-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(.github/workflows): update all the workflows #610
Conversation
for reference: #421
c54fd18
to
bcba6ac
Compare
maybe as we are on this topic also unify python versions used. In some workflows python 3.9 is used, in some python 3.12 |
Right. We will soon move to the latest version also in the GitHub actions of the remaining roles, now that we know that it is working for the collection and for the role sap_vm_preconfigure. |
@Wabri Thank you |
I can also create a reusable workflow in order to simplify the maintainability of the workflows, so that in case of python or ansible updates we only modify in one place. This is the doc: |
@Wabri - Feel free to share your proposal. If you also could incorporate the updated versions for One problem with the role level workflows we discovered recently was that some of the We also need to discuss (and decide on) the |
I've create the reusable workflow, with this method maintaining the workflows will be better! ps: the actions are failing because the job ansible-lint call a reusable in the main, but at this moment that workflow doesn't exists for now => |
@Wabri thank you for the improvement. I love the reusable approach. |
I like the current path, but we should really lock down exactly what versions of Python, Ansible Core, Ansible Lint and explicitly handle the dependencies (instead of installing Ansible Community Edition)? I would suggest:
N.B. It is relatively redundant to install Ansible Community Edition with I like the proposed method, using a locked Python, Ansible Core, Ansible Lint combination during the GH Action and specifically append any dependencies:
Fixing this GH Action has been a long-time tech debt imho, and is why I suggested #420 to version lock us to a specific Ansible Core + compatible Ansible Lint version - by using the GitHub Action I'm good to close the referenced GH Issue, if this PR is merged. They achieve the same outcome (version lock on everything) via different methods, the method proposed in this PR keeps us fully in control. |
to reduce the maintaining as I proposed we should enable the renovate bot to automatically create pr's if a new version of the used actions are available as well the python modules like ansible |
@sean-freeman I added the Closes #420 to the description in order to close when the PR is merged. @rainerleber I read something in the docs, but do you have any idea to implement that workflow? do you think adding this: - name: Renovate Bot GitHub Action
uses: renovatebot/[email protected] will be enough? I saw in the ansible section that there is a default configuration https://docs.renovatebot.com/modules/manager/ansible/ and it works also in our case! |
we should more likely add it from the marketplace then we don't need it to integrate it as a workflow and the renovate will run continuous in the background |
@rainerleber Do we want renovatebot? In my experience |
The RenovateBot only creates a pr to suggest a new version of the used actions. After the pr is created the actions will run with the new proposed version only in the pr and we are able to decide if we want to merge. It could make our live easier i think |
In order to use the RenovateBot we need to choose between run the instance of Renovate in a self-hosting env or subscribe to the mend.io and let them take care of the hosting (https://github.com/marketplace/renovate) |
@Wabri No funds for subscribing to mend, and I have no desire to create self-hosted GH Actions - appends immediate effort we don't have time for and long-term maintenance (security patches, audits and compliance etc). I suggest continuing without RenovateBot and re-visit the topic in 12 months. |
Mendi subscription is free of charge “ This app is free to install for both public and private repositories. Service is provided complimentary of Mend (formerly known as WhiteSource) and no paid plan is required.” |
Yes, it's free of charge, but I don't know if we have some kind of policy about subscription. |
I suggest the following to proceed with this PR:
@sean-freeman Advantage over using the suggested versions in #610 (comment): When using later versions now, we could maybe extend the time between this version bump and the next one. Remember: These packages are only used for these Once this is done, we can merge this PR so the future GitHub actions will use these versions, and we have just one file where we maintain them.
|
@berndfinger done the changes you requested About the new pr with the proposal, should we open a new issue? or is better a new idea thread on the discussion board? |
Great, thanks!
Yes, good idea to continue the discussion of the dependency/renovate bots in the discussion section. We probably can use the already existing thread #421 for this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
with: | ||
python-version: '3.12' | ||
|
||
- name: Install test dependencies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use the versions of [this task](https://github.com/sap-linuxlab/community.sap_install/blob/5ee5cbe030ad152edfe96567155812f9abcdc25f/.github/workflows/ansible-lint.yml#L26)
until the end of the 2024 or until there is a major new ansible-lint
requirement for Ansible-Galaxy or Automation Hub before that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we open a new issue or discussion to have a memo about this?
@Wabri - Can you please bump the versions for the two affected packages again? P.S. I am not saying that we shouldn't do a version bump if |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
for reference: #421
Closes #420