Merge pull request #11 from InformaticsMatters/sc-3258

Use of poetry

.ansible-lint

@@ -2,6 +2,7 @@
 
 skip_list:
 - '204'  # Lines should be no longer than 160 chars
+- yaml
 warn_list:
 - '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
 - '207'  # Nested jinja pattern
@@ -12,5 +13,5 @@ warn_list:
 - name[template]  # Rule for checking task and play names.
 - no-changed-when  # Commands should not change things if nothing needs doing.
 - risky-file-permissions  # File permissions unset or incorrect.
+- role-name
 - schema[meta]  # Perform JSON Schema Validation for known lintable kinds.
-- yaml[truthy]  # Violations reported by yamllint.

.github/workflows/lint.yaml

@@ -21,21 +21,42 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v3
       with:
-        python-version: '3.8'
-    - name: Install dependencies
+        python-version: '3.11'
+    - name: Install Poetry
+      uses: snok/install-poetry@v1
+      with:
+        virtualenvs-create: true
+        virtualenvs-in-project: true
+        installer-parallel: true
+    - name: Load cached virtualenv
+      id: cached-poetry-dependencies
+      uses: actions/cache@v3
+      with:
+        path: .venv
+        key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+    - name: Install poetry dependencies
+      if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
       run: |
-        python -m pip install --upgrade pip
-        pip install -r build-requirements.txt
-        pip install -r requirements.txt
+        poetry install --no-interaction --no-root
+    - name: Pre-commit check
+      run: |
+        source .venv/bin/activate
+        pre-commit run --all-files
     - name: Lint
       run: |
+        source .venv/bin/activate
         yamllint .
         find . -type f -name '*.yaml.j2' -exec yamllint {} +
         ansible-lint
+    - name: Install ansible dependencies
+      run: |
+        source .venv/bin/activate
+        ansible-galaxy install -r requirements.yaml
     - name: Build docs with Sphinx
       run: |
+        source .venv/bin/activate
         sphinx-build -b html doc doc/build

.gitignore

@@ -1,4 +1,5 @@
 .idea/
+.vscode/
 venv/
 
 kubeconfig

.pre-commit-config.yaml

@@ -0,0 +1,58 @@
+---
+minimum_pre_commit_version: 3.3.1
+
+repos:
+
+# commit-msg hooks
+# ----------
+
+# Conventional Commit message checker (commitizen)
+- repo: https://github.com/commitizen-tools/commitizen
+  rev: v2.28.1
+  hooks:
+  - id: commitizen
+    stages:
+    - commit-msg
+
+# pre-commit hooks
+# ----------
+
+# Standard pre-commit rules
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.3.0
+  hooks:
+  - id: check-case-conflict
+  - id: check-docstring-first
+  - id: check-executables-have-shebangs
+  - id: check-shebang-scripts-are-executable
+  - id: check-toml
+  - id: check-yaml
+    args:
+    - --allow-multiple-documents
+  - id: detect-private-key
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+    args:
+    - --markdown-linebreak-ext=md
+
+- repo: https://github.com/adrienverge/yamllint
+  rev: v1.31.0
+  hooks:
+  - id: yamllint
+
+# Old repo and lots of trouble with ansible-lint...
+#
+# - repo: https://github.com/ansible-community/ansible-lint
+#   rev: v6.16.1
+#   hooks:
+#   - id: ansible-lint
+#     args:
+#     - --nocolor
+#     additional_dependencies:
+#     - ansible==7.5.0
+#     - ansible-core>=2.14.5
+
+- repo: https://github.com/IamTheFij/ansible-pre-commit
+  rev: v1.0.0
+  hooks:
+  - id: encryption-check

.yamllint

@@ -6,9 +6,19 @@
 
 rules:
   indentation: {spaces: 2, indent-sequences: false}
+  truthy:
+    allowed-values:
+    - 'yes'
+    - 'no'
+    - 'true'
+    - 'false'
+  new-lines:
+    type: unix
+  new-line-at-end-of-file: enable
 
 ignore: |
   .github/
+  .venv/
   roles/core/templates/pc-im.yaml.j2
   roles/ingress-controller/templates/ingress-nginx.yaml.j2
   roles/ingress-controller/templates/nlb-service.yaml.j2

README.md

@@ -1,10 +1,13 @@
 # Ansible Infrastructure
 
-![yamllint and doc build](https://github.com/InformaticsMatters/ansible-infrastructure/workflows/lint%20and%20doc%20build/badge.svg)
-
 ![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/informaticsmatters/ansible-infrastructure)
 
+![yamllint and doc build](https://github.com/InformaticsMatters/ansible-infrastructure/workflows/lint%20and%20doc%20build/badge.svg)
+
 [![CodeFactor](https://www.codefactor.io/repository/github/informaticsmatters/ansible-infrastructure/badge)](https://www.codefactor.io/repository/github/informaticsmatters/ansible-infrastructure)
+[![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg)](https://conventionalcommits.org)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![Packaged with Poetry](https://img.shields.io/badge/packaging-poetry-cyan.svg)](https://python-poetry.org/)
 
 Ansible roles to deploy Informatics Matters infrastructure components
 (a database, keycloak and AWX) to [Kubernetes].
@@ -22,19 +25,14 @@ provisioning refer to the `provisioning/README.md`.
 ## Cinder provisioner
 The cinder provisioner is a 'work in progress' formed from Helm templates
 taken from the [cloud-provider-openstack] repository. The release used
-as a basis of the templates was **openstack-cinder-csi-1.1.2**. 
+as a basis of the templates was **openstack-cinder-csi-1.1.2**.
 
 ## Building the Documentation
 The source of the documentation can be found in the project's
 `doc` directory. To build the HTML version of the documentation install
 the build requirements and then move to the `doc` directory and execute
 `sphinx-build`: -
 
-    python -m venv venv
-    source venv/bin/activate
-    pip install --upgrade pip
-
-    pip install -r build-requirements.txt
     sphinx-build -b html doc doc/build
 
 The resultant index page will be called `doc/build/index.html`.
@@ -46,4 +44,4 @@ The resultant index page will be called `doc/build/index.html`.
 [kubernetes]: https://kubernetes.io
 [sphinx]: http://www.sphinx-doc.org/en/master/#
 [primer]: https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#lists-and-quote-like-blocks
-[cloud-provider-openstack]: https://github.com/kubernetes/cloud-provider-openstack
+[cloud-provider-openstack]: https://github.com/kubernetes/cloud-provider-openstack

ansible.cfg

@@ -4,4 +4,4 @@ forks = 10
 nocows = 1
 retry_files_enabled = False
 host_key_checking = False
-callback_whitelist = profile_tasks
+callbacks_enabled = profile_tasks

doc/architecture.rst

@@ -173,4 +173,3 @@ For more details refer to the documentation in ``recovery.py`` in our
 .. _Kubernetes Cert Manager: https://github.com/jetstack/cert-manager
 .. _Rancher: https://rancher.com
 .. _RKE: https://rancher.com/docs/rke/latest/en/
-

doc/creating-the-infrastructure.rst

@@ -42,7 +42,7 @@ parameters (variables). Start with a copy of the template file
 ``parameters.template`` and replace the variable values in it with ones
 suitable for your cluster::
 
-    $ cp parameters.template parameters-me
+    cp parameters.template parameters-me
 
 At the very least you sill need to provide values
 for all the ``SetMe`` examples (and the others if required).
@@ -55,9 +55,9 @@ for all the ``SetMe`` examples (and the others if required).
 Once edited, to deploy the infrastructure, you then name the parameter file in
 the Ansible playbook command::
 
-    $ INFRA_NAME=me
-    $ CLUSTER_CONTEXT=demo
-    $ ansible-playbook \
+    INFRA_NAME=me
+    CLUSTER_CONTEXT=demo
+    ansible-playbook \
         -e @parameters-$INFRA_NAME \
         -e ax_kubernetes_context=$CLUSTER_CONTEXT \
         site.yaml
@@ -81,18 +81,18 @@ file ``parameters-im-main-eks.vault``.
 If you need to edit a pre-built parameter file it should be viewed and edited
 *in situ* using ``ansible-vault``::
 
-    $ INFRA_NAME=im-main-eks
-    $ ansible-vault edit parameters-$INFRA_NAME.vault
+    INFRA_NAME=im-main-eks
+    ansible-vault edit parameters-$INFRA_NAME.vault
 
 Using an appropriate parameter file, create (deploy) the **im-main-eks**
 infrastructure using the root-level ansible playbook ``site.yaml``.
 
 It's the same playbook regardless of cluster - only the parameter file needs
 so change::
 
-    $ INFRA_NAME=im-main-eks
-    $ CLUSTER_CONTEXT=im-eks-admin
-    $ ansible-playbook \
+    INFRA_NAME=im-main-eks
+    CLUSTER_CONTEXT=im-eks-admin
+    ansible-playbook \
         -e @parameters-$INFRA_NAME.vault \
         -e ax_kubernetes_context=$CLUSTER_CONTEXT \
         site.yaml \

doc/deleting-the-infrastructure.rst

@@ -11,8 +11,8 @@ If you're familiar with :doc:`creating-the-infrastructure` deleting is
 simple, using the ``unsite.yaml`` playbook, combined with a set of parameters
 that corresponds to your cluster::
 
-    $ INFRA_NAME=im-main
-    $ ansible-playbook \
+    INFRA_NAME=im-main
+    ansible-playbook \
         -e "@parameters-$INFRA_NAME.vault" \
         unsite.yaml \
         --ask-vault-pass
@@ -24,8 +24,8 @@ database, the AWX server and the certificate manager.
 
 If you've used your own parameter file you probably don't need to use vault::
 
-    $ INFRA_NAME=me
-    $ ansible-playbook \
+    INFRA_NAME=me
+    ansible-playbook \
         -e "@parameters-$INFRA_NAME" \
         unsite.yaml
 

doc/getting-started.rst

@@ -16,16 +16,22 @@ be beneficial: -
 Working environment
 ===================
 
-Ideally you'll start from a Python 3.8 virtual environment::
+Ideally you'll start from a Poetry environment::
 
-    python -m venv ~/.venv/ansible-infrastructure
-    source ~/.venv/ansible-infrastructure/bin/activate
-    pip install --upgrade pip
+    poetry shell
 
 ...and then install the required modules, roles and collections::
 
-    pip install -r requirements.txt
-    ansible-galaxy install -r role-requirements.yaml --force-with-deps
+    poetry install
+    ansible-galaxy install -r requirements.yaml --force-with-deps
+
+You **MUST** install GitHub hooks to comply with our standards::
+
+    pre-commit install -t commit-msg -t pre-commit
+
+And can then check the current diction fo the repository with::
+
+    pre-commit run --all-files
 
 Cluster (Kubernetes) pre-requisites
 ===================================
@@ -86,7 +92,7 @@ we need to provide values for these. The ``HOST`` is the
 To confirm you have the right context you should run the following
 command to list the valid contexts::
 
-    $ kubectl config get-contexts
+    kubectl config get-contexts
 
 You will also need to provide standard AWS credentials for the cluster you're
 configuring via the environment for some of the Roles to properly function::
@@ -115,7 +121,7 @@ finally, verify you're using the right Kubernetes cluster with a quick node
 check, assuming you know the identity of the nodes in the cluster you expect
 to be configuring, using ``kubectl``::
 
-    $ kubectl get no
+    kubectl get no
     NAME                       STATUS   ROLES          AGE     VERSION
     xch-production-app1        Ready    worker         3d11h   v1.17.5
     xch-production-app2        Ready    worker         3d11h   v1.17.5