Merge branch 'StackStorm-Exchange:master' into tls_fixes

.circleci/config.yml

@@ -1,118 +1,16 @@
 version: 2
 
 jobs:
-  build_and_test_python36:
+  circleci_is_disabled_job:
     docker:
-      - image: circleci/python:3.6
-      - image: rabbitmq:3
-      - image: mongo:3.4
-
-    working_directory: ~/repo
-
-    environment:
-      VIRTUALENV_DIR: "~/virtualenv"
-      # Don't install various StackStorm dependencies which are already
-      # installed by CI again in the various check scripts
-      ST2_INSTALL_DEPS: "0"
-
+      - image: cimg/base:stable
     steps:
-      - checkout
-      - restore_cache:
-          key: v1-dependency-cache-py36-{{ checksum "requirements.txt" }}
-      - run:
-          name: Download dependencies
-          # NOTE: We don't want to use default "-e" option because this means
-          # step will fail immediately on one of the commands failures and we
-          # can't intercept the error and cause non-fatal exit in case pack
-          # doesn't declare support for Python 3
-          shell: /bin/bash
-          # TODO: delete last 3 lines when StackStorm-Exchange/ci#101 is merged
-          command: |
-            git clone -b master git://github.com/stackstorm-exchange/ci.git ~/ci
-            ~/ci/.circle/dependencies ; ~/ci/.circle/exit_on_py3_checks $?
-            echo "Setting up custom pack testing environment with tests/setup_testing_env.sh"
-            source ~/virtualenv/bin/activate
-            tests/setup_testing_env.sh
       - run:
-          name: Run tests (Python 3.6)
-          # NOTE: We don't want to use default "-e" option because this means
-          # step will fail immediately on one of the commands failures and we
-          # can't intercept the error and cause non-fatal exit in case pack
-          # doesn't declare support for Python 3
           shell: /bin/bash
-          # eventlet monkey_patch as early as possible (has to be in activate as nosetests gets reinstalled during test phase)
-          command: |
-            echo "grep -q monkey_patch ~/virtualenv/bin/nosetests || sed -i -e '/^import re$/i from st2common.util.monkey_patch import monkey_patch\nmonkey_patch()\n' ~/virtualenv/bin/nosetests" >> ~/virtualenv/bin/activate
-            echo "grep -q pyopenssl\\.inject ~/virtualenv/bin/nosetests || sed -i -e '/^import re$/i from urllib3.contrib import pyopenssl\npyopenssl.inject_into_urllib3()\n' ~/virtualenv/bin/nosetests" >> ~/virtualenv/bin/activate
-            ~/ci/.circle/test ; ~/ci/.circle/exit_on_py3_checks $?
-      - save_cache:
-          key: v1-dependency-cache-py36-{{ checksum "requirements.txt" }}
-          paths:
-            - ~/.cache/pip
-            - ~/.apt-cache
-      # NOTE: We use virtualenv files from Python 3.6 step in "deploy" job so we
-      # only persist paths from this job
-      - persist_to_workspace:
-          root: /
-          paths:
-            - home/circleci/ci
-            - home/circleci/virtualenv
-            - tmp/st2
-            - home/circleci/repo
-            - home/circleci/.gitconfig
-
-
-  deploy:
-    docker:
-      - image: circleci/python:3.6
-
-    working_directory: ~/repo
-
-    environment:
-      VIRTUALENV_DIR: "~/virtualenv"
-
-    steps:
-      - checkout
-      - restore_cache:
-          key: v1-dependency-cache-py36-{{ checksum "requirements.txt" }}
-      - attach_workspace:
-          at: /
-      - run:
-          name: Install dependencies
-          command: |
-            sudo apt-get update
-            sudo apt -y install gmic optipng
-            ~/ci/.circle/install_gh
-      - run:
-          # NOTE: We try to retry the script up to 5 times if it fails. The command could fail due
-          # to the race (e.g. we try to push changes to index, but index has been updated by some
-          # other pack in the mean time)
-          name: Update exchange.stackstorm.org
-          command: ~/ci/.circle/retry_on_failure.sh ~/ci/.circle/deployment
+          command: echo CircleCI disabled on StackStorm-Exchange
 
 workflows:
   version: 2
-  # Workflow which runs on each push
-  build_test_deploy_on_push:
-    jobs:
-      - build_and_test_python36
-      - deploy:
-          requires:
-            - build_and_test_python36
-          filters:
-            branches:
-              only: master
-  build_test_weekly:
+  circleci_is_disabled:
     jobs:
-      - build_and_test_python36
-    # Workflow which runs nightly - note we don't perform deploy job on nightly
-    # build
-    triggers:
-      # Run nightly build for the pack
-      - schedule:
-          # NOTE: We run it at 1 am UTC on every Saturday
-          cron: "0 1 * * 6"
-          filters:
-            branches:
-              only:
-                - master
+      - circleci_is_disabled_job

.github/workflows/build_and_test.yaml

@@ -0,0 +1,112 @@
+name: CI
+
+on:
+  workflow_call:
+  pull_request:
+  schedule:
+    # NOTE: We run this weekly at 1 am UTC on every Saturday
+    - cron:  '0 1 * * 6'
+
+jobs:
+  # This is based on this workflow, with an additional test env setup method
+  # StackStorm-Exchange/ci/.github/workflows/pack-build_and_test.yaml@master
+
+  build_and_test:
+    runs-on: ubuntu-latest
+    name: 'Build and Test / Python ${{ matrix.python-version-short }}'
+    strategy:
+      matrix:
+        include:
+          - python-version-short: "3.6"
+            python-version: 3.6.13
+            vault-version: 1.5.9
+    steps:
+      - name: Checkout Pack Repo and CI Repos
+        uses: StackStorm-Exchange/ci/.github/actions/checkout@master
+
+      - name: Checkout github.com/hvac/hvac
+        uses: actions/checkout@v2
+        with:
+          path: hvac
+          repository: hvac/hvac
+          # main = the release branch; devel = the active development branch
+          ref: main
+          fetch-depth: 0
+
+      - name: Install APT Dependencies
+        uses: StackStorm-Exchange/ci/.github/actions/apt-dependencies@master
+        with:
+          cache-version: v0
+
+      - name: Install Python Dependencies
+        uses: StackStorm-Exchange/ci/.github/actions/py-dependencies@master
+        with:
+          cache-version: v0
+          python-version: ${{ matrix.python-version }}
+
+      # task copied (Apache 2.0 License) from
+      # github.com/hvac/hvac .github/workflows/lint-and-test.yml
+      - name: Install Vault and Consul (for integration tests)
+        working-directory: pack
+        shell: bash
+        run: |
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+          echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
+            | sudo tee /etc/apt/sources.list.d/hashicorp.list
+
+          sudo apt update \
+            -o Dir::Etc::sourceparts="-" \
+            -o APT::Get::List-Cleanup="0" \
+            -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list"
+
+          sudo apt install \
+            consul \
+            vault=${{ matrix.vault-version }} \
+            ;
+
+          # We disble cap_ipc_lock here as its generally incompatabile with GitHub
+          # Actions' runtime environments.
+          sudo setcap cap_ipc_lock= /usr/bin/vault
+
+      - name: Setup hvac symlinks
+        shell: bash
+        env:
+          HVAC_DIR: ${{ github.workspace }}/hvac
+        run: |
+          # using symlinks allows us to import tests.utils.* without adding
+          # the rest of the hvac tests. tests.utils also uses config_files,
+          # so make that available too.
+          set -eux
+          for x in utils config_files; do
+            rm -f ${ROOT_DIR}/tests/${x}
+            # relative (-r) allows the symlink to work in vagrant
+            ln -rs ${HVAC_DIR}/tests/${x} ${ROOT_DIR}/tests/${x}
+            ls -ld ${ROOT_DIR}/tests/${x}
+          done
+
+      - name: Update virtualenv activate script
+        # This works around an infinite recursion error with newer requests+ssl+eventlet.
+        # eventlet monkey_patch as early as possible (has to be in activate as nosetests gets reinstalled during test phase)
+        # See: https://github.com/StackStorm-Exchange/stackstorm-vault/pull/23
+        run: |
+          echo "grep -q monkey_patch ${VIRTUALENV_DIR}/bin/nosetests || sed -i -e '/^import re$/i from st2common.util.monkey_patch import monkey_patch\nmonkey_patch()\n' ${VIRTUALENV_DIR}/bin/nosetests" >> ${VIRTUALENV_DIR}/bin/activate
+          echo "grep -q pyopenssl\\.inject ${VIRTUALENV_DIR}/bin/nosetests || sed -i -e '/^import re$/i from urllib3.contrib import pyopenssl\npyopenssl.inject_into_urllib3()\n' ${VIRTUALENV_DIR}/bin/nosetests" >> ${VIRTUALENV_DIR}/bin/activate
+
+      - name: Run pack tests
+        uses: StackStorm-Exchange/ci/.github/actions/test@master
+        with:
+          enable-common-libs: false
+
+    services:
+      mongo:
+        image: mongo:3.4
+        ports:
+          - 27017:27017
+      rabbitmq:
+        image: rabbitmq:3
+        ports:
+          - 5672:5672
+      #redis:
+      #  image: redis
+      #  ports:
+      #    - 6379:6379

.github/workflows/release.yaml

@@ -0,0 +1,20 @@
+name: Release
+
+on:
+  push:
+    branches:
+      # the default branch
+      - master
+
+permissions:
+  contents: write
+
+jobs:
+  build_and_test:
+    name: 'Build and Test'
+    uses: StackStorm-Exchange/stackstorm-vault/.github/workflows/build_and_test.yaml@master
+
+  tag_release:
+    needs: build_and_test
+    name: Tag Release
+    uses: StackStorm-Exchange/ci/.github/workflows/pack-tag_release.yaml@master