Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run compliance checks on Zuul (resolves #316) #362

Merged
merged 47 commits into from
Nov 30, 2023
Merged
Changes from 1 commit
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
7085207
Initial attempt at getting the compliance check to run via zuul
mbuechse Oct 16, 2023
ce3330b
restructured to have secrets in a separate file
mbuechse Oct 16, 2023
8ac8ca4
Simplify structure, pacify ansible-lint
mbuechse Oct 17, 2023
d299bc9
Make sure pip is available
mbuechse Oct 19, 2023
829ebd6
Bugfix: secret name must be unique
mbuechse Oct 19, 2023
32ca527
Bugfix: fix relative path after 88b9fe3
mbuechse Oct 20, 2023
10429f3
Bugfix: fixed parsing of args and determining of search path
mbuechse Oct 26, 2023
95bd73f
In spite of the fix in 040bc8e, use workaround when calling the check…
mbuechse Oct 26, 2023
87aa2f3
Allow restricting check tools according to resource classification
mbuechse Nov 7, 2023
25eb291
Master check tool doesn't fiddle with the environment
mbuechse Nov 9, 2023
6b8fd3b
Reverse order in scs-compatible-iaas.yaml, add new, still-unstable ve…
mbuechse Nov 10, 2023
b1fac89
Check all valid and upcoming versions if no version is forced
mbuechse Nov 10, 2023
86ae499
Addendum to previous commit: delete extraneous code etc.
mbuechse Nov 10, 2023
6ebed14
result.yaml more detailed, option to only return critical errors (whi…
mbuechse Nov 10, 2023
a9c85f7
Adjust compliance check cmd; will need to add artifact upload?
mbuechse Nov 10, 2023
c2fd052
Notify zuul of artifact
mbuechse Nov 10, 2023
945256e
Move check to high-frequency pipeline for debugging purposes
mbuechse Nov 14, 2023
e2d92ee
Changed pipeline yet again
mbuechse Nov 14, 2023
4167a5e
Reencrypted application credentials
mbuechse Nov 14, 2023
4b952ef
Bugfix: quote braces that start a value
mbuechse Nov 14, 2023
651677a
Bugfix: fix path to artifact
mbuechse Nov 15, 2023
6c0ef20
Yet another bugfix: artifact URL still didn't work
mbuechse Nov 15, 2023
45f6e31
Bugfix: check tool should output critical line for critical failures
mbuechse Nov 15, 2023
008a736
Refactoring: various simplifications
mbuechse Nov 15, 2023
02a56cc
Yet another bugfix related to working dir
mbuechse Nov 15, 2023
a5eaddf
Reincorporate debug output
mbuechse Nov 15, 2023
a45acc6
Debug: remove -q
mbuechse Nov 15, 2023
eb9badf
Bugfix: SystemExit is not critical
mbuechse Nov 15, 2023
b1e8f10
Add task to copy artifact back
mbuechse Nov 15, 2023
9e29bba
Added more cloud environments
mbuechse Nov 15, 2023
4d5bfc1
Bugfix: missing auth_type
mbuechse Nov 15, 2023
5949228
Copying didn't work; try synchronize
mbuechse Nov 15, 2023
2ba3fde
Fix typo
mbuechse Nov 15, 2023
c759d26
Move compliance checks to daily, except for gx-scs for further debugging
mbuechse Nov 16, 2023
fb48cc7
Improved report format
mbuechse Nov 16, 2023
19b3691
Yet another slight improvement of the report format
mbuechse Nov 16, 2023
5ee1ee9
Make number of ERROR lines match return code
mbuechse Nov 16, 2023
c1145d5
Remove comment
mbuechse Nov 16, 2023
aadd99f
Refactoring: improve check_keywords
mbuechse Nov 16, 2023
105ce0d
Bugfix and documentation around run_check_tool in case of http url
mbuechse Nov 16, 2023
9e720e6
Add Regiocloud RegionA
mbuechse Nov 17, 2023
778c8fc
Fix missing quote marks, thanks @chess-knight for spotting
mbuechse Nov 20, 2023
198e2d5
Changed pipeline because `post-review: true` is needed
mbuechse Nov 20, 2023
31fa7cd
Comply with secret naming convention, use document start marker; than…
mbuechse Nov 29, 2023
55d97a4
Add even more document start markers
mbuechse Nov 29, 2023
b07d33e
Fix changed_when, thanks @berendt
mbuechse Nov 29, 2023
19cb0bc
Address ansible-lint recommendations
mbuechse Nov 30, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
restructured to have secrets in a separate file
Signed-off-by: Matthias Büchse <[email protected]>
mbuechse committed Nov 30, 2023

Unverified

No user is associated with the committer email.
commit ce3330b83a1e91385c86a21fc17f5c05d58763fd
14 changes: 14 additions & 0 deletions .zuul.d/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
- project:
name: SovereignCloudStack/standards
default-branch: main
merge-mode: "squash-merge"
periodic-daily:
jobs:
- openstack-scs-compliance-check
- job:
name: openstack-scs-compliance-check
parent: base
secrets:
- name: clouds_conf
secret: app_credential_cloud_conf
run: playbooks/compliance-check/compliance-check.yaml
14 changes: 0 additions & 14 deletions zuul.yaml → .zuul.d/secure.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
- project:
name: SovereignCloudStack/standards
default-branch: main
merge-mode: "squash-merge"
periodic-daily:
jobs:
- openstack-scs-compliance-check
- secret:
name: app_credential_cloud_conf
data:
@@ -30,10 +23,3 @@
V75mtULNkNaVwBR8swkUNLht5VtgFBvXApDZxY3fPcoXeZyN2XzgWhk4zMfU2K3QENx/r
5TpPJ8rcJ+j6XlXD8nk8maCGZ2bsuuqk0km0QRXKsVjYmyyt6hVtybCQE8vLxiGihJ7Gq
MM7K4PIu2+2+EueiW+VAj8laeIfCkr/jBWtEkLfePMjYKtJyPsn3kg/MjbDBLs=
- job:
name: openstack-scs-compliance-check
parent: base
secrets:
- name: clouds_conf
secret: app_credential_cloud_conf
run: playbooks/compliance-check/compliance-check.yaml