1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_base.git synced 2024-08-16 14:29:50 +02:00

Merge pull request #18 from roles-ansible/l

Linting and Action improvements
This commit is contained in:
L3D 2023-06-14 02:38:05 +02:00 committed by GitHub
commit b0c817c681
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 84 additions and 233 deletions

9
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,9 @@
---
# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

View file

@ -1,18 +0,0 @@
---
name: Ansible check archlinux:latest
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with archlinux:latest'
uses: roles-ansible/check-ansible-archlinux-latest-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check debian:bullseye
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:bullseye'
uses: roles-ansible/check-ansible-debian-bullseye-action@main
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check debian:buster
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:buster'
uses: roles-ansible/check-ansible-debian-buster-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check debian:latest
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:latest'
uses: roles-ansible/check-ansible-debian-latest-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check debian:sid
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:sid'
uses: roles-ansible/check-ansible-debian-sid-action@master
with:
targets: "./"

View file

@ -1,23 +0,0 @@
---
name: Ansible check debian:stable
# yamllint disable-line rule:truthy
on:
push:
branches: '*'
pull_request:
branches: '*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:stable'
uses: roles-ansible/check-ansible-debian-stable-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check debian:stretch
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with debian:stretch'
uses: roles-ansible/check-ansible-debian-stretch-action@master
with:
targets: "./"

View file

@ -10,6 +10,7 @@ on:
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

View file

@ -1,18 +0,0 @@
---
name: Ansible check ubuntu:bionic
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'ansible check with ubuntu:bionic'
uses: roles-ansible/check-ansible-ubuntu-bionic-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check ubuntu:latest
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: ansible check with ubuntu:latest
uses: roles-ansible/check-ansible-ubuntu-latest-action@master
with:
targets: "./"

View file

@ -1,18 +0,0 @@
---
name: Ansible check ubuntu:trusty
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: ansible check with ubuntu:trusty
uses: roles-ansible/check-ansible-ubuntu-trusty-action@master
with:
targets: "./"

View file

@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: 'release on galaxy' - name: 'release on galaxy'
uses: robertdebock/galaxy-action@1.2.0 uses: robertdebock/galaxy-action@1.2.1
with: with:
galaxy_api_key: ${{ secrets.galaxy_api_key }} galaxy_api_key: ${{ secrets.galaxy_api_key }}
git_branch: 'main' git_branch: 'main'

View file

@ -17,7 +17,7 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: 'Yamllint' - name: 'Yamllint'
uses: karancode/yamllint-github-action@v2.0.0 uses: karancode/yamllint-github-action@v2.1.1
with: with:
yamllint_file_or_dir: '.' yamllint_file_or_dir: '.'
yamllint_config_filepath: './.yamllint' yamllint_config_filepath: './.yamllint'

View file

@ -1,5 +1,5 @@
--- ---
- name: apt update - name: Run apt update
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true

View file

@ -1,25 +1,26 @@
--- ---
galaxy_info: galaxy_info:
author: do1jlr author: l3d
description: Ansible role to install some base packages and make some base configuration on all common linux systems description: Ansible role to install some base packages and make some base configuration on all common linux systems
role_name: base role_name: base
license: MIT license: MIT
min_ansible_version: 2.11 min_ansible_version: "2.11"
github_branch: master
platforms: platforms:
- name: Archlinux - name: ArchLinux
versions: all versions: ['all']
- name: Debian - name: Debian
versions: all versions: ['all']
- name: Ubuntu - name: Ubuntu
versions: all versions: ['all']
- name: Fedora - name: Fedora
versions: all versions: ['all']
- name: EL - name: EL
versions: all versions: ['all']
galaxy_tags: galaxy_tags:
- base - base
- packages - packages
- default - default
- apt
- sources
- linux - linux
dependencies: [] dependencies: []

View file

@ -1,5 +1,5 @@
--- ---
- name: vim is our editor - name: Vim is our editor
become: true become: true
community.general.alternatives: community.general.alternatives:
name: editor name: editor
@ -11,7 +11,7 @@
- ansible_distribution != 'Archlinux' - ansible_distribution != 'Archlinux'
failed_when: false failed_when: false
- name: vim is our editor - name: Vim is our editor
become: true become: true
community.general.alternatives: community.general.alternatives:
name: editor name: editor

View file

@ -7,7 +7,7 @@
when: when:
- ansible_pkg_mgr == "apt" - ansible_pkg_mgr == "apt"
- name: install keychain to support ssh agent - name: Install keychain to support ssh agent
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: keychain name: keychain
@ -15,7 +15,7 @@
when: when:
- ansible_os_family != 'RedHat' - ansible_os_family != 'RedHat'
- name: install keychain on centos - name: Install keychain on centos
become: true become: true
ansible.builtin.yum: ansible.builtin.yum:
name: name:

View file

@ -1,13 +1,13 @@
--- ---
- name: optional print os infos - name: Optional print os infos
ansible.builtin.include_tasks: os_info.yml ansible.builtin.include_tasks: os_info.yml
when: print_os_vars | bool when: print_os_vars | bool
- name: optional versionscheck - name: Optional versionscheck
ansible.builtin.include_tasks: versioncheck.yml ansible.builtin.include_tasks: versioncheck.yml
when: submodules_versioncheck | bool when: submodules_versioncheck | bool
- name: optional add apt sources - name: Optional add apt sources
ansible.builtin.include_tasks: sources.yml ansible.builtin.include_tasks: sources.yml
when: when:
- base__add_ethz | bool - base__add_ethz | bool
@ -15,7 +15,7 @@
- ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8 - ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8
- ansible_pkg_mgr == "apt" - ansible_pkg_mgr == "apt"
- name: install packages - name: Install packages
ansible.builtin.include_tasks: packages.yml ansible.builtin.include_tasks: packages.yml
- name: Upgrade all packages to latest - name: Upgrade all packages to latest
@ -26,15 +26,15 @@
when: when:
- base__upgrade_packages_to_latest_version|bool - base__upgrade_packages_to_latest_version|bool
- name: optional configure editor - name: Optional configure editor
ansible.builtin.include_tasks: editor.yml ansible.builtin.include_tasks: editor.yml
when: base__install_vim | bool when: base__install_vim | bool
- name: optional install keychain - name: Optional install keychain
ansible.builtin.include_tasks: keychain.yml ansible.builtin.include_tasks: keychain.yml
when: base__install_keychain | bool when: base__install_keychain | bool
- name: install optional packages - name: Install optional packages
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__extra_packages }}" name: "{{ base__extra_packages }}"

View file

@ -1,5 +1,5 @@
--- ---
- name: update repo-cache for debian/ubuntu - name: Update repo-cache for debian/ubuntu
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
@ -7,20 +7,20 @@
when: when:
- ansible_pkg_mgr == "apt" - ansible_pkg_mgr == "apt"
- name: update repo-cache for debian/ubuntu - name: Update repo-cache for debian/ubuntu
become: true become: true
ansible.builtin.dnf: ansible.builtin.dnf:
update_cache: true update_cache: true
when: when:
- ansible_os_family == 'RedHat' and ansible_distribution_version | float >= 8 - ansible_os_family == 'RedHat' and ansible_distribution_version | float >= 8
- name: install base packages for all operating systems - name: Install base packages for all operating systems
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__packages }}" name: "{{ base__packages }}"
state: "{{ base__package_state }}" state: "{{ base__package_state }}"
- name: install python3 for all non-legacy systems - name: Install python3 for all non-legacy systems
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__python3_packages }}" name: "{{ base__python3_packages }}"
@ -30,14 +30,14 @@
ansible_os_family == 'RedHat' and ansible_distribution_version | float >= 7 or ansible_os_family == 'RedHat' and ansible_distribution_version | float >= 7 or
ansible_distribution == 'Debian' and ansible_distribution_version | float >= 7 ansible_distribution == 'Debian' and ansible_distribution_version | float >= 7
- name: install python for systems where python3 packages are renamed to python - name: Install python for systems where python3 packages are renamed to python
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__python_packages }}" name: "{{ base__python_packages }}"
state: "{{ base__package_state }}" state: "{{ base__package_state }}"
when: ansible_os_family == 'Archlinux' when: ansible_os_family == 'Archlinux'
- name: install packages for all non-legacy systems - name: Install packages for all non-legacy systems
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__modern_packages }}" name: "{{ base__modern_packages }}"
@ -48,7 +48,7 @@
ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8 or ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8 or
ansible_os_family == 'Archlinux' ansible_os_family == 'Archlinux'
- name: install packages for all non-legacy Debian/Ububntu systems - name: Install packages for all non-legacy Debian/Ububntu systems
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__debian_packages }}" name: "{{ base__debian_packages }}"
@ -57,7 +57,7 @@
ansible_distribution == 'Ubuntu' and ansible_distribution_version | float >= 16.0 or ansible_distribution == 'Ubuntu' and ansible_distribution_version | float >= 16.0 or
ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8 ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8
- name: install packages for all reasonable non-legacy systems - name: Install packages for all reasonable non-legacy systems
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: "{{ base__linux_packages }}" name: "{{ base__linux_packages }}"
@ -68,7 +68,7 @@
ansible_distribution == 'Debian' and ansible_distribution_version | float >= 9 or ansible_distribution == 'Debian' and ansible_distribution_version | float >= 9 or
ansible_os_family == 'Archlinux' ansible_os_family == 'Archlinux'
- name: install mailx on debian - name: Install mailx on debian
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: name:

View file

@ -1,5 +1,5 @@
--- ---
- name: update repo-cache for Debian/Ubuntu - name: Update repo-cache for Debian/Ubuntu
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
@ -16,7 +16,7 @@
- apt-transport-https - apt-transport-https
state: present state: present
- name: add eth zurich apt for Debian > 10 - name: Add eth zurich apt for Debian Bullaeye (11) and later
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: "templates/apt.sources.list.j2" src: "templates/apt.sources.list.j2"
@ -24,10 +24,10 @@
mode: 0644 mode: 0644
group: root group: root
owner: root owner: root
notify: apt update notify: Run apt update
when: ansible_distribution_major_version > '10' when: ansible_distribution_major_version > '10'
- name: add eth zurich apt for Debian < 11 - name: Add eth zurich apt for Debian Buster (10) and earlyer
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: "templates/apt.sources.list_legacy.j2" src: "templates/apt.sources.list_legacy.j2"
@ -35,8 +35,8 @@
mode: 0644 mode: 0644
group: root group: root
owner: root owner: root
notify: apt update notify: Run apt update
when: ansible_distribution_major_version < '11' when: ansible_distribution_major_version < '11'
- name: force all notified handlers to run at this point, not waiting for normal sync points - name: Force all notified handlers to run at this point, not waiting for normal sync points
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers

View file

@ -8,37 +8,38 @@
path: '/etc/.ansible-version' path: '/etc/.ansible-version'
state: directory state: directory
mode: 0755 mode: 0755
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: check playbook version - name: Check playbook version
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}" src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version register: playbook_version
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
ignore_errors: true ignore_errors: true
failed_when: false failed_when: false
- name: Print remote role version - name: Print remote role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Print locale role version - name: Print locale role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number|string }}'." msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Check if your version is outdated - name: Check if your version is outdated
ansible.builtin.fail: ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when: when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: write new version to remote disk - name: Write new version to remote disk
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ playbook_version_number }}" content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644' mode: '0644'
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy

View file

@ -9,6 +9,9 @@ deb https://debian.ethz.ch/debian {{ ansible_distribution_release }} main
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n' -}} {{- '\n' -}}
deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main
@ -17,6 +20,9 @@ deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n\n' -}} {{- '\n\n' -}}
@ -28,6 +34,9 @@ deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-security
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n' -}} {{- '\n' -}}
deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-security main deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-security main
@ -36,6 +45,9 @@ deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-secu
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n\n' -}} {{- '\n\n' -}}
{%- endif -%} {%- endif -%}
@ -48,6 +60,9 @@ deb https://debian.ethz.ch/debian {{ ansible_distribution_release }}-updates mai
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n' -}} {{- '\n' -}}
deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-updates main deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-updates main
@ -56,6 +71,9 @@ deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-updates
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n\n' -}} {{- '\n\n' -}}
{%- endif -%} {%- endif -%}
@ -68,6 +86,9 @@ deb https://debian.ethz.ch/debian {{ ansible_distribution_release }}-backports m
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n' -}} {{- '\n' -}}
deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-backports main deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-backports main
@ -76,6 +97,9 @@ deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-backpor
{%- endif -%} {%- endif -%}
{%- if base__pkg_non_free_firmware | bool -%} {%- if base__pkg_non_free_firmware | bool -%}
{{- ' non-free' -}} {{- ' non-free' -}}
{%- if ansible_distribution_major_version >= '12' -%}
{{- ' non-free-firmware' -}}
{%- endif -%}
{%- endif -%} {%- endif -%}
{{- '\n\n' -}} {{- '\n\n' -}}
{%- endif -%} {%- endif -%}

View file

@ -62,5 +62,5 @@ base__linux_packages:
- bzip2 - bzip2
- jq - jq
playbook_version_number: 9018 playbook_version_number: 9019
playbook_version_path: 'base-packages_roles-ansible_github.version' playbook_version_path: 'base-packages_roles-ansible_github.version'