From 3afe587964e2fff454f47938cf562b6e950156f7 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 08:52:55 +0100 Subject: [PATCH 1/6] Remove the gitleaks Too often I'm seeing error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. which is a PITA. We're supposed to use rh-pre-commit, which utilizes gitleaks. https://gitlab.corp.redhat.com/infosec-public/developer-workbench/tools/-/tree/main/rh-pre-commit (I initially added this gitleaks because I didn't understand how the rh-pre-commit works) --- .pre-commit-config.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3671ede..95c5839 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -32,13 +32,6 @@ repos: rev: v0.9.0.6 hooks: - id: shellcheck - - repo: https://github.com/gitleaks/gitleaks - rev: v8.18.0 - hooks: - - id: gitleaks - # The hook runs 'gitleaks protect --staged' which parses output of - # 'git diff --staged', i.e. always passes in pre-push/manual stage. - stages: [commit] ci: # The project is too huge for pre-commit.ci From dbb8290f77b7b04ad569d2958fc7225a2d58eed3 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 09:03:39 +0100 Subject: [PATCH 2/6] Pre-commit.ci: autoupdate monthly The deafult (weekly) is too spammy :) --- .pre-commit-config.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 95c5839..c88775a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,5 @@ # HOWTO: https://pre-commit.com/#usage -# pip3 install pre-commit +# dnf install pre-commit # pre-commit install repos: @@ -20,12 +20,12 @@ repos: args: - --allow-missing-credentials - repo: https://github.com/ansible/ansible-lint.git - rev: v6.20.3 + rev: v6.22.1 hooks: - id: ansible-lint files: \.(yaml|yml)$ - repo: https://github.com/psf/black - rev: 23.9.1 + rev: 23.12.0 hooks: - id: black - repo: https://github.com/shellcheck-py/shellcheck-py @@ -36,3 +36,4 @@ repos: ci: # The project is too huge for pre-commit.ci skip: [ansible-lint] + autoupdate_schedule: monthly From bd9231db6254f37993779e7f5783ff6f11c1023c Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 08:46:49 +0100 Subject: [PATCH 3/6] Use crb script to enable CRB repo It installs config-manager as a weak dependency. https://src.fedoraproject.org/rpms/epel-release/c/3750a54112b5c8ebaf71e1ffc716fa8c6f79fc1c https://src.fedoraproject.org/rpms/epel-release/c/a70326a2769c012b456f436967e2de3de4fbf255 --- containers/Containerfile.c9s | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/Containerfile.c9s b/containers/Containerfile.c9s index 9eb206d..09eb3f2 100644 --- a/containers/Containerfile.c9s +++ b/containers/Containerfile.c9s @@ -6,8 +6,8 @@ FROM quay.io/centos/centos:stream9 ENV ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \ ANSIBLE_STDOUT_CALLBACK=debug -RUN dnf install -y epel-release 'dnf-command(config-manager)' && \ - dnf config-manager --set-enabled crb && \ +RUN dnf -y install epel-release && \ + crb enable && \ dnf module enable postgresql -y && \ dnf update -y && \ dnf install -y ansible python3-pip && \ From 3cff18a16fad497a247df507123e81903149051a Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 08:55:57 +0100 Subject: [PATCH 4/6] dnf update is a deprecated alias to upgrade and -y is a general option, not option of the subcommands. https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label --- containers/Containerfile.c9s | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/Containerfile.c9s b/containers/Containerfile.c9s index 09eb3f2..93a7eeb 100644 --- a/containers/Containerfile.c9s +++ b/containers/Containerfile.c9s @@ -9,6 +9,6 @@ ENV ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \ RUN dnf -y install epel-release && \ crb enable && \ dnf module enable postgresql -y && \ - dnf update -y && \ - dnf install -y ansible python3-pip && \ + dnf -y upgrade && \ + dnf -y install ansible python3-pip && \ dnf clean all From 4960434f75dc9216d017a2558ddd39ca487a26d6 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 08:59:15 +0100 Subject: [PATCH 5/6] Explicitly enable postgresql:15 module Fixes: Argument 'postgresql' matches 2 streams ('15', '16') of module 'postgresql', but none of the streams are enabled or default Unable to resolve argument postgresql --- containers/Containerfile.c9s | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/Containerfile.c9s b/containers/Containerfile.c9s index 93a7eeb..b1c4b57 100644 --- a/containers/Containerfile.c9s +++ b/containers/Containerfile.c9s @@ -8,7 +8,7 @@ ENV ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \ RUN dnf -y install epel-release && \ crb enable && \ - dnf module enable postgresql -y && \ + dnf -y module enable postgresql:15 && \ dnf -y upgrade && \ dnf -y install ansible python3-pip && \ dnf clean all From addb92c7fbdb7ca85e85f22aa2792619cd35b1a2 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Tue, 12 Dec 2023 09:09:04 +0100 Subject: [PATCH 6/6] Remove unused Fedora:37 based base image F37 is EOL anyway --- .github/workflows/base-image-rebuild.yml | 3 --- containers/Containerfile.fedora | 13 ------------- 2 files changed, 16 deletions(-) delete mode 100644 containers/Containerfile.fedora diff --git a/.github/workflows/base-image-rebuild.yml b/.github/workflows/base-image-rebuild.yml index c798682..2d2b766 100644 --- a/.github/workflows/base-image-rebuild.yml +++ b/.github/workflows/base-image-rebuild.yml @@ -8,7 +8,6 @@ on: branches: - main paths: - - containers/Containerfile.fedora - containers/Containerfile.c9s jobs: @@ -21,8 +20,6 @@ jobs: strategy: matrix: include: - - containerfile: containers/Containerfile.fedora - tags: "fedora" - containerfile: containers/Containerfile.c9s tags: "c9s latest" diff --git a/containers/Containerfile.fedora b/containers/Containerfile.fedora deleted file mode 100644 index ec6164c..0000000 --- a/containers/Containerfile.fedora +++ /dev/null @@ -1,13 +0,0 @@ -# Be aware that this image is used for all stages, so if a dependency is removed be sure that it is -# not required in anywhere - -FROM fedora:37 - -ENV ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \ - ANSIBLE_STDOUT_CALLBACK=debug - -RUN dnf update -y \ - && dnf install -y \ - ansible \ - python3-pip \ - && dnf clean all