docker_container: add "device_cgroup_rules" option #2398
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Copyright (c) Ansible Project | |
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | |
# SPDX-License-Identifier: GPL-3.0-or-later | |
name: execution environment | |
on: | |
# Run CI against all pushes (direct commits, also merged PRs), Pull Requests | |
push: | |
branches: | |
- main | |
- stable-* | |
pull_request: | |
# Run CI once per day (at 04:30 UTC) | |
# This ensures that even if there haven't been commits that we are still testing against latest version of ansible-builder | |
schedule: | |
- cron: '30 4 * * *' | |
env: | |
NAMESPACE: community | |
COLLECTION_NAME: docker | |
jobs: | |
build: | |
name: Build and test EE (${{ matrix.name }}) | |
strategy: | |
fail-fast: false | |
matrix: | |
name: | |
- '' | |
ansible_core: | |
- '' | |
ansible_runner: | |
- '' | |
base_image: | |
- '' | |
pre_base: | |
- '' | |
extra_vars: | |
- '' | |
other_deps: | |
- '' | |
exclude: | |
- ansible_core: '' | |
include: | |
- name: ansible-core devel @ RHEL UBI 9 | |
ansible_core: https://github.com/ansible/ansible/archive/devel.tar.gz | |
ansible_runner: ansible-runner | |
other_deps: |2 | |
python_interpreter: | |
package_system: python3.11 python3.11-pip python3.11-wheel python3.11-cryptography | |
python_path: "/usr/bin/python3.11" | |
base_image: docker.io/redhat/ubi9:latest | |
pre_base: '"#"' | |
- name: ansible-core 2.15 @ Rocky Linux 9 | |
ansible_core: https://github.com/ansible/ansible/archive/stable-2.15.tar.gz | |
ansible_runner: ansible-runner | |
base_image: quay.io/rockylinux/rockylinux:9 | |
pre_base: '"#"' | |
- name: ansible-core 2.14 @ CentOS Stream 9 | |
ansible_core: https://github.com/ansible/ansible/archive/stable-2.14.tar.gz | |
ansible_runner: ansible-runner | |
base_image: quay.io/centos/centos:stream9 | |
pre_base: '"#"' | |
- name: ansible-core 2.13 @ RHEL UBI 8 | |
ansible_core: https://github.com/ansible/ansible/archive/stable-2.13.tar.gz | |
ansible_runner: ansible-runner | |
other_deps: |2 | |
python_interpreter: | |
package_system: python39 python39-pip python39-wheel python39-cryptography | |
base_image: docker.io/redhat/ubi8:latest | |
pre_base: '"#"' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install ansible-builder and ansible-navigator | |
run: pip install ansible-builder ansible-navigator | |
- name: Verify requirements | |
run: ansible-builder introspect --sanitize . | |
- name: Make sure galaxy.yml has version entry | |
run: >- | |
python -c | |
'import yaml ; | |
f = open("galaxy.yml", "rb") ; | |
data = yaml.safe_load(f) ; | |
f.close() ; | |
data["version"] = data.get("version") or "0.0.1" ; | |
f = open("galaxy.yml", "wb") ; | |
f.write(yaml.dump(data).encode("utf-8")) ; | |
f.close() ; | |
' | |
working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
- name: Build collection | |
run: | | |
ansible-galaxy collection build --output-path ../../../ | |
working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
- name: Create files for building execution environment | |
run: | | |
COLLECTION_FILENAME="$(ls "${{ env.NAMESPACE }}-${{ env.COLLECTION_NAME }}"-*.tar.gz)" | |
# EE config | |
cat > execution-environment.yml <<EOF | |
--- | |
version: 3 | |
dependencies: | |
ansible_core: | |
package_pip: ${{ matrix.ansible_core }} | |
ansible_runner: | |
package_pip: ${{ matrix.ansible_runner }} | |
galaxy: requirements.yml | |
${{ matrix.other_deps }} | |
images: | |
base_image: | |
name: ${{ matrix.base_image }} | |
additional_build_files: | |
- src: ${COLLECTION_FILENAME} | |
dest: src | |
additional_build_steps: | |
prepend_base: | |
- ${{ matrix.pre_base }} | |
EOF | |
echo "::group::execution-environment.yml" | |
cat execution-environment.yml | |
echo "::endgroup::" | |
# Requirements | |
cat > requirements.yml <<EOF | |
--- | |
collections: | |
- name: src/${COLLECTION_FILENAME} | |
type: file | |
EOF | |
echo "::group::requirements.yml" | |
cat requirements.yml | |
echo "::endgroup::" | |
- name: Build image based on ${{ matrix.base_image }} | |
run: | | |
ansible-builder build --verbosity 3 --tag test-ee:latest --container-runtime docker | |
- name: Show images | |
run: docker image ls | |
- name: Make /var/run/docker.sock accessible by everyone | |
run: sudo chmod a+rw /var/run/docker.sock | |
- name: Run basic tests | |
run: > | |
ansible-navigator run | |
--mode stdout | |
--container-engine docker | |
--container-options=-v --container-options=/var/run/docker.sock:/var/run/docker.sock | |
--pull-policy never | |
--set-environment-variable ANSIBLE_PRIVATE_ROLE_VARS=true | |
--execution-environment-image test-ee:latest | |
-v | |
all.yml | |
${{ matrix.extra_vars }} | |
working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}/tests/ee |