From 97be9cdc8d1ea6b01102c3488013fe63990f3c0f Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Wed, 27 May 2020 14:04:38 +0200
Subject: [PATCH] Zuul: use repo-local job playbooks again

Use our own namespace (fi-ansible) to not clash with tenant-wide defined
Zuul jobs e.g. from zuul-fedora-jobs.

Fixes: fedora-infrastructure#8932

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Signed-off-by: Nils Philippsen <nils@redhat.com>
---
 .zuul.yaml                        | 16 +++++++++++++++-
 ci/ansible-review-base.yaml       | 14 ++++++++++++++
 ci/ansible-review-diff.yaml       |  8 ++++++++
 ci/ansible-review-everything.yaml | 11 +++++++++++
 ci/ansible-review-filtered.sh     | 10 ++++++++++
 5 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 ci/ansible-review-base.yaml
 create mode 100644 ci/ansible-review-diff.yaml
 create mode 100644 ci/ansible-review-everything.yaml
 create mode 100755 ci/ansible-review-filtered.sh

diff --git a/.zuul.yaml b/.zuul.yaml
index 40042cedf3..10ba564b03 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -1,5 +1,19 @@
 ---
+- job:
+    name: fi-ansible--ansible-review-base
+    pre-run: ci/ansible-review-base.yaml
+
+- job:
+    name: fi-ansible--ansible-review-everything
+    parent: fi-ansible--ansible-review-base
+    run: ci/ansible-review-everything.yaml
+
+- job:
+    name: fi-ansible--ansible-review-diff
+    parent: ansible-review-base
+    run: ci/ansible-review-diff.yaml
+
 - project:
     check:
       jobs:
-        - ansible-review-diff
+        - fi-ansible--ansible-review-diff
diff --git a/ci/ansible-review-base.yaml b/ci/ansible-review-base.yaml
new file mode 100644
index 0000000000..eddbd2dd4c
--- /dev/null
+++ b/ci/ansible-review-base.yaml
@@ -0,0 +1,14 @@
+- hosts: all
+  tasks:
+    - name: Install ansible-review
+      package:
+        name: python3-ansible-review
+        state: latest
+
+    - name: Install invocation script
+      copy:
+        src: ansible-review-filtered.sh
+        dest: /usr/local/bin/ansible-review-filtered.sh
+        owner: root
+        group: root
+        mode: '0755'
diff --git a/ci/ansible-review-diff.yaml b/ci/ansible-review-diff.yaml
new file mode 100644
index 0000000000..a56d8e48de
--- /dev/null
+++ b/ci/ansible-review-diff.yaml
@@ -0,0 +1,8 @@
+- hosts: all
+  tasks:
+    - name: Run ansible-review on the changes in the PR
+      shell: >
+        git diff origin/{{ zuul.branch|quote }}...{{ zuul.branch|quote }}
+        | ansible-review-filtered.sh
+      args:
+        chdir: '{{ zuul.project.src_dir }}'
diff --git a/ci/ansible-review-everything.yaml b/ci/ansible-review-everything.yaml
new file mode 100644
index 0000000000..1d1914f514
--- /dev/null
+++ b/ci/ansible-review-everything.yaml
@@ -0,0 +1,11 @@
+- hosts: all
+  tasks:
+    - name: Run ansible-review on the playbooks and roles
+      shell: >
+        exitcode=0;
+        while read pbrulefile; do
+          ansible-review-filtered.sh "$pbrulefile" || exitcode=1;
+        done <<<$(find playbooks roles -name "*.yml" -o -name "*.yaml");
+        exit "$exitcode"
+      args:
+        chdir: '{{ zuul.project.src_dir }}'
diff --git a/ci/ansible-review-filtered.sh b/ci/ansible-review-filtered.sh
new file mode 100755
index 0000000000..84d220699f
--- /dev/null
+++ b/ci/ansible-review-filtered.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Remove warnings on stderr about missing configuration and used default rules.
+
+SEDSCRIPT='
+0,/^WARN: No configuration file found at/{/^WARN: No configuration file found at/d;};
+1,/^WARN: Using example .* found at/{/^WARN: Using example .* found at/d;};
+'
+
+exec ansible-review "$@" 2> >(sed -e "$SEDSCRIPT" >&2)