Zuul: Verify that local jobs are namespaced

Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2020-05-27 12:40:46 +02:00 committed by nphilipp
parent 97be9cdc8d
commit 42170b4a93
3 changed files with 62 additions and 0 deletions

View File

@ -1,4 +1,10 @@
---
- job:
name: fi-ansible--zuul-jobs-verify-namespace
run: ci/zuul-jobs-verify-namespace.yaml
files:
- ^\.zuul\.yaml$
- job:
name: fi-ansible--ansible-review-base
pre-run: ci/ansible-review-base.yaml
@ -16,4 +22,5 @@
- project:
check:
jobs:
- fi-ansible--zuul-jobs-verify-namespace
- fi-ansible--ansible-review-diff

View File

@ -0,0 +1,36 @@
#!/usr/bin/env python3
import sys
import traceback
import yaml
errors_found = False
for zuul_yaml_file in sys.argv[1:]:
print(f"Processing {zuul_yaml_file!r}...", flush=True)
with open(zuul_yaml_file, "r") as yaml_stream:
for doc_no, yaml_doc in enumerate(yaml.safe_load_all(yaml_stream), 1):
print(f"Verifying YAML doc #{doc_no}...", flush=True)
yaml_doc_errors_found = False
try:
for item in yaml_doc:
if "job" in item:
job = item["job"]
if not job["name"].startswith("fi-ansible--"):
yaml_doc_errors_found = errors_found = True
print(
f"Locally defined Zuul job {job['name']!r} must be named"
" 'fi-ansible-...'"
)
except Exception:
yaml_doc_errors_found = errors_found = True
traceback.print_exc()
if yaml_doc_errors_found:
print(f"Verification failed.", flush=True)
else:
print(f"Verification passed.", flush=True)
sys.exit(errors_found)

View File

@ -0,0 +1,19 @@
- hosts: all
tasks:
- name: Install Python YAML package
package:
name: python3-pyyaml
state: latest
- name: Install invocation script
copy:
src: zuul-jobs-verify-namespace.py
dest: /usr/local/bin/zuul-jobs-verify-namespace.py
owner: root
group: root
mode: '0755'
- name: Verify that local Zuul jobs use our namespace
command: zuul-jobs-verify-namespace.py .zuul.yaml
args:
chdir: '{{ zuul.project.src_dir }}'