Use fedora:41 as base image for the execution environment #1755

Workflow file for this run

	---
	name: tox

	on:
	push:
	branches:
	- "main"
	pull_request:
	branches:
	- "main"
	release:
	types: [published]
	schedule:
	- cron: "0 0 * * *"
	workflow_call:
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${ github.event_name }-${{ github.event.pull_request.number \|\| github.sha }}
	cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}

	permissions:
	checks: read
	packages: write # tox/devspaces, tox/ee, publish-* jobs
	pull-requests: write # tox/check jobs
	contents: write # push job to update release notes
	id-token: write # tox/check job

	jobs:
	tox:
	uses: ansible/team-devtools/.github/workflows/tox.yml@main
	with:
	run_pre: ./tools/test-setup.sh
	max_python: "3.13"
	default_python: "3.10" # min version, for 'lint' in particular
	jobs_producing_coverage: 8
	other_names_also: \|
	devspaces
	ee-amd64:tox -e ee:runner=devtools-multiarch-builder
	ee-arm64:tox -e ee:runner=ubuntu-24.04-arm64-2core
	secrets: inherit # needed for logging to the ghcr.io registry

	codeql:
	name: codeql
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: ["python"]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}
	# If you wish to specify custom queries, you can do so here or in a config file.
	# By default, queries listed here will override any specified in a config file.
	# Prefix the list here with "+" to use these queries and those in the config file.

	# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
	# queries: security-extended,security-and-quality

	- name: Autobuild
	uses: github/codeql-action/autobuild@v3

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:${{matrix.language}}"

	publish-ee:
	# environment: release # approval
	runs-on: ubuntu-24.04
	needs:
	- tox
	# if: github.ref == 'refs/heads/main'
	# github.event_name == 'release' && github.event.action == 'published'
	steps:
	- name: Check out repository
	uses: actions/checkout@v4

	- name: pull-merge-push for the the two arch images under a single manifest
	env:
	GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
	run: ./tools/ee.sh --publish "${{ github.event.release.tag_name \|\| github.sha }}" "${{ (github.event_name == 'release' && github.event.action == 'published') \|\| '--dry' }}"

	publish-devspaces:
	runs-on: ubuntu-24.04
	needs:
	- codeql
	- tox
	if: github.ref == 'refs/heads/main' \|\| (github.event_name == 'release' && github.event.action == 'published')
	steps:
	- name: Push image to ghcr.io as ansible-devspaces-tmp:${GITHUB_SHA}
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin
	docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
	docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}"

	- name: Push image to ghcr.io as ${{ github.event.release.tag_name }}
	if: github.event_name == 'release' && github.event.action == 'published'
	run: \|
	docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}"
	docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:latest"
	docker push "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}"
	docker push "ghcr.io/ansible/ansible-devspaces:latest"

	publish-wheel:
	needs:
	- codeql
	- tox
	if: github.event_name == 'release' && github.event.action == 'published'
	environment: release # approval
	runs-on: ubuntu-24.04
	env:
	FORCE_COLOR: 1
	PY_COLORS: 1
	TOXENV: pkg
	TOX_EXTRA_BINDEP: 0
	steps:
	- name: Switch to using Python 3.10 by default
	uses: actions/setup-python@v5
	with:
	python-version: "3.10"

	- name: Install tox
	run: python3 -m pip install --user "tox>=4.0.0"

	- name: Check out src from Git
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # needed by setuptools-scm
	submodules: true

	- name: Build dists
	run: python3 -m tox

	- name: Publish to pypi.org
	if: >- # "create" workflows run separately from "push" & "pull_request"
	github.event_name == 'release'
	uses: pypa/gh-action-pypi-publish@release/v1

	forum-post:
	if: github.event_name == 'release' && github.event.action == 'published'
	needs:
	- publish-wheel
	- publish-ee
	- publish-devspaces
	runs-on: ubuntu-24.04

	steps:
	- name: Retreive the forum post script from team-devtools
	run: curl -O https://raw.githubusercontent.com/ansible/team-devtools/main/.github/workflows/forum_post.py

	- name: Run the forum post script
	run: python3 forum_post.py ${{ github.event.repository.full_name }} ${{ github.event.release.tag_name }} ${{ secrets.FORUM_KEY }} ${{ secrets.FORUM_USER }}

	push:
	if: >
	github.event_name == 'push' && contains(
	fromJSON('["refs/heads/main", "refs/heads/releases", "refs/heads/stable"]'),
	github.ref)
	uses: ansible/team-devtools/.github/workflows/push.yml@main

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use fedora:41 as base image for the execution environment #1755

Workflow file

Use fedora:41 as base image for the execution environment #1755

Jobs

Run details

Workflow file for this run