Merge branch 'main' into standard-roles-revisited

.github/scs-compliance-check/openstack/clouds.yaml

@@ -71,14 +71,45 @@ clouds:
     #region_name: "MUC"
     auth:
       auth_url: https://api.dc1.muc.cloud.cnds.io:5000/
-      application_credential_id: "f3102a98821641c19d8ea762dc64b0b0"
+      application_credential_id: "39a5bf194c6e4b0d8348d28e55136750"
       #project_id: 225a7363dab74b69aa1e3f744aced109
+  poc-kdo:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    auth:
+      auth_url: https://keystone.services.poc-kdo.fitko.sovereignit.cloud
+      application_credential_id: "248684b7a3da4dc786fbe65592f165be"
+    region_name: "RegionOne"
   poc-wgcloud:
     interface: public
     identity_api_verion: 3
     auth_type: "v3applicationcredential"
     #region_name: default
     auth:
-      auth_url: https://identity.l1.cloudandheat.com/v3
-      application_credential_id: "b4844a0fb23247149997bf0ff2c0b156"
-      #project_id: 9adb8fc81ba345178654cee5cb7f1464
+      auth_url: https://identity.l1a.cloudandheat.com/v3
+      application_credential_id: "7ab4e3339ea04255bc131868974cfe63"
+  scaleup-occ2:
+    auth_type: v3applicationcredential
+    auth:
+      auth_url: https://keystone.occ2.scaleup.cloud
+      application_credential_id: "5d2eea4e8bf8448092490b4190d4430a"
+    region_name: "RegionOne"
+    interface: "public"
+    identity_api_version: 3
+  syseleven-dus2:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    region_name: dus2
+    auth:
+      auth_url: https://keystone.cloud.syseleven.net:5000/v3
+      application_credential_id: s11auth
+  syseleven-ham1:
+    interface: public
+    identity_api_verion: 3
+    auth_type: "v3applicationcredential"
+    region_name: ham1
+    auth:
+      auth_url: https://keystone.cloud.syseleven.net:5000/v3
+      application_credential_id: s11auth

.github/workflows/build-docker.yml

@@ -22,23 +22,23 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: "./Tests/"
           push: true

.github/workflows/check-pco-prod1-v2.yml → .github/workflows/check-pco-prod1-v4.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v2 of pco-prod1"
+name: "Compliance IaaS v4 of pco-prod1"
 
 on:
   # Trigger compliance check every day at 4:30 UTC
@@ -16,7 +16,7 @@ jobs:
   check-pco-prod1:
     uses: ./.github/workflows/scs-compliance-check.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
       cloud: "pco-prod1"
       secret_name: "OS_PASSWORD_PCOPROD1"

.github/workflows/check-regio-a-v2.yml → .github/workflows/check-poc-kdo-v4.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v2 of regio-a"
+name: "Compliance IaaS v4 of poc-kdo"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:22 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '22 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-regio-a:
+  check-poc-kdo:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "regio-a"
-      secret_name: "OS_PASSWORD_REGIO_A"
+      cloud: "poc-kdo"
+      secret_name: "OS_PASSWORD_POC_KDO"
     secrets: inherit

.github/workflows/check-poc-wgcloud-v3.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v4 of poc-wgcloud.osba"
+name: "Compliance IaaS v3 of poc-wgcloud.osba"
 
 on:
   # Trigger compliance check every day at 4:12 UTC

.github/workflows/check-pco-prod4-v2.yml → .github/workflows/check-scaleup-occ2-v4.yml

@@ -1,4 +1,4 @@
-name: "Compliance IaaS v2 of pco-prod4"
+name: "Compliance IaaS v4 of scaleup-occ2"
 
 on:
   # Trigger compliance check every day at 4:30 UTC
@@ -11,13 +11,13 @@ on:
       - completed
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
-
+  
 jobs:
-  check-pco-prod4:
+  check-scaleup-occ2:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "pco-prod4"
-      secret_name: "OS_PASSWORD_PCOPROD4"
+      cloud: scaleup-occ2
+      secret_name: OS_PASSWORD_SCALEUP_OCC2
     secrets: inherit

.github/workflows/check-pco-prod3-v2.yml → .github/workflows/check-syseleven-dus2-v3.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v2 of pco-prod3"
+name: "Compliance IaaS v3 of syseleven dus2 region"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:08 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '08 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-pco-prod3:
+  check-syseleven-dus2:
     uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v3
       layer: iaas
-      cloud: "pco-prod3"
-      secret_name: "OS_PASSWORD_PCOPROD3"
+      cloud: "syseleven-dus2"
+      secret_name: "OS_PASSWORD_SYSELEVEN_DUS2"
     secrets: inherit

.github/workflows/check-pco-prod2-v2.yml → .github/workflows/check-syseleven-dus2-v4.yml

@@ -1,23 +1,23 @@
-name: "Compliance IaaS v2 of pco-prod2"
+name: "Compliance IaaS v4 of syseleven dus2 region"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:10 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '10 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
     types:
       - completed
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
-  
+
 jobs:
-  check-pco-prod2:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-syseleven-dus2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v2
+      version: v4
       layer: iaas
-      cloud: "pco-prod2"
-      secret_name: "OS_PASSWORD_PCOPROD2"
+      cloud: "syseleven-dus2"
+      secret_name: "OS_PASSWORD_SYSELEVEN_DUS2"
     secrets: inherit

.github/workflows/check-syseleven-ham1-v3.yml

@@ -0,0 +1,23 @@
+name: "Compliance IaaS v3 of syseleven ham1 region"
+
+on:
+  # Trigger compliance check every day at 4:09 UTC
+  schedule:
+    - cron:  '09 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-syseleven-ham1:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v3
+      layer: iaas
+      cloud: "syseleven-ham1"
+      secret_name: "OS_PASSWORD_SYSELEVEN_HAM1"
+    secrets: inherit

.github/workflows/check-syseleven-ham1-v4.yml

@@ -0,0 +1,23 @@
+name: "Compliance IaaS v4 of syseleven ham1 region"
+
+on:
+  # Trigger compliance check every day at 4:15 UTC
+  schedule:
+    - cron:  '15 4 * * *'
+  # Trigger compliance check after Docker image has been built
+  workflow_run:
+    workflows: [Build and publish scs-compliance-check Docker image]
+    types:
+      - completed
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  check-syseleven-ham1:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
+    with:
+      version: v4
+      layer: iaas
+      cloud: "syseleven-ham1"
+      secret_name: "OS_PASSWORD_SYSELEVEN_HAM1"
+    secrets: inherit

.github/workflows/create-flavors-spec.yml

@@ -13,7 +13,7 @@ jobs:
   default:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         token: ${{ secrets.FLAVORS_SPEC_PAT }}
     - name: Set up Python 3.10.5

.github/workflows/link-validator.yml

@@ -1,25 +1,26 @@
-name: Check links for modified files
+name: Check links in Markdown files
 
-on:
+"on":
   workflow_dispatch:
   schedule:
     - cron: "0 0 * * *"
   push:
     branches:
       - main
-  pull_request:   # Add this section
+  pull_request:
     branches:
       - main
 
 jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: gaurav-nelson/[email protected]
       with:
         use-quiet-mode: 'yes'
         use-verbose-mode: 'yes'
-        check-modified-files-only: 'yes'
+        # https://github.com/orgs/community/discussions/26738#discussioncomment-3253176
+        check-modified-files-only: ${{ contains(fromJSON('["push", "pull_request"]'), github.event_name) && 'yes' || 'no' }}
         config-file: 'mlc_config.json'
         base-branch: 'main'

.github/workflows/lint-golang.yml

@@ -0,0 +1,28 @@
+name: Check Go syntax
+
+on:
+  push:
+    paths:
+      - 'Tests/kaas/kaas-sonobuoy-tests/**/*.go'
+      - .github/workflows/lint-go.yml
+
+jobs:
+  lint-go-syntax:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.23'
+
+      # Install golangci-lint
+      - name: Install golangci-lint
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.61.0
+      
+      # Run golangci-lint
+      - name: Run golangci-lint
+        working-directory: Tests/kaas/kaas-sonobuoy-tests
+        run: golangci-lint run ./... -v

.github/workflows/scs-compliance-check-with-application-credential.yml

@@ -32,10 +32,13 @@ jobs:
               auth:
                 application_credential_secret: ${{ secrets[inputs.secret_name] }}
           EOF
+      - name: "Clean up any lingering resources from previous run"
+        if: ${{ inputs.layer == 'iaas' && inputs.version == 'v4' }}
+        run: "cd /scs-compliance && ./cleanup.py -c ${{ inputs.cloud }} --prefix _scs- --ipaddr 10.1.0. --debug"
       - name: "Run scs-compliance-check"
         run: "cd /scs-compliance && ./scs-compliance-check.py scs-compatible-${{ inputs.layer }}.yaml --version ${{ inputs.version }} -o result.yaml -s ${{ inputs.cloud }} -a os_cloud=${{ inputs.cloud }}"
       - name: "Upload results"
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: result
           path: /scs-compliance/result.yaml