Sometimes, AZP would mark steps in jobs as cancelled when they've
actually exited successfully but on the boundary of the default
60-minute timeout. Such logs might be difficult to reason about.
Additionally, `entry-point.sh` sets a 60-minute timeout for the main
test invocation but it would never trigger earlier that AZP would kill
such a job as the job-global timeout was 60 minutes already and it'd
always be hit earlier than the test runner one.
The patch sets maximum observable job timeouts with extra buffer to
account for flakiness.
PR #86073
(cherry picked from commit 730af32)
Co-authored-by: Matt Clay <matt@mystile.com>
* Use codecov-cli for uploads (#85386)
ci_coverage
ci_complete
(cherry picked from commit 4a03ccbd41)
* 🧪 Pin codecov-cli deptree used in AZP
PR #85888
`codecov-cli == 11.0.3` allows `click == 8.3.0` in its deps but the latter causes commit auto-discovery breakage in the former. With https://github.com/getsentry/prevent-cli/pull/95, `codecov-cli == 11.2.3` excludes this version so this patch updates the requirement to that.
To prevent this from happening again, the change also makes use of a pip constraint file that pins the entire dependency tree to concrete versions. The constraint file is managed by `pip-tools`.
Refs:
* https://github.com/getsentry/prevent-cli/pull/95
* https://github.com/pallets/click/issues/3066
ci_coverage
ci_complete
(cherry picked from commit 1e572ba5cc)
* Unignore `publish-codecov.py` sanity violations
---------
Co-authored-by: Matt Clay <matt@mystile.com>
Also added automatic retries on HTTP request exceptions, since all currently implemented methods (GET/PUT/DELETE) are idempotent.
(cherry picked from commit 7677bf1c9b)
Use the changelog sanity test requirements instead of the package-data sanity test requirements.
This enables removal of most package-data sanity test requirements, as they are no longer used by the test itself.
The additional requirements were being maintained only to provide pinned requirements for building the changelog during a release.
(cherry picked from commit cd342f76b4)
* Fix broken, circumvented test for missing vault ids
* verify the command returns a non-zero exit code
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fe7e68bfcb)
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
(cherry picked from commit c9ac477e53)
* user module avoid conflicts ssh pub key (#84165)
Remove pub key if we are going to generate private
fix tests for os X
(cherry picked from commit 11e4a6a722)
* old python, no f''
* Restore test import missing from backport
---------
Co-authored-by: Matt Clay <matt@mystile.com>
The shell command sometimes prints a trailing whitespace which breaks
the tests on old RHELs. This patch is supposed to fix that.
(cherry picked from commit cd74c4bcd5)
* [stable-2.14] release.py - Auto-update setuptools upper bound (#83713)
When releases are prepared, the upper bound on setuptools in pyproject.toml will be automatically updated
to the latest version available on PyPI. This version will then be tested by the package-data sanity test
during the release process and will be used to build the release.
This change ensures that a released version of ansible-core can be built in the future if a new setuptools
release includes breaking changes that would prevent building a functional package. If a downstream package
maintainer requires a newer setuptools version than the upper bound permits, they can patch pyproject.toml
as needed. Since ansible-core releases support specific Python versions, lack of support for new setuptools
releases will have no effect on support for future Python versions.
(cherry picked from commit 4e69d83fac)
* release.py - Add missing setuptools arg to prepare (#83887)
* release.py - Add missing setuptools arg to prepare
This allows the prepare command to accept the `--no-setuptools` argument.
It also fixes a traceback when using the `prepare` command.
* Use a more accurate type hint
(cherry picked from commit b544ac13ec)
* release.py - Include pyproject.toml in git add (#83892)
(cherry picked from commit e3ccdaaa2e)
* Quality-of-life improvements for release tool
- Default devel releases to b1
- Default non-devel releases to rc1
- Default to release announcement to console
- Avoid auto-links in GH release annoucements for file sizes
(cherry picked from commit 20a815b03f)
* Fix installing roles containing symlinks
Fix sanitizing tarfile symlinks relative to the link directory instead of the archive
For example:
role
├── handlers
│ └── utils.yml -> ../tasks/utils/suite.yml
The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role
role/handlers/../tasks/utils/suite.yml
the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml
* Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent.
* Build test case from role files to make it easier to add test cases
Fixes#82702Fixes#81965Fixes#82051
(cherry picked from commit e84240db84)
Matt Clay