Add 'common/' from commit 'e0d79541df06398e79178b92b25d78a043c3ed46'

git-subtree-dir: common
git-subtree-mainline: 3f09479
git-subtree-split: e0d7954

Author: day0hero

common/.ansible-lint

@@ -0,0 +1,17 @@
+# Vim filetype=yaml
+---
+offline: false
+skip_list:
+  - name[template] # Allow Jinja templating inside task and play names
+  - template-instead-of-copy # Templated files should use template instead of copy
+  - yaml[line-length] # too long lines
+  - yaml[indentation] # Forcing lists to be always indented by 2 chars is silly IMO
+  - var-naming[no-role-prefix] # This would be too much churn for very little gain
+  - no-changed-when
+  - var-naming[no-role-prefix] # There are too many changes now and it would be too risky
+
+# ansible-lint gh workflow cannot find ansible.cfg hence fails to import vault_utils role
+exclude_paths:
+  - ./ansible/playbooks/vault/vault.yaml
+  - ./ansible/playbooks/iib-ci/iib-ci.yaml
+  - ./ansible/roles/vault_utils/tests/test.yml

common/.github/dependabot.yml

@@ -0,0 +1,9 @@
+---
+version: 2
+updates:
+  # Check for updates to GitHub Actions every week
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+

common/.github/linters/.gitleaks.toml

@@ -0,0 +1,8 @@
+[whitelist]
+# As of v4, gitleaks only matches against filename, not path in the
+# files directive.  Leaving content for backwards compatibility.
+files = [
+  "ansible/plugins/modules/*.py",
+  "ansible/tests/unit/test_*.py",
+  "ansible/tests/unit/v1/*.yaml",
+]

common/.github/linters/.markdown-lint.yml

@@ -0,0 +1,6 @@
+{
+    "default": true,
+    "MD003": false,
+    "MD013": false,
+    "MD033": false
+}

common/.github/workflows/ansible-lint.yml

@@ -0,0 +1,17 @@
+name: Ansible Lint # feel free to pick your own name
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Important: This sets up your GITHUB_WORKSPACE environment variable
+      - uses: actions/checkout@v3
+
+      - name: Lint Ansible Playbook
+        uses: ansible/ansible-lint-action@v6
+        # Let's point it to the path
+        with:
+          path: "ansible/"

common/.github/workflows/ansible-unittest.yml

@@ -0,0 +1,52 @@
+---
+name: Ansible unit tests
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+  ansible_unittests:
+    # Name the Job
+    name: Ansible unit tests
+    strategy:
+      matrix:
+        python-version: [3.11.3]
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest ansible
+
+      - name: Run make ansible-unittest
+        run: |
+          make ansible-unittest

common/.github/workflows/jsonschema.yaml

@@ -0,0 +1,57 @@
+---
+name: Verify json schema
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+  jsonschema_tests:
+    # Name the Job
+    name: Json Schema tests
+    strategy:
+      matrix:
+        python-version: [3.11.3]
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install check-jsonschema
+
+      - name: Verify secrets json schema
+        run: |
+          check-jsonschema --schemafile ./ansible/roles/vault_utils/values-secrets.v1.schema.json examples/secrets/values-secret.v1.yaml
+          check-jsonschema --schemafile ./ansible/roles/vault_utils/values-secrets.v2.schema.json examples/secrets/values-secret.v2.yaml
+
+      - name: Verify ClusterGroup values.schema.json
+        run: |
+          set -e; for i in examples/*yaml; do echo "$i"; check-jsonschema --schemafile ./clustergroup/values.schema.json "$i"; done

common/.github/workflows/linter.yml

@@ -0,0 +1,64 @@
+---
+name: Unit test common
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+  build:
+    # Name the Job
+    name: Unit common/ Code Base
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+      - name: Setup helm
+        uses: azure/setup-helm@v3
+        # with:
+        #   version: '<version>' # default is latest stable
+        id: install
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      # - name: Lint Code Base
+      #   uses: github/super-linter@v4
+      #   env:
+      #     VALIDATE_ALL_CODEBASE: false
+      #     DEFAULT_BRANCH: main
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run make test
+        run: |
+          make test
+
+      - name: Run make helmlint
+        run: |
+          make helmlint
+
+      - name: Run make helm kubeconform
+        run: |
+          curl -L -O https://github.com/yannh/kubeconform/releases/download/v0.4.13/kubeconform-linux-amd64.tar.gz
+          tar xf kubeconform-linux-amd64.tar.gz
+          sudo mv -v kubeconform /usr/local/bin
+          make kubeconform

common/.github/workflows/superlinter.yml

@@ -0,0 +1,38 @@
+---
+name: Super linter
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    # Name the Job
+    name: Super linter
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: github/super-linter/slim@v5
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # These are the validation we disable atm
+          VALIDATE_ANSIBLE: false
+          VALIDATE_BASH: false
+          VALIDATE_JSCPD: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_YAML: false
+          # VALIDATE_DOCKERFILE_HADOLINT: false
+          # VALIDATE_MARKDOWN: false
+          # VALIDATE_NATURAL_LANGUAGE: false
+          # VALIDATE_TEKTON: false

common/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.py[cod]
+*~
+*.swp
+*.swo
+values-secret.yaml
+.*.expected.yaml
+pattern-vault.init
+pattern-vault.init.bak
+super-linter.log
+golang-external-secrets/Chart.lock
+hashicorp-vault/Chart.lock