Add a basic test for mosquitto kustomization

.github/workflows/kustomization-tests.yml

@@ -0,0 +1,44 @@
+---
+name: Run Kustomization Tests
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/kustomization-tests.yml
+      - ansible/playbooks/kustomization_test.yml
+      - ansible/roles/minikube_test/**
+      - kustomization/tests/**
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/workflows/kustomization-tests.yml
+      - ansible/playbooks/kustomization_test.yml
+      - ansible/roles/minikube_test/**
+      - kustomization/tests/**
+
+jobs:
+  build-container:
+    env:
+      EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }}
+      EARTHLY_ORG: marinatedconcrete
+      EARTHLY_SATELLITE: config-repo
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: earthly/actions-setup@v1.0.8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # renovate: datasource=docker depName=earthly/earthly
+          version: "v0.7.21"
+      - uses: actions/checkout@v4.1.1
+
+      - name: Build Image
+        env:
+          EARTHLY_CI: true
+        run: earthly --allow-privileged +kustomization-tests

Earthfile

@@ -1,14 +1,80 @@
 VERSION 0.7
 FROM alpine
 
-kustomize-build:
-    # renovate: datasource=docker depName=registry.k8s.io/kustomize/kustomize versioning=docker
+#
+# Dependency Targets
+#
+
+kubectl:
+    # renovate: datasource=github-releases depName=kubernetes/kubernetes
+    ARG KUBERNETES_VERSION=v1.28.3
+    ARG TARGETARCH
+    ARG TARGETOS
+    WORKDIR ~
+    RUN wget -O kubectl https://dl.k8s.io/release/$KUBERNETES_VERSION/bin/$TARGETOS/$TARGETARCH/kubectl
+    RUN chmod +x kubectl
+    SAVE ARTIFACT kubectl /binary
+
+kustomize:
+    # renovate: datasource=github-releases depName=kustomize/kustomize
     ARG KUSTOMIZE_VERSION=v5.2.1
-    FROM registry.k8s.io/kustomize/kustomize:$KUSTOMIZE_VERSION
+    ARG TARGETARCH
+    ARG TARGETOS
+    WORKDIR ~
+    RUN wget -O kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/$KUSTOMIZE_VERSION/kustomize_"$KUSTOMIZE_VERSION"_"$TARGETOS"_"$TARGETARCH".tar.gz
+    RUN tar -xf kustomize.tar.gz
+    SAVE ARTIFACT kustomize /binary
+
+minikube:
+    # renovate: datasource=github-releases depName=kubernetes/minikube
+    ARG MINIKUBE_VERSION=v1.32.0
+    ARG TARGETARCH
+    ARG TARGETOS
+    WORKDIR ~
+    RUN wget -O minikube https://github.com/kubernetes/minikube/releases/download/$MINIKUBE_VERSION/minikube-$TARGETOS-$TARGETARCH
+    RUN chmod +x minikube
+    SAVE ARTIFACT minikube /binary
+
+#
+# Working Images
+#
+
+kustomization-tests-image:
+    FROM ./ansible/+ansible
+
+    # renovate: datasource=pypi depName=kubernetes
+    ARG PYKUBERNETES_VERSION=28.1.0
+    RUN python3 -m pip install kubernetes==$PYKUBERNETES_VERSION
+
+    COPY +kubectl/binary /usr/local/bin/kubectl
+    COPY +kustomize/binary /usr/local/bin/kustomize
+    COPY +minikube/binary /usr/local/bin/minikube
+
+    WORKDIR workdir
+
+#
+# Workflows
+#
+
+kustomize-build:
+    COPY +kustomize/binary /usr/local/bin/kustomize
     COPY kustomization kustomization
-    RUN ls
     RUN find kustomization/components/ -mindepth 1 -maxdepth 1 -type d -print | xargs -r -n1 kustomize build > /dev/null
 
+kustomization-tests:
+    FROM +kustomization-tests-image
+    # Install marinatedconcrete.config collection
+    COPY ansible ansible
+    RUN ansible-galaxy collection install --no-cache ansible
+
+    # Copy Kustomizations and Run Tests
+    COPY kustomization kustomization
+    WITH DOCKER
+        RUN find kustomization/tests -mindepth 1 -maxdepth 1 -type d -print | \
+            awk '{print "test_dir="$1}' | \
+            xargs -r -n1 ansible-playbook marinatedconcrete.config.kustomization_test -e
+    END
+
 renovate-validate:
     # renovate: datasource=docker depName=renovate/renovate versioning=docker
     ARG RENOVATE_VERSION=37

ansible/Earthfile

@@ -1,13 +1,13 @@
 VERSION 0.7
 # renovate: datasource=docker depName=python
-ARG PYTHON_TAG=3.12-alpine
-FROM python:$PYTHON_TAG
+ARG PYTHON_VERSION=3.12.0-bullseye
+FROM python:$PYTHON_VERSION
 
 WORKDIR /ansible
 
 # Linux image with Python + ansible installed
 ansible:
-  # renovate: datasource=pip depName=ansible
+  # renovate: datasource=pypi depName=ansible
   ARG ANSIBLE_VERSION=8.4.0
   RUN pip install ansible==$ANSIBLE_VERSION
 

ansible/galaxy.yml

@@ -26,7 +26,8 @@ tags:
 # collection label 'namespace.name'. The value is a version range
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
-dependencies: {}
+dependencies:
+  "kubernetes.core": ">=2.0.0"
 
 # The URL of the originating SCM repository
 repository: https://github.com/marinatedconcrete/config

ansible/playbooks/kustomization_test.yml

@@ -0,0 +1,6 @@
+---
+- force_handlers: yes
+  gather_facts: no
+  hosts: localhost
+  roles:
+    - role: minikube_test

ansible/roles/minikube_test/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+# defaults file for minikube_test
+
+# renovate: datasource=github-releases depName=kubernetes/kubernetes
+kubernetes_version: v1.28.3
+
+# The number of nodes needed for the test.
+minikube_nodes: 1
+
+# The directory to pass to kustomize for the test.
+kustomization_dir: "{{ test_dir }}"
+
+# The name of the test.
+test_name: "{{ kustomization_dir.split('/')[-1] }}"

ansible/roles/minikube_test/handlers/main.yml

@@ -0,0 +1,17 @@
+---
+# handlers file for minikube_test
+- name: Stop minikube
+  ansible.builtin.command:
+    argv:
+      - minikube
+      - stop
+      - "--profile={{ test_name }}"
+  listen: stop minikube
+  notify: delete minikube
+- name: Delete minikube
+  ansible.builtin.command:
+    argv:
+      - minikube
+      - delete
+      - "--profile={{ test_name }}"
+  listen: delete minikube

ansible/roles/minikube_test/meta/main.yml

@@ -0,0 +1,8 @@
+---
+galaxy_info:
+  author: sdwilsh
+  description: Role to run tests of kustomizations against minikube.
+  license: BSD-3-Clause
+  min_ansible_version: 2.1
+  galaxy_tags: []
+dependencies: []

ansible/roles/minikube_test/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# tasks file for minikube_test
+- name: Start minikube
+  ansible.builtin.command:
+    argv:
+      - minikube
+      - start
+      - --interactive=false
+      - "--profile={{ test_name }}"
+      - "--kubernetes-version={{ kubernetes_version }}"
+      - --force
+  notify: stop minikube
+- name: Apply kustomization
+  kubernetes.core.k8s:
+    apply: yes
+    context: "{{ test_name }}"
+    definition: "{{ lookup('kubernetes.core.kustomize', dir=test_dir) }}"

ansible/roles/minikube_test/vars/main.yml

@@ -0,0 +1,5 @@
+---
+# vars file for minikube_test
+
+# The kustomization directory to apply for the test.
+test_dir:

kustomization/tests/mosquitto/kustomization.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+components:
+  - ../../components/mosquitto
+namespace: mosquitto-test
+resources:
+  - namespace.yml
+  - secret.yml

kustomization/tests/mosquitto/namespace.yml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce-version: latest
+  name: mosquitto-test

kustomization/tests/mosquitto/secret.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mosquitto-password-conf-secret
+stringData:
+  someuser: super-secure-unhashed-password