From b592a8b6d94f569e346f46bc97e69e08af9d29f0 Mon Sep 17 00:00:00 2001 From: Itay Matza Date: Mon, 29 Jun 2026 14:30:46 +0300 Subject: [PATCH 1/3] Add OWNERS, OWNERS_ALIASES, and ansible-lint GitHub Action Onboard shiftstack-qa to Prow by adding OWNERS and OWNERS_ALIASES files (team list from shiftstack-ci). Add GitHub Actions workflow to run ansible-lint on PRs using the shiftstack-client container, providing a status check for Tide to gate on. Ref: OSPRH-32049 Change-Id: I2da24ec05257777d61600a1623bafe6a5670ced3 Signed-off-by: Itay Matza --- .github/workflows/ansible-lint.yml | 23 +++++++++++++++++++++++ OWNERS | 8 ++++++++ OWNERS_ALIASES | 15 +++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 .github/workflows/ansible-lint.yml create mode 100644 OWNERS create mode 100644 OWNERS_ALIASES diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..fd307d0 --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,23 @@ +--- +name: Ansible Lint + +on: + pull_request: + branches: + - main + +jobs: + ansible-lint: + runs-on: ubuntu-latest + container: + image: quay.io/shiftstack-qe/shiftstack-client + options: --user root + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Ansible collections + run: ansible-galaxy collection install -r requirements.yaml + + - name: Run ansible-lint + run: ansible-lint --strict diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..3dd3091 --- /dev/null +++ b/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md +# This file just uses aliases defined in OWNERS_ALIASES. + +approvers: + - shiftstack-approvers + +reviewers: + - shiftstack-reviewers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 0000000..a46b49c --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,15 @@ +# See the OWNERS_ALIASES docs: https://git.k8s.io/community/contributors/guide/owners.md#OWNERS_ALIASES + +aliases: + shiftstack-approvers: + - eurijon + - gryf + - imatza-rh + - mandre + - stephenfin + shiftstack-reviewers: + - eurijon + - gryf + - imatza-rh + - mandre + - stephenfin From 7e879c643bb915e8f03221aac382e78f68fcb830 Mon Sep 17 00:00:00 2001 From: Itay Matza Date: Mon, 29 Jun 2026 17:38:16 +0300 Subject: [PATCH 2/3] Fix ansible-lint CI: add vault password and changed_when Add ANSIBLE_VAULT_PASSWORD_FILE env var to the GitHub Action so ansible-lint can parse vault-encrypted secret.yaml. Add missing changed_when: true to two tasks in get_openshift_release_binaries.yml that modify state (extract pull secret, extract OCP tools) to fix no-changed-when violations. Ref: OSPRH-32049 Change-Id: Id34425370a73e003b0fa1160105713ed8691c6cd Signed-off-by: Itay Matza --- .github/workflows/ansible-lint.yml | 2 ++ .../tasks/get_openshift_release_binaries.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index fd307d0..868ab4f 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -21,3 +21,5 @@ jobs: - name: Run ansible-lint run: ansible-lint --strict + env: + ANSIBLE_VAULT_PASSWORD_FILE: /home/cloud-admin/.vault-pass diff --git a/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml b/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml index a53995a..fdafb0c 100644 --- a/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml +++ b/collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml @@ -27,6 +27,7 @@ when: openshift_release_pull_spec is not defined or openshift_release_pull_spec == '' - name: Extract pull secret from host cluster via Kubernetes API + changed_when: true ansible.builtin.shell: | python3 << 'PYEOF' import yaml, json, base64, subprocess, os, sys, tempfile @@ -127,6 +128,7 @@ mode: u=rwx,g=rw,o=r - name: Extract OCP tools from release image {{ openshift_release_pull_spec }} + changed_when: true ansible.builtin.command: cmd: >- timeout 900 From 9fa38480fd7b73243df100269bedaabd7029e0ed Mon Sep 17 00:00:00 2001 From: Itay Matza Date: Mon, 29 Jun 2026 17:47:05 +0300 Subject: [PATCH 3/3] Update team list and add CODEOWNERS Update OWNERS_ALIASES with the full shiftstack engineering team. Add CODEOWNERS for automatic reviewer assignment on PRs. Ref: OSPRH-32049 Change-Id: I76ab049af712bab5fdc40ff6dbd6b264e704e18f Signed-off-by: Itay Matza --- .github/CODEOWNERS | 4 ++++ OWNERS_ALIASES | 12 ++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..411f3c4 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# Default reviewers for all files +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +* @dlaw4608 @ekuris-redhat @eshulman2 @gryf @imatza-rh @mandre @stephenfin @tusharjadhav3302 @winiciusallan diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index a46b49c..b340475 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -2,14 +2,22 @@ aliases: shiftstack-approvers: - - eurijon + - dlaw4608 + - ekuris-redhat + - eshulman2 - gryf - imatza-rh - mandre - stephenfin + - tusharjadhav3302 + - winiciusallan shiftstack-reviewers: - - eurijon + - dlaw4608 + - ekuris-redhat + - eshulman2 - gryf - imatza-rh - mandre - stephenfin + - tusharjadhav3302 + - winiciusallan