1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00

Merge pull request #89 from roles-ansible/lint

update gitea linting
This commit is contained in:
L3D 2022-09-29 23:11:58 +02:00 committed by GitHub
commit 9e7f0b0eff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 57 additions and 56 deletions

View file

@ -12,7 +12,7 @@
daemon_reload: true daemon_reload: true
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: "systemctl restart fail2ban" - name: "Systemctl restart fail2ban"
become: true become: true
ansible.builtin.systemd: ansible.builtin.systemd:
name: fail2ban name: fail2ban

View file

@ -3,6 +3,10 @@
ansible.builtin.service_facts: ansible.builtin.service_facts:
- name: Backup block - name: Backup block
when:
- ansible_facts.services["gitea.service"] is defined
- ansible_facts.services["gitea.service"].state == "running"
- gitea_active_version.stdout != gitea_version_target
block: block:
- name: Stopping gitea before upgrade - name: Stopping gitea before upgrade
become: true become: true
@ -36,10 +40,6 @@
state: stopped state: stopped
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: print updateing error - name: Print updateing error
ansible.builtin.debug: ansible.builtin.debug:
msg: "failed to backup gitea" msg: "failed to backup gitea"
when:
- ansible_facts.services["gitea.service"] is defined
- ansible_facts.services["gitea.service"].state == "running"
- gitea_active_version.stdout != gitea_version_target

View file

@ -1,5 +1,5 @@
--- ---
- name: create directory for custom footer - name: Create directory for custom footer
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
@ -11,7 +11,7 @@
- "{{ gitea_custom }}/templates" - "{{ gitea_custom }}/templates"
- "{{ gitea_custom }}/templates/custom" - "{{ gitea_custom }}/templates/custom"
- name: transfer custom footer template - name: Transfer custom footer template
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ lookup('first_found', transfer_custom_footer) }}" src: "{{ lookup('first_found', transfer_custom_footer) }}"

View file

@ -1,5 +1,5 @@
--- ---
- name: create directory for custom logos - name: Create directory for custom logos
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
@ -11,7 +11,7 @@
- "{{ gitea_custom }}/public" - "{{ gitea_custom }}/public"
- "{{ gitea_custom }}/public/img" - "{{ gitea_custom }}/public/img"
- name: transfer custom logo.svg - name: Transfer custom logo.svg
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ lookup('first_found', transfer_custom_logo_logosvg) }}" src: "{{ lookup('first_found', transfer_custom_logo_logosvg) }}"
@ -22,7 +22,7 @@
tags: skip_ansible_lint tags: skip_ansible_lint
ignore_errors: true ignore_errors: true
- name: transfer custom logo.png - name: Transfer custom logo.png
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ lookup('first_found', transfer_custom_logo_logopng) }}" src: "{{ lookup('first_found', transfer_custom_logo_logopng) }}"
@ -33,7 +33,7 @@
tags: skip_ansible_lint tags: skip_ansible_lint
ignore_errors: true ignore_errors: true
- name: transfer custom favicon.png - name: Transfer custom favicon.png
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ lookup('first_found', transfer_custom_logo_faviconpng) }}" src: "{{ lookup('first_found', transfer_custom_logo_faviconpng) }}"
@ -44,7 +44,7 @@
tags: skip_ansible_lint tags: skip_ansible_lint
ignore_errors: true ignore_errors: true
- name: transfer custom apple-touch-icon.png - name: Transfer custom apple-touch-icon.png
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ lookup('first_found', transfer_custom_logo_appletouchiconpng) }}" src: "{{ lookup('first_found', transfer_custom_logo_appletouchiconpng) }}"

View file

@ -1,5 +1,5 @@
--- ---
- name: create public directory for custom public web files - name: Create public directory for custom public web files
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
@ -10,7 +10,7 @@
with_items: with_items:
- "{{ gitea_custom }}/public" - "{{ gitea_custom }}/public"
- name: transfer custom public web data - name: Transfer custom public web data
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ gitea_customize_files_path }}" src: "{{ gitea_customize_files_path }}"

View file

@ -7,7 +7,7 @@
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: systemctl restart fail2ban notify: "Systemctl restart fail2ban"
when: "'fail2ban' in ansible_facts.packages" when: "'fail2ban' in ansible_facts.packages"
- name: Install fail2ban jail - name: Install fail2ban jail
@ -18,12 +18,12 @@
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: systemctl restart fail2ban notify: "Systemctl restart fail2ban"
when: "'fail2ban' in ansible_facts.packages" when: "'fail2ban' in ansible_facts.packages"
- name: warn if fail2ban is not installed - name: Warn if fail2ban is not installed
ansible.builtin.fail: ansible.builtin.fail:
msg: "the package fail2ban is not installed. no fail2ban filters deployed." msg: "the package fail2ban is not installed. no fail2ban filters deployed."
when: "'fail2ban' not in ansible_facts.packages" when: "'fail2ban' not in ansible_facts.packages"
tags: skip_ansible_lint
ignore_errors: true ignore_errors: true
tags: skip_ansible_lint_ignore-errors

View file

@ -1,38 +1,38 @@
--- ---
- name: generate gitea SECRET_KEY if not provided - name: Generate gitea SECRET_KEY if not provided
become: true become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key' ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
args: args:
creates: '{{ gitea_configuraion_path }}/gitea_secret_key' creates: '{{ gitea_configuraion_path }}/gitea_secret_key'
when: gitea_secret_key | string | length == 0 when: gitea_secret_key | string | length == 0
- name: read gitea SECRET_KEY from file - name: Read gitea SECRET_KEY from file
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: '{{ gitea_configuraion_path }}/gitea_secret_key' src: '{{ gitea_configuraion_path }}/gitea_secret_key'
register: remote_secret_key register: remote_secret_key
when: gitea_secret_key | string | length == 0 when: gitea_secret_key | string | length == 0
- name: set fact gitea_secret_key - name: Set fact gitea_secret_key
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}" gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}"
when: gitea_secret_key | string | length == 0 when: gitea_secret_key | string | length == 0
- name: generate gitea INTERNAL_TOKEN if not provided - name: Generate gitea INTERNAL_TOKEN if not provided
become: true become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token' ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
args: args:
creates: '{{ gitea_configuraion_path }}/gitea_internal_token' creates: '{{ gitea_configuraion_path }}/gitea_internal_token'
when: gitea_internal_token | string | length == 0 when: gitea_internal_token | string | length == 0
- name: read gitea INTERNAL_TOKEN from file - name: Read gitea INTERNAL_TOKEN from file
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: '{{ gitea_configuraion_path }}/gitea_internal_token' src: '{{ gitea_configuraion_path }}/gitea_internal_token'
register: remote_internal_token register: remote_internal_token
when: gitea_internal_token | string | length == 0 when: gitea_internal_token | string | length == 0
- name: set fact gitea_internal_token - name: Set fact gitea_internal_token
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}" gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}"
when: gitea_internal_token | string | length == 0 when: gitea_internal_token | string | length == 0

View file

@ -22,6 +22,7 @@
delay: 2 delay: 2
- name: Install block - name: Install block
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
block: block:
- name: Download gitea archive - name: Download gitea archive
ansible.builtin.get_url: ansible.builtin.get_url:
@ -75,4 +76,3 @@
owner: root owner: root
group: root group: root
notify: "Restart gitea" notify: "Restart gitea"
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))

View file

@ -1,38 +1,38 @@
--- ---
- name: generate OAuth2 JWT_SECRET if not provided - name: Generate OAuth2 JWT_SECRET if not provided
become: true become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
args: args:
creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: read OAuth2 JWT_SECRET from file - name: Read OAuth2 JWT_SECRET from file
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' src: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
register: oauth_jwt_secret register: oauth_jwt_secret
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: set fact gitea_oauth2_jwt_secret - name: Set fact gitea_oauth2_jwt_secret
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}" gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: generate LFS JWT_SECRET if not provided - name: Generate LFS JWT_SECRET if not provided
become: true become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
args: args:
creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0
- name: read LFS JWT_SECRET from file - name: Read LFS JWT_SECRET from file
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' src: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
register: lfs_jwt_secret register: lfs_jwt_secret
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0
- name: set fact gitea_lfs_jwt_secret - name: Set fact gitea_lfs_jwt_secret
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}" gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0

View file

@ -1,5 +1,5 @@
--- ---
- name: perform optional versionscheck - name: Perform optional versionscheck
ansible.builtin.include_tasks: versioncheck.yml ansible.builtin.include_tasks: versioncheck.yml
when: submodules_versioncheck|bool when: submodules_versioncheck|bool
@ -13,44 +13,44 @@
- name: Gather versioning information - name: Gather versioning information
ansible.builtin.include_tasks: set_version.yml ansible.builtin.include_tasks: set_version.yml
- name: backup gitea before update - name: Backup gitea before update
ansible.builtin.include_tasks: backup.yml ansible.builtin.include_tasks: backup.yml
when: gitea_backup_on_upgrade|bool when: gitea_backup_on_upgrade|bool
- name: create gitea user and role - name: Create gitea user and role
ansible.builtin.include_tasks: create_user.yml ansible.builtin.include_tasks: create_user.yml
- name: install or update gitea - name: Install or update gitea
ansible.builtin.include_tasks: install.yml ansible.builtin.include_tasks: install.yml
- name: Create directories - name: Create directories
ansible.builtin.include_tasks: directory.yml ansible.builtin.include_tasks: directory.yml
- name: setup gitea systemd service - name: Setup gitea systemd service
ansible.builtin.include_tasks: install_systemd.yml ansible.builtin.include_tasks: install_systemd.yml
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: generate JWT Secrets if undefined - name: Generate JWT Secrets if undefined
ansible.builtin.include_tasks: jwt_secrets.yml ansible.builtin.include_tasks: jwt_secrets.yml
- name: generate gitea secrets if undefined - name: Generate gitea secrets if undefined
ansible.builtin.include_tasks: gitea_secrets.yml ansible.builtin.include_tasks: gitea_secrets.yml
- name: configure gitea - name: Configure gitea
ansible.builtin.include_tasks: configure.yml ansible.builtin.include_tasks: configure.yml
- name: deploy optional fail2ban rules - name: Deploy optional fail2ban rules
ansible.builtin.include_tasks: fail2ban.yml ansible.builtin.include_tasks: fail2ban.yml
when: gitea_fail2ban_enabled|bool when: gitea_fail2ban_enabled|bool
- name: optionally customize gitea - name: Optionally customize gitea
ansible.builtin.include_tasks: customize_logo.yml ansible.builtin.include_tasks: customize_logo.yml
when: gitea_customize_logo|bool when: gitea_customize_logo|bool
- name: optionally customize footer - name: Optionally customize footer
ansible.builtin.include_tasks: customize_footer.yml ansible.builtin.include_tasks: customize_footer.yml
when: gitea_customize_footer|bool when: gitea_customize_footer|bool
- name: optionally deploy public files - name: Optionally deploy public files
ansible.builtin.include_tasks: customize_public_files.yml ansible.builtin.include_tasks: customize_public_files.yml
when: gitea_customize_files|bool when: gitea_customize_files|bool

View file

@ -8,6 +8,7 @@
failed_when: false failed_when: false
- name: "Determine 'latest' version release" - name: "Determine 'latest' version release"
when: gitea_version == "latest"
block: block:
- name: "Get latest gitea release metadata" - name: "Get latest gitea release metadata"
ansible.builtin.uri: ansible.builtin.uri:
@ -21,7 +22,7 @@
msg: | msg: |
"You are running this playbook in check mode: "You are running this playbook in check mode:
Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode." Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode."
when: ansible_check_mode and ( gitea_version == 'latest' or gitea_version == 'present' ) when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present')
- name: "Set fact latest gitea release" - name: "Set fact latest gitea release"
ansible.builtin.set_fact: ansible.builtin.set_fact:
@ -32,9 +33,8 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_remote_version }}" gitea_version_target: "{{ gitea_remote_version }}"
when: not ansible_check_mode when: not ansible_check_mode
when: gitea_version == "latest"
- name: "Set gitea version target ({{ gitea_version }})" - name: "Set gitea version target {{ gitea_version }}"
ansible.builtin.set_fact: ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_version }}" gitea_version_target: "{{ gitea_version }}"
when: gitea_version != "latest" when: gitea_version != "latest"

View file

@ -8,37 +8,38 @@
path: '/etc/.ansible-version' path: '/etc/.ansible-version'
state: directory state: directory
mode: 0755 mode: 0755
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: check playbook version - name: Check playbook version
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}" src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version register: playbook_version
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
ignore_errors: true ignore_errors: true
failed_when: false failed_when: false
- name: Print remote role version - name: Print remote role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Print locale role version - name: Print locale role version
ansible.builtin.debug: ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number | string }}'." msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Check if your version is outdated - name: Check if your version is outdated
ansible.builtin.fail: ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when: when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: write new version to remote disk - name: Write new version to remote disk
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ playbook_version_number }}" content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644' mode: '0644'
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy