securesign · fghanmi · Dec 23, 2024 · Dec 23, 2024 · Dec 23, 2024 · Dec 23, 2024
@@ -0,0 +1,54 @@
+name: Using Ansible Molecule, test RHTAS collection from a private AAP
+
+# on:
+#   schedule:
+#   - cron: "0 0 * * *"
+
+on:
+  pull_request:
+
+jobs:
+  test-aap-collection:
+    runs-on: ubuntu-latest
+    steps:
+        - name: Checkout code
+          uses: actions/checkout@v4
+        - name: Install dependencies
+          run: |
+            ansible --version
+            python -m venv venv
+            source venv/bin/activate
+            python -m pip install --upgrade pip
+            pip install -r testing-requirements.txt
+            ansible-galaxy install -r requirements.yml
+            ansible-galaxy install -r molecule/requirements.yml
+        - name: Set up SSH key
+          run: |
+            mkdir -p ~/.ssh
+            echo "${{ secrets.AWS_SSH_KEY }}" > ~/.ssh/id_rsa
+            chmod 600 ~/.ssh/id_rsa
+        - name: Run molecule
+          env:
+            TAS_SINGLE_NODE_REGISTRY_USERNAME: ${{ secrets.TAS_SINGLE_NODE_REGISTRY_USERNAME }}
+            TAS_SINGLE_NODE_REGISTRY_PASSWORD: ${{ secrets.TAS_SINGLE_NODE_REGISTRY_PASSWORD }}
+            AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
+            AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+            AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+            GITHUB_RUN_ID: ${{ github.run_id }}
+            REDHAT_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
+          run: |
+            source venv/bin/activate
+            molecule reset
+            molecule -v create --scenario-name aap-setup
+            molecule -v converge --scenario-name aap-setup
+            molecule -v test --scenario-name aap-collection-test
+        - name: Destroy molecule infrastructure
+          env:
+            AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
+            AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+            AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          if: always()
+          run: |
+            source venv/bin/activate
+            molecule -v destroy --scenario-name aap-setup
+            molecule -v destroy --scenario-name aap-collection-test
@@ -0,0 +1,39 @@
+---
+- name: Converge
+  hosts: molecule
+  gather_facts: true
+  vars_files:
+    - vars/vars.yml
+    - vars/podman.yml
+    - ../aap-setup/aap_vars.yml
+  tasks:
+    - name: Error out if registry username is not set
+      ansible.builtin.fail:
+        msg: "Username for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_USERNAME env variable"
+      when: tas_single_node_registry_username == ""
+
+    - name: Error out if registry password is not set
+      ansible.builtin.fail:
+        msg: "Password for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_PASSWORD env variable"
+      when: tas_single_node_registry_password == ""
+
+    - name: Install redhat.artifact_signer collection from the private AAP
+      delegate_to: localhost
+      ansible.builtin.shell:
+        cmd: |
+          ansible-galaxy collection install redhat.artifact_signer -s https://{{ aap_instance_ip }}/pulp_ansible/galaxy/staging/api/ \
+          --ignore-certs --token {{ token }} --force
+      changed_when: false
+
+    - name: Verify redhat.artifact_signer collection is installed
+      delegate_to: localhost
+      ansible.builtin.shell:
+        cmd: |
+          bash -c 'set -o pipefail && ansible-galaxy collection list | grep redhat.artifact_signer'
+      register: collection_check
+      changed_when: false
+      failed_when: collection_check.rc != 0
+
+    - name: Apply redhat.artifact_signer.tas_single_node role from the private AAP
+      ansible.builtin.include_role:
+        name: redhat.artifact_signer.tas_single_node
@@ -0,0 +1 @@
+../default/create.yml
@@ -0,0 +1 @@
+../default/destroy.yml
@@ -0,0 +1 @@
+../default/molecule.yml
@@ -0,0 +1 @@
+../default/prepare.yml
@@ -0,0 +1 @@
+../../default/vars/podman.yml
@@ -0,0 +1,10 @@
+tas_single_node_oidc_issuers:
+  - issuer: "http://dex-idp:5556/dex"
+    url: "http://dex-idp:5556/dex"
+    client_id: example-app
+    type: email
+tas_single_node_base_hostname: myrhtas
+tas_single_node_cockpit:
+  enabled: false
+tas_single_node_registry_username: "{{ lookup('env', 'TAS_SINGLE_NODE_REGISTRY_USERNAME') }}"
+tas_single_node_registry_password: "{{ lookup('env', 'TAS_SINGLE_NODE_REGISTRY_PASSWORD') }}"
@@ -0,0 +1 @@
+../default/verify.yml
@@ -0,0 +1,122 @@
+---
+- name: Converge
+  hosts: molecule
+  gather_facts: true
+  tags: aap_installation
+  vars_files:
+    - vars/vars.yml
+    - vars/aap_nodes.yml
+  tasks:
+    - name: Error out if registry username is not set
+      ansible.builtin.fail:
+        msg: "Username for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_USERNAME env variable"
+      when: aap_setup_prep_inv_secrets.all.registry_username == ""
+
+    - name: Error out if registry password is not set
+      ansible.builtin.fail:
+        msg: "Password for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_PASSWORD env variable"
+      when: aap_setup_prep_inv_secrets.all.registry_password == ""
+
+    - name: Include and execute AAP utility roles for setup
+      ansible.builtin.include_role:
+        name: "{{ item }}"
+      loop:
+        - infra.aap_utilities.aap_setup_download
+        - infra.aap_utilities.aap_setup_prepare
+
+    - name: Find the latest AAP setup folder
+      ansible.builtin.find:
+        paths: /var/tmp
+        patterns: ansible-automation-platform-containerized-setup-*
+        file_type: directory
+        recurse: false
+      register: aap_folders
+
+    - name: Set the latest AAP setup path
+      ansible.builtin.set_fact:
+        aap_setup_path: >-
+          {{
+            (aap_folders.files | sort(attribute='mtime', reverse=true) | first | default('')).path
+            if aap_folders.files | length > 0 else ''
+          }}
+
+    - name: Install AAP
+      ansible.builtin.shell:
+        cmd: |
+          cd {{ aap_setup_path }}
+          ansible-playbook -i inventory ansible.containerized_installer.install
+      async: 1800
+      poll: 0
+      register: aap_install_task
+      changed_when: false
+
+    - name: Wait for AAP installation to complete
+      ansible.builtin.async_status:
+        jid: "{{ aap_install_task.ansible_job_id }}"
+      register: job_result
+      until: job_result.finished
+      retries: 100
+      delay: 30
+
+    - name: Create a new token using username/password
+      infra.ah_configuration.ah_token:
+        state: present
+        ah_host: https://{{ aap_instance_ip }}/
+        ah_username: "admin"
+        ah_password: "password"
+        validate_certs: false
+
+    - name: Create "redhat" namespace
+      delegate_to: localhost
+      infra.ah_configuration.ah_namespace:
+        name: redhat
+        description: "Redhat Namespace"
+        company: "Redhat"
+        email: "user@example.com"
+        links:
+          - name: "homepage"
+            url: "https://www.redhat.com"
+        state: present
+        ah_host: https://{{ aap_instance_ip }}/
+        ah_token: "{{ ah_token.token }}"
+        validate_certs: false
+
+    - name: Build redhat.artifact_signer collection
+      delegate_to: localhost
+      infra.ah_configuration.ah_build:
+        path: ../../.
+        force: true
+        output_path: /var/tmp
+
+    - name: Find the collection build path
+      delegate_to: localhost
+      ansible.builtin.shell:
+        cmd: |
+          bash -c 'set -o pipefail; find /var/tmp -maxdepth 1 -type f \
+                  -name "redhat-artifact_signer-*.tar.gz" -printf "%T@ %p\n" | sort -n -r | head -n 1 | cut -d" " -f2'
+      register: collection_build_path
+      changed_when: false
+      failed_when: collection_build_path.rc != 0
+
+    - name: Set the latest collection build path
+      ansible.builtin.set_fact:
+        collection_build_path: "{{ collection_build_path.stdout }}"
+
+    - name: Upload redhat.artifact_signer to the private AAP
+      delegate_to: localhost
+      retries: 10
+      delay: 30
+      infra.ah_configuration.ah_collection_upload:
+        path: "{{ collection_build_path }}"
+        ah_host: https://{{ aap_instance_ip }}/
+        ah_token: "{{ ah_token.token }}"
+        validate_certs: false
+
+    - name: Export AAP details
+      delegate_to: localhost
+      ansible.builtin.copy:
+        dest: "{{ playbook_dir }}/aap_vars.yml"
+        mode: "0666"
+        content: |
+          aap_instance_ip: "{{ aap_instance_ip }}"
+          token: "{{ ah_token.token }}"