Add 'common/' from commit '35e64a102db0fb7fe3903acff56d3b4be9cf02b7'

git-subtree-dir: common
git-subtree-mainline: eb45d81
git-subtree-split: 35e64a1

common/.ansible-lint

@@ -0,0 +1,17 @@
+# Vim filetype=yaml
+---
+offline: false
+skip_list:
+ - name[template] # Allow Jinja templating inside task and play names
+ - template-instead-of-copy # Templated files should use template instead of copy
+ - yaml[line-length] # too long lines
+ - yaml[indentation] # Forcing lists to be always indented by 2 chars is silly IMO
+ - var-naming[no-role-prefix] # This would be too much churn for very little gain
+ - no-changed-when
+ - var-naming[no-role-prefix] # There are too many changes now and it would be too risky
+
+# ansible-lint gh workflow cannot find ansible.cfg hence fails to import vault_utils role
+exclude_paths:
+ - ./ansible/playbooks/vault/vault.yaml
+ - ./ansible/playbooks/iib-ci/iib-ci.yaml
+ - ./ansible/roles/vault_utils/tests/test.yml

common/.github/dependabot.yml

@@ -0,0 +1,9 @@
+---
+version: 2
+updates:
+ # Check for updates to GitHub Actions every week
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+

common/.github/linters/.gitleaks.toml

@@ -0,0 +1,8 @@
+[whitelist]
+# As of v4, gitleaks only matches against filename, not path in the
+# files directive. Leaving content for backwards compatibility.
+files = [
+ "ansible/plugins/modules/*.py",
+ "ansible/tests/unit/test_*.py",
+ "ansible/tests/unit/v1/*.yaml",
+]

common/.github/linters/.markdown-lint.yml

@@ -0,0 +1,6 @@
+{
+ "default": true,
+ "MD003": false,
+ "MD013": false,
+ "MD033": false
+}

common/.github/workflows/ansible-lint.yml

@@ -0,0 +1,17 @@
+name: Ansible Lint # feel free to pick your own name
+
+on: [push, pull_request]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ # Important: This sets up your GITHUB_WORKSPACE environment variable
+ - uses: actions/checkout@v3
+
+ - name: Lint Ansible Playbook
+ uses: ansible/ansible-lint-action@v6
+ # Let's point it to the path
+ with:
+ path: "ansible/"

common/.github/workflows/ansible-unittest.yml

@@ -0,0 +1,52 @@
+---
+name: Ansible unit tests
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+ ansible_unittests:
+ # Name the Job
+ name: Ansible unit tests
+ strategy:
+ matrix:
+ python-version: [3.11.3]
+ # Set the agent to run on
+ runs-on: ubuntu-latest
+
+ ##################
+ # Load all steps #
+ ##################
+ steps:
+ ##########################
+ # Checkout the code base #
+ ##########################
+ - name: Checkout Code
+ uses: actions/checkout@v3
+ with:
+ # Full git history is needed to get a proper list of changed files within `super-linter`
+ fetch-depth: 0
+
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v4
+ with:
+ python-version: ${{ matrix.python-version }}
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install pytest ansible
+
+ - name: Run make ansible-unittest
+ run: |
+ make ansible-unittest

common/.github/workflows/jsonschema.yaml

@@ -0,0 +1,57 @@
+---
+name: Verify json schema
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+ jsonschema_tests:
+ # Name the Job
+ name: Json Schema tests
+ strategy:
+ matrix:
+ python-version: [3.11.3]
+ # Set the agent to run on
+ runs-on: ubuntu-latest
+
+ ##################
+ # Load all steps #
+ ##################
+ steps:
+ ##########################
+ # Checkout the code base #
+ ##########################
+ - name: Checkout Code
+ uses: actions/checkout@v3
+ with:
+ # Full git history is needed to get a proper list of changed files within `super-linter`
+ fetch-depth: 0
+
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v4
+ with:
+ python-version: ${{ matrix.python-version }}
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install check-jsonschema
+
+ - name: Verify secrets json schema
+ run: |
+ check-jsonschema --schemafile ./ansible/roles/vault_utils/values-secrets.v1.schema.json examples/secrets/values-secret.v1.yaml
+ check-jsonschema --schemafile ./ansible/roles/vault_utils/values-secrets.v2.schema.json examples/secrets/values-secret.v2.yaml
+
+ - name: Verify ClusterGroup values.schema.json
+ run: |
+ set -e; for i in examples/*yaml; do echo "$i"; check-jsonschema --schemafile ./clustergroup/values.schema.json "$i"; done

common/.github/workflows/linter.yml

@@ -0,0 +1,64 @@
+---
+name: Unit test common
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+ build:
+ # Name the Job
+ name: Unit common/ Code Base
+ # Set the agent to run on
+ runs-on: ubuntu-latest
+
+ ##################
+ # Load all steps #
+ ##################
+ steps:
+ ##########################
+ # Checkout the code base #
+ ##########################
+ - name: Checkout Code
+ uses: actions/checkout@v3
+ with:
+ # Full git history is needed to get a proper list of changed files within `super-linter`
+ fetch-depth: 0
+ - name: Setup helm
+ uses: azure/setup-helm@v3
+ # with:
+ # version: '<version>' # default is latest stable
+ id: install
+
+ ################################
+ # Run Linter against code base #
+ ################################
+ # - name: Lint Code Base
+ # uses: github/super-linter@v4
+ # env:
+ # VALIDATE_ALL_CODEBASE: false
+ # DEFAULT_BRANCH: main
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: Run make test
+ run: |
+ make test
+
+ - name: Run make helmlint
+ run: |
+ make helmlint
+
+ - name: Run make helm kubeconform
+ run: |
+ curl -L -O https://github.com/yannh/kubeconform/releases/download/v0.4.13/kubeconform-linux-amd64.tar.gz
+ tar xf kubeconform-linux-amd64.tar.gz
+ sudo mv -v kubeconform /usr/local/bin
+ make kubeconform

common/.github/workflows/superlinter.yml

@@ -0,0 +1,38 @@
+---
+name: Super linter
+
+on: [push, pull_request]
+
+jobs:
+ build:
+ # Name the Job
+ name: Super linter
+ # Set the agent to run on
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout Code
+ uses: actions/checkout@v3
+ with:
+ # Full git history is needed to get a proper list of changed files within `super-linter`
+ fetch-depth: 0
+
+ ################################
+ # Run Linter against code base #
+ ################################
+ - name: Lint Code Base
+ uses: github/super-linter/slim@v5
+ env:
+ VALIDATE_ALL_CODEBASE: true
+ DEFAULT_BRANCH: main
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # These are the validation we disable atm
+ VALIDATE_ANSIBLE: false
+ VALIDATE_BASH: false
+ VALIDATE_JSCPD: false
+ VALIDATE_KUBERNETES_KUBECONFORM: false
+ VALIDATE_YAML: false
+ # VALIDATE_DOCKERFILE_HADOLINT: false
+ # VALIDATE_MARKDOWN: false
+ # VALIDATE_NATURAL_LANGUAGE: false
+ # VALIDATE_TEKTON: false

common/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.py[cod]
+*~
+*.swp
+*.swo
+values-secret.yaml
+.*.expected.yaml
+pattern-vault.init
+pattern-vault.init.bak
+super-linter.log
+golang-external-secrets/Chart.lock
+hashicorp-vault/Chart.lock

common/.gitleaks.toml

@@ -0,0 +1 @@
+.github/linters/.gitleaks.toml