feat: move to rocky linux

fix: dependabot

.ansible/requirements.txt

@@ -0,0 +1,2 @@
+ansible-core==2.15.8 # Transfer this version of ansible-core to execution-environment.yml
+ansible-runner==2.3.1 # Transfer this version of ansible-runner to execution-environment.yml

.github/dependabot.yml

@@ -0,0 +1,69 @@
+version: 2
+updates:
+  # This section configures Dependabot to update GitHub Actions workflows.
+  # It checks for updates weekly every Friday at 13:00 UTC.
+  # Any updates will be tagged with a 'chore' prefix in the commit message,
+  # reflecting routine maintenance tasks. Assigned to user 'sbaerlocher'.
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section is for Docker dependencies in the 'context' directory.
+  # Dependabot will look for Docker updates weekly on Fridays at 13:00 UTC.
+  # Updates are committed with a 'chore' prefix, indicating non-code changes.
+  # The user 'sbaerlocher' is automatically assigned to these pull requests.
+  - package-ecosystem: "docker"
+    directory: "/context"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section manages updates for Python packages listed in 'requirements.txt'.
+  # Checks are performed weekly on Fridays at 13:00 UTC.
+  # Commit messages will be prefixed with 'chore' to indicate maintenance updates.
+  # Pull requests for updates are assigned to 'sbaerlocher'.
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"
+
+  # This section manages updates for Python packages listed in 'ansible/requirements.txt'.
+  # Checks are conducted weekly on Fridays at 13:00 UTC.
+  # Commit messages will be prefixed with 'chore', signifying maintenance updates.
+  # Pull requests for updates are assigned to 'sbaerlocher'.
+  - package-ecosystem: "pip"
+    directory: "/.ansible"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+      time: "13:00"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    assignees:
+      - "sbaerlocher"

.github/workflows/publish.yml

@@ -3,7 +3,7 @@ name: Publish
 on:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   publish:
@@ -19,7 +19,6 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install tox
           pip install ansible-builder
 
       - name: Build EE with Docker

.gitignore

@@ -1,2 +1,2 @@
-.tox/*
 context/*
+!context/Dockerfile

bindep.txt

@@ -1,3 +1,3 @@
-kubernetes-client [platform:fedora]
-openshift-clients [platform:rhel-8]
-wget
+wget
+openssh-clients
+sshpass

context/Dockerfile

@@ -0,0 +1,88 @@
+ARG EE_BASE_IMAGE="rockylinux:9.3"
+ARG PYCMD="/usr/bin/python3"
+ARG PKGMGR_PRESERVE_CACHE=""
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=""
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS=""
+ARG ANSIBLE_INSTALL_REFS="ansible-core==2.15.8 ansible-runner==2.3.1"
+ARG PKGMGR="/usr/bin/dnf"
+
+# Base build stage
+FROM $EE_BASE_IMAGE as base
+USER root
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN $PYCMD -m ensurepip
+RUN $PYCMD -m pip install --no-cache-dir $ANSIBLE_INSTALL_REFS
+COPY _build/scripts/ /output/scripts/
+COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint
+
+# Galaxy build stage
+FROM base as galaxy
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN /output/scripts/check_galaxy
+COPY _build /build
+WORKDIR /build
+
+RUN ansible-galaxy role install $ANSIBLE_GALAXY_CLI_ROLE_OPTS -r requirements.yml --roles-path "/usr/share/ansible/roles"
+RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"
+
+# Builder build stage
+FROM base as builder
+WORKDIR /build
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml requirements-parser
+
+COPY --from=galaxy /usr/share/ansible /usr/share/ansible
+
+COPY _build/requirements.txt requirements.txt
+COPY _build/bindep.txt bindep.txt
+RUN $PYCMD /output/scripts/introspect.py introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
+RUN /output/scripts/assemble
+
+# Final build stage
+FROM base as final
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG ANSIBLE_INSTALL_REFS
+ARG PKGMGR
+
+RUN /output/scripts/check_ansible $PYCMD
+
+COPY --from=galaxy /usr/share/ansible /usr/share/ansible
+
+COPY --from=builder /output/ /output/
+RUN /output/scripts/install-from-bindep && rm -rf /output/wheels
+RUN chmod ug+rw /etc/passwd
+RUN mkdir -p /runner && chgrp 0 /runner && chmod -R ug+rwx /runner
+WORKDIR /runner
+RUN $PYCMD -m pip install --no-cache-dir 'dumb-init==1.2.5'
+RUN wget https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz -O - | tar -xz && mv linux-amd64/helm /usr/bin/helm && chmod +x /usr/bin/helm && rm -rf linux-amd64
+RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz -O - | tar -xz && mv kustomize /usr/bin/kustomize && chmod +x /usr/bin/kustomize
+RUN rm -rf /output
+LABEL ansible-execution-environment=true
+USER 1000
+ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"]
+CMD ["bash"]

execution-environment.yml

@@ -5,6 +5,10 @@ dependencies:
   galaxy: requirements.yml
   python: requirements.txt
   system: bindep.txt
+  ansible_core:
+    package_pip: ansible-core==2.15.8
+  ansible_runner:
+    package_pip: ansible-runner==2.3.1
 
 additional_build_steps:
   append_final:
@@ -13,4 +17,4 @@ additional_build_steps:
 
 images:
   base_image:
-    name: ghcr.io/ansible-community/community-ee-minimal:2.15.4-2
+    name: rockylinux:9.3

requirements.txt

@@ -1,3 +1,3 @@
-kubernetes>=12.0.0
-requests-oauthlib
-jsonpatch
+kubernetes==29.0.0
+requests-oauthlib==1.3.1
+jsonpatch==1.33