zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-03-20 07:43:35 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13632 from TheRealHaoLiu/reshaving-the-yak

Browse Source 
[chore] update project_update playbook to be compliant with ansible-lint
This commit is contained in:
Hao Liu
2023-02-28 13:17:45 -05:00
committed by GitHub
parent ccaace8b30 cf21eab7f4
commit c2df22e0f0
3 changed files with 102 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/serializers.py
View File

@@ -4028,7 +4028,7 @@ class ProjectUpdateEventSerializer(JobEventSerializer):
# raw SCM URLs in their stdout (which *could* contain passwords) # raw SCM URLs in their stdout (which *could* contain passwords)
# attempt to detect and filter HTTP basic auth passwords in the stdout # attempt to detect and filter HTTP basic auth passwords in the stdout
# of these types of events # of these types of events
if obj.event_data.get('task_action') in ('git', 'svn'): if obj.event_data.get('task_action') in ('git', 'svn', 'ansible.builtin.git', 'ansible.builtin.svn'):
try: try:
return json.loads(UriCleaner.remove_sensitive(json.dumps(obj.event_data))) return json.loads(UriCleaner.remove_sensitive(json.dumps(obj.event_data)))
except Exception: except Exception:

4
awx/main/tasks/callback.py
View File

@@ -116,7 +116,7 @@ class RunnerCallback:
# so it *should* have a negligible performance impact # so it *should* have a negligible performance impact
task = event_data.get('event_data', {}).get('task_action') task = event_data.get('event_data', {}).get('task_action')
try: try:
if task in ('git', 'svn'): if task in ('git', 'svn', 'ansible.builtin.git', 'ansible.builtin.svn'):
event_data_json = json.dumps(event_data) event_data_json = json.dumps(event_data)
event_data_json = UriCleaner.remove_sensitive(event_data_json) event_data_json = UriCleaner.remove_sensitive(event_data_json)
event_data = json.loads(event_data_json) event_data = json.loads(event_data_json)
@@ -219,7 +219,7 @@ class RunnerCallbackForProjectUpdate(RunnerCallback):
def event_handler(self, event_data): def event_handler(self, event_data):
super_return_value = super(RunnerCallbackForProjectUpdate, self).event_handler(event_data) super_return_value = super(RunnerCallbackForProjectUpdate, self).event_handler(event_data)
returned_data = event_data.get('event_data', {}) returned_data = event_data.get('event_data', {})
if returned_data.get('task_action', '') == 'set_fact': if returned_data.get('task_action', '') in ('set_fact', 'ansible.builtin.set_fact'):
returned_facts = returned_data.get('res', {}).get('ansible_facts', {}) returned_facts = returned_data.get('res', {}).get('ansible_facts', {})
if 'scm_version' in returned_facts: if 'scm_version' in returned_facts:
self.playbook_new_revision = returned_facts['scm_version'] self.playbook_new_revision = returned_facts['scm_version']

189
awx/playbooks/project_update.yml
View File

@@ -25,42 +25,47 @@
connection: local connection: local
name: Update source tree if necessary name: Update source tree if necessary
tasks: tasks:
- name: Delete project directory before update
- name: delete project directory before update ansible.builtin.shell: set -o pipefail && find . -delete -print | tail -2 # volume mounted, cannot delete folder itself
command: "find -delete" # volume mounted, cannot delete folder itself register: reg
changed_when: reg.stdout_lines | length > 1
args: args:
chdir: "{{ project_path }}" chdir: "{{ project_path }}"
tags: tags:
- delete - delete
- block: - name: Update project using git
- name: update project using git tags:
git: - update_git
dest: "{{project_path|quote}}" block:
repo: "{{scm_url}}" - name: Update project using git
version: "{{scm_branch|quote}}" ansible.builtin.git:
refspec: "{{scm_refspec|default(omit)}}" dest: "{{ project_path | quote }}"
force: "{{scm_clean}}" repo: "{{ scm_url }}"
track_submodules: "{{scm_track_submodules|default(omit)}}" version: "{{ scm_branch | quote }}"
accept_hostkey: "{{scm_accept_hostkey|default(omit)}}" refspec: "{{ scm_refspec | default(omit) }}"
force: "{{ scm_clean }}"
track_submodules: "{{ scm_track_submodules | default(omit) }}"
accept_hostkey: "{{ scm_accept_hostkey | default(omit) }}"
register: git_result register: git_result
- name: Set the git repository version - name: Set the git repository version
set_fact: ansible.builtin.set_fact:
scm_version: "{{ git_result['after'] }}" scm_version: "{{ git_result['after'] }}"
when: "'after' in git_result" when: "'after' in git_result"
tags:
- update_git
- block: - name: Update project using svn
- name: update project using svn tags:
subversion: - update_svn
dest: "{{project_path|quote}}" block:
repo: "{{scm_url|quote}}" - name: Update project using svn
revision: "{{scm_branch|quote}}" ansible.builtin.subversion:
force: "{{scm_clean}}" dest: "{{ project_path | quote }}"
username: "{{scm_username|default(omit)}}" repo: "{{ scm_url | quote }}"
password: "{{scm_password|default(omit)}}" revision: "{{ scm_branch | quote }}"
force: "{{ scm_clean }}"
username: "{{ scm_username | default(omit) }}"
password: "{{ scm_password | default(omit) }}"
# must be in_place because folder pre-existing, because it is mounted # must be in_place because folder pre-existing, because it is mounted
in_place: true in_place: true
environment: environment:
@@ -68,85 +73,90 @@
register: svn_result register: svn_result
- name: Set the svn repository version - name: Set the svn repository version
set_fact: ansible.builtin.set_fact:
scm_version: "{{ svn_result['after'] }}" scm_version: "{{ svn_result['after'] }}"
when: "'after' in svn_result" when: "'after' in svn_result"
- name: parse subversion version string properly - name: Parse subversion version string properly
set_fact: ansible.builtin.set_fact:
scm_version: "{{scm_version|regex_replace('^.*Revision: ([0-9]+).*$', '\\1')}}" scm_version: "{{ scm_version | regex_replace('^.*Revision: ([0-9]+).*$', '\\1') }}"
tags:
- update_svn
- block:
- name: Project update for Insights
tags:
- update_insights
block:
- name: Ensure the project directory is present - name: Ensure the project directory is present
file: ansible.builtin.file:
dest: "{{project_path|quote}}" dest: "{{ project_path | quote }}"
state: directory state: directory
mode: '0755'
- name: Fetch Insights Playbook(s) - name: Fetch Insights Playbook(s)
insights: insights:
insights_url: "{{insights_url}}" insights_url: "{{ insights_url }}"
username: "{{scm_username}}" username: "{{ scm_username }}"
password: "{{scm_password}}" password: "{{ scm_password }}"
project_path: "{{project_path}}" project_path: "{{ project_path }}"
awx_license_type: "{{awx_license_type}}" awx_license_type: "{{ awx_license_type }}"
awx_version: "{{awx_version}}" awx_version: "{{ awx_version }}"
register: results register: results
- name: Save Insights Version - name: Save Insights Version
set_fact: ansible.builtin.set_fact:
scm_version: "{{results.version}}" scm_version: "{{ results.version }}"
when: results is defined when: results is defined
tags:
- update_insights
- block:
- name: Update project using archive
tags:
- update_archive
block:
- name: Ensure the project archive directory is present - name: Ensure the project archive directory is present
file: ansible.builtin.file:
dest: "{{ project_path|quote }}/.archive" dest: "{{ project_path | quote }}/.archive"
state: directory state: directory
mode: '0755'
- name: Get archive from url - name: Get archive from url
get_url: ansible.builtin.get_url:
url: "{{ scm_url|quote }}" url: "{{ scm_url | quote }}"
dest: "{{ project_path|quote }}/.archive/" dest: "{{ project_path | quote }}/.archive/"
url_username: "{{ scm_username|default(omit) }}" url_username: "{{ scm_username | default(omit) }}"
url_password: "{{ scm_password|default(omit) }}" url_password: "{{ scm_password | default(omit) }}"
force_basic_auth: true force_basic_auth: true
mode: '0755'
register: get_archive register: get_archive
- name: Unpack archive - name: Unpack archive
project_archive: project_archive:
src: "{{ get_archive.dest }}" src: "{{ get_archive.dest }}"
project_path: "{{ project_path|quote }}" project_path: "{{ project_path | quote }}"
force: "{{ scm_clean }}" force: "{{ scm_clean }}"
when: get_archive.changed or scm_clean when: get_archive.changed or scm_clean
register: unarchived register: unarchived
- name: Find previous archives - name: Find previous archives
find: ansible.builtin.find:
paths: "{{ project_path|quote }}/.archive/" paths: "{{ project_path | quote }}/.archive/"
excludes: excludes:
- "{{ get_archive.dest|basename }}" - "{{ get_archive.dest | basename }}"
when: unarchived.changed when: unarchived.changed
register: previous_archive register: previous_archive
- name: Remove previous archives - name: Remove previous archives
file: ansible.builtin.file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: absent state: absent
loop: "{{ previous_archive.files }}" loop: "{{ previous_archive.files }}"
when: previous_archive.files|default([]) when: previous_archive.files | default([])
- name: Set scm_version to archive sha1 checksum - name: Set scm_version to archive sha1 checksum
set_fact: ansible.builtin.set_fact:
scm_version: "{{ get_archive.checksum_src }}" scm_version: "{{ get_archive.checksum_src }}"
tags:
- update_archive
- name: Repository Version - name: Repository Version
debug: ansible.builtin.debug:
msg: "Repository Version {{ scm_version }}" msg: "Repository Version {{ scm_version }}"
tags: tags:
- update_git - update_git
@@ -183,60 +193,59 @@
additional_collections_env: additional_collections_env:
# These environment variables are used for installing collections, in addition to galaxy_task_env # These environment variables are used for installing collections, in addition to galaxy_task_env
# setting the collections paths silences warnings # setting the collections paths silences warnings
ANSIBLE_COLLECTIONS_PATHS: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/requirements_collections" ANSIBLE_COLLECTIONS_PATHS: "{{ projects_root }}/.__awx_cache/{{ local_path }}/stage/requirements_collections"
# Put the local tmp directory in same volume as collection destination # Put the local tmp directory in same volume as collection destination
# otherwise, files cannot be moved accross volumes and will cause error # otherwise, files cannot be moved accross volumes and will cause error
ANSIBLE_LOCAL_TEMP: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/tmp" ANSIBLE_LOCAL_TEMP: "{{ projects_root }}/.__awx_cache/{{ local_path }}/stage/tmp"
tasks: tasks:
- name: Check content sync settings - name: Check content sync settings
block: when: not roles_enabled | bool and not collections_enabled | bool
- debug:
msg: >
Collection and role syncing disabled. Check the AWX_ROLES_ENABLED and
AWX_COLLECTIONS_ENABLED settings and Galaxy credentials on the project's organization.
- meta: end_play
when: not roles_enabled|bool and not collections_enabled|bool
tags: tags:
- install_roles - install_roles
- install_collections - install_collections
block:
- name: Warn about disabled content sync
ansible.builtin.debug:
msg: >
Collection and role syncing disabled. Check the AWX_ROLES_ENABLED and
AWX_COLLECTIONS_ENABLED settings and Galaxy credentials on the project's organization.
- name: End play due to disabled content sync
ansible.builtin.meta: end_play
- name: fetch galaxy roles from requirements.(yml/yaml) - name: Fetch galaxy roles from requirements.(yml/yaml)
command: > ansible.builtin.command: >
ansible-galaxy role install -r {{ item }} ansible-galaxy role install -r {{ item }}
--roles-path {{projects_root}}/.__awx_cache/{{local_path}}/stage/requirements_roles --roles-path {{ projects_root }}/.__awx_cache/{{ local_path }}/stage/requirements_roles
{{ ' -' + 'v' * ansible_verbosity if ansible_verbosity else '' }} {{ ' -' + 'v' * ansible_verbosity if ansible_verbosity else '' }}
args: args:
chdir: "{{project_path|quote}}" chdir: "{{ project_path | quote }}"
register: galaxy_result register: galaxy_result
with_fileglob: with_fileglob:
- "{{project_path|quote}}/roles/requirements.yaml" - "{{ project_path | quote }}/roles/requirements.yaml"
- "{{project_path|quote}}/roles/requirements.yml" - "{{ project_path | quote }}/roles/requirements.yml"
changed_when: "'was installed successfully' in galaxy_result.stdout" changed_when: "'was installed successfully' in galaxy_result.stdout"
environment: "{{ galaxy_task_env }}" environment: "{{ galaxy_task_env }}"
when: roles_enabled|bool when: roles_enabled | bool
tags: tags:
- install_roles - install_roles
- name: fetch galaxy collections from collections/requirements.(yml/yaml) - name: Fetch galaxy collections from collections/requirements.(yml/yaml)
command: > ansible.builtin.command: >
ansible-galaxy collection install -r {{ item }} ansible-galaxy collection install -r {{ item }}
--collections-path {{projects_root}}/.__awx_cache/{{local_path}}/stage/requirements_collections --collections-path {{ projects_root }}/.__awx_cache/{{ local_path }}/stage/requirements_collections
{{ ' -' + 'v' * ansible_verbosity if ansible_verbosity else '' }} {{ ' -' + 'v' * ansible_verbosity if ansible_verbosity else '' }}
args: args:
chdir: "{{project_path|quote}}" chdir: "{{ project_path | quote }}"
register: galaxy_collection_result register: galaxy_collection_result
with_fileglob: with_fileglob:
- "{{project_path|quote}}/collections/requirements.yaml" - "{{ project_path | quote }}/collections/requirements.yaml"
- "{{project_path|quote}}/collections/requirements.yml" - "{{ project_path | quote }}/collections/requirements.yml"
- "{{project_path|quote}}/requirements.yaml" - "{{ project_path | quote }}/requirements.yaml"
- "{{project_path|quote}}/requirements.yml" - "{{ project_path | quote }}/requirements.yml"
changed_when: "'Installing ' in galaxy_collection_result.stdout" changed_when: "'Installing ' in galaxy_collection_result.stdout"
environment: "{{ additional_collections_env | combine(galaxy_task_env) }}" environment: "{{ additional_collections_env | combine(galaxy_task_env) }}"
when: when:
- "ansible_version.full is version_compare('2.9', '>=')" - "ansible_version.full is version_compare('2.9', '>=')"
- collections_enabled|bool - collections_enabled | bool
tags: tags:
- install_collections - install_collections