fix(playbook): Retired files and local testing improvements

README.adoc

@@ -85,7 +85,8 @@ Consult the section above to learn more about the structure of the template.
 
 === Test changes locally
 
-1. Create the directory `work` and run the `test.sh` script.
+1. Run the `test.sh` script.
+   It will automatically delete and recreate a `work` directory.
 2. The changes can be examined with `git status`.
    When the pull request is later merged into the `main` branch then pull requests with these changes will be created automatically.
 3. Depending on the change, it makes sense to run the integration tests for all changed operators.

config/retired_files.yaml

@@ -5,4 +5,5 @@
 retired_files:
   - python/cargo_version.py
   - python/requirements.txt
-  - flake8 # replaced by ruff
+  - .flake8 # replaced by ruff
+  - .github/workflows/pr_reviewdog.yaml # replaced by pr_pre-commit.yaml

playbook/update_repo.yaml

@@ -112,26 +112,30 @@
       failed_when: git_change.rc == 0 # fail when there are no changes
 
 
-# Check if anything was changed, if yes commit changes and create a pull request, otherwise skip rest of this play
+# Commit changes
 - name: "Operator [{{ operator.name }}] create PR if changes were performed"
+  tags: local
   block:
-    - name: "Operator [{{ operator.name }}] run 'git ls-remotes' to ensure that the branch {{ pr_branch_name  }} doesn't exist"
-      command:
-        argv: [git, ls-remote, --exit-code, --heads, "https://{{ gh_access_token }}@github.com/{{ operator.url }}", "{{ pr_branch_name }}"]
-        chdir: "{{ work_dir }}/{{ operator.name }}"
-      register: branch_exists
-      failed_when: branch_exists.rc != 2 # fail when branch exists
-
     - name: "Operator [{{ operator.name }}] stage all changes"
       command:
         argv: [git, add, .]
         chdir: "{{ work_dir }}/{{ operator.name }}"
 
     - name: "Operator [{{ operator.name }}] commit changes"
       command:
-        argv: [git, commit, -a, -m, "{{ commit_message }}"]
+        argv: [git, commit, -m, "{{ commit_message }}"]
         chdir: "{{ work_dir }}/{{ operator.name }}"
 
+# Fail if the remote branch exists, otherwise push changes and create a pull request
+- name: Remote Steps
+  block:
+    - name: "Operator [{{ operator.name }}] run 'git ls-remotes' to ensure that the branch {{ pr_branch_name  }} doesn't exist"
+      command:
+        argv: [git, ls-remote, --exit-code, --heads, "https://{{ gh_access_token }}@github.com/{{ operator.url }}", "{{ pr_branch_name }}"]
+        chdir: "{{ work_dir }}/{{ operator.name }}"
+      register: branch_exists
+      failed_when: branch_exists.rc != 2 # fail when branch exists
+
     - name: "Operator [{{ operator.name }}] push changes to branch {{ pr_branch_name }}"
       command:
         argv: [git, push, --set-upstream, origin, "{{ pr_branch_name }}"]

template/default.nix

@@ -1,6 +1,6 @@
 { sources ? import ./nix/sources.nix # managed by https://github.com/nmattia/niv
 , nixpkgs ? sources.nixpkgs
-, pkgs ? import nixpkgs {}
+, pkgs ? import nixpkgs { }
 , cargo ? import ./Cargo.nix {
     inherit nixpkgs pkgs; release = false;
     defaultCrateOverrides = pkgs.defaultCrateOverrides // {
@@ -16,6 +16,10 @@
       stackable-secret-operator = attrs: {
         buildInputs = [ pkgs.protobuf pkgs.rustfmt ];
       };
+      stackable-opa-user-info-fetcher = attrs: {
+        # TODO: why is this not pulled in via libgssapi-sys?
+        buildInputs = [ pkgs.krb5 ];
+      };
       krb5-sys = attrs: {
         nativeBuildInputs = [ pkgs.pkg-config ];
         buildInputs = [ pkgs.krb5 ];
@@ -42,18 +46,20 @@
 rec {
   inherit cargo sources pkgs meta;
   build = cargo.allWorkspaceMembers;
-  entrypoint = build+"/bin/stackable-${meta.operator.name}";
-  crds = pkgs.runCommand "${meta.operator.name}-crds.yaml" {}
-  ''
-    ${entrypoint} crd > $out
-  '';
+  entrypoint = build + "/bin/stackable-${meta.operator.name}";
+  crds = pkgs.runCommand "${meta.operator.name}-crds.yaml" { }
+    ''
+      ${entrypoint} crd > $out
+    '';
 
   dockerImage = pkgs.dockerTools.streamLayeredImage {
     name = dockerName;
     tag = dockerTag;
     contents = [
       # Common debugging tools
-      pkgs.bashInteractive pkgs.coreutils pkgs.util-linuxMinimal
+      pkgs.bashInteractive
+      pkgs.coreutils
+      pkgs.util-linuxMinimal
       # Kerberos 5 must be installed globally to load plugins correctly
       pkgs.krb5
       # Make the whole cargo workspace available on $PATH
@@ -65,7 +71,8 @@ rec {
           fileRefVars = {
             PRODUCT_CONFIG = deploy/config-spec/properties.yaml;
           };
-        in pkgs.lib.concatLists (pkgs.lib.mapAttrsToList (env: path: pkgs.lib.optional (pkgs.lib.pathExists path) "${env}=${path}") fileRefVars);
+        in
+        pkgs.lib.concatLists (pkgs.lib.mapAttrsToList (env: path: pkgs.lib.optional (pkgs.lib.pathExists path) "${env}=${path}") fileRefVars);
       Entrypoint = [ entrypoint ];
       Cmd = [ "run" ];
     };
@@ -94,22 +101,22 @@ rec {
   ];
 
   # need to use vendored crate2nix because of https://github.com/kolloch/crate2nix/issues/264
-  crate2nix = import sources.crate2nix {};
+  crate2nix = import sources.crate2nix { };
   tilt = pkgs.tilt;
 
   regenerateNixLockfiles = pkgs.writeScriptBin "regenerate-nix-lockfiles"
-  ''
-    #!/usr/bin/env bash
-    set -euo pipefail
-    echo Running crate2nix
-    ${crate2nix}/bin/crate2nix generate
+    ''
+      #!/usr/bin/env bash
+      set -euo pipefail
+      echo Running crate2nix
+      ${crate2nix}/bin/crate2nix generate
 
-    # crate2nix adds a trailing newline (see
-    # https://github.com/nix-community/crate2nix/commit/5dd04e6de2fbdbeb067ab701de8ec29bc228c389).
-    # The pre-commit hook trailing-whitespace wants to remove it again
-    # (see https://github.com/pre-commit/pre-commit-hooks?tab=readme-ov-file#trailing-whitespace).
-    # So, remove the trailing newline already here to avoid that an
-    # unnecessary change is shown in Git.
-    sed -i '$d' Cargo.nix
-  '';
+      # crate2nix adds a trailing newline (see
+      # https://github.com/nix-community/crate2nix/commit/5dd04e6de2fbdbeb067ab701de8ec29bc228c389).
+      # The pre-commit hook trailing-whitespace wants to remove it again
+      # (see https://github.com/pre-commit/pre-commit-hooks?tab=readme-ov-file#trailing-whitespace).
+      # So, remove the trailing newline already here to avoid that an
+      # unnecessary change is shown in Git.
+      sed -i '$d' Cargo.nix
+    '';
 }

test.sh

@@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 
+rm -fr work || true
+mkdir -p work
 ansible-playbook playbook/playbook.yaml --tags "local" --extra-vars "gh_access_token=unneeded base_dir=$(pwd) commit_hash=12345 reason='original message'"