Skip to content

fix: Fixed Provisioning Key Drift Detection and Check Mode #107

fix: Fixed Provisioning Key Drift Detection and Check Mode

fix: Fixed Provisioning Key Drift Detection and Check Mode #107

Workflow file for this run

name: CI
on:
push:
branches: [master]
pull_request:
env:
NAMESPACE: zscaler
COLLECTION_NAME: zpacloud
PYTHON_VERSION: 3.8
jobs:
## Sanity is required:
#
# https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html
sanity:
name: Sanity (Ⓐ${{ matrix.ansible }})
strategy:
matrix:
include:
- ansible: "2.14"
python_ver: "3.11"
- ansible: "2.15"
python_ver: "3.11"
- ansible: "2.16"
python_ver: "3.11"
- ansible: "2.17"
python_ver: "3.11"
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
steps:
- uses: actions/checkout@v4
with:
path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python_ver }}
- name: Install Poetry
uses: Gr1N/setup-poetry@v9
# Install the head of the given branch (devel, stable-2.10)
- name: Install ansible-base (${{ matrix.ansible }})
run: poetry run pip install https://github.com/ansible/ansible/archive/stable-${{ matrix.ansible }}.tar.gz --disable-pip-version-check
- name: Create lock file
run: poetry lock
- name: Install dependencies
run: poetry install
- name: Run sanity tests
timeout-minutes: 10
run: poetry run make new-sanity
format:
name: Code Format Check
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
steps:
- uses: actions/checkout@v4
with:
path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Poetry
uses: Gr1N/setup-poetry@v9
- name: Install dependencies
run: poetry install
- name: Do black code format
run: poetry run make format
- name: Do black code check-format
run: poetry run make check-format
release:
name: release
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
needs: [sanity, format]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
# This task could be removed once the task below is confirmed working
- name: Set up Galaxy auth
run: |
mkdir -p ~/.ansible
echo "token: $GALAXY_API_KEY" > ~/.ansible/galaxy_token
env:
GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
shell: bash
# New task for combined Galaxy and AutomationHub publishing
- name: Set up Automation Hub and Galaxy ansible.cfg file
run: |
cat << EOF > ansible.cfg
[galaxy]
server_list = automation_hub, release_galaxy
[galaxy_server.automation_hub]
url=${{ secrets.AUTOMATION_HUB_URL }}
auth_url=${{ secrets.AUTOMATION_HUB_SSO_URL }}
token=${{ secrets.AUTOMATION_HUB_API_TOKEN }}
[galaxy_server.release_galaxy]
url=https://galaxy.ansible.com/
token=${{ secrets.GALAXY_API_KEY }}
EOF
shell: bash
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Create release and publish
id: release
uses: cycjimmy/semantic-release-action@v4
with:
semantic_version: 17.1.1
extra_plugins: |
conventional-changelog-conventionalcommits@^4.4.0
@semantic-release/changelog@^5.0.1
@semantic-release/git@^9.0.0
@semantic-release/exec@^5.0.0
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Store built collection
uses: actions/upload-artifact@v4
with:
name: collection
path: |
*.tar.gz
docs:
name: docs
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
needs: [release]
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./ansible_collections/zscaler/zpacloud
steps:
# Just a note here: The Ansible stuff is apparently doing realpath
# checks, so trying to simlink stuff and then run Ansible commands
# such as ansible-test in the symlink directory fails. Thus we need
# to have the real path contain ansible_collections/zscaler/zpacloud.
- name: Checkout
uses: actions/checkout@v4
with:
path: ./ansible_collections/zscaler/zpacloud
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Poetry
uses: Gr1N/setup-poetry@v9
- name: Add ansible-core
run: poetry add ansible-core^2.14
- name: Add antsibull-docs
run: poetry add antsibull-docs^2.10.0
- name: Install dependencies
run: poetry install
- name: Build the collection
run: poetry run ansible-galaxy collection build
- name: Install built collection
run: poetry run ansible-galaxy collection install *.tar.gz
- name: Generate documentation
run: poetry run make docs
# This is here for right now because the action to deploy seems to assume
# (and not have a configuration option to) mirror the actions/checkout@v4
# the with.path spec.
- name: Move the repo to where the deploy action is looking for it
run: |
cd ../../../..
mv zpacloud-ansible the_repo
mv the_repo/ansible_collections/zscaler/zpacloud zpacloud-ansible
mkdir -p zpacloud-ansible/ansible_collections/zscaler/zpacloud
- name: Deploy to GitHub Pages
uses: JamesIves/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-pages
folder: docs/html
clean: true