Update coverage workflow to use containers

.coveragerc

@@ -1,7 +1,6 @@
 [run]
-omit =
-    tests/*
-    venv*
+branch = True
+source = scripts
 
 [report]
 fail_under = 80

.github/workflows/build_images.yml

@@ -0,0 +1,45 @@
+name: build_and_publish_images
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build_and_publish:
+    name: build-${{ matrix.el.distro }}${{ matrix.el.ver }}
+    strategy:
+      fail-fast: false
+      matrix:
+        el:
+          - distro: centos
+            ver: 7
+
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/[email protected]
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          file: ./Containerfiles/${{ matrix.el.distro }}${{ matrix.el.ver }}.Containerfile
+          tags: ghcr.io/${{ github.repository_owner }}/convert2rhel-insights-tasks-${{ matrix.el.distro }}${{ matrix.el.ver }}:latest
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/convert2rhel-insights-tasks-${{ matrix.el.distro }}${{ matrix.el.ver }}:latest
+          cache-to: type=inline

.github/workflows/tests.yml

@@ -1,24 +1,53 @@
-name: Unit Tests
+name: test_coverage
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
-  tests:
+  coverage:
+    name: coverage-${{ matrix.el.distro }}${{ matrix.el.ver }}
+    strategy:
+      fail-fast: false
+      matrix:
+          el:
+            - distro: centos
+              ver: 7
+
     runs-on: ubuntu-latest
-    container:
-      image: python:2.7
     steps:
-    - uses: actions/checkout@v4
-    - name: Install requirements
-      run: pip install --upgrade -r requirements.txt
-    - name: Test
-      run: python -m pytest --cov --cov-report=xml
-    - name: Upload coverage reports to Codecov
-      uses: codecov/codecov-action@v3
-      with:
-        fail_ci_if_error: true
-        verbose: true # optional (default = false)
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run pytest coverage
+        run: |
+          make tests${{ matrix.el.ver }} PYTEST_ARGS="--cov --cov-report xml --cov-report term" KEEP_TEST_CONTAINER=1 BUILD_IMAGES=0
+          podman cp pytest-container:/data/coverage.xml .
+
+      - name: Upload coverage to Codecov
+        id: UploadFirstAttempt
+        continue-on-error: true
+        uses: codecov/codecov-action@v4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          env_vars: OS,PYTHON
+          flags: ${{ matrix.el.distro }}-linux-${{ matrix.el.ver }}
+          name: coverage-${{ matrix.el.distro }}
+          fail_ci_if_error: true
+          files: ./coverage.xml
+          verbose: true # optional (default = false)

.gitignore

@@ -4,6 +4,8 @@
 **/__pycache__/**
 
 .coverage
+coverage.xml
+.build-image7
 
 install-deps
 pre-commit

Containerfiles/centos7.Containerfile

@@ -0,0 +1,25 @@
+FROM centos:7 as base
+
+ENV PYTHON python2
+ENV PIP pip
+ENV PYTHONDONTWRITEBYTECODE 1
+
+ENV URL_GET_PIP "https://bootstrap.pypa.io/pip/2.7/get-pip.py"
+ENV APP_DEV_DEPS "requirements.txt"
+
+WORKDIR /data
+
+FROM base as install_main_deps
+RUN yum update -y && yum clean all
+
+FROM install_main_deps as install_dev_deps
+COPY $APP_DEV_DEPS $APP_DEV_DEPS
+RUN curl $URL_GET_PIP | $PYTHON && $PIP install -r $APP_DEV_DEPS
+
+FROM install_dev_deps as install_application
+RUN groupadd --gid=1000 -r app && \
+    useradd -r --uid=1000 --gid=1000 app && \
+    chown -R app:app .
+
+COPY --chown=app:app . .
+USER app:app

Makefile

@@ -4,17 +4,50 @@
 	verify \
 	install \
 	sync \
-	.pre-commit \
-	.install-deps
+	image7 \
+	tests7 \
 
 # Project constants
+IMAGE_REPOSITORY ?= ghcr.io
+IMAGE_ORG ?= oamg
+IMAGE_PREFIX ?= convert2rhel-insights-tasks
 PYTHON_VERSION ?= 2
 PYTHON = python$(PYTHON_VERSION)
 PYTHON_VENV = venv$(PYTHON_VERSION)
+PYTEST_ARGS ?= --cov -p no:cacheprovider
+PYTEST_CALL = python -B -m pytest $(PYTEST_ARGS)
+SHOW_CAPTURE ?= no
+BUILD_IMAGES ?= 1
 
-PYTEST_ARGS ?= --cov
+# Let the user specify PODMAN at the CLI, otherwise try to autodetect a working podman
+ifndef PODMAN
+	PODMAN := $(shell podman run --rm alpine echo podman 2> /dev/null)
+	ifndef PODMAN
+		DUMMY := $(warning podman is not detected. Majority of commands will not work. Please install and verify that podman --version works.)
+	endif
+endif
 
-PYTEST_CALL = python -B -m pytest $(PYTEST_ARGS)
+ifdef PODMAN
+	CONTAINER_TEST_WARNING := "*** scripts directory will be read-only while tests are executing ***"
+	CONTAINER_CLEANUP := podman unshare chown -R 0:0 $(shell pwd)
+endif
+
+ifdef KEEP_TEST_CONTAINER
+	CONTAINER_RM =
+else
+	CONTAINER_RM = --rm
+endif
+
+WRITABLE_FILES=. .coverage coverage.xml
+CONTAINER_TEST_FUNC=echo $(CONTAINER_TEST_WARNING) ; $(PODMAN) run -v $(shell pwd):/data:Z --name pytest-container -u root:root $(CONTAINER_RM) $(IMAGE)-$(1) /bin/sh -c 'touch $(WRITABLE_FILES) ; chown app:app $(WRITABLE_FILES) ; su app -c "$(PYTEST_CALL) $(2)"' ; CONTAINER_RETURN=$${?} ; $(CONTAINER_CLEANUP) ; exit $${CONTAINER_RETURN}
+
+ifeq ($(BUILD_IMAGES), 1)
+image7: .build-image7
+IMAGE=$(IMAGE_ORG)/$(IMAGE_PREFIX)
+else
+image7: .fetch-image7
+IMAGE=$(IMAGE_REPOSITORY)/$(IMAGE_ORG)/$(IMAGE_PREFIX)
+endif
 
 install-deps:
 	virtualenv -p '$(PYTHON)' $(PYTHON_VENV); \
@@ -35,3 +68,17 @@ tests: install-deps
 sync: install-deps
 	. $(PYTHON_VENV)/bin/activate; \
 	python misc/sync_scripts.py
+
+image7: .build-image7
+
+.fetch-image7:
+	@echo "Pulling $(IMAGE)-centos7"
+	@$(PODMAN) pull $(IMAGE)-centos7
+
+.build-image7:
+	@$(PODMAN) build -f Containerfiles/centos7.Containerfile -t $(IMAGE)-centos7 .
+	touch $@
+
+tests7: image7
+	@echo 'CentOS Linux 7 tests'
+	@$(call CONTAINER_TEST_FUNC,centos7,--show-capture=$(SHOW_CAPTURE))