From e28722700dbb8ecb1a6735d20a5a9ef6bcab43ae Mon Sep 17 00:00:00 2001 From: mjohns91 Date: Tue, 17 Mar 2026 14:55:18 -0400 Subject: [PATCH 1/5] Simplify CI.md to match kubernetes.core format Updated CI documentation to align with kubernetes.core collection style: - Improved formatting and structure for better readability - Added detailed Python version compatibility table by ansible-core version - Clarified workflow descriptions and added links to workflow files - Added note about integration test AWS infrastructure requirements --- CI.md | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/CI.md b/CI.md index d35d663..fb23ff1 100644 --- a/CI.md +++ b/CI.md @@ -1,12 +1,30 @@ -# CI +# Continuous Integration (CI) -## cloud.aws_troubleshooting Collection +## AWS Troubleshooting Collection Testing -GitHub Actions are used to run the Continuous Integration for redhat-cop/cloud.aws_troubleshooting collection. The workflows used for the CI can be found [here](https://github.com/redhat-cop/cloud.aws_troubleshooting/tree/main/.github/workflows). These workflows include jobs to run the integration tests, sanity tests, linters, and changelog check. The following table lists the python and ansible versions against which these jobs are run. +GitHub Actions are used to run the CI for the cloud.aws_troubleshooting collection. The workflows used for the CI can be found in the [.github/workflows](.github/workflows) directory. -| Jobs | Description | Python Versions | Ansible Versions | -| ------ |-------| ------ | -----------| -| changelog |Checks for the presence of Changelog fragments | 3.9 | devel | -| Linters | Runs `ansible-lint`, `black`, `flake8`, and `isort` on plugins and tests | 3.9 | devel | -| Sanity | Runs ansible sanity checks | 3.9, 3.10, 3.11, 3.12 | Stable-2.14 (not on py3.12), 2.15 (not on py3.12), 2.16 (not on py 3.9), Milestone, Devel | -| Integration tests | Executes the integration test suites| 3.12 | Milestone | +### PR Testing Workflows + +The following tests run on every pull request: + +| Job | Description | Python Versions | ansible-core Versions | +| --- | ----------- | --------------- | --------------------- | +| [Changelog](.github/workflows/changelog.yaml) | Checks for the presence of changelog fragments | 3.12 | devel | +| [Linters](.github/workflows/linters.yaml) | Runs `black`, `flake8`, `isort`, and `ansible-lint` on plugins and tests | 3.10 | devel | +| [Sanity](.github/workflows/sanity.yaml) | Runs ansible sanity checks | See compatibility table below | devel, stable-2.17, stable-2.18, stable-2.19, stable-2.20 | +| [Integration](.github/workflows/integration.yaml) | Executes integration test suites on AWS (split across 2 jobs, requires "safe to test" label) | 3.12 | milestone | + +**Note:** Integration tests run on real AWS infrastructure and require the "safe to test" label on pull requests to prevent unauthorized AWS resource creation. + +### Python Version Compatibility by ansible-core Version + +These are outlined in the collection's [tox.ini](tox.ini) file (`envlist`) and GitHub Actions workflow exclusions. + +| ansible-core Version | Sanity Tests | +| -------------------- | ------------ | +| devel | 3.12, 3.13, 3.14 | +| stable-2.20 | 3.12, 3.13, 3.14 | +| stable-2.19 | 3.11, 3.12, 3.13 | +| stable-2.18 | 3.11, 3.12, 3.13 | +| stable-2.17 | 3.10, 3.11, 3.12 | From 35ed862acc95b9967620eef4a9a60a78e7ee4ee1 Mon Sep 17 00:00:00 2001 From: Matthew Johnson <90540643+mjohns91@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:23:15 -0400 Subject: [PATCH 2/5] Apply suggestion from @alinabuzachis Co-authored-by: Alina Buzachis --- CI.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CI.md b/CI.md index fb23ff1..29dc893 100644 --- a/CI.md +++ b/CI.md @@ -2,7 +2,7 @@ ## AWS Troubleshooting Collection Testing -GitHub Actions are used to run the CI for the cloud.aws_troubleshooting collection. The workflows used for the CI can be found in the [.github/workflows](.github/workflows) directory. +GitHub Actions are used to run the CI for the `cloud.aws_troubleshooting` collection. The workflows used for the CI can be found in the [.github/workflows](.github/workflows) directory. ### PR Testing Workflows From 20ac0c2e68f6a5bc45e563648eea610607351c09 Mon Sep 17 00:00:00 2001 From: mjohns91 Date: Tue, 31 Mar 2026 14:45:23 -0400 Subject: [PATCH 3/5] Update CI.md with accurate Python versions and safe to test details --- CI.md | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/CI.md b/CI.md index 29dc893..ad48d5b 100644 --- a/CI.md +++ b/CI.md @@ -15,8 +15,6 @@ The following tests run on every pull request: | [Sanity](.github/workflows/sanity.yaml) | Runs ansible sanity checks | See compatibility table below | devel, stable-2.17, stable-2.18, stable-2.19, stable-2.20 | | [Integration](.github/workflows/integration.yaml) | Executes integration test suites on AWS (split across 2 jobs, requires "safe to test" label) | 3.12 | milestone | -**Note:** Integration tests run on real AWS infrastructure and require the "safe to test" label on pull requests to prevent unauthorized AWS resource creation. - ### Python Version Compatibility by ansible-core Version These are outlined in the collection's [tox.ini](tox.ini) file (`envlist`) and GitHub Actions workflow exclusions. @@ -24,7 +22,30 @@ These are outlined in the collection's [tox.ini](tox.ini) file (`envlist`) and G | ansible-core Version | Sanity Tests | | -------------------- | ------------ | | devel | 3.12, 3.13, 3.14 | -| stable-2.20 | 3.12, 3.13, 3.14 | -| stable-2.19 | 3.11, 3.12, 3.13 | -| stable-2.18 | 3.11, 3.12, 3.13 | -| stable-2.17 | 3.10, 3.11, 3.12 | +| stable-2.20 | 3.10, 3.11, 3.12, 3.13, 3.14 | +| stable-2.19 | 3.11, 3.12, 3.13, 3.14 | +| stable-2.18 | 3.11, 3.12, 3.13, 3.14 | +| stable-2.17 | 3.10, 3.11, 3.12, 3.14 | + +### Integration Test Security and "Safe to Test" Label + +Integration tests run on real AWS infrastructure and require the "safe to test" label to prevent unauthorized resource creation and ensure security. + +**Label Assignment:** +- **Automatically added** for PRs from users with write, maintain, or admin permissions +- **Manually added** by a maintainer for external contributors after code review + +**Security Model:** +- Uses `pull_request_target` event (runs in base repository context) +- Prevents untrusted code from automatically accessing AWS credentials +- Label acts as an approval gate before tests consume AWS resources + +**Test Execution:** +- Tests trigger when PRs are opened, reopened, synchronized (new commits), or when the label is added/removed +- Tests will **not run** if the label is missing +- Removing the label stops tests from running on subsequent pushes until re-added + +**Job Organization:** +- Integration targets are automatically split across 2 parallel jobs +- Split is determined by `ansible_test_splitter` action based on changed files +- Each job runs the subset of tests relevant to the PR's changes From 8b52ace3c3e955c74ce134538401da772c74acf7 Mon Sep 17 00:00:00 2001 From: mjohns91 Date: Tue, 31 Mar 2026 14:48:07 -0400 Subject: [PATCH 4/5] modify changelog row to show N/A for ansible-core as not applicable --- CI.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CI.md b/CI.md index ad48d5b..b3b36f5 100644 --- a/CI.md +++ b/CI.md @@ -10,7 +10,7 @@ The following tests run on every pull request: | Job | Description | Python Versions | ansible-core Versions | | --- | ----------- | --------------- | --------------------- | -| [Changelog](.github/workflows/changelog.yaml) | Checks for the presence of changelog fragments | 3.12 | devel | +| [Changelog](.github/workflows/changelog.yaml) | Checks for the presence of changelog fragments | 3.12 | N/A | | [Linters](.github/workflows/linters.yaml) | Runs `black`, `flake8`, `isort`, and `ansible-lint` on plugins and tests | 3.10 | devel | | [Sanity](.github/workflows/sanity.yaml) | Runs ansible sanity checks | See compatibility table below | devel, stable-2.17, stable-2.18, stable-2.19, stable-2.20 | | [Integration](.github/workflows/integration.yaml) | Executes integration test suites on AWS (split across 2 jobs, requires "safe to test" label) | 3.12 | milestone | From 71b10217917686ce137bec40ba26e26e7f967958 Mon Sep 17 00:00:00 2001 From: mjohns91 Date: Tue, 31 Mar 2026 15:14:45 -0400 Subject: [PATCH 5/5] linters ansible-core now shows 2.17 --- CI.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CI.md b/CI.md index b3b36f5..042893a 100644 --- a/CI.md +++ b/CI.md @@ -11,7 +11,7 @@ The following tests run on every pull request: | Job | Description | Python Versions | ansible-core Versions | | --- | ----------- | --------------- | --------------------- | | [Changelog](.github/workflows/changelog.yaml) | Checks for the presence of changelog fragments | 3.12 | N/A | -| [Linters](.github/workflows/linters.yaml) | Runs `black`, `flake8`, `isort`, and `ansible-lint` on plugins and tests | 3.10 | devel | +| [Linters](.github/workflows/linters.yaml) | Runs `black`, `flake8`, `isort`, and `ansible-lint` on plugins and tests | 3.10 | 2.17 | | [Sanity](.github/workflows/sanity.yaml) | Runs ansible sanity checks | See compatibility table below | devel, stable-2.17, stable-2.18, stable-2.19, stable-2.20 | | [Integration](.github/workflows/integration.yaml) | Executes integration test suites on AWS (split across 2 jobs, requires "safe to test" label) | 3.12 | milestone |