Disable base role testing that runs code on localhost
The workspace setup role requires local code execution on the executor. This is not allowed from an untrusted context so we disable it. The previous assertions about the zuul-cloner setup depend on the workspace setup running successfully. Disable those extra assertions. subunit fetching role assertions grepped the html file for validity on localhost. Disable this as well. Change-Id: I7449749f50b6e4a34c4615b00836a7148e01c768
This commit is contained in:
parent
919fe2e8a7
commit
44d2187e7f
@ -6,7 +6,8 @@
|
|||||||
# Note: set-zuul-log-path-fact is tested by emit-job-header.yaml
|
# Note: set-zuul-log-path-fact is tested by emit-job-header.yaml
|
||||||
- import_playbook: emit-job-header.yaml
|
- import_playbook: emit-job-header.yaml
|
||||||
- import_playbook: ensure-output-dirs.yaml
|
- import_playbook: ensure-output-dirs.yaml
|
||||||
- import_playbook: prepare-workspace-git.yaml
|
# This runs local code so cannot be tested in this way.
|
||||||
|
# - import_playbook: prepare-workspace-git.yaml
|
||||||
- import_playbook: configure-mirrors.yaml
|
- import_playbook: configure-mirrors.yaml
|
||||||
- import_playbook: fetch-zuul-cloner.yaml
|
- import_playbook: fetch-zuul-cloner.yaml
|
||||||
- import_playbook: validate-host.yaml
|
- import_playbook: validate-host.yaml
|
||||||
|
@ -68,21 +68,25 @@
|
|||||||
- local_html_test_results is not changed
|
- local_html_test_results is not changed
|
||||||
- local_html_test_results is succeeded
|
- local_html_test_results is succeeded
|
||||||
|
|
||||||
|
# Disabled as we cannot run shell on localhost outside of a
|
||||||
|
# trusted context.
|
||||||
# only one subunit file; the failed result should be hidden
|
# only one subunit file; the failed result should be hidden
|
||||||
- name: Check the content of the HTML file
|
# - name: Check the content of the HTML file
|
||||||
delegate_to: localhost
|
# delegate_to: localhost
|
||||||
shell: |
|
# shell: |
|
||||||
GLOBAL_RESULT=1
|
# GLOBAL_RESULT=1
|
||||||
zgrep -q -E 'subunit_tests.test_working.WorkingTest.test_success$' \
|
# zgrep -q -E 'subunit_tests.test_working.WorkingTest.test_success$' \
|
||||||
{{ zuul.executor.log_root }}/testr_results.html
|
# {{ zuul.executor.log_root }}/testr_results.html
|
||||||
T1=$?
|
# T1=$?
|
||||||
zgrep -q -E 'subunit_tests.test_failing.FailingTest.test_failure.*_StringException:' \
|
# zgrep -q -E 'subunit_tests.test_failing.FailingTest.test_failure.*_StringException:' \
|
||||||
{{ zuul.executor.log_root }}/testr_results.html
|
# {{ zuul.executor.log_root }}/testr_results.html
|
||||||
T2=$?
|
# T2=$?
|
||||||
if [ ${T1} -eq 0 ] && [ ${T2} -ne 0 ]; then
|
# if [ ${T1} -eq 0 ] && [ ${T2} -ne 0 ]; then
|
||||||
GLOBAL_RESULT=0
|
# GLOBAL_RESULT=0
|
||||||
fi
|
# fi
|
||||||
exit $GLOBAL_RESULT
|
# exit $GLOBAL_RESULT
|
||||||
|
- name: nooping task because yamllint complains about the comment above
|
||||||
|
debug: {}
|
||||||
|
|
||||||
# The following test(s) require(s) the previous playbook
|
# The following test(s) require(s) the previous playbook
|
||||||
- name: Run the fetch-subunit-output role with multiple subunits
|
- name: Run the fetch-subunit-output role with multiple subunits
|
||||||
@ -113,18 +117,21 @@
|
|||||||
- local_subunit_file is succeeded
|
- local_subunit_file is succeeded
|
||||||
- local_html_test_results is not changed
|
- local_html_test_results is not changed
|
||||||
- local_html_test_results is succeeded
|
- local_html_test_results is succeeded
|
||||||
|
# Disabled as we cannot run shell on localhost outside of a
|
||||||
- name: Check the content of the HTML file
|
# trusted context.
|
||||||
delegate_to: localhost
|
# - name: Check the content of the HTML file
|
||||||
shell: |
|
# delegate_to: localhost
|
||||||
GLOBAL_RESULT=1
|
# shell: |
|
||||||
zgrep -q -E 'subunit_tests.test_working.WorkingTest.test_success$' \
|
# GLOBAL_RESULT=1
|
||||||
{{ zuul.executor.log_root }}/testr_results.html
|
# zgrep -q -E 'subunit_tests.test_working.WorkingTest.test_success$' \
|
||||||
T1=$?
|
# {{ zuul.executor.log_root }}/testr_results.html
|
||||||
zgrep -q -E 'subunit_tests.test_failing.FailingTest.test_failure.*_StringException:' \
|
# T1=$?
|
||||||
{{ zuul.executor.log_root }}/testr_results.html
|
# zgrep -q -E 'subunit_tests.test_failing.FailingTest.test_failure.*_StringException:' \
|
||||||
T2=$?
|
# {{ zuul.executor.log_root }}/testr_results.html
|
||||||
if [ ${T1} -eq 0 ] && [ ${T2} -eq 0 ]; then
|
# T2=$?
|
||||||
GLOBAL_RESULT=0
|
# if [ ${T1} -eq 0 ] && [ ${T2} -eq 0 ]; then
|
||||||
fi
|
# GLOBAL_RESULT=0
|
||||||
exit $GLOBAL_RESULT
|
# fi
|
||||||
|
# exit $GLOBAL_RESULT
|
||||||
|
- name: nooping task because yamllint complains about the comment above
|
||||||
|
debug: {}
|
||||||
|
@ -25,29 +25,32 @@
|
|||||||
- cloner.stat.exists
|
- cloner.stat.exists
|
||||||
- cloner.stat.mode == "0755"
|
- cloner.stat.mode == "0755"
|
||||||
|
|
||||||
- name: Zuul clone something in required-projects
|
# Disabled as this depends on running workspace setup which requires
|
||||||
shell:
|
# being able to run code on the executor from an untrusted context and
|
||||||
executable: /bin/bash
|
# this is not allowed.
|
||||||
cmd: |
|
# - name: Zuul clone something in required-projects
|
||||||
CLONEMAP=`mktemp`
|
# shell:
|
||||||
function cleanup {
|
# executable: /bin/bash
|
||||||
rm -f $CLONEMAP
|
# cmd: |
|
||||||
}
|
# CLONEMAP=`mktemp`
|
||||||
trap cleanup EXIT
|
# function cleanup {
|
||||||
cat > $CLONEMAP << EOF
|
# rm -f $CLONEMAP
|
||||||
clonemap:
|
# }
|
||||||
- name: opendev/base-jobs
|
# trap cleanup EXIT
|
||||||
dest: {{ ansible_user_dir }}
|
# cat > $CLONEMAP << EOF
|
||||||
EOF
|
# clonemap:
|
||||||
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP \
|
# - name: opendev/base-jobs
|
||||||
--cache-dir /opt/git https://opendev.org \
|
# dest: {{ ansible_user_dir }}
|
||||||
opendev/base-jobs
|
# EOF
|
||||||
register: clone_with_required
|
# /usr/zuul-env/bin/zuul-cloner -m $CLONEMAP \
|
||||||
|
# --cache-dir /opt/git https://opendev.org \
|
||||||
|
# opendev/base-jobs
|
||||||
|
# register: clone_with_required
|
||||||
|
|
||||||
- name: Check if repository was cloned
|
# - name: Check if repository was cloned
|
||||||
stat:
|
# stat:
|
||||||
path: "{{ ansible_user_dir }}/src/opendev.org/opendev/base-jobs"
|
# path: "{{ ansible_user_dir }}/src/opendev.org/opendev/base-jobs"
|
||||||
register: with_required_stat
|
# register: with_required_stat
|
||||||
|
|
||||||
- name: Zuul clone something not in required-projects
|
- name: Zuul clone something not in required-projects
|
||||||
shell:
|
shell:
|
||||||
@ -77,8 +80,8 @@
|
|||||||
- name: Validate zuul-cloner shim results
|
- name: Validate zuul-cloner shim results
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- clone_with_required is succeeded
|
# - clone_with_required is succeeded
|
||||||
- clone_with_required is changed
|
# - clone_with_required is changed
|
||||||
- with_required_stat.stat.exists
|
# - with_required_stat.stat.exists
|
||||||
- clone_without_required is failed
|
- clone_without_required is failed
|
||||||
- not without_required_stat.stat.exists
|
- not without_required_stat.stat.exists
|
||||||
|
Loading…
x
Reference in New Issue
Block a user