This adds a custom ansible-lint rule at .rules/ZuulJobsNamespaceLoopVar.py
that enforces the loop var policy described at:
https://zuul-ci.org/docs/zuul-jobs/policy.html#ansible-loops-in-roles
It also updates existing roles to follow the policy.
Change-Id: I92b2ff56a1c2702542fc07b316f1809087a4c92f
We have to be careful about avoiding outer loop loop_var conflicts in
ansible. Because the zuul-jobs roles are meant to be reconsumed
elsewhere we should not use 'item' loopvars and instead set them to
something a bit more unique.
We use a zj_ prefix to try and be unique to this repo and document this
convention.
Change-Id: I20b9327a914890e9eafcb2b36dc8c23fb472bc8f
This allows us to construct a job which allows users to pass in a
secret (via pass-to-parent) which includes not only the user/pass,
but also a restriction for what docker image repositories may be
accessed using that user/pass. This allows an operator to create
one credential, and then use that credential in multiple secrets
for multiple projects, each with a distinct restriction on where
images may be uploaded.
Change-Id: I7a3cf97a16d34c76df8601990954e1f2b0e498f5
These probably should have been prefixed to start with. The roles
are brand new, not publicised, and likely not widely used. I think
we can merge this without announcement or deprecation.
Change-Id: I7825ef6fee1325b6d4fcc179032652eb5530d016