Move EE tests to antsibull-nox (#1100)

* Move EE tests to antsibull-nox.

* Make EE tests work.

.github/workflows/ee.yml

@@ -1,163 +0,0 @@
----
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-name: execution environment
-'on':
-  # Run CI against all pushes (direct commits, also merged PRs), Pull Requests
-  push:
-    branches:
-      - main
-      - stable-*
-  pull_request:
-  # Run CI once per day (at 09:00 UTC)
-  # This ensures that even if there haven't been commits that we are still testing against latest version of ansible-builder
-  schedule:
-    - cron: '0 9 * * *'
-
-env:
-  NAMESPACE: community
-  COLLECTION_NAME: docker
-
-jobs:
-  build:
-    name: Build and test EE (${{ matrix.name }})
-    strategy:
-      fail-fast: false
-      matrix:
-        name:
-          - ''
-        ansible_core:
-          - ''
-        ansible_runner:
-          - ''
-        base_image:
-          - ''
-        pre_base:
-          - ''
-        extra_vars:
-          - ''
-        other_deps:
-          - ''
-        exclude:
-          - ansible_core: ''
-        include:
-          - name: ansible-core devel @ RHEL UBI 9
-            ansible_core: https://github.com/ansible/ansible/archive/devel.tar.gz
-            ansible_runner: ansible-runner
-            other_deps: |2
-                python_interpreter:
-                  package_system: python3.11 python3.11-pip python3.11-wheel python3.11-cryptography
-                  python_path: "/usr/bin/python3.11"
-            base_image: docker.io/redhat/ubi9:latest
-            pre_base: '"#"'
-          - name: ansible-core 2.15 @ Rocky Linux 9
-            ansible_core: https://github.com/ansible/ansible/archive/stable-2.15.tar.gz
-            ansible_runner: ansible-runner
-            base_image: quay.io/rockylinux/rockylinux:9
-            pre_base: '"#"'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
-          persist-credentials: false
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install ansible-builder and ansible-navigator
-        run: pip install ansible-builder ansible-navigator
-
-      - name: Verify requirements
-        run: ansible-builder introspect --sanitize .
-
-      - name: Make sure galaxy.yml has version entry
-        run: >-
-          python -c
-          'import yaml ;
-          f = open("galaxy.yml", "rb") ;
-          data = yaml.safe_load(f) ;
-          f.close() ;
-          data["version"] = data.get("version") or "0.0.1" ;
-          f = open("galaxy.yml", "wb") ;
-          f.write(yaml.dump(data).encode("utf-8")) ;
-          f.close() ;
-          '
-        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
-
-      - name: Build collection
-        run: |
-          ansible-galaxy collection build --output-path ../../../
-        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
-
-      - name: Create files for building execution environment
-        run: |
-          COLLECTION_FILENAME="$(ls "${NAMESPACE}-${COLLECTION_NAME}"-*.tar.gz)"
-
-          # EE config
-          cat > execution-environment.yml <<EOF
-          ---
-          version: 3
-          dependencies:
-            ansible_core:
-              package_pip: ${{ matrix.ansible_core }}
-            ansible_runner:
-              package_pip: ${{ matrix.ansible_runner }}
-            galaxy: requirements.yml
-          ${{ matrix.other_deps }}
-
-          images:
-            base_image:
-              name: ${{ matrix.base_image }}
-
-          additional_build_files:
-            - src: ${COLLECTION_FILENAME}
-              dest: src
-
-          additional_build_steps:
-            prepend_base:
-              - ${{ matrix.pre_base }}
-          EOF
-          echo "::group::execution-environment.yml"
-          cat execution-environment.yml
-          echo "::endgroup::"
-
-          # Requirements
-          cat > requirements.yml <<EOF
-          ---
-          collections:
-            - name: src/${COLLECTION_FILENAME}
-              type: file
-          EOF
-          echo "::group::requirements.yml"
-          cat requirements.yml
-          echo "::endgroup::"
-
-      - name: Build image based on ${{ matrix.base_image }}
-        run: |
-          ansible-builder build --verbosity 3 --tag test-ee:latest --container-runtime docker
-
-      - name: Show images
-        run: docker image ls
-
-      - name: Make /var/run/docker.sock accessible by everyone
-        run: sudo chmod a+rw /var/run/docker.sock
-
-      - name: Run basic tests
-        run: >
-          ansible-navigator run
-          --mode stdout
-          --container-engine docker
-          --container-options=-v --container-options=/var/run/docker.sock:/var/run/docker.sock
-          --pull-policy never
-          --set-environment-variable ANSIBLE_PRIVATE_ROLE_VARS=true
-          --execution-environment-image test-ee:latest
-          -v
-          all.yml
-          ${{ matrix.extra_vars }}
-        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}/tests/ee

.github/workflows/nox.yml

@@ -26,3 +26,6 @@ jobs:
           persist-credentials: false
       - name: Run nox
         uses: ansible-community/antsibull-nox@main
+
+  ansible-test:
+    uses: ansible-community/antsibull-nox/.github/workflows/reusable-nox-matrix.yml@main

antsibull-nox.toml

@@ -70,3 +70,41 @@ skip_directories = [
 
 [sessions.build_import_check]
 run_galaxy_importer = true
+
+[[sessions.ee_check.execution_environments]]
+name = "devel-ubi-9"
+description = "ansible-core devel @ RHEL UBI 9"
+test_playbooks = ["tests/ee/all.yml"]
+config.images.base_image.name = "docker.io/redhat/ubi9:latest"
+config.dependencies.ansible_core.package_pip = "https://github.com/ansible/ansible/archive/devel.tar.gz"
+config.dependencies.ansible_runner.package_pip = "ansible-runner"
+config.dependencies.python_interpreter.package_system = "python3.11 python3.11-pip python3.11-wheel python3.11-cryptography"
+config.dependencies.python_interpreter.python_path = "/usr/bin/python3.11"
+runtime_environment = {"ANSIBLE_PRIVATE_ROLE_VARS" = "true"}
+runtime_container_options = [
+    # Mount Docker socket into the container so we can talk to Docker outside the container
+    "-v",
+    "/var/run/docker.sock:/var/run/docker.sock",
+    # Need to be root so we can access /var/run/docker.sock, which usually isn't accessible by the user,
+    # but only by the group the user is in (but that group membership isn't there in the container)
+    "--user",
+    "0",
+]
+
+[[sessions.ee_check.execution_environments]]
+name = "2.15-rocky-9"
+description = "ansible-core 2.15 @ Rocky Linux 9"
+test_playbooks = ["tests/ee/all.yml"]
+config.images.base_image.name = "quay.io/rockylinux/rockylinux:9"
+config.dependencies.ansible_core.package_pip = "https://github.com/ansible/ansible/archive/stable-2.15.tar.gz"
+config.dependencies.ansible_runner.package_pip = "ansible-runner"
+runtime_environment = {"ANSIBLE_PRIVATE_ROLE_VARS" = "true"}
+runtime_container_options = [
+    # Mount Docker socket into the container so we can talk to Docker outside the container
+    "-v",
+    "/var/run/docker.sock:/var/run/docker.sock",
+    # Need to be root so we can access /var/run/docker.sock, which usually isn't accessible by the user,
+    # but only by the group the user is in (but that group membership isn't there in the container)
+    "--user",
+    "0",
+]

tests/ee/roles/current_container_facts/tasks/main.yml

@@ -15,11 +15,13 @@
 
 - name: Read some files
   slurp:
-    src: "{{ item }}"
+    src: "{{ path }}"
   loop:
     - /proc/self/cpuset
     - /proc/1/cgroup
     - /proc/1/environ
+  loop_control:
+    loop_var: path
 
 - name: Print facts returned by module
   debug: