CI: Cleanup files, configure, and enable pre-commit

* Cleanup files using prettier via pre-commit
* Correct shellcheck complaints
* Add configuration files for pre-commit
* Update tox.ini to use pre-commit and drop coala since coala no longer
  works

Change-Id: I85ebb36fd09da90a660ab7175f02fc71bf3f180e
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>

diff --git a/.coafile b/.coafile
deleted file mode 100644 (file)
index 09216c3..0000000
--- a/.coafile
+++ /dev/null
@@ -1,30 +0,0 @@
-[all]
-ignore = .tox/**,
-    .git/**,
-    .gitignore,
-    .gitreview,
-    .gitmodules,
-    node_modules/**,
-    **.sw?,
-    **.orig
-
-[all.GitCommit]
-bears = GitCommitBear
-ignore_length_regex = Signed-off-by,
-    Also-by,
-    Co-authored-by,
-    http://,
-    https://
-
-[all.MarkDown]
-bears = MarkdownBear,SpaceConsistencyBear,WriteGoodLintBear
-files = **.md, **.markdown
-use_spaces = true
-
-[all.ShellCheck]
-bears = ShellCheckBear,SpaceConsistencyBear
-files = **.sh
-shell = bash
-indent_size = 4
-use_spaces = yeah
-

diff --git a/.gitlint b/.gitlint
new file mode 100644 (file)
index 0000000..2278ee6
--- /dev/null
+++ b/.gitlint
@@ -0,0 +1,100 @@
+# All these sections are optional, edit this file as you like.
+[general]
+# Ignore certain rules, you can reference them by their id or by their full
+# name
+# ignore=title-trailing-punctuation, T3
+
+# verbosity should be a value between 1 and 3, the command line -v flags take
+# precedence over this
+# verbosity = 2
+
+# By default gitlint will ignore merge commits. Set to 'false' to disable.
+# ignore-merge-commits=true
+
+# By default gitlint will ignore fixup commits. Set to 'false' to disable.
+# ignore-fixup-commits=true
+
+# By default gitlint will ignore squash commits. Set to 'false' to disable.
+# ignore-squash-commits=true
+
+# Enable debug mode (prints more output). Disabled by default.
+# debug=true
+
+# Set the extra-path where gitlint will search for user defined rules
+# See http://jorisroovers.github.io/gitlint/user_defined_rules for details
+# extra-path=examples/
+
+contrib=contrib-title-conventional-commits,contrib-body-requires-signed-off-by
+
+# [title-max-length]
+# line-length=80
+
+# [title-must-not-contain-word]
+# Comma-separated list of words that should not occur in the title. Matching is
+# case insensitive. It's fine if the keyword occurs as part of a larger word
+# (so "WIPING" will not cause a violation, but "WIP: my title" will.
+# words=wip
+
+# [title-match-regex]
+# python like regex (https://docs.python.org/2/library/re.html) that the
+# commit-msg title must be matched to.
+# Note that the regex can contradict with other rules if not used correctly
+# (e.g. title-must-not-contain-word).
+# regex=^US[0-9]*
+
+# [B1]
+# B1 = body-max-line-length
+# line-length=120
+
+# [body-min-length]
+# min-length=5
+
+# [body-is-missing]
+# Whether to ignore this rule on merge commits (which typically only have a title)
+# default = True
+# ignore-merge-commits=false
+
+# [body-changed-file-mention]
+# List of files that need to be explicitly mentioned in the body when they are
+# changed This is useful for when developers often erroneously edit certain
+# files or git submodules.  By specifying this rule, developers can only change
+# the file when they explicitly reference it in the commit message.
+# files=gitlint/rules.py,README.md
+
+# [author-valid-email]
+# python like regex (https://docs.python.org/2/library/re.html) that the
+# commit author email address should be matched to
+# For example, use the following regex if you only want to allow email
+# addresses from foo.com
+# regex=[^@]+@foo.com
+
+# [ignore-by-title]
+# Ignore certain rules for commits of which the title matches a regex
+# E.g. Match commit titles that start with "Release"
+# regex=^Release(.*)
+#
+# Ignore certain rules, you can reference them by their id or by their full name
+# Use 'all' to ignore all rules
+# ignore=T1,body-min-length
+
+# [ignore-by-body]
+# Ignore certain rules for commits of which the body has a line that matches a
+# regex
+# E.g. Match bodies that have a line that contain "release"
+# regex=(.*)release(.*)
+#
+# Ignore certain rules, you can reference them by their id or by their full name
+# Use 'all' to ignore all rules
+# ignore=T1,body-min-length
+
+# Enable Conventional Commit subject line enforcement
+# https://www.conventionalcommits.org/en/v1.0.0/
+#
+# Since we want all subjects to be well formed, enforce the topics
+# to the following (fairly standard) topics and require them to be Mixed Case
+[contrib-title-conventional-commits]
+types=Fix,Feat,Chore,Docs,Style,Refactor,Perf,Test,Revert,CI,Build
+
+# Require RELENG issues in commit messages
+# [body-match-regex]
+# regex=(.*)Issue:\s+(?<!IT)RELENG-\d+(.*)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644 (file)
index 0000000..f5517c6
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,38 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: no-commit-to-branch
+        args:
+          - --branch=master
+          - --branch=main
+
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.6.2
+    hooks:
+      - id: prettier
+        stages: [commit]
+
+  - repo: https://github.com/jorisroovers/gitlint
+    rev: v0.17.0
+    hooks:
+      - id: gitlint
+
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.26.3
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 2.1.6
+    hooks:
+      - id: shellcheck
+
+  # yamllint disable rule:comments-indentation
+  # Disable write good for now as it will require more work to get passing
+  # - repo: https://github.com/btford/write-good
+  #   rev: v1.0.8
+  #   hooks:
+  #     - id: write-good

diff --git a/.yamllint b/.yamllint
new file mode 100644 (file)
index 0000000..d4497f8
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  empty-lines:
+    max-end: 1
+  line-length:
+    max: 120
+  comments:
+    # prettier forces 1 space comment separator
+    min-spaces-from-content: 1

diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index f19664c..96cf0df 100644 (file)
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -1,44 +1,44 @@
 ---
 ---

-version: '3'
+version: "3"

 services:
 services:

-    init:
-        environment:
-            - CI_SYSTEM=jenkins
-            - GLOBAL_JJB_VERSION=v0.19.2
-        volumes:
-            - jenkins:/jenkins
-        links:
-            - jenkins
-    jenkins:
-        build:
-            context: ./jenkins
-            args:
-                - JENKINS_VERSION=$JENKINS_CONTAINER_VERSION
-        container_name: releng-jenkins
-        env_file: config.env
-        environment:
-            - JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
-            - VIRTUAL_HOST=jenkins.localhost
-            - VIRTUAL_PORT=8080
-        volumes:
-            - jenkins:/var/jenkins_home
-        expose:
-            - "8080"
-        depends_on:
-            - ldap
-            - nginx
-        links:
-            - ldap
-            - nginx
-    jenkins-agent:
-        build: ./jenkins/agent
-        container_name: releng-agent
-        env_file: config.env
-        ports:
-            - "22"
-        links:
-            - "nginx:jenkins.localhost"
-            - "nginx:nexus.localhost"
-            - "nginx:gerrit.localhost"
+  init:
+    environment:
+      - CI_SYSTEM=jenkins
+      - GLOBAL_JJB_VERSION=v0.19.2
+    volumes:
+      - jenkins:/jenkins
+    links:
+      - jenkins
+  jenkins:
+    build:
+      context: ./jenkins
+      args:
+        - JENKINS_VERSION=$JENKINS_CONTAINER_VERSION
+    container_name: releng-jenkins
+    env_file: config.env
+    environment:
+      - JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
+      - VIRTUAL_HOST=jenkins.localhost
+      - VIRTUAL_PORT=8080
+    volumes:
+      - jenkins:/var/jenkins_home
+    expose:
+      - "8080"
+    depends_on:
+      - ldap
+      - nginx
+    links:
+      - ldap
+      - nginx
+  jenkins-agent:
+    build: ./jenkins/agent
+    container_name: releng-agent
+    env_file: config.env
+    ports:
+      - "22"
+    links:
+      - "nginx:jenkins.localhost"
+      - "nginx:nexus.localhost"
+      - "nginx:gerrit.localhost"

 volumes:
 volumes:

-    jenkins:
+  jenkins:

diff --git a/docker-compose.yml b/docker-compose.yml
index d72dae7..121156e 100644 (file)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,94 +1,94 @@
 # Container Versions stored in '.env'
 ---
 # Container Versions stored in '.env'
 ---

-version: '3'
+version: "3"

 services:
 services:

-    init:
-        build:
-            dockerfile: Dockerfile
-            context: ./init/
-        container_name: releng-init
-        volumes:
-            - ./init/inventory.ini:/etc/ansible/inventory.ini
-            - ./init/playbooks:/usr/src/ansible
-            - init:/init/
-        links:
-            - gerrit
-            - nexus
-    ldap:
-        image: "osixia/openldap:$OPENLDAP_CONTAINER_VERSION"
-        container_name: releng-ldap
-        env_file: config.env
-        command: "--loglevel debug --copy-service"
-        volumes:
-            - ./ldap/bootstrap/groups.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-groups.ldif
-        ports:
-            - "636:636"
-    gerrit:
-        image: "openfrontier/gerrit:$GERRIT_CONTAINER_VERSION"
-        container_name: releng-gerrit
-        env_file: config.env
-        environment:
-            - VIRTUAL_HOST=gerrit.localhost
-            - VIRTUAL_PORT=8080
-        volumes:
-            - gerrit:/var/gerrit/review_site
-        expose:
-            - "8080"
-        ports:
-            - "29418:29418"
-        depends_on:
-            - ldap
-            - nginx
-        links:
-            - ldap
-            - nginx
-    nexus:
-        image: "sonatype/nexus:$NEXUS_CONTAINER_VERSION"
-        container_name: releng-nexus
-        env_file: config.env
-        environment:
-            - VIRTUAL_HOST=nexus.localhost
-            - VIRTUAL_PORT=8081
-        volumes:
-            - nexus:/sonatype-work
-        expose:
-            - "8081"
-        depends_on:
-            - nginx
-        links:
-            - nginx
-#    artifactory:
-#        image: "docker.bintray.io/jfrog/artifactory-oss:$ARTIFACTORY_CONTAINER_VERSION"
-#        container_name: releng-artifactory
-#        env_file: config.env
-#        environment:
-#            - VIRTUAL_HOST=artifactory.localhost
-#            - VIRTUAL_PORT=8081
-#        volumes:
-#            - artifactory:/var/opt/jfrog/artifactory
-#        expose:
-#            - "80"
-#            - "443"
-#            - "8081"
-#        depends_on:
-#            - nginx
-#        links:
-#            - nginx
-    postgres:
-        image: postgres:latest
-        container_name: releng-postgres
-        env_file: config.env
-        expose:
-            - "5432"
-    nginx:
-        image: jwilder/nginx-proxy:latest
-        container_name: releng-ingress
-        ports:
-            - "80:80"
-        volumes:
-            - /var/run/docker.sock:/tmp/docker.sock:ro
+  init:
+    build:
+      dockerfile: Dockerfile
+      context: ./init/
+    container_name: releng-init
+    volumes:
+      - ./init/inventory.ini:/etc/ansible/inventory.ini
+      - ./init/playbooks:/usr/src/ansible
+      - init:/init/
+    links:
+      - gerrit
+      - nexus
+  ldap:
+    image: "osixia/openldap:$OPENLDAP_CONTAINER_VERSION"
+    container_name: releng-ldap
+    env_file: config.env
+    command: "--loglevel debug --copy-service"
+    volumes:
+      - ./ldap/bootstrap/groups.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-groups.ldif
+    ports:
+      - "636:636"
+  gerrit:
+    image: "openfrontier/gerrit:$GERRIT_CONTAINER_VERSION"
+    container_name: releng-gerrit
+    env_file: config.env
+    environment:
+      - VIRTUAL_HOST=gerrit.localhost
+      - VIRTUAL_PORT=8080
+    volumes:
+      - gerrit:/var/gerrit/review_site
+    expose:
+      - "8080"
+    ports:
+      - "29418:29418"
+    depends_on:
+      - ldap
+      - nginx
+    links:
+      - ldap
+      - nginx
+  nexus:
+    image: "sonatype/nexus:$NEXUS_CONTAINER_VERSION"
+    container_name: releng-nexus
+    env_file: config.env
+    environment:
+      - VIRTUAL_HOST=nexus.localhost
+      - VIRTUAL_PORT=8081
+    volumes:
+      - nexus:/sonatype-work
+    expose:
+      - "8081"
+    depends_on:
+      - nginx
+    links:
+      - nginx
+  #    artifactory:
+  #        image: "docker.bintray.io/jfrog/artifactory-oss:$ARTIFACTORY_CONTAINER_VERSION"
+  #        container_name: releng-artifactory
+  #        env_file: config.env
+  #        environment:
+  #            - VIRTUAL_HOST=artifactory.localhost
+  #            - VIRTUAL_PORT=8081
+  #        volumes:
+  #            - artifactory:/var/opt/jfrog/artifactory
+  #        expose:
+  #            - "80"
+  #            - "443"
+  #            - "8081"
+  #        depends_on:
+  #            - nginx
+  #        links:
+  #            - nginx
+  postgres:
+    image: postgres:latest
+    container_name: releng-postgres
+    env_file: config.env
+    expose:
+      - "5432"
+  nginx:
+    image: jwilder/nginx-proxy:latest
+    container_name: releng-ingress
+    ports:
+      - "80:80"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro

 volumes:
 volumes:

-    gerrit:
-    nexus:
-#    artifactory:
-    init:
+  gerrit:
+  nexus:
+  #    artifactory:
+  init:

diff --git a/gerrit-auth.sh b/gerrit-auth.sh
index a2116b4..c3ad4cf 100755 (executable)
--- a/gerrit-auth.sh
+++ b/gerrit-auth.sh
@@ -33,22 +33,24 @@ if [[ -s $KEYFILE ]]; then
     curl --fail -s -L -X POST -u "workshop:workshop" -H "Content-type:text/plain" \
       -d "@$KEYFILE" http://gerrit.localhost/a/accounts/self/sshkeys/ > /dev/null
 
     curl --fail -s -L -X POST -u "workshop:workshop" -H "Content-type:text/plain" \
       -d "@$KEYFILE" http://gerrit.localhost/a/accounts/self/sshkeys/ > /dev/null
 

+    exit_code=$?
+

     # Provide guidance on curl errors
     # Provide guidance on curl errors

-    if [ $? -eq 7 ]; then
+    if [ $exit_code -eq 7 ]; then

         echo -e "\nPlease start Gerrit first:\n  docker-compose up -d"
         echo -e "\nPlease start Gerrit first:\n  docker-compose up -d"

-    elif [ $? -eq 22 ]; then
+    elif [ $exit_code -eq 22 ]; then

         echo -e "\nPlease wait for Gerrit to finish running and try again"
     fi
 
     # Output future guidance
         echo -e "\nPlease wait for Gerrit to finish running and try again"
     fi
 
     # Output future guidance

-    if [ $? -eq 0 ]; then
+    if [ $exit_code -eq 0 ]; then

         KEYID=$(ssh-keygen -l -f "$KEYFILE")
         GERRIT_REPOS="$(curl -s -L http://gerrit.localhost/projects/ \
             | grep \"id\" | cut -c12- | tr -d '",')"
         echo -e "Successfully uploaded public keyfile:"
         echo "  $KEYID"
         echo -e "\nYou can now clone the available repos:"
         KEYID=$(ssh-keygen -l -f "$KEYFILE")
         GERRIT_REPOS="$(curl -s -L http://gerrit.localhost/projects/ \
             | grep \"id\" | cut -c12- | tr -d '",')"
         echo -e "Successfully uploaded public keyfile:"
         echo "  $KEYID"
         echo -e "\nYou can now clone the available repos:"

-        print_repos $GERRIT_REPOS
+        print_repos "$GERRIT_REPOS"

         echo -e "\nWith the command:"
         echo -e "  git clone ssh://workshop@gerrit.localhost:29418/<repo>"
     fi
         echo -e "\nWith the command:"
         echo -e "  git clone ssh://workshop@gerrit.localhost:29418/<repo>"
     fi

diff --git a/init/playbooks/files/jjb/ci-management.yaml b/init/playbooks/files/jjb/ci-management.yaml
index b594016..1612a1d 100644 (file)
--- a/init/playbooks/files/jjb/ci-management.yaml
+++ b/init/playbooks/files/jjb/ci-management.yaml
@@ -3,7 +3,7 @@
     name: ci-jobs
 
     jobs:
     name: ci-jobs
 
     jobs:

-      - '{project-name}-ci-jobs'
+      - "{project-name}-ci-jobs"

 
     project: ci-management
     project-name: ci-management
 
     project: ci-management
     project-name: ci-management

diff --git a/init/playbooks/files/jjb/defaults.yaml b/init/playbooks/files/jjb/defaults.yaml
index 0779162..dce10fc 100644 (file)
--- a/init/playbooks/files/jjb/defaults.yaml
+++ b/init/playbooks/files/jjb/defaults.yaml
@@ -5,4 +5,4 @@
     # lf-infra defaults
     jenkins-ssh-credential: ciworkshop-jenkins-ssh
     gerrit-server-name: ciworkshop
     # lf-infra defaults
     jenkins-ssh-credential: ciworkshop-jenkins-ssh
     gerrit-server-name: ciworkshop

-    lftools-version: '<1.0.0'
+    lftools-version: "<1.0.0"

diff --git a/init/playbooks/site.yaml b/init/playbooks/site.yaml
index 88ee798..cd9f2a3 100644 (file)
--- a/init/playbooks/site.yaml
+++ b/init/playbooks/site.yaml
@@ -1,144 +1,146 @@
 ---
 - hosts: all
   vars:
 ---
 - hosts: all
   vars:

-      ci_system: "{{ lookup('env', 'CI_SYSTEM') }}"
+    ci_system: "{{ lookup('env', 'CI_SYSTEM') }}"

   tasks:
   tasks:

-      - name: Include Base Variables
-        include_vars:
-            file: vars/default.yaml
-      - name: Create workshop user and ssh key
-        user:
-            name: 'workshop'
-            generate_ssh_key: true
-            uid: 1005
-            ssh_key_bits: 2048
-            ssh_key_file: '{{ workshop_ssh_keyfile }}'
-      - name: Wait for Gerrit UI
-        wait_for:
-            host: 'gerrit'
-            port: '8080'
-      - name: Login to Gerrit to claim Admin rights
-        uri:
-            url: 'http://gerrit:8080/login'
-            method: 'POST'
-            body: "username=workshop&password=workshop"
-            status_code: 302
-      - name: Upload sshkey to Admin user
-        uri:
-            url: 'http://gerrit:8080/a/accounts/self/sshkeys'
-            method: 'POST'
-            user: 'workshop'
-            password: 'workshop'
-            force_basic_auth: true
-            headers:
-                Content-Type: 'text/plain'
-            body: "{{ lookup('file', '{{ workshop_ssh_keyfile }}.pub') }}"
-            status_code: 201
-      - name: Wait for Gerrit SSH Interface
-        wait_for:
-            host: 'gerrit'
-            port: '29418'
-      - name: Configure Git User Email
-        git_config:
-            name: user.email
-            scope: global
-            value: "workshop@example.org"
-      - name: Configure Git User Name
-        git_config:
-            name: user.name
-            scope: global
-            value: "workshop"
-      - name: Configure Git SSH Command/Key
-        git_config:
-            name: core.sshCommand
-            scope: global
-            value: "ssh -i {{ workshop_ssh_keyfile }} -F /dev/null -o StrictHostKeyChecking=no"
-      - name: Clone All-Projects
-        git:
-            repo: 'ssh://workshop@gerrit:29418/All-Projects.git'
-            refspec: 'refs/meta/config:refs/remotes/origin/meta/config'
-            version: 'meta/config'
-            dest: '{{ all_projects_repo }}'
-            key_file: '{{ workshop_ssh_keyfile }}'
-            update: false
-      - name: Configure Verified Label
-        blockinfile:
-            path: '{{ all_projects_repo }}/project.config'
-            marker: "; {mark}1 Ansible Managed"
-            block: |
-                [label "Verified"]
-                    function = MaxWithBlock
-                    defaultValue = 0
-                    value = -1 Fails
-                    value = 0 No score
-                    value = +1 Verified
-                    copyAllScoresIfNoCodeChange = true
-      - name: Allow non-interactive users Verified Rights
-        blockinfile:
-            path: '{{ all_projects_repo }}/project.config'
-            marker: "; {mark}2 Ansible Managed"
-            insertafter: '\[access "refs/heads/\*"\]'
-            block: |
-                    label-Verified = -1..+1 group Administrators
-                    label-Verified = -1..+1 group Non-Interactive Users
-                    label-Verified = -1..+1 group Project Owners
-      - name: Create verified label commit in All-Projects
-        shell: |
-            git add .
-            git commit -am "Create Verified Label"
-            git push origin HEAD:refs/meta/config
-        args:
-            chdir: '{{ all_projects_repo }}'
-      - name: Collect list of Repositories
-        uri:
-            url: 'http://gerrit:8080/projects/'
-            return_content: true
-        register: projects
-      - name: Create ci-management Repository
-        command: >
-            ssh {{ ssh_options }} -p  29418 workshop@gerrit -i {{ workshop_ssh_keyfile }}
-            gerrit create-project ci-management --id --so --empty-commit -d "Workshop\ CI-Management\ Repo" -p "All-Projects"
-        # [5:] is used to skip the XSS token added by Gerrit
-        when: '(projects.content[5:] | from_json)["ci-management"] is not defined'
-      - name: Clone ci-management repository
-        git:
-            repo: 'ssh://workshop@gerrit:29418/ci-management.git'
-            dest: '{{ ci_management_repo }}'
-            key_file: '{{ workshop_ssh_keyfile }}'
-            update: false
-      - name: Copy gitreview file to ci-managment
-        copy:
-            src: .gitreview
-            dest: '{{ ci_management_repo }}/.gitreview'
-      - name: Create initial commit to ci-management
-        shell: |
-            git add .
-            git commit -am "Initial Commit"
-            git push origin HEAD:refs/heads/master
-        args:
-            chdir: '{{ ci_management_repo }}'
-      - name: Wait for Nexus Web
-        wait_for:
-            host: 'nexus'
-            port: '8081'
-      - name: Copy repo.json to tmp directory
-        copy:
-            src: nexus-repo.json
-            dest: '/var/tmp/repo.json'
-      - name: Check for Logs repo in Nexus
-        uri:
-            url: http://nexus:8081/service/local/repositories
-            return_content: true
-        register: nexus_repos
-      - name: Create Logs repo in Nexus
-        uri:
-            url: http://nexus:8081/service/local/repositories
-            method: POST
-            body: "{{ lookup('file', '/var/tmp/repo.json') }}"
-            user: admin
-            password: admin123
-            body_format: json
-            status_code: 201
-        when: '(nexus_repos.content | parse_xml("files/nexus-repo-schema.yaml"))["repositories"]["logs"] is not defined'
-      - name: Include {{ ci_system }} Tasks
-        include_tasks: "tasks/{{ ci_system }}.yaml"
+    - name: Include Base Variables
+      include_vars:
+        file: vars/default.yaml
+    - name: Create workshop user and ssh key
+      user:
+        name: "workshop"
+        generate_ssh_key: true
+        uid: 1005
+        ssh_key_bits: 2048
+        ssh_key_file: "{{ workshop_ssh_keyfile }}"
+    - name: Wait for Gerrit UI
+      wait_for:
+        host: "gerrit"
+        port: "8080"
+    - name: Login to Gerrit to claim Admin rights
+      uri:
+        url: "http://gerrit:8080/login"
+        method: "POST"
+        body: "username=workshop&password=workshop"
+        status_code: 302
+    - name: Upload sshkey to Admin user
+      uri:
+        url: "http://gerrit:8080/a/accounts/self/sshkeys"
+        method: "POST"
+        user: "workshop"
+        password: "workshop"
+        force_basic_auth: true
+        headers:
+          Content-Type: "text/plain"
+        body: "{{ lookup('file', '{{ workshop_ssh_keyfile }}.pub') }}"
+        status_code: 201
+    - name: Wait for Gerrit SSH Interface
+      wait_for:
+        host: "gerrit"
+        port: "29418"
+    - name: Configure Git User Email
+      git_config:
+        name: user.email
+        scope: global
+        value: "workshop@example.org"
+    - name: Configure Git User Name
+      git_config:
+        name: user.name
+        scope: global
+        value: "workshop"
+    - name: Configure Git SSH Command/Key
+      git_config:
+        name: core.sshCommand
+        scope: global
+        value: "ssh -i {{ workshop_ssh_keyfile }} -F /dev/null -o StrictHostKeyChecking=no"
+    - name: Clone All-Projects
+      git:
+        repo: "ssh://workshop@gerrit:29418/All-Projects.git"
+        refspec: "refs/meta/config:refs/remotes/origin/meta/config"
+        version: "meta/config"
+        dest: "{{ all_projects_repo }}"
+        key_file: "{{ workshop_ssh_keyfile }}"
+        update: false
+    - name: Configure Verified Label
+      blockinfile:
+        path: "{{ all_projects_repo }}/project.config"
+        marker: "; {mark}1 Ansible Managed"
+        block: |
+          [label "Verified"]
+              function = MaxWithBlock
+              defaultValue = 0
+              value = -1 Fails
+              value = 0 No score
+              value = +1 Verified
+              copyAllScoresIfNoCodeChange = true
+    - name: Allow non-interactive users Verified Rights
+      blockinfile:
+        path: "{{ all_projects_repo }}/project.config"
+        marker: "; {mark}2 Ansible Managed"
+        insertafter: '\[access "refs/heads/\*"\]'
+        block: |
+          label-Verified = -1..+1 group Administrators
+          label-Verified = -1..+1 group Non-Interactive Users
+          label-Verified = -1..+1 group Project Owners
+    - name: Create verified label commit in All-Projects
+      shell: |
+        git add .
+        git commit -am "Create Verified Label"
+        git push origin HEAD:refs/meta/config
+      args:
+        chdir: "{{ all_projects_repo }}"
+    - name: Collect list of Repositories
+      uri:
+        url: "http://gerrit:8080/projects/"
+        return_content: true
+      register: projects
+    # yamllint disable rule:line-length
+    - name: Create ci-management Repository
+      command: >
+        ssh {{ ssh_options }} -p  29418 workshop@gerrit -i {{ workshop_ssh_keyfile }}
+        gerrit create-project ci-management --id --so --empty-commit -d "Workshop\ CI-Management\ Repo" -p "All-Projects"
+      # [5:] is used to skip the XSS token added by Gerrit
+      when: '(projects.content[5:] | from_json)["ci-management"] is not defined'
+    # yamllint enable
+    - name: Clone ci-management repository
+      git:
+        repo: "ssh://workshop@gerrit:29418/ci-management.git"
+        dest: "{{ ci_management_repo }}"
+        key_file: "{{ workshop_ssh_keyfile }}"
+        update: false
+    - name: Copy gitreview file to ci-managment
+      copy:
+        src: .gitreview
+        dest: "{{ ci_management_repo }}/.gitreview"
+    - name: Create initial commit to ci-management
+      shell: |
+        git add .
+        git commit -am "Initial Commit"
+        git push origin HEAD:refs/heads/master
+      args:
+        chdir: "{{ ci_management_repo }}"
+    - name: Wait for Nexus Web
+      wait_for:
+        host: "nexus"
+        port: "8081"
+    - name: Copy repo.json to tmp directory
+      copy:
+        src: nexus-repo.json
+        dest: "/var/tmp/repo.json"
+    - name: Check for Logs repo in Nexus
+      uri:
+        url: http://nexus:8081/service/local/repositories
+        return_content: true
+      register: nexus_repos
+    - name: Create Logs repo in Nexus
+      uri:
+        url: http://nexus:8081/service/local/repositories
+        method: POST
+        body: "{{ lookup('file', '/var/tmp/repo.json') }}"
+        user: admin
+        password: admin123
+        body_format: json
+        status_code: 201
+      when: '(nexus_repos.content | parse_xml("files/nexus-repo-schema.yaml"))["repositories"]["logs"] is not defined'
+    - name: Include {{ ci_system }} Tasks
+      include_tasks: "tasks/{{ ci_system }}.yaml"

diff --git a/init/playbooks/tasks/jenkins.yaml b/init/playbooks/tasks/jenkins.yaml
index 6aafb27..1316072 100644 (file)
--- a/init/playbooks/tasks/jenkins.yaml
+++ b/init/playbooks/tasks/jenkins.yaml
@@ -1,106 +1,106 @@
 ---
 - name: Include Base Variables
   include_vars:
 ---
 - name: Include Base Variables
   include_vars:

-      file: vars/default.yaml
+    file: vars/default.yaml

 - name: Create jenkins user and ssh key
   user:
 - name: Create jenkins user and ssh key
   user:

-      name: 'jenkins'
-      generate_ssh_key: true
-      uid: 1000
-      ssh_key_bits: 2048
-      ssh_key_file: '{{ jenkins_ssh_keyfile }}'
+    name: "jenkins"
+    generate_ssh_key: true
+    uid: 1000
+    ssh_key_bits: 2048
+    ssh_key_file: "{{ jenkins_ssh_keyfile }}"

 - name: Check private key format
   shell: |
 - name: Check private key format
   shell: |

-      head -1 '{{ jenkins_ssh_keyfile }}'
+    head -1 '{{ jenkins_ssh_keyfile }}'

   register: jenkins_ssh_key_header
 - name: Ensure keys is in PEM format (not new OpenSSH format)
   shell: |
   register: jenkins_ssh_key_header
 - name: Ensure keys is in PEM format (not new OpenSSH format)
   shell: |

-      ssh-keygen -f '{{ jenkins_ssh_keyfile }}' -m PEM -p -P "" -N ""
+    ssh-keygen -f '{{ jenkins_ssh_keyfile }}' -m PEM -p -P "" -N ""

   when: (jenkins_ssh_key_header.stdout | regex_search("OPENSSH"))
 - name: Set Jenkins Workshop SSH Key fact
   set_fact:
   when: (jenkins_ssh_key_header.stdout | regex_search("OPENSSH"))
 - name: Set Jenkins Workshop SSH Key fact
   set_fact:

-      credentials_sshkey: "{{ lookup('file', jenkins_ssh_keyfile) }}"
+    credentials_sshkey: "{{ lookup('file', jenkins_ssh_keyfile) }}"

 - name: Put down Jenkins Credential template
   template:
 - name: Put down Jenkins Credential template
   template:

-      src: jenkins-credentials.xml
-      dest: /jenkins/jenkins-credentials.xml
+    src: jenkins-credentials.xml
+    dest: /jenkins/jenkins-credentials.xml

 - name: Install Jenkins CLI
   get_url:
 - name: Install Jenkins CLI
   get_url:

-      url: 'http://jenkins:8080/jnlpJars/jenkins-cli.jar'
-      dest: /jenkins/jenkins-cli.jar
+    url: "http://jenkins:8080/jnlpJars/jenkins-cli.jar"
+    dest: /jenkins/jenkins-cli.jar

 - name: Add Workshop Credentials to Jenkins
   environment:
 - name: Add Workshop Credentials to Jenkins
   environment:

-      JENKINS_URL: http://jenkins:8080/
-      JENKINS_USER_ID: workshop
-      JENKINS_API_TOKEN: workshop
+    JENKINS_URL: http://jenkins:8080/
+    JENKINS_USER_ID: workshop
+    JENKINS_API_TOKEN: workshop

   shell: |
   shell: |

-      cat jenkins-credentials.xml | java -jar jenkins-cli.jar -http \
-      update-credentials-by-xml "system::system::jenkins" "(global)" \
-      "{{ credentials_id }}"
+    cat jenkins-credentials.xml | java -jar jenkins-cli.jar -http \
+    update-credentials-by-xml "system::system::jenkins" "(global)" \
+    "{{ credentials_id }}"

   args:
   args:

-      chdir: '/jenkins'
+    chdir: "/jenkins"

 - name: Wait for Gerrit SSH Interface
   wait_for:
 - name: Wait for Gerrit SSH Interface
   wait_for:

-      host: 'gerrit'
-      port: '29418'
+    host: "gerrit"
+    port: "29418"

 - name: Check existance of Jenkins Workshop Gerrit user
   uri:
 - name: Check existance of Jenkins Workshop Gerrit user
   uri:

-      url: 'http://gerrit:8080/accounts/?q=username:jenkins-workshop&o=DETAILS'
-      return_content: true
+    url: "http://gerrit:8080/accounts/?q=username:jenkins-workshop&o=DETAILS"
+    return_content: true

   register: jenkins_gerrit_account_json
 - name: Create fact containing Gerrit accounts
   set_fact:
   register: jenkins_gerrit_account_json
 - name: Create fact containing Gerrit accounts
   set_fact:

-      jenkins_gerrit_account: '{{ jenkins_gerrit_account_json.content[5:] }}'
+    jenkins_gerrit_account: "{{ jenkins_gerrit_account_json.content[5:] }}"

 - name: Debug Gerrit Accounts
   debug:
 - name: Debug Gerrit Accounts
   debug:

-      msg: '{{ jenkins_gerrit_account }}'
+    msg: "{{ jenkins_gerrit_account }}"

 - name: Create Jenkins Workshop User
   shell: >
 - name: Create Jenkins Workshop User
   shell: >

-      cat {{ jenkins_ssh_keyfile }}.pub | ssh {{ ssh_options }} -p  29418 workshop@gerrit -i {{ workshop_ssh_keyfile }}
-      gerrit create-account jenkins-workshop --full-name "Jenkins\ Workshop"
-      --group "Non-Interactive\ Users" --ssh-key -
+    cat {{ jenkins_ssh_keyfile }}.pub | ssh {{ ssh_options }} -p  29418 workshop@gerrit -i {{ workshop_ssh_keyfile }}
+    gerrit create-account jenkins-workshop --full-name "Jenkins\ Workshop"
+    --group "Non-Interactive\ Users" --ssh-key -

   when: (jenkins_gerrit_account | length == 0)
 - name: Clone ci-management repository
   git:
   when: (jenkins_gerrit_account | length == 0)
 - name: Clone ci-management repository
   git:

-      repo: 'ssh://workshop@gerrit:29418/ci-management.git'
-      dest: '{{ ci_management_repo }}'
-      key_file: '{{ workshop_ssh_keyfile }}'
-      update: false
+    repo: "ssh://workshop@gerrit:29418/ci-management.git"
+    dest: "{{ ci_management_repo }}"
+    key_file: "{{ workshop_ssh_keyfile }}"
+    update: false

 - name: Create JJB Directory
   file:
 - name: Create JJB Directory
   file:

-      path: '{{ ci_management_repo }}/jjb'
-      state: directory
+    path: "{{ ci_management_repo }}/jjb"
+    state: directory

 - name: Add Global-JJB to ci-management
 - name: Add Global-JJB to ci-management

-  command: 'git submodule add {{ global_jjb_url }} global-jjb'
+  command: "git submodule add {{ global_jjb_url }} global-jjb"

   args:
   args:

-      chdir: '{{ ci_management_repo }}/jjb'
-      creates: '{{ ci_management_repo }}/jjb/global-jjb'
+    chdir: "{{ ci_management_repo }}/jjb"
+    creates: "{{ ci_management_repo }}/jjb/global-jjb"

 - name: Add ci-management defaults
   copy:
 - name: Add ci-management defaults
   copy:

-      dest: '{{ ci_management_repo }}/{{ item }}'
-      src: 'files/{{ item }}'
+    dest: "{{ ci_management_repo }}/{{ item }}"
+    src: "files/{{ item }}"

   with_items:
   with_items:

-      - 'jjb/ci-management.yaml'
-      - 'jjb/defaults.yaml'
+    - "jjb/ci-management.yaml"
+    - "jjb/defaults.yaml"

 - name: Add jenkins.ini
   copy:
 - name: Add jenkins.ini
   copy:

-      dest: '{{ ci_management_repo }}/jenkins.ini'
-      src: 'files/jjb/jenkins.ini'
+    dest: "{{ ci_management_repo }}/jenkins.ini"
+    src: "files/jjb/jenkins.ini"

 - name: Create initial commit for the ci-management repo
   shell: |
 - name: Create initial commit for the ci-management repo
   shell: |

-      cd jjb/global-jjb
-      git checkout {{ global_jjb_version }}
-      cd ..
-      git add .
-      git commit -am "Initial JJB Files"
-      git push origin HEAD:refs/heads/master
+    cd jjb/global-jjb
+    git checkout {{ global_jjb_version }}
+    cd ..
+    git add .
+    git commit -am "Initial JJB Files"
+    git push origin HEAD:refs/heads/master

   args:
   args:

-      chdir: '{{ ci_management_repo }}'
+    chdir: "{{ ci_management_repo }}"

 - name: Install Jenkins Job Builder
   pip:
 - name: Install Jenkins Job Builder
   pip:

-      name: 'jenkins-job-builder'
-      version: '{{ jjb_version }}'
+    name: "jenkins-job-builder"
+    version: "{{ jjb_version }}"

 - name: Upload Jobs to Jenkins
 - name: Upload Jobs to Jenkins

-  command: 'jenkins-jobs --conf jenkins.ini update -r jjb'
+  command: "jenkins-jobs --conf jenkins.ini update -r jjb"

   args:
   args:

-      chdir: '{{ ci_management_repo }}'
+    chdir: "{{ ci_management_repo }}"

diff --git a/init/playbooks/vars/default.yaml b/init/playbooks/vars/default.yaml
index d39b84a..483bcd9 100644 (file)
--- a/init/playbooks/vars/default.yaml
+++ b/init/playbooks/vars/default.yaml
@@ -1,10 +1,10 @@
 ---
 ---

-ci_management_repo: '/init/ci-management'
-all_projects_repo: '/init/all-projects'
-workshop_ssh_keyfile: '/init/id_rsa-workshop'
-jenkins_ssh_keyfile: '/jenkins/.ssh/id_rsa'
+ci_management_repo: "/init/ci-management"
+all_projects_repo: "/init/all-projects"
+workshop_ssh_keyfile: "/init/id_rsa-workshop"
+jenkins_ssh_keyfile: "/jenkins/.ssh/id_rsa"

 # Options to pass to ssh when cloning repos
 # Options to pass to ssh when cloning repos

-ssh_options: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+ssh_options: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

 # Version of Global JJB the ci-management repo should initially contain
 global_jjb_version: "{{ lookup('env', 'GLOBAL_JJB_VERSION') | default('v0.19.2', true) }}"
 global_jjb_url: https://github.com/lfit/releng-global-jjb
 # Version of Global JJB the ci-management repo should initially contain
 global_jjb_version: "{{ lookup('env', 'GLOBAL_JJB_VERSION') | default('v0.19.2', true) }}"
 global_jjb_url: https://github.com/lfit/releng-global-jjb

diff --git a/tox.ini b/tox.ini
index 2ac4645..b3febfa 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -1,18 +1,33 @@
 [tox]
 [tox]

-minversion = 1.6
-envlist = coala
+minversion = 3.8
+envlist =
+  py38,
+  pre-commit

 skipsdist = true
 
 skipsdist = true
 

-[testenv:coala]
-basepython = python3
+[testenv:pre-commit]
+basepython = python3.8
+allowlist_externals =
+    /bin/sh

 deps =
 deps =

-    coala
-    coala-bears
-    # Markdown lint requires nodejs
-    nodeenv
+    pre-commit
+passenv = HOME

 commands =
 commands =

-    nodeenv -p
-    npm install --global remark-cli remark-lint write-good
-    python3 -m nltk.downloader punkt maxent_treebank_pos_tagger averaged_perceptron_tagger
-    coala --non-interactive
-
+    pre-commit run --all-files --show-diff-on-failure
+    /bin/sh -c 'if ! git config --get user.name > /dev/null; then \
+        git config --global --add user.name "CI"; \
+        touch .git/REMOVE_USERNAME; fi'
+    /bin/sh -c 'if ! git config --get user.email > /dev/null; then \
+        git config --global --add user.email "ci@example.org"; \
+        touch .git/REMOVE_USEREMAIL; fi'
+    /bin/sh -c "if [ -f .git/COMMIT_EDITMSG ]; then \
+        cp .git/COMMIT_EDITMSG .git/COMMIT_MSGTOX; else \
+        git log HEAD -n1 | tail -n +5 | cut -c 5- > .git/COMMIT_MSGTOX; fi"
+    pre-commit run gitlint --hook-stage commit-msg --commit-msg-filename .git/COMMIT_MSGTOX
+    /bin/sh -c "rm -f .git/COMMIT_MSGTOX"
+    /bin/sh -c "if [ -f .git/REMOVE_USERNAME ]; then \
+        git config --global --unset user.name; \
+        rm -f .git/REMOVE_USERNAME; fi"
+    /bin/sh -c "if [ -f .git/REMOVE_USEREMAIL ]; then \
+        git config --global --unset user.email; \
+        rm -f .git/REMOVE_USEREMAIL; fi"