From 1c9a40958ceb2565ce2a2e538b0ef2b94c4779dc Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin Date: Wed, 18 Mar 2026 23:42:14 +0300 Subject: [PATCH 1/2] fix(cozystack): guard server group lookup, tighten hostname rejection test Use groups.get('server', []) to avoid hard-fail when the server group is absent, producing a clearer error via the existing assert instead. Tighten the negative CI test to verify the specific IP validation error message rather than accepting any playbook failure as success. Assisted-By: Claude Signed-off-by: Aleksei Sviridkin --- .github/workflows/test.yml | 19 +++++++++++++++---- .../cozystack/tasks/compute-master-nodes.yml | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eb5a46f..1709282 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -99,14 +99,25 @@ jobs: - name: Test hostname host keys are rejected run: | - if ansible-playbook tests/test-master-nodes.yml \ - --inventory tests/test-hostname-inventory.yml 2>&1; then + set +e + output="$(ansible-playbook tests/test-master-nodes.yml \ + --inventory tests/test-hostname-inventory.yml 2>&1)" + status=$? + set -e + + if [ "$status" -eq 0 ]; then echo "ERROR: Expected failure for hostname host keys, but playbook succeeded" exit 1 - else - echo "OK: Hostname host keys correctly rejected" fi + if ! grep -q "not a valid IP address in MASTER_NODES" <<< "$output"; then + echo "ERROR: Playbook failed, but not due to hostname/IP validation" + echo "$output" + exit 1 + fi + + echo "OK: Hostname host keys correctly rejected" + e2e: name: E2E runs-on: ubuntu-latest diff --git a/roles/cozystack/tasks/compute-master-nodes.yml b/roles/cozystack/tasks/compute-master-nodes.yml index 47646ec..c7eab03 100644 --- a/roles/cozystack/tasks/compute-master-nodes.yml +++ b/roles/cozystack/tasks/compute-master-nodes.yml @@ -7,7 +7,7 @@ {%- if cozystack_master_nodes | length > 0 -%} {{ cozystack_master_nodes }} {%- else -%} - {{ groups['server'] | join(',') }} + {{ groups.get('server', []) | join(',') }} {%- endif -%} - name: Validate master node IPs are non-empty From cdc7938b91a3d2edfb6d4a057d5b588c7897c693 Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin Date: Wed, 18 Mar 2026 23:42:25 +0300 Subject: [PATCH 2/2] chore(renovate): track k3s version via github-releases datasource Add Renovate annotations to all inventory files referencing k3s_version and a customManager regex rule to detect and update them automatically from k3s-io/k3s GitHub releases. Assisted-By: Claude Signed-off-by: Aleksei Sviridkin --- examples/rhel/inventory.yml | 1 + examples/suse/inventory.yml | 1 + examples/ubuntu/inventory.yml | 1 + renovate.json | 13 ++++++++++--- tests/ci-inventory.yml | 1 + 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/examples/rhel/inventory.yml b/examples/rhel/inventory.yml index f47170b..c172282 100644 --- a/examples/rhel/inventory.yml +++ b/examples/rhel/inventory.yml @@ -18,6 +18,7 @@ cluster: ansible_user: cloud-user # k3s configuration (used by k3s.orchestration) + # renovate: datasource=github-releases depName=k3s-io/k3s k3s_version: v1.35.0+k3s3 token: "CHANGE_ME" api_endpoint: "10.0.0.10" diff --git a/examples/suse/inventory.yml b/examples/suse/inventory.yml index 50ec0ca..3be1445 100644 --- a/examples/suse/inventory.yml +++ b/examples/suse/inventory.yml @@ -18,6 +18,7 @@ cluster: ansible_user: opensuse # k3s configuration (used by k3s.orchestration) + # renovate: datasource=github-releases depName=k3s-io/k3s k3s_version: v1.35.0+k3s3 token: "CHANGE_ME" api_endpoint: "10.0.0.10" diff --git a/examples/ubuntu/inventory.yml b/examples/ubuntu/inventory.yml index 89bd567..c33a13e 100644 --- a/examples/ubuntu/inventory.yml +++ b/examples/ubuntu/inventory.yml @@ -21,6 +21,7 @@ cluster: ansible_user: ubuntu # k3s configuration (used by k3s.orchestration) + # renovate: datasource=github-releases depName=k3s-io/k3s k3s_version: v1.35.0+k3s3 token: "CHANGE_ME" api_endpoint: "10.0.0.10" diff --git a/renovate.json b/renovate.json index 07946e4..ef73115 100644 --- a/renovate.json +++ b/renovate.json @@ -15,7 +15,7 @@ "customManagers": [ { "customType": "regex", - "managerFilePatterns": ["/roles/cozystack/defaults/main\\.yml$/"], + "fileMatch": ["/roles/cozystack/defaults/main\\.yml$/"], "matchStrings": [ "cozystack_chart_version:\\s*\"(?[^\"]+)\"" ], @@ -24,7 +24,7 @@ }, { "customType": "regex", - "managerFilePatterns": ["/^galaxy\\.yml$/"], + "fileMatch": ["/^galaxy\\.yml$/"], "matchStrings": [ "version:\\s*(?\\S+)" ], @@ -33,12 +33,19 @@ }, { "customType": "regex", - "managerFilePatterns": ["/(^|/)requirements\\.yml$/"], + "fileMatch": ["/(^|/)requirements\\.yml$/"], "matchStrings": [ "source:\\s*https://github\\.com/cozystack/ansible-cozystack\\.git\\s+type:\\s*git\\s+version:\\s*(?\\S+)" ], "depNameTemplate": "ghcr.io/cozystack/cozystack/cozy-installer", "datasourceTemplate": "docker" + }, + { + "customType": "regex", + "fileMatch": ["inventory\\.yml$", "ci-inventory\\.yml$"], + "matchStrings": [ + "#\\s*renovate:\\s*datasource=(?[^\\s]+)\\s+depName=(?[^\\s]+)[\\s\\S]*?k3s_version:\\s*(?[^\\s]+)" + ] } ], "packageRules": [ diff --git a/tests/ci-inventory.yml b/tests/ci-inventory.yml index 3fbedc0..0fc5c38 100644 --- a/tests/ci-inventory.yml +++ b/tests/ci-inventory.yml @@ -14,6 +14,7 @@ cluster: ansible_user: runner # k3s configuration + # renovate: datasource=github-releases depName=k3s-io/k3s k3s_version: v1.35.0+k3s3 token: "ci-test-token" api_endpoint: "127.0.0.1"