ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

CI: avoid vault requirement in lint/tests
Some checks failed
CI / skip-ci-check (pull_request) Successful in 1m17s
Details
CI / lint-and-test (pull_request) Successful in 1m22s
Details
CI / ansible-validation (pull_request) Failing after 2m48s
Details
CI / secret-scanning (pull_request) Successful in 1m19s
Details
CI / dependency-scan (pull_request) Successful in 1m24s
Details
CI / sast-scan (pull_request) Successful in 2m34s
Details
CI / license-check (pull_request) Failing after 1m22s
Details
CI / vault-check (pull_request) Failing after 2m20s
Details
CI / playbook-test (pull_request) Failing after 2m19s
Details
CI / container-scan (pull_request) Successful in 1m50s
Details
CI / sonar-analysis (pull_request) Failing after 1m16s
Details
CI / workflow-summary (pull_request) Successful in 1m16s
Details

Browse Source
This commit is contained in:
ilia 2026-01-01 13:09:29 -05:00
parent e0996642bc
commit 0322279ab0
1 changed files with 58 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
.gitea/workflows/ci.yml
View File

@ -96,6 +96,31 @@ jobs:
- name: Check out code
uses: actions/checkout@v4
- name: Configure CI Ansible (no vault, localhost inventory)
run: |
set -e
cat > /tmp/ci-inventory.ini <<'EOF'
[all]
localhost ansible_connection=local
EOF
cat > /tmp/ci-ansible.cfg <<'EOF'
[defaults]
inventory = /tmp/ci-inventory.ini
roles_path = roles
host_key_checking = False
stdout_callback = yaml
bin_ansible_callbacks = True
retry_files_enabled = False
interpreter_python = auto_silent
forks = 10
pipelining = True
EOF
echo "ANSIBLE_CONFIG=/tmp/ci-ansible.cfg" >> "$GITHUB_ENV"
echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV"
echo "ANSIBLE_VAULT_PASSWORD_FILE=/dev/null" >> "$GITHUB_ENV"
- name: Install Python and dependencies
run: |
apt-get update && apt-get install -y python3 python3-pip
@ -304,21 +329,9 @@ jobs:
- name: Check out code
uses: actions/checkout@v4
- name: Install Python and dependencies
run: |
apt-get update && apt-get install -y python3 python3-pip
- name: Install Ansible
run: pip3 install --no-cache-dir ansible
- name: Install Ansible collections
run: |
ansible-galaxy collection install -r collections/requirements.yml
- name: Validate playbooks (CI inventory, no vault)
- name: Configure CI Ansible (no vault, localhost inventory)
run: |
set -e
echo "Validating playbooks against a CI-only localhost inventory (no vault required)..."
cat > /tmp/ci-inventory.ini <<'EOF'
[dev]
localhost ansible_connection=local
@ -342,6 +355,38 @@ jobs:
localhost ansible_connection=local
EOF
cat > /tmp/ci-ansible.cfg <<'EOF'
[defaults]
inventory = /tmp/ci-inventory.ini
roles_path = roles
host_key_checking = False
stdout_callback = yaml
bin_ansible_callbacks = True
retry_files_enabled = False
interpreter_python = auto_silent
forks = 10
pipelining = True
EOF
echo "ANSIBLE_CONFIG=/tmp/ci-ansible.cfg" >> "$GITHUB_ENV"
echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV"
echo "ANSIBLE_VAULT_PASSWORD_FILE=/dev/null" >> "$GITHUB_ENV"
- name: Install Python and dependencies
run: |
apt-get update && apt-get install -y python3 python3-pip
- name: Install Ansible
run: pip3 install --no-cache-dir ansible
- name: Install Ansible collections
run: |
ansible-galaxy collection install -r collections/requirements.yml
- name: Validate playbooks (CI inventory, no vault)
run: |
set -e
echo "Validating playbooks against a CI-only localhost inventory (no vault required)..."
failed=0
for playbook in playbooks/*.yml site.yml configure_app.yml provision_vms.yml; do
[ -f "$playbook" ] || continue