* Adjsutments to the Collection release process
* Adjustment from the review.
* Update docs/docsite/rst/community/collection_contributors/collection_release_without_branches.rst
* adjustments from review
* Improve failed_when documentation and fix minor errors
- Add clarifying example for 'or' operator in failed_when conditions
- Fix template syntax: remove extra space in Jinja2 braces
Signed-off-by: Piyush Malik <piyush.malik@optimoloan.com>
* Update docs/docsite/rst/playbook_guide/playbooks_error_handling.rst
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Piyush Malik <piyush.malik@optimoloan.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* ci: fix issues indentified by zizmor GHA linter
This fixes issues identified by the zizmor linter which checks for
Github Actions security best practicies.
Summary of changes:
- Remove possibilities for shell injection. These can all only be
activated by workflow_dispatch input provided by people who already
have access to the repository but still a good idea to tidy this up.
Many of these occur in the build-package-docs actions. We should test
everything to make sure nothing is broken by these changes.
- Explicitly set permissions. This is not strictly required, because we
already enforce a limited set of default permissions in the repo's GHA
settings, but zizmor wants us to be explicit.
- Use `persist-credentials: false` with the checkout action.
Also, when rebasing this commit, I added back the manual `nox -s
clone-core` step to keep the outputs separate.
* ci: run zizmor in CI and noxfile
- Adds lockfile
- Adds nox session
- Adds nox session to CI matrix
* ci: fix additional issues identified by zizmor
- Add default permissions to new workflows
- Add cooldown to dependabot
* ci: add zizmor configuration for unpinned-uses
We could configure dependabot to pin shared workflow commit SHA hashes,
but for now, let's relax the unpinned-uses relax
* ci: restore secrets: inheirt for pip-compile workflows
See comment for more details.
* ci: fix token auth for pip-compile workflow
* README: mention that lint session runs GHA checks
* Update noxfile.py
Co-authored-by: Don Naro <dnaro@redhat.com>
* nox zizmor: allow overriding persona
* nox: actually run zizmor as part of lint session
* ci: use GHA expression instead of shell test
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk@sydorenko.org.ua>
* ci: use Python to avoid shell+json quoting issues
---------
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk@sydorenko.org.ua>
* disable version switcher in theme
* Update docs/docsite/rst/conf.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix grammar and add documentation link
- Fix the number-verb agreement in a bullet point
- Add a link to the RST spec and re-word the embedding
* Add small section on testing
* Edit title for Changelog section
I find the title "Creating changelog fragments" too similar to "Creating a changelog fragment".
* Update title of test section and reorganize sentences
* Fix spelling of preferred
* Add words for clarity
* Capitalize YAML and RST
Capitalizing these helps to distinguish
between the yaml/rst format and file extension.
* Fix line breaks in test section
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
* Rephrase testing section
* Fix period clickability
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
---------
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
* Document play argument spec validation
* Update docs/docsite/rst/playbook_guide/playbooks_intro.rst
Co-authored-by: Don Naro <dnaro@redhat.com>
* Move the play-level argument spec validation following the sections on variables
---------
Co-authored-by: Don Naro <dnaro@redhat.com>
