Closed AliAkkaya7 closed 3 months ago
@AliAkkaya7 There are a number of items to address before bringing this to the Automation Community of Practice for review. Holding for review until more of these requirements are met.
@AliAkkaya7 Touching base on this! Are there any updates on the remaining checklist items?
@alisonlhart I reviewed the requirements and all checklists that can be achieved are done. For example, OpenSSF Best Practices are mostly applied but still there are some parts like tests etc. that are not in place. I don't have experience in this area and if it is required then maybe I can proceed with your help.
Currently the collection is under my Namespace in Galaxy which is aliakkaya7.ansible_rekey_variables. Because I don't have write access from my repository to build collections under the infrastructure.
@alisonlhart is there any progress? I did all I can do, the remaining is related to locate the collection. Currently it is in my namespace in Ansible Galaxy.
@djdanielsson @arnav3000 @ericzolf Can you take a look at this candidate?
a few things I saw when skimming over it 1) README's say ansible min version is 2.9 not 2.14.0 which is now required and is correct in the collection meta runtime file. (Also meta in the role itself says 2.9) 2) I do not see any Ansible-lint rules and when looking at the last action run it shows it is not using a profile.
ansible-lint 24.2.0 using ansible-core:2.16.4 ansible-compat:4.1.11 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.8
Run ansible-lint
ansible-lint
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
3) IMO 'rekey_variable_log_var' is not a clear name as to what it does. rekey_no_log_var or rekey_secure_logging I think are more clear for example 4) In the file get_content.yml the first 3 tasks are setting facts which appear to not depend on each other and have the same tags so I think it would be best to combine all 3 into 1 task for efficiency
@djdanielsson thanks for your comment. I fixed them except for the production profile in the pipeline. I added the profile parameter in the .ansible-lint file but it is not getting the production profile in the workflow. Can you let me know how I can configure it?
hum... the action has very little docs, I think you might be able to try and change the version you are running to either @main or @v24 and see if that changes anything. If that doesn't work let me know and I can try a few other things on the side.
@djdanielsson I changed all to the main but still I see "shell: /usr/bin/bash --noprofile --norc -e -o pipefail" in pipeline.
interesting, that must just be how the action works, I double checked the output. it shows "Passed: 0 failure(s), 0 warning(s) on 30 files. Profile 'production' was required, and it passed." which means it is reading the profile that is now being set in the ansible-lint config so it is working correctly.
@AliAkkaya7 Not to distract from the ongoing conversation, but since the ansible-lint action is working correctly now, the last item should be to migrate it into the redhat-cop Github org. You can do this by opening a "Repository Management" issue in the redhat-cop/org repo. Specify that this is a migration of existing repository. That group will help you move the content over. Once this is complete, please re-tag me again and we'll do a final sign-off on the content.
@alisonlhart created https://github.com/redhat-cop/org/issues/769.
Readding this to the ACoP call agenda, for April 17th call.
@AliAkkaya7 Don't forget to add the OpenSSF badge to the repo as well!
(RE checklist item: Repo is self-certified with the [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/en) and has the OpenSSF Best Practices Badge
)
Approved by the ACoP! After the final items are complete (OpenSSF badge and redhat-cop repo migration), this can be released to Automation Hub. @AliAkkaya7 Please reach out to me on slack @allhart
to set up access to the infra namespace.
Great News, thanks @alisonlhart! I will be back on 29 April, I will reach out to you when I am back. There is just the test phase missing in OpenSSF badge. I am not sure if it fits with my repo or how to enable it automatically.
Candidate Name
infra.ansible_rekey_variables
Link to Github Repo
https://github.com/AliAkkaya7/ansible_rekey_variables
Review Due By
CHECKLIST
Business Checks:
Content Viability
Content Duplication
Technical Checks:
Content Conformity
Content Compliance
Content Testing/Validation
ansible-lint
“Production” profile in an active Github workflow on the repositoryansible-lint
“Production” profile