From 0ca1125aa892563107ebbfae0e429b455599b9dd Mon Sep 17 00:00:00 2001 From: Robert de Bock Date: Mon, 20 Feb 2023 15:38:19 +0100 Subject: [PATCH] Allow GitHub variables to be mapped. --- README.md | 10 +++- generate.yml | 83 ++++++++++++++++---------------- templates/README.md.j2 | 2 +- templates/molecule-action.yml.j2 | 7 +++ templates/molecule.yml.j2 | 6 +++ templates/tox.ini.j2 | 5 ++ 6 files changed, 69 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 1f3f87d..f95c7b6 100644 --- a/README.md +++ b/README.md @@ -75,12 +75,18 @@ This optional file describes how Travis, Tox and Molecule should behave. |parameter |type |default|description | |--------------------|---------------|-------|-----------------------------------------------------------------------------------------| |tox_ansible_versions|list of strings|not set|What versions should Tox test? (Default: all.) | -|enterprise_linux |string |not set|If `EL` is used in `meta/main.yml` where should tests happen on? (Default: `rockylinux`.)| +|github_variables_mapping|list|not set|A list of `name` and `variable`, `name` refers to the GitHub exposed name, `variable` refers to the name you'd like to pass to molecule, tox and Ansible.| +# Example ```yaml --- tox_ansible_versions: - 7 -enterprise_linx: centos +github_variables_mapping: + - name: secrets.VAULT_LICENSE + variable: VAULT_LICENCE + - name: secrets.MY_VAR + variable: someTHING + ``` diff --git a/generate.yml b/generate.yml index 1fed5a1..610b260 100755 --- a/generate.yml +++ b/generate.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- name: generate all files +- name: Generate all files hosts: localhost become: no gather_facts: yes @@ -11,93 +11,94 @@ - vars/main.yml tasks: - - name: set role_path and role_name - set_fact: + - name: Set role_path and role_name + ansible.builtin.set_fact: role_path: "{{ lookup('env', 'PWD') }}" role_name: "{{ lookup('env', 'PWD') | basename | regex_replace('ansible-role-') }}" - - name: load meta/main.yml - include_vars: + - name: Load meta/main.yml + ansible.builtin.include_vars: file: "{{ role_path }}/meta/main.yml" name: meta - - name: check meta/preferences.yml - stat: + - name: Check meta/preferences.yml + ansible.builtin.stat: path: "{{ role_path }}/meta/preferences.yml" register: preferencesymlstat - - name: load meta/preferences.yml - include_vars: + - name: Load meta/preferences.yml + ansible.builtin.include_vars: file: "{{ role_path }}/meta/preferences.yml" when: - preferencesymlstat.stat.exists | bool - - name: check defaults/main.yml - stat: + - name: Check defaults/main.yml + ansible.builtin.stat: path: "{{ role_path }}/defaults/main.yml" register: defaultsmainyml - - name: load defaults/main.yml - slurp: + - name: Load defaults/main.yml + ansible.builtin.slurp: src: "{{ role_path }}/defaults/main.yml" register: variables when: - defaultsmainyml.stat.exists | bool - - name: check requirements.yml - stat: + - name: Check requirements.yml + ansible.builtin.stat: path: "{{ role_path }}/requirements.yml" register: check_requirements - - name: load requirements.yml - include_vars: + - name: Load requirements.yml + ansible.builtin.include_vars: file: "{{ role_path }}/requirements.yml" name: requirements when: - check_requirements.stat.exists | bool - - name: load molecule/default/converge.yml - slurp: + - name: Load molecule/default/converge.yml + ansible.builtin.slurp: src: "{{ role_path }}/molecule/default/converge.yml" register: example - - name: check molecule/default/prepare.yml - stat: + - name: Check molecule/default/prepare.yml + ansible.builtin.stat: path: "{{ role_path }}/molecule/default/prepare.yml" register: check_prepare - - name: load molecule/default/prepare.yml - slurp: + - name: Load molecule/default/prepare.yml + ansible.builtin.slurp: src: "{{ role_path }}/molecule/default/prepare.yml" register: prepare when: - check_prepare.stat.exists | bool - - name: check molecule/default/verify.yml - stat: + - name: Check molecule/default/verify.yml + ansible.builtin.stat: path: "{{ role_path }}/molecule/default/verify.yml" register: verify - - name: load molecule/default/verify.yml - slurp: + - name: Load molecule/default/verify.yml + ansible.builtin.slurp: src: "{{ role_path }}/molecule/default/verify.yml" register: verifyyml when: - verify.stat.exists | bool - - name: check molecule/default/defaults.yml - stat: + - name: Check molecule/default/defaults.yml + ansible.builtin.stat: path: "{{ role_path }}/molecule/default/defaults.yml" register: defaults - - name: load galaxy_id - shell: "set -o pipefail ; ansible-galaxy info robertdebock.{{ role_name }} | grep ' id: ' | awk '{print $NF}'" + - name: Load galaxy_id + ansible.builtin.shell: + cmd: "set -o pipefail ; ansible-galaxy info robertdebock.{{ role_name }} | grep ' id: ' | awk '{print $NF}'" register: galaxy_id changed_when: no failed_when: no - - name: create .github directories - file: + - name: Create .github directories + ansible.builtin.file: path: "{{ role_path }}/{{ item }}" state: directory mode: "0755" @@ -106,8 +107,8 @@ - .github/workflows - .github/ISSUE_TEMPLATE - - name: copy file - copy: + - name: Copy file + ansible.builtin.copy: src: "{{ playbook_dir }}/files/{{ item.source }}" dest: "{{ role_path }}/{{ item.dest | default(item.source) }}" mode: "{{ item.mode | default('0644') }}" @@ -127,10 +128,10 @@ loop_control: label: "{{ item.source }}" - - name: render file - template: + - name: Render file + ansible.builtin.template: src: "{{ playbook_dir }}/templates/{{ item.source }}.j2" - dest: "{{ role_path }}/{{ item.dest | default (item.source) }}" + dest: "{{ role_path }}/{{ item.dest | default(item.source) }}" mode: "0644" with_items: - source: ansible-lint @@ -159,7 +160,7 @@ loop_control: label: "{{ item.source }}" - - name: pre-commit install - command: pre-commit install - args: + - name: Install pre-commit + ansible.builtin.command: + cmd: pre-commit install creates: .git/hooks/pre-commit diff --git a/templates/README.md.j2 b/templates/README.md.j2 index 3274c4a..7f208f4 100644 --- a/templates/README.md.j2 +++ b/templates/README.md.j2 @@ -36,7 +36,7 @@ The default values for the variables are set in [`defaults/main.yml`](https://gi - pip packages listed in [requirements.txt](https://github.com/{{ github_namespace }}/ansible-role-{{ role_name }}/blob/master/requirements.txt). {% if requirements is defined and requirements.roles is defined %} -## [Status of used roles](#status-of-requirements) +## [State of used roles](#state-of-used-roles) The following roles are used to prepare a system. You can prepare your system in another way. diff --git a/templates/molecule-action.yml.j2 b/templates/molecule-action.yml.j2 index d772e52..05a4bd9 100644 --- a/templates/molecule-action.yml.j2 +++ b/templates/molecule-action.yml.j2 @@ -51,3 +51,10 @@ jobs: image: {% raw %}${{ matrix.config.image }}{% endraw %} tag: {% raw %}${{ matrix.config.tag }}{% endraw %} + +{% if github_variables_mapping is defined %} + env: +{% for item in github_variables_mapping %} + {{ item.variable }}: {% raw %}${{ {%endraw %}{{ item.name }} {% raw %}}}{% endraw %} +{% endfor %} +{% endif %} diff --git a/templates/molecule.yml.j2 b/templates/molecule.yml.j2 index 4128689..19cb639 100644 --- a/templates/molecule.yml.j2 +++ b/templates/molecule.yml.j2 @@ -21,6 +21,12 @@ platforms: pre_build_image: yes provisioner: name: ansible +{% if github_variables_mapping is defined %} + env: +{% for item in github_variables_mapping %} + {{ item.variable }}: "{% raw %}${{% endraw %}{{ item.variable }}{% raw %}}{% endraw %}" +{% endfor %} +{% endif %} {% if verify.stat.exists %} verifier: name: ansible diff --git a/templates/tox.ini.j2 b/templates/tox.ini.j2 index c01654e..8fd34d6 100644 --- a/templates/tox.ini.j2 +++ b/templates/tox.ini.j2 @@ -28,3 +28,8 @@ passenv = image tag DOCKER_HOST +{% if github_variables_mapping is defined %} +{% for item in github_variables_mapping %} + {{ item.variable }} +{% endfor %} +{% endif %}