From 3fee09f25016a72651099cd33f8434b1d1a93a84 Mon Sep 17 00:00:00 2001 From: Itay Matza Date: Wed, 1 Jul 2026 23:30:26 +0300 Subject: [PATCH 1/2] Add OWNERS, CODEOWNERS, and pre-commit GitHub Action Enable Prow-based PR review workflow for shiftstack-qa: - OWNERS and OWNERS_ALIASES for /lgtm and /approve commands - CODEOWNERS for automatic reviewer assignment - GitHub Action running pre-commit (ansible-lint) on PRs, matching gate.sh behavior Ref: OSPRH-32049 Change-Id: I7c580137f660b31a3e3f06b62d07b82838e9663c Signed-off-by: Itay Matza --- .github/CODEOWNERS | 4 ++++ .github/workflows/ansible-lint.yml | 28 ++++++++++++++++++++++++++++ OWNERS | 8 ++++++++ OWNERS_ALIASES | 23 +++++++++++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/workflows/ansible-lint.yml create mode 100644 OWNERS create mode 100644 OWNERS_ALIASES diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..411f3c48 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# Default reviewers for all files +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +* @dlaw4608 @ekuris-redhat @eshulman2 @gryf @imatza-rh @mandre @stephenfin @tusharjadhav3302 @winiciusallan diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 00000000..3ef69cfb --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,28 @@ +--- +name: Ansible Lint + +on: + pull_request: + branches: + - main + +jobs: + ansible-lint: + runs-on: ubuntu-latest + container: + image: quay.io/shiftstack-qe/shiftstack-client + options: --user root + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Mark workspace as safe for git + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Install Ansible collections + run: ansible-galaxy collection install -r requirements.yaml + + - name: Run pre-commit (ansible-lint) + run: pre-commit run --all-files + env: + ANSIBLE_VAULT_PASSWORD_FILE: /home/cloud-admin/.vault-pass diff --git a/OWNERS b/OWNERS new file mode 100644 index 00000000..3dd3091c --- /dev/null +++ b/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md +# This file just uses aliases defined in OWNERS_ALIASES. + +approvers: + - shiftstack-approvers + +reviewers: + - shiftstack-reviewers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 00000000..b3404752 --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,23 @@ +# See the OWNERS_ALIASES docs: https://git.k8s.io/community/contributors/guide/owners.md#OWNERS_ALIASES + +aliases: + shiftstack-approvers: + - dlaw4608 + - ekuris-redhat + - eshulman2 + - gryf + - imatza-rh + - mandre + - stephenfin + - tusharjadhav3302 + - winiciusallan + shiftstack-reviewers: + - dlaw4608 + - ekuris-redhat + - eshulman2 + - gryf + - imatza-rh + - mandre + - stephenfin + - tusharjadhav3302 + - winiciusallan From cae407cd92269387294ff7a7de5fac3e5a140203 Mon Sep 17 00:00:00 2001 From: Itay Matza Date: Wed, 1 Jul 2026 23:30:34 +0300 Subject: [PATCH 2/2] Fix ansible-lint violations in existing roles - Add changed_when: true to two tasks in get_openshift_release_binaries - Add set -o pipefail to shell tasks with pipes in run-performance-test - Replace ignore_errors with failed_when: false in DUT pod cleanup Ref: OSPRH-32049 Change-Id: I7320ee163f4a2811f7dd7d535424fabb2c2e694e Signed-off-by: Itay Matza --- .../roles/day2ops/tasks/procedures/run-performance-test.yml | 4 +++- .../tasks/get_openshift_release_binaries.yml | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/collection/stages/roles/day2ops/tasks/procedures/run-performance-test.yml b/collection/stages/roles/day2ops/tasks/procedures/run-performance-test.yml index 219b5ff8..fb0040c5 100644 --- a/collection/stages/roles/day2ops/tasks/procedures/run-performance-test.yml +++ b/collection/stages/roles/day2ops/tasks/procedures/run-performance-test.yml @@ -90,6 +90,7 @@ - name: Collect SRIOV DUT port MACs ansible.builtin.shell: | + set -o pipefail oc --kubeconfig {{ kubeconfig }} logs {{ perf_test.sriov.pod_name }} -n default | grep -E "^Port [0-9]" | grep -v "link state change" register: _sriov_macs retries: 10 @@ -202,6 +203,7 @@ - name: Collect DPDK DUT port MACs ansible.builtin.shell: | + set -o pipefail oc --kubeconfig {{ kubeconfig }} logs {{ perf_test.dpdk.pod_name }} -n default | grep -E "^Port [0-9]" | grep -v "link state change" register: _dpdk_macs retries: 10 @@ -271,4 +273,4 @@ loop: - "{{ perf_test.sriov.pod_name }}" - "{{ perf_test.dpdk.pod_name }}" - ignore_errors: true + failed_when: false diff --git a/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml b/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml index a53995ae..fdafb0c5 100644 --- a/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml +++ b/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml @@ -27,6 +27,7 @@ when: openshift_release_pull_spec is not defined or openshift_release_pull_spec == '' - name: Extract pull secret from host cluster via Kubernetes API + changed_when: true ansible.builtin.shell: | python3 << 'PYEOF' import yaml, json, base64, subprocess, os, sys, tempfile @@ -127,6 +128,7 @@ mode: u=rwx,g=rw,o=r - name: Extract OCP tools from release image {{ openshift_release_pull_spec }} + changed_when: true ansible.builtin.command: cmd: >- timeout 900