Conversation
| triggerLabel: "salt-shaker-tests", | ||
| labelRestriction: true, | ||
| entries: [URLTriggerEntry( | ||
| url: 'https://download.opensuse.org/repositories/systemsmanagement:/saltstack:/bundle:/next:/testsuite/SLFO/repodata/repomd.xml', |
There was a problem hiding this comment.
Now that SLFO:1.2 was created for SLE16/SLMicro6.2, we should probably use it instead of SLFO:Main.
| triggerLabel: "salt-shaker-tests", | ||
| labelRestriction: true, | ||
| entries: [URLTriggerEntry( | ||
| url: 'https://download.opensuse.org/repositories/systemsmanagement:/saltstack:/bundle:/next:/testsuite/SLFO/repodata/repomd.xml', |
There was a problem hiding this comment.
Same consideration about SLFO:1.2
| triggerLabel: "salt-shaker-tests", | ||
| labelRestriction: true, | ||
| entries: [URLTriggerEntry( | ||
| url: 'https://download.opensuse.org/repositories/systemsmanagement:/saltstack:/bundle:/testing:/testsuite/SLFO/repodata/repomd.xml', |
There was a problem hiding this comment.
Same consideration about SLFO:1.2
| triggerLabel: "salt-shaker-tests", | ||
| labelRestriction: true, | ||
| entries: [URLTriggerEntry( | ||
| url: 'https://download.opensuse.org/repositories/systemsmanagement:/saltstack:/bundle:/testing:/testsuite/SLFO/repodata/repomd.xml', |
There was a problem hiding this comment.
Same consideration about SLFO:1.2
There was a problem hiding this comment.
Pull request overview
This pull request adds Salt Shaker testing configurations for SLES 16 and SL Micro 6.2 distributions, supporting both "testing" and "next" product flavors with Salt Bundle.
Changes:
- Added Terraform configuration files for SLES16 and SLMicro62 (both testing and next variants)
- Added corresponding Jenkins pipeline configurations for automated testing
- Configured infrastructure settings including libvirt providers, network configurations, and MAC addresses
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| Salt-Shaker-Testing-SLMicro62-Bundle.tf | Terraform config for SLMicro 6.2 testing with Salt Bundle |
| Salt-Shaker-Testing-SLES16-Bundle.tf | Terraform config for SLES 16 testing with Salt Bundle |
| Salt-Shaker-Next-SLMicro62-Bundle.tf | Terraform config for SLMicro 6.2 next release with Salt Bundle |
| Salt-Shaker-Next-SLES16-Bundle.tf | Terraform config for SLES 16 next release with Salt Bundle |
| manager-salt-shaker-products-testing-slmicro62-bundle | Jenkins pipeline for SLMicro 6.2 testing |
| manager-salt-shaker-products-testing-sles16-bundle | Jenkins pipeline for SLES 16 testing |
| manager-salt-shaker-products-next-slmicro62-bundle | Jenkins pipeline for SLMicro 6.2 next release |
| manager-salt-shaker-products-next-sles16-bundle | Jenkins pipeline for SLES 16 next release |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| variable "MAIL_SUBJECT" { | ||
| type = string | ||
| default = "Results Salt Shaker - products:next - SLMicro6.1 Salt Bundle $status: $tests scenarios ($failures failed, $errors errors, $skipped skipped, $passed passed)" |
There was a problem hiding this comment.
The MAIL_SUBJECT variable incorrectly references "SLMicro6.1" but this file is for SLMicro 6.2. Update the version to "SLMicro6.2" to accurately reflect the distribution being tested.
|
|
||
| variable "MAIL_SUBJECT_ENV_FAIL" { | ||
| type = string | ||
| default = "Results Salt Shaker - products:next - SLMicro6.1 Salt Bundle: Environment setup failed" |
There was a problem hiding this comment.
The MAIL_SUBJECT_ENV_FAIL variable incorrectly references "SLMicro6.1" but this file is for SLMicro 6.2. Update the version to "SLMicro6.2" to accurately reflect the distribution being tested.
|
|
||
| variable "MAIL_SUBJECT" { | ||
| type = string | ||
| default = "Results Salt Shaker - products:testing - SLMicro6.0 Salt Bundle $status: $tests scenarios ($failures failed, $errors errors, $skipped skipped, $passed passed)" |
There was a problem hiding this comment.
The MAIL_SUBJECT variable incorrectly references "SLMicro6.0" but this file is for SLMicro 6.2. Update the version to "SLMicro6.2" to accurately reflect the distribution being tested.
|
|
||
| variable "MAIL_SUBJECT_ENV_FAIL" { | ||
| type = string | ||
| default = "Results Salt Shaker - products:testing - SLMicro6.0 Salt Bundle: Environment setup failed" |
There was a problem hiding this comment.
The MAIL_SUBJECT_ENV_FAIL variable incorrectly references "SLMicro6.0" but this file is for SLMicro 6.2. Update the version to "SLMicro6.2" to accurately reflect the distribution being tested.
| default = "Results Salt Shaker - products:testing - SLMicro6.0 Salt Bundle: Environment setup failed" | |
| default = "Results Salt Shaker - products:testing - SLMicro6.2 Salt Bundle: Environment setup failed" |
| string(name: 'sumaform_gitrepo', defaultValue: 'https://github.com/uyuni-project/sumaform.git', description: 'Sumaform Git Repository'), | ||
| string(name: 'sumaform_ref', defaultValue: 'master', description: 'Sumaform Git reference (branch, tag...)'), | ||
| choice(name: 'sumaform_backend', choices: ['libvirt', 'aws'], description: 'Sumaform backend to be used (see https://github.com/uyuni-project/sumaform#backend-choice)'), | ||
| choice(name: 'terraform_bin', choices: ['/usr/bin/terraform'], description: 'Terraform binary path'), | ||
| choice(name: 'terraform_bin_plugins', choices: ['/usr/bin'], description: 'Terraform plugins path'), | ||
| string(name: 'terraform_parallelism', defaultValue: '', description: 'Advanced: Define the number of parallel resource operations for terraform'), | ||
| string(name: 'terracumber_gitrepo', defaultValue: 'https://github.com/uyuni-project/terracumber.git', description: 'Terracumber Git Repository'), | ||
| string(name: 'terracumber_ref', defaultValue: 'master', description: 'Terracumber Git ref (branch, tag...)'), | ||
| booleanParam(name: 'terraform_init', defaultValue: true, description: 'Call terraform init (needed if modules are added or changes)'), | ||
| booleanParam(name: 'terraform_taint', defaultValue: true, description: 'Call terraform taint (so the resources, except volumes, are recreated)'), |
There was a problem hiding this comment.
The parameters sumaform_gitrepo/sumaform_ref and terracumber_gitrepo/terracumber_ref are used by pipeline-salt-shaker.groovy to clone external Git repositories and then execute the terracumber-cli code from those checkouts with Jenkins credentials loaded from /home/jenkins/.credentials. Because these dependencies are pinned only to mutable branches like master and there is no checksum or signature verification, a compromise of those upstream repositories (or an attacker able to change these parameter values) would lead to arbitrary code execution on the Jenkins agent and potential secret exfiltration. To harden the supply chain, pin these repositories to immutable commit SHAs or signed release tags, and/or restrict who can modify these parameters so untrusted input cannot influence which code is fetched and executed.
| string(name: 'sumaform_gitrepo', defaultValue: 'https://github.com/uyuni-project/sumaform.git', description: 'Sumaform Git Repository'), | ||
| string(name: 'sumaform_ref', defaultValue: 'master', description: 'Sumaform Git reference (branch, tag...)'), | ||
| choice(name: 'sumaform_backend', choices: ['libvirt', 'aws'], description: 'Sumaform backend to be used (see https://github.com/uyuni-project/sumaform#backend-choice)'), | ||
| choice(name: 'terraform_bin', choices: ['/usr/bin/terraform'], description: 'Terraform binary path'), | ||
| choice(name: 'terraform_bin_plugins', choices: ['/usr/bin'], description: 'Terraform plugins path'), | ||
| string(name: 'terraform_parallelism', defaultValue: '', description: 'Advanced: Define the number of parallel resource operations for terraform'), | ||
| string(name: 'terracumber_gitrepo', defaultValue: 'https://github.com/uyuni-project/terracumber.git', description: 'Terracumber Git Repository'), | ||
| string(name: 'terracumber_ref', defaultValue: 'master', description: 'Terracumber Git ref (branch, tag...)'), |
There was a problem hiding this comment.
The parameters sumaform_gitrepo/sumaform_ref and terracumber_gitrepo/terracumber_ref are used by pipeline-salt-shaker.groovy to clone external Git repositories and then execute the terracumber-cli code from those checkouts with Jenkins credentials loaded from /home/jenkins/.credentials. Because these dependencies are pinned only to mutable branches like master and there is no checksum or signature verification, a compromise of those upstream repositories (or an attacker able to change these parameter values) would lead to arbitrary code execution on the Jenkins agent and potential secret exfiltration. To harden the supply chain, pin these repositories to immutable commit SHAs or signed release tags, and/or restrict who can modify these parameters so untrusted input cannot influence which code is fetched and executed.
| string(name: 'sumaform_gitrepo', defaultValue: 'https://github.com/uyuni-project/sumaform.git', description: 'Sumaform Git Repository'), | ||
| string(name: 'sumaform_ref', defaultValue: 'master', description: 'Sumaform Git reference (branch, tag...)'), | ||
| choice(name: 'sumaform_backend', choices: ['libvirt', 'aws'], description: 'Sumaform backend to be used (see https://github.com/uyuni-project/sumaform#backend-choice)'), | ||
| choice(name: 'terraform_bin', choices: ['/usr/bin/terraform'], description: 'Terraform binary path'), | ||
| choice(name: 'terraform_bin_plugins', choices: ['/usr/bin'], description: 'Terraform plugins path'), | ||
| string(name: 'terraform_parallelism', defaultValue: '', description: 'Advanced: Define the number of parallel resource operations for terraform'), | ||
| string(name: 'terracumber_gitrepo', defaultValue: 'https://github.com/uyuni-project/terracumber.git', description: 'Terracumber Git Repository'), | ||
| string(name: 'terracumber_ref', defaultValue: 'master', description: 'Terracumber Git ref (branch, tag...)'), | ||
| booleanParam(name: 'terraform_init', defaultValue: true, description: 'Call terraform init (needed if modules are added or changes)'), | ||
| booleanParam(name: 'terraform_taint', defaultValue: true, description: 'Call terraform taint (so the resources, except volumes, are recreated)'), |
There was a problem hiding this comment.
The parameters sumaform_gitrepo/sumaform_ref and terracumber_gitrepo/terracumber_ref are used by pipeline-salt-shaker.groovy to clone external Git repositories and then execute the terracumber-cli code from those checkouts with Jenkins credentials loaded from /home/jenkins/.credentials. Because these dependencies are pinned only to mutable branches like master and there is no checksum or signature verification, a compromise of those upstream repositories (or an attacker able to change these parameter values) would lead to arbitrary code execution on the Jenkins agent and potential secret exfiltration. To harden the supply chain, pin these repositories to immutable commit SHAs or signed release tags, and/or restrict who can modify these parameters so untrusted input cannot influence which code is fetched and executed.
| string(name: 'sumaform_gitrepo', defaultValue: 'https://github.com/uyuni-project/sumaform.git', description: 'Sumaform Git Repository'), | ||
| string(name: 'sumaform_ref', defaultValue: 'master', description: 'Sumaform Git reference (branch, tag...)'), | ||
| choice(name: 'sumaform_backend', choices: ['libvirt', 'aws'], description: 'Sumaform backend to be used (see https://github.com/uyuni-project/sumaform#backend-choice)'), | ||
| choice(name: 'terraform_bin', choices: ['/usr/bin/terraform'], description: 'Terraform binary path'), | ||
| choice(name: 'terraform_bin_plugins', choices: ['/usr/bin'], description: 'Terraform plugins path'), | ||
| string(name: 'terraform_parallelism', defaultValue: '', description: 'Advanced: Define the number of parallel resource operations for terraform'), | ||
| string(name: 'terracumber_gitrepo', defaultValue: 'https://github.com/uyuni-project/terracumber.git', description: 'Terracumber Git Repository'), | ||
| string(name: 'terracumber_ref', defaultValue: 'master', description: 'Terracumber Git ref (branch, tag...)'), |
There was a problem hiding this comment.
The parameters sumaform_gitrepo/sumaform_ref and terracumber_gitrepo/terracumber_ref are used by pipeline-salt-shaker.groovy to clone external Git repositories and then execute the terracumber-cli code from those checkouts with Jenkins credentials loaded from /home/jenkins/.credentials. Because these dependencies are pinned only to mutable branches like master and there is no checksum or signature verification, a compromise of those upstream repositories (or an attacker able to change these parameter values) would lead to arbitrary code execution on the Jenkins agent and potential secret exfiltration. To harden the supply chain, pin these repositories to immutable commit SHAs or signed release tags, and/or restrict who can modify these parameters so untrusted input cannot influence which code is fetched and executed.
|
@vzhestkov @meaksh how can we bring this forward? I'm missing Leap 16.0, can we add this to this PR or do we need a separate one? |
Add SLES 16 and SL Micro 6.2 to the Salt Shaker