initial acm config

This commit is contained in:
2025-05-19 11:18:25 -05:00
parent caea2573e8
commit 631aa6f626
486 changed files with 106 additions and 11791 deletions

View File

@@ -0,0 +1,9 @@
---
version: 2
updates:
# Check for updates to GitHub Actions every week
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"

View File

@@ -0,0 +1,9 @@
[whitelist]
# As of v4, gitleaks only matches against filename, not path in the
# files directive. Leaving content for backwards compatibility.
files = [
"ansible/plugins/modules/*.py",
"ansible/tests/unit/test_*.py",
"ansible/tests/unit/*.yaml",
"ansible/tests/unit/v2/*.yaml",
]

View File

@@ -0,0 +1,6 @@
{
"default": true,
"MD003": false,
"MD013": false,
"MD033": false
}

View File

@@ -0,0 +1,17 @@
name: Ansible Lint # feel free to pick your own name
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
# Important: This sets up your GITHUB_WORKSPACE environment variable
- uses: actions/checkout@v4
- name: Lint Ansible Playbook
uses: ansible/ansible-lint-action@v6
# Let's point it to the path
with:
path: "ansible/"

View File

@@ -0,0 +1,49 @@
---
name: Verify json schema
on: [push, pull_request]
jobs:
jsonschema_tests:
name: Json Schema tests
strategy:
matrix:
python-version: [3.11]
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install check-jsonschema
- name: Install yq
uses: chrisdickinson/setup-yq@latest
with:
yq-version: v4.30.7
- name: Verify secrets json schema against templates
run: |
cp ./values-secret.yaml.template ./values-secret.yaml
check-jsonschema --fill-defaults --schemafile https://raw.githubusercontent.com/validatedpatterns/rhvp.cluster_utils/refs/heads/main/roles/vault_utils/values-secrets.v2.schema.json values-secret.yaml
rm -f ./values-secret.yaml
- name: Verify ClusterGroup values.schema.json against values-*yaml files
run: |
set -e; for i in values-hub.yaml values-group-one.yaml; do
echo "$i"
# disable shellcheck of single quotes in yq
# shellcheck disable=2016
yq eval-all '. as $item ireduce ({}; . * $item )' values-global.yaml "$i" > tmp.yaml
check-jsonschema --fill-defaults --schemafile https://raw.githubusercontent.com/validatedpatterns/clustergroup-chart/refs/heads/main/values.schema.json tmp.yaml
rm -f tmp.yaml
done

View File

@@ -0,0 +1,44 @@
---
name: Super linter
on: [push, pull_request]
jobs:
build:
# Name the Job
name: Super linter
# Set the agent to run on
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
################################
# Run Linter against code base #
################################
- name: Lint Code Base
uses: super-linter/super-linter/slim@v7
env:
VALIDATE_ALL_CODEBASE: true
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# These are the validation we disable atm
VALIDATE_ANSIBLE: false
VALIDATE_BASH: false
VALIDATE_CHECKOV: false
VALIDATE_JSCPD: false
VALIDATE_JSON_PRETTIER: false
VALIDATE_MARKDOWN_PRETTIER: false
VALIDATE_KUBERNETES_KUBECONFORM: false
VALIDATE_PYTHON_PYLINT: false
VALIDATE_SHELL_SHFMT: false
VALIDATE_YAML: false
VALIDATE_YAML_PRETTIER: false
# VALIDATE_DOCKERFILE_HADOLINT: false
# VALIDATE_MARKDOWN: false
# VALIDATE_NATURAL_LANGUAGE: false
# VALIDATE_TEKTON: false

View File

@@ -0,0 +1,23 @@
# This job requires a secret called DOCS_TOKEN which should be a PAT token
# that has the permissions described in:
# validatedpatterns/docs/.github/workflows/metadata-docs.yml@main
---
name: Update docs pattern metadata
on:
push:
paths:
- "pattern-metadata.yaml"
- ".github/workflows/update-metadata.yml"
jobs:
update-metadata:
uses: validatedpatterns/docs/.github/workflows/metadata-docs.yml@main
permissions: # Workflow-level permissions
contents: read # Required for "read-all"
packages: write # Allows writing to packages
id-token: write # Allows creating OpenID Connect (OIDC) tokens
secrets: inherit
# For testing you can point to a different branch in the docs repository
# with:
# DOCS_BRANCH: "main"