From 7d1b35f8365475e319c111f80e0b496615ce7a4c Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 19:31:28 +0200 Subject: [PATCH 1/8] feat: Improve Ansible/Jinja2 validation Use a variable to set the minimum version of Ansible and Jinja2 allowed --- tasks/validate/validate.yml | 6 ++++-- vars/main.yml | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tasks/validate/validate.yml b/tasks/validate/validate.yml index 2571cd4c2..7205f7357 100644 --- a/tasks/validate/validate.yml +++ b/tasks/validate/validate.yml @@ -1,7 +1,9 @@ --- - name: Verify you are using a supported Ansible version on your Ansible host ansible.builtin.assert: - that: ansible_version['full'] is version('2.16', '>=') + that: + - ansible_version['full'] is version(nginx_ansible_version, '>=') + - ansible_version['full'] is version('2.18', '<') success_msg: Ansible {{ ansible_version['full'] }} is supported. fail_msg: Ansible {{ ansible_version['full'] }} has reached End of Life (EoL). Please upgrade to a supported Ansible release. Check the README for more details. delegate_to: localhost @@ -16,7 +18,7 @@ - name: Verify that you are using a supported Jinja2 version on your Ansible host ansible.builtin.assert: - that: (jinja2_version['stdout'] | regex_search('jinja version = ([\\d.]+)', '\\1') | first) is version('3.1', '>=') + that: (jinja2_version['stdout'] | regex_search('jinja version = ([\\d.]+)', '\\1') | first) is version(nginx_jinja2_version, '>=') success_msg: Jinja2 {{ jinja2_version['stdout'] | regex_search('jinja version = ([\d.]+)', '\1') | first }} is supported. fail_msg: Jinja2 {{ jinja2_version['stdout'] | regex_search('jinja version = ([\d.]+)', '\1') | first }} is not supported. Please upgrade to Jinja2 3.1. Check the README for more details. delegate_to: localhost diff --git a/vars/main.yml b/vars/main.yml index dc9b2633c..b457ed7ab 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,4 +1,8 @@ --- +# Set the minimum version required for Ansible and Jinja2 +nginx_ansible_version: 2.16 +nginx_jinja2_version: 3.1 + # Set the values allowed for various variables nginx_setup_vars: [install, uninstall, upgrade] From 58749d8814a14fca7e74e1574e74c8c4d2d46d23 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 20:49:03 +0200 Subject: [PATCH 2/8] Update release.yml --- .github/workflows/release.yml | 38 +++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6eea2a3d1..60d5dcfd8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,20 +1,20 @@ --- - name: Release Drafter - on: - push: - branches: [main] - pull_request_target: - types: [opened, reopened, synchronize] - permissions: read-all - jobs: - release-draft: - name: Update release draft - runs-on: ubuntu-24.04 - permissions: - contents: write - pull-requests: write - steps: - - name: Run release drafter - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +name: Release Drafter +on: + push: + branches: [main] + pull_request_target: + types: [opened, reopened, synchronize] +permissions: read-all +jobs: + release-draft: + name: Update release draft + runs-on: ubuntu-24.04 + permissions: + contents: write + pull-requests: write + steps: + - name: Run release drafter + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From b953dffa8ad6b2c3d79332f7ba58d70ad25152c8 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:09:04 +0200 Subject: [PATCH 3/8] updates --- CHANGELOG.md | 1 + README.md | 2 ++ tasks/validate/validate.yml | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 891f7139b..898a2451f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ FEATURES: - Add support for installing NGINX Open Source on Alpine Linux 3.20. - Add support for installing NGINX Agent on Ubuntu noble. - Add validation tasks to check the Ansible version, the Jinja2 version, and whether the required Ansible collections for this role are installed. +- Bump the minimum version of Ansible supported to `2.16`, whilst clarifying that Ansible `2.18` is not supported at this stage. - Bump the Ansible `community.general` collection to `9.2.0`, `community.crypto` collection to `2.21.1` and `community.docker` collection to `3.11.0`. DOCUMENTATION: diff --git a/README.md b/README.md index 735e1cd10..422d9907a 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,8 @@ This will also ensure you are deploying/running this role with a fully tested ve #### Ansible core - This role is developed and tested with [maintained](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) versions of Ansible core and Python. + + ***Note:** Ansible `2.18` does no longer support the `yum` module and as such, is not supported by this role until Amazon Linux 2 reaches EoL.* - When using Ansible core, you will also need to install the following Ansible collections: ```yaml diff --git a/tasks/validate/validate.yml b/tasks/validate/validate.yml index 7205f7357..6a060af6f 100644 --- a/tasks/validate/validate.yml +++ b/tasks/validate/validate.yml @@ -5,7 +5,7 @@ - ansible_version['full'] is version(nginx_ansible_version, '>=') - ansible_version['full'] is version('2.18', '<') success_msg: Ansible {{ ansible_version['full'] }} is supported. - fail_msg: Ansible {{ ansible_version['full'] }} has reached End of Life (EoL). Please upgrade to a supported Ansible release. Check the README for more details. + fail_msg: ({{ ansible_version['full'] is version('2.18', '>=') }} | ternary('Ansible {{ ansible_version['full'] }} is not yet supported. Please downgrade to a supported Ansible release', 'Ansible {{ ansible_version['full'] }} has reached End of Life (EoL). Please upgrade to a supported Ansible release.') Check the README for more details. delegate_to: localhost ignore_errors: true # noqa ignore-errors From ec6dbfbc88fc65a77469983cbd294ff89382abb3 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:10:30 +0200 Subject: [PATCH 4/8] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 898a2451f..c5bcddea1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ CI/CD: - Update GitHub Actions to Ubuntu 24.04. - Switch GitHub Actions from using tags to release hashes. - Remove commented out Molecule platforms and GitHub Actions QEMU step for the time being. These changes will be reverted if multi-arch testing can be reinstated in GitHub Actions. +- Bump the minimum version of Ansible supported to `2.16` on Ansible Galaxy. - Remove platform metadata from the Ansible Galaxy role metadata since platforms are no longer supported in Ansible Galaxy NG. - Implement OSSF Scorecard. From c72d162135b169a528b908a0dbb09c3bc3b92ff4 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:11:12 +0200 Subject: [PATCH 5/8] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5bcddea1..fb4aa1dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ CI/CD: - Update GitHub Actions to Ubuntu 24.04. - Switch GitHub Actions from using tags to release hashes. - Remove commented out Molecule platforms and GitHub Actions QEMU step for the time being. These changes will be reverted if multi-arch testing can be reinstated in GitHub Actions. -- Bump the minimum version of Ansible supported to `2.16` on Ansible Galaxy. +- Bump the minimum version of Ansible supported on Ansible Galaxy to `2.16`. - Remove platform metadata from the Ansible Galaxy role metadata since platforms are no longer supported in Ansible Galaxy NG. - Implement OSSF Scorecard. From 4c1981e29f4636ae9a711fbeddb6089d97ca092c Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:45:54 +0200 Subject: [PATCH 6/8] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 431633b62..cba1bc537 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -21,7 +21,7 @@ Follow this project's [Installation Guide](/README.md#Installation) to install A ### Project Structure -- The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Agent and NGINX Amplify. +- The NGINX Ansible role is written in [`yaml`](https://yaml.org) and supports NGINX Open Source, NGINX Plus, NGINX Agent and NGINX Amplify. - The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html): - The main "codebase" is found in the [`tasks/`](/tasks/) directory. - Variables can be found in [`defaults/main/`](/defaults/main/). The filenames in this directory highlight which variables are contained in each file. From a69a7502413cad41f7fee91de766ce43c8b16841 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:46:54 +0200 Subject: [PATCH 7/8] Update f5-cla.yml --- .github/workflows/f5-cla.yml | 78 ++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml index 643853c42..df37a618f 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5-cla.yml @@ -1,40 +1,40 @@ --- - name: F5 CLA - on: - issue_comment: - types: [created] - pull_request_target: - types: [opened, closed, synchronize] - permissions: read-all - jobs: - f5-cla: - name: F5 CLA - runs-on: ubuntu-24.04 - permissions: - actions: write - pull-requests: write - statuses: write - steps: - - name: Run F5 Contributor License Agreement (CLA) assistant - if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@9340315624c6e16cef1f2c63bdeb0f0c49c6f474 # v2.4.0 - with: - # Any pull request targeting the following branch will trigger a CLA check. - branch: main - # Path to the CLA document. - path-to-document: https://github.com/f5/.github/blob/main/CLA/cla-markdown.md - # Custom CLA messages. - custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:' - custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' - custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' - # Remote repository storing CLA signatures. - remote-organization-name: f5 - remote-repository-name: f5-cla-data - path-to-signatures: signatures/signatures.json - # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. - allowlist: alessfg, oxpa, bot* - # Do not lock PRs after a merge. - lock-pullrequest-aftermerge: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} +name: F5 CLA +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: read-all +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-24.04 + permissions: + actions: write + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@9340315624c6e16cef1f2c63bdeb0f0c49c6f474 # v2.4.0 + with: + # Any pull request targeting the following branch will trigger a CLA check. + branch: main + # Path to the CLA document. + path-to-document: https://github.com/f5/.github/blob/main/CLA/cla-markdown.md + # Custom CLA messages. + custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:' + custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' + custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' + # Remote repository storing CLA signatures. + remote-organization-name: f5 + remote-repository-name: f5-cla-data + path-to-signatures: signatures/signatures.json + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + allowlist: alessfg, oxpa, bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} From 48f4fb86784af4f4fdac852a02551393057f4d53 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sun, 28 Jul 2024 21:47:52 +0200 Subject: [PATCH 8/8] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb4aa1dd1..f6b843913 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -64,7 +64,7 @@ CI/CD: - Add Molecule tests for NGINX Amplify. - Update the RHEL based tests to use the latest UBI release. - Use the local role name (`ansible-role-nginx`) instead of the fully qualified role name (`nginxinc.nginx`) in Molecule to ensure tests always work as intended in environments where the role has been already installed beforehand. -- Implement F5 CLA signatures. +- Implement F5 CLA. - Hardcode version of Python requests module given its propensity to break the Docker Python SDK. ## 0.24.2 (October 3rd, 2023)