fix: Fixed Provisioning Key Drift Detection and Check Mode #107
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [master] | |
pull_request: | |
env: | |
NAMESPACE: zscaler | |
COLLECTION_NAME: zpacloud | |
PYTHON_VERSION: 3.8 | |
jobs: | |
## Sanity is required: | |
# | |
# https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html | |
sanity: | |
name: Sanity (Ⓐ${{ matrix.ansible }}) | |
strategy: | |
matrix: | |
include: | |
- ansible: "2.14" | |
python_ver: "3.11" | |
- ansible: "2.15" | |
python_ver: "3.11" | |
- ansible: "2.16" | |
python_ver: "3.11" | |
- ansible: "2.17" | |
python_ver: "3.11" | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python_ver }} | |
- name: Install Poetry | |
uses: Gr1N/setup-poetry@v9 | |
# Install the head of the given branch (devel, stable-2.10) | |
- name: Install ansible-base (${{ matrix.ansible }}) | |
run: poetry run pip install https://github.com/ansible/ansible/archive/stable-${{ matrix.ansible }}.tar.gz --disable-pip-version-check | |
- name: Create lock file | |
run: poetry lock | |
- name: Install dependencies | |
run: poetry install | |
- name: Run sanity tests | |
timeout-minutes: 10 | |
run: poetry run make new-sanity | |
format: | |
name: Code Format Check | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install Poetry | |
uses: Gr1N/setup-poetry@v9 | |
- name: Install dependencies | |
run: poetry install | |
- name: Do black code format | |
run: poetry run make format | |
- name: Do black code check-format | |
run: poetry run make check-format | |
release: | |
name: release | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
needs: [sanity, format] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# This task could be removed once the task below is confirmed working | |
- name: Set up Galaxy auth | |
run: | | |
mkdir -p ~/.ansible | |
echo "token: $GALAXY_API_KEY" > ~/.ansible/galaxy_token | |
env: | |
GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }} | |
shell: bash | |
# New task for combined Galaxy and AutomationHub publishing | |
- name: Set up Automation Hub and Galaxy ansible.cfg file | |
run: | | |
cat << EOF > ansible.cfg | |
[galaxy] | |
server_list = automation_hub, release_galaxy | |
[galaxy_server.automation_hub] | |
url=${{ secrets.AUTOMATION_HUB_URL }} | |
auth_url=${{ secrets.AUTOMATION_HUB_SSO_URL }} | |
token=${{ secrets.AUTOMATION_HUB_API_TOKEN }} | |
[galaxy_server.release_galaxy] | |
url=https://galaxy.ansible.com/ | |
token=${{ secrets.GALAXY_API_KEY }} | |
EOF | |
shell: bash | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.PASSPHRASE }} | |
- name: Create release and publish | |
id: release | |
uses: cycjimmy/semantic-release-action@v4 | |
with: | |
semantic_version: 17.1.1 | |
extra_plugins: | | |
conventional-changelog-conventionalcommits@^4.4.0 | |
@semantic-release/changelog@^5.0.1 | |
@semantic-release/git@^9.0.0 | |
@semantic-release/exec@^5.0.0 | |
env: | |
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Store built collection | |
uses: actions/upload-artifact@v4 | |
with: | |
name: collection | |
path: | | |
*.tar.gz | |
docs: | |
name: docs | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
needs: [release] | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./ansible_collections/zscaler/zpacloud | |
steps: | |
# Just a note here: The Ansible stuff is apparently doing realpath | |
# checks, so trying to simlink stuff and then run Ansible commands | |
# such as ansible-test in the symlink directory fails. Thus we need | |
# to have the real path contain ansible_collections/zscaler/zpacloud. | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: ./ansible_collections/zscaler/zpacloud | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Poetry | |
uses: Gr1N/setup-poetry@v9 | |
- name: Add ansible-core | |
run: poetry add ansible-core^2.14 | |
- name: Add antsibull-docs | |
run: poetry add antsibull-docs^2.10.0 | |
- name: Install dependencies | |
run: poetry install | |
- name: Build the collection | |
run: poetry run ansible-galaxy collection build | |
- name: Install built collection | |
run: poetry run ansible-galaxy collection install *.tar.gz | |
- name: Generate documentation | |
run: poetry run make docs | |
# This is here for right now because the action to deploy seems to assume | |
# (and not have a configuration option to) mirror the actions/checkout@v4 | |
# the with.path spec. | |
- name: Move the repo to where the deploy action is looking for it | |
run: | | |
cd ../../../.. | |
mv zpacloud-ansible the_repo | |
mv the_repo/ansible_collections/zscaler/zpacloud zpacloud-ansible | |
mkdir -p zpacloud-ansible/ansible_collections/zscaler/zpacloud | |
- name: Deploy to GitHub Pages | |
uses: JamesIves/[email protected] | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
branch: gh-pages | |
folder: docs/html | |
clean: true |