sync: main to rhdp-deploy #501
Open
+204
−91
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use newer url
Add missing project in app check
…e.py - Use os.environ.get() for HOME to avoid KeyError at module load - Handle all exception types in get_openshift_version() (KeyError, JSONDecodeError, etc.) - Check subprocess return code before processing output - Validate versions tuple is not None before indexing - Validate WORKSPACE exists and is a directory before os.listdir() - Validate PATTERN_SHORTNAME and INFRA_PROVIDER before string concatenation - Exit with error code on failures instead of crashing
…_web_content.py - Initialize route variable before loop to avoid UnboundLocalError - Add explicit check for route being None after loop - Check subprocess return codes for git add, commit, and push - Log errors when git commands fail - Make timeout and poll interval configurable via environment variables - Initialize new_content before while loop to avoid UnboundLocalError
- Add PATTERNS_REPO_PATH environment variable with sensible default - Use os.path.join for proper path construction - Removes hardcoded path that assumed specific directory structure
- Add set -euo pipefail for strict error handling
- Quote $1 in command -v to prevent word splitting
- Quote $@ to preserve argument boundaries
- Fix regex pattern: use ${HOME} with proper quoting
- Quote $REMOTE_PODMAN in arithmetic comparison
- Add fallback for REMOTE_PODMAN if command fails
- Use ${VAR:-} syntax for unset variable checks with set -u
- Add error handling for podman --version command
- Convert PODMAN_ARGS, PKI_HOST_MOUNT_ARGS, EXTRA_ARGS to arrays for shellcheck compliance
- Add set -euo pipefail for strict error handling
- Quote all variable references ($KUBECONFIG, $KUBECONFIG_EDGE, $WORKSPACE)
- Use ${VAR:-} syntax for unset variable checks with set -u
- Use mktemp -d instead of /tmp for secure temporary directory
- Tests will now fail fast on any error instead of continuing
…alues The template hello-world-cm.yaml references .Values.global.localClusterDomain but the values file had the key named localCluster, causing the template to render with an empty value.
Setting insecureEdgeTerminationPolicy to Allow permits unencrypted HTTP traffic to the routes. Changing to Redirect forces all HTTP requests to be redirected to HTTPS, improving security. Affected routes: - hello-world - config-demo
The container already has emptyDir volumes mounted for all writable paths: - /tmp - /var/cache/httpd - /var/run/httpd - /var/www/html (via configMap) With these mounts in place, the root filesystem can safely be read-only, improving container security posture.
- Add image.repository, image.tag, image.pullPolicy to both chart values - Update deployments to use templated image values - Remove commented imagePullPolicy, now explicit in values - Allows image overrides without modifying templates Affected charts: - hello-world - config-demo
Kubernetes auto-populates creationTimestamp. Explicitly setting it to null in templates is unnecessary and may cause validation warnings.
….yaml The validated patterns operator expects 'argoProject' not 'project'. Also rename 'projects' to 'argoProjects' for consistency with values-hub.yaml.
site.yaml: - Add task to verify pattern.sh exists before execution - Use playbook_dir instead of PWD lookup for reliable path resolution - Add failed_when condition to properly handle command failures - Print stdout_lines instead of full output object - Conditionally print stderr if present ansible.cfg: - Add interpreter_python=auto_silent to suppress interpreter warnings - Add timeout=30 to prevent hanging on slow systems - Add comment documenting why retry_files_enabled is False
Bumps [ansible/ansible-lint](https://github.com/ansible/ansible-lint) from 25.11.0 to 26.1.1. - [Release notes](https://github.com/ansible/ansible-lint/releases) - [Commits](ansible/ansible-lint@43e758b...7f6abc5) --- updated-dependencies: - dependency-name: ansible/ansible-lint dependency-version: 26.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
fix(ansible): add error handling and explicit configuration
fix(helm): Improve security settings and add templated image configuration
…ons/ansible/ansible-lint-26.1.1 Bump ansible/ansible-lint from 25.11.0 to 26.1.1
fix(shell): Add error handling, strict mode, and proper quoting to shell scripts
fix(tests): Add error handling and environment variable validation to test files
Fix black formatting
All charts (clustergroup, acm, golang-external-secrets, openshift-external-secrets) currently support autodetecting if we're on the hub without needing an explicit override. The override is still supported, but it is not needed any longer
Stop using ishubcluster explicitely
…deployment" This reverts commit 6d18b33. Otherwise the container fails with: sed: couldn't open temporary file /etc/httpd/conf/sedErH32D: Read-only file system
Revert "fix(helm): set readOnlyRootFilesystem to true in config-demo deployment"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
sync-branches: New code has just landed in main, so let's bring rhdp-deploy up to speed!