.box' -o -name '*.ova' \) -print0 | xargs -0 rm -f artifacts: diff --git a/tests/requirements.txt b/tests/requirements.txt index 8b2644e6..c81426fc 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ -distro==1.6.0 +distro==1.9.0 pytest==6.2.5 pytest-logger==0.5.1 pytest-testinfra==6.5.0