v6 changes: split Vault testing, drop core 2.13, add py3.12, bump hva…

…c minimum, add dependabot, more small changes (#403) * split vault runs, use correct image * fix up docker-image-versions action * use different Vault versions * drop core 2.13, add python 3.12 * add changelog fragment * exclude py3.12 from core 2.15 * nit change base to core * update actions/checkout to v4, disable progress * update galaxy publish verification * see if bigger runners are available * revert runner change * update readme * bump minimum hvac version * bump minimum ansible version in runtime.yml * add dependabot.yml * Apply suggestions from code review Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]>
ansible-collections · Nov 5, 2023 · 693646a · 693646a
1 parent 6a72430
commit 693646a
Show file tree

Hide file tree

Showing 12 changed files with 87 additions and 64 deletions.
diff --git a/.github/actions/docker-image-versions/action.yml b/.github/actions/docker-image-versions/action.yml
@@ -8,8 +8,7 @@ outputs:
 inputs:
   image:
     description: The docker image name.
-    required: false
-    default: vault
+    required: true
   num_major_versions:
     description: Number of unique major versions to return.
     required: false

diff --git a/.github/actions/docker-image-versions/versions.py b/.github/actions/docker-image-versions/versions.py
@@ -21,7 +21,7 @@
 from packaging import version
 
 
-TAG_URI = 'https://registry.hub.docker.com/v2/repositories/library/%s/tags?page_size=1024'
+TAG_URI = 'https://registry.hub.docker.com/v2/repositories/%s/%s/tags?page_size=1024'
 
 
 class WarningRetry(Retry):
@@ -49,7 +49,7 @@ def main(argv):
 
     for opt, arg in opts:
         if opt == '--image':
-            image = arg
+            image = image_name = arg
         elif opt == '--num_major_versions':
             num_major_versions = int(arg)
         elif opt == '--num_minor_versions':
@@ -64,7 +64,12 @@ def main(argv):
     if image is None:
         raise ValueError('image must be supplied.')
 
-    tag_url = TAG_URI % image
+    if '/' in image:
+        org, image_name = image.split('/')
+    else:
+        org = 'library'
+
+    tag_url = TAG_URI % (org, image_name)
 
     sess = requests.Session()
     retry = WarningRetry(total=5, backoff_factor=0.2, respect_retry_after_header=False)
@@ -112,7 +117,7 @@ def main(argv):
 
         keep.append(str(ver))
 
-    with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
+    with open(os.environ.get('GITHUB_OUTPUT', '/dev/stdout'), 'a') as f:
         f.write('versions=')
         json.dump(keep, f)
 

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+---
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ansible-builder.yml b/.github/workflows/ansible-builder.yml
@@ -24,14 +24,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          show-progress: false
           path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
 
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: 3.11
 
       - name: Install ansible-builder
         run: pip install ansible-builder

diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml
@@ -37,7 +37,6 @@ jobs:
         test_container:
           - default
         ansible:
-          - stable-2.13
           - stable-2.14
           - stable-2.15
           - stable-2.16
@@ -54,8 +53,9 @@ jobs:
             TEST_INVOCATION="sanity --docker ${{ matrix.test_container }} -v --color ${{ github.event_name != 'schedule' && '--coverage' || '' }}"
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          show-progress: false
           path: ${{ env.COLLECTION_PATH }}
 
       - name: Link to .github  # easier access to local actions
@@ -66,10 +66,10 @@ jobs:
         with:
           # it is just required to run that once as "ansible-test sanity" in the docker image
           # will run on all python versions it supports.
-          python-version: '3.10'
+          python-version: '3.11'
 
       # Install the head of the given branch (devel, stable-2.14)
-      - name: Install ansible-base (${{ matrix.ansible }})
+      - name: Install ansible-core (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
       - name: Pull Ansible test images
@@ -114,7 +114,6 @@ jobs:
         test_container:
           - default
         ansible:
-          - stable-2.13
           - stable-2.14
           - stable-2.15
           - stable-2.16
@@ -129,8 +128,9 @@ jobs:
             TEST_INVOCATION="units --color --docker ${{ matrix.test_container }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}"
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          show-progress: false
           path: ${{ env.COLLECTION_PATH }}
 
       - name: Link to .github  # easier access to local actions
@@ -141,9 +141,9 @@ jobs:
         with:
           # it is just required to run that once as "ansible-test units" in the docker image
           # will run on all python versions it supports.
-          python-version: '3.10'
+          python-version: '3.11'
 
-      - name: Install ansible-base (${{ matrix.ansible }})
+      - name: Install ansible-core (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
       - name: Pull Ansible test images
@@ -180,16 +180,18 @@ jobs:
 
   integration:
     runs-on: ${{ matrix.runner }}
-    name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
+    name: I (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}+V[-${{ matrix.vault_minus }}])
     strategy:
       fail-fast: false
       matrix:
         runner:
           - ubuntu-latest
         test_container:
           - default
+        vault_minus:
+          - 0
+          - 1
         ansible:
-          - stable-2.13
           - stable-2.14
           - stable-2.15
           - stable-2.16
@@ -201,11 +203,18 @@ jobs:
           - '3.9'
           - '3.10'
           - '3.11'
+          - '3.12'
         exclude:
           # https://docs.ansible.com/ansible/devel/installation_guide/intro_installation.html#control-node-requirements
           # https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
-          - ansible: 'stable-2.13'
-            python: '3.11'
+          - ansible: 'devel'
+            python: '3.6'
+          - ansible: 'devel'
+            python: '3.7'
+          - ansible: 'devel'
+            python: '3.8'
+          - ansible: 'devel'
+            python: '3.9'
           - ansible: 'stable-2.16'
             python: '3.6'
           - ansible: 'stable-2.16'
@@ -218,16 +227,12 @@ jobs:
             python: '3.6'
           - ansible: 'stable-2.15'
             python: '3.7'
+          - ansible: 'stable-2.15'
+            python: '3.12'
           - ansible: 'stable-2.15'
             python: '3.8'
-          - ansible: 'devel'
-            python: '3.6'
-          - ansible: 'devel'
-            python: '3.7'
-          - ansible: 'devel'
-            python: '3.8'
-          - ansible: 'devel'
-            python: '3.9'
+          - ansible: 'stable-2.14'
+            python: '3.12'
 
     steps:
       - name: Initialize env vars
@@ -240,8 +245,9 @@ jobs:
             TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --python ${{ matrix.python }} --docker ${{ matrix.test_container }} ${{ github.event_name != 'schedule' && '--coverage' || '' }} --docker-network hashi_vault_default"
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          show-progress: false
           path: ${{ env.COLLECTION_PATH }}
 
       - name: Link to .github  # easier access to local actions
@@ -250,17 +256,18 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          python-version: '3.11'
 
       - name: Get Vault versions
         id: vault_versions
         uses: ./.github/actions/docker-image-versions
         with:
+          image: hashicorp/vault
           num_major_versions: 1
           num_minor_versions: 2
           num_micro_versions: 1
 
-      - name: Install ansible-base (${{ matrix.ansible }})
+      - name: Install ansible-core (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
       - name: Pull Ansible test images
@@ -271,23 +278,10 @@ jobs:
           working-directory: ${{ env.COLLECTION_PATH }}
           ansible-test-invocation: ${{ env.TEST_INVOCATION }}
 
-      - name: Set Vault Version (older)
+      - name: Set Vault Version
         uses: briantist/ezenv@v1
         with:
-          env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[1] }}
-
-      - name: Prepare docker dependencies (Vault ${{ env.VAULT_VERSION }})
-        run: ./setup.sh -e vault_version=${VAULT_VERSION}
-        working-directory: ${{ env.COLLECTION_INTEGRATION_TARGETS }}/setup_localenv_gha
-
-      - name: Run integration test (Vault ${{ env.VAULT_VERSION }})
-        run: ansible-test ${{ env.TEST_INVOCATION }}
-        working-directory: ${{ env.COLLECTION_PATH }}
-
-      - name: Set Vault Version (newer)
-        uses: briantist/ezenv@v1
-        with:
-          env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[0] }}
+          env: VAULT_VERSION=${{ fromJSON(steps.vault_versions.outputs.versions)[matrix.vault_minus] }}
 
       - name: Prepare docker dependencies (Vault ${{ env.VAULT_VERSION }})
         run: ./setup.sh -e vault_version=${VAULT_VERSION}
@@ -322,7 +316,7 @@ jobs:
           - stable-2.16
           - devel
         python:
-          - '3.11'
+          - '3.12'
         runner:
           - ubuntu-latest
         test_container:
@@ -339,8 +333,9 @@ jobs:
             DOCKER_TEST_INVOCATION="integration -v --color --retry-on-error --continue-on-error --controller docker:${{ matrix.test_container }},python=${{ matrix.python }} ${{ github.event_name != 'schedule' && '--coverage' || '' }}"
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          show-progress: false
           path: ${{ env.COLLECTION_PATH }}
 
       - name: Link to .github  # easier access to local actions
@@ -351,7 +346,7 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
 
-      - name: Install ansible-base (${{ matrix.ansible }})
+      - name: Install ansible-core (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
       - name: Install community.crypto
@@ -435,7 +430,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
 
       - name: Download artifacts
         uses: actions/download-artifact@v3

diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml
@@ -15,18 +15,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
 
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: 3.12
 
       - name: Install PyYaml
-        run: pip install pyyaml
+        run: pip install pyyaml ansible-core
 
       - name: Validate version is published to Galaxy
-        run: curl --head -s -f -o /dev/null https://galaxy.ansible.com/download/community-hashi_vault-${{ github.event.inputs.version }}.tar.gz
+        run: ansible-galaxy collection download -vvv -p /tmp 'community.hashi_vault:==${{ github.event.inputs.version }}''
 
       - name: Build release description
         shell: python

diff --git a/README.md b/README.md
@@ -12,16 +12,16 @@ Browsing the [**devel** collection documentation](https://docs.ansible.com/ansib
 We also separately publish [**latest commit** collection documentation](https://ansible-collections.github.io/community.hashi_vault/branch/main/) which shows docs for the _latest commit in the `main` branch_.
 
 If you use the Ansible package and don't update collections independently, use **latest**, if you install or update this collection directly from Galaxy, use **devel**. If you are looking to contribute, use **latest commit**.
+
 ## Tested with Ansible
 
-* 2.13
-* 2.14
-* 2.15
-* 2.16
-* devel (latest development commit)
+Please refer to the [`ansible-core` support matrix](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix) to see which versions of `ansible-core` are still supported or end-of-life.
+
+Generally, we release a new major version of this collection a little before the release of a new `ansible-core` version, which is around every 6 months. In that release, we will update the CI matrix to drop the core versions that are about to go EoL, and add in new core versions if they have not been added already.
+
+We also regularly test against the [`devel` branch](https://github.com/ansible/ansible/tree/devel) (latest development commit).
 
 See [the CI configuration](https://github.com/ansible-collections/community.hashi_vault/blob/main/.github/workflows/ansible-test.yml) for the most accurate testing information.
-<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
 
 ## Tested with Vault
 
@@ -46,6 +46,7 @@ Currently we support and test against Python versions:
 * 3.9
 * 3.10
 * 3.11
+* 3.12
 
 Note that for controller-side plugins, only the Python versions supported by the Ansible controller are supported (for example, you cannot use Python 3.7 with Ansible core 2.12).
 

diff --git a/changelogs/fragments/403-core-vault-python.yml b/changelogs/fragments/403-core-vault-python.yml
@@ -0,0 +1,9 @@
+---
+removed_features:
+  - The minimum supported version of ``ansible-core`` is now ``2.14``, support for ``2.13`` has been dropped (https://github.com/ansible-collections/community.hashi_vault/pull/403).
+
+trivial:
+  - The ``docker-image-versions`` action in the collection has been updated to support Docker Hub images that are not in the default namespace. The ``image`` input is now required and no longer defaults to ``vault`` which is no longer the current location of Vault images (https://github.com/ansible-collections/community.hashi_vault/pull/403).
+
+breaking_changes:
+  - The minimum required version of ``hvac`` is now ``1.2.1`` (https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/docsite/user_guide.html#hvac-version-specifics).
diff --git a/docs/docsite/rst/user_guide.rst b/docs/docsite/rst/user_guide.rst
@@ -33,7 +33,7 @@ In general, we recommend using the latest version of ``hvac`` that is supported
 
 As of ``community.hashi_vault`` version ``5.0.0`` we are setting a minimum supported version of ``hvac``.
 
-**The current required minimum ``hvac`` version is ``1.1.0``.**
+**The current required minimum** ``hvac`` **version is** ``1.2.1``.
 
 Other requirements
 ------------------

diff --git a/meta/ee-requirements.txt b/meta/ee-requirements.txt
@@ -1,6 +1,6 @@
 # ansible-builder doesn't seem to properly handle "; python_version" type of constraints
 # requirements here are assuming python 3.6 or higher
-hvac >=0.10.6
+hvac >= 1.2.1
 urllib3 >= 1.15
 
 boto3       # these are only needed if inferring AWS credentials or

diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -1,5 +1,5 @@
 ---
-requires_ansible: '>=2.13.0'
+requires_ansible: '>=2.14.0'
 action_groups:
   # let's keep this in alphabetical order
   vault: