From 1f279b7d9e489988c1fdaf7673cb93613cf0270f Mon Sep 17 00:00:00 2001 From: Benjamin Cook Date: Mon, 18 Mar 2024 09:03:09 -0600 Subject: [PATCH] Add CI workflow --- .github/workflows/ci.yml | 58 +++++++++++++++++++++++++++++++++++ .yamllint | 1 + meta/main.yml | 6 ++-- molecule/all/converge.yml | 1 + molecule/all/molecule.yml | 45 ++++++++------------------- molecule/all/verify.yml | 2 +- molecule/default/converge.yml | 1 + molecule/default/molecule.yml | 18 +++++++---- molecule/default/verify.yml | 2 +- tasks/assertions.yml | 2 +- tasks/install.yml | 2 ++ tasks/setup-Debian.yml | 1 - 12 files changed, 93 insertions(+), 46 deletions(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a20c997 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,58 @@ +--- +name: ci +'on': + pull_request: + push: + branches: + - main + +defaults: + run: + working-directory: 'bcook254.vaultwarden' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'bcook254.vaultwarden' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: python -m pip install yamllint + + - name: Lint code. + run: yamllint . + + molecule: + name: Molecule Test + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'bcook254.vaultwarden' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: python -m pip install ansible molecule molecule-plugins[docker] docker + + - name: Run Molecule tests. + run: molecule test --driver-name docker --scenario-name all + env: + VAULTWARDEN_VERSION: '1.30.5' + VAULTWARDEN_URL: ${{ secrets.VAULTWARDEN_URL }} + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' diff --git a/.yamllint b/.yamllint index 8e2c589..a552e2a 100644 --- a/.yamllint +++ b/.yamllint @@ -4,6 +4,7 @@ extends: default ignore: | molecule/ + .github/ rules: braces: diff --git a/meta/main.yml b/meta/main.yml index 2a4c8eb..a780115 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -17,17 +17,15 @@ galaxy_info: - 9 - name: Fedora versions: - - 37 - 38 + - 39 - name: Debian versions: - - bullseye - bookworm - name: Ubuntu versions: - - bionic - - focal - jammy galaxy_tags: - vaultwarden - bitwardenrs + - bitwarden_rs diff --git a/molecule/all/converge.yml b/molecule/all/converge.yml index 6c79244..5f5dae9 100644 --- a/molecule/all/converge.yml +++ b/molecule/all/converge.yml @@ -3,6 +3,7 @@ hosts: all vars: + vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}" vaultwarden_manage_config: true roles: diff --git a/molecule/all/molecule.yml b/molecule/all/molecule.yml index c09d6f0..7701cd8 100644 --- a/molecule/all/molecule.yml +++ b/molecule/all/molecule.yml @@ -9,61 +9,41 @@ platforms: - name: ubuntu2204 image: docker.io/geerlingguy/docker-ubuntu2204-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: debian12 image: docker.io/geerlingguy/docker-debian12-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: fedora39 image: docker.io/geerlingguy/docker-fedora39-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: fedora38 image: docker.io/geerlingguy/docker-fedora38-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true - name: centosstream9 image: ghcr.io/bcook254/docker-centosstream9-ansible command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true cgroupns_mode: host pre_build_image: true provisioner: @@ -71,7 +51,9 @@ provisioner: inventory: group_vars: all: - vaultwarden_file: 'molecule/vaultwarden' + vaultwarden_version: "${VAULTWARDEN_VERSION}" + vaultwarden_url: "${VAULTWARDEN_URL}" + vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256" host_vars: centosstream9: vaultwarden_packages: @@ -90,5 +72,4 @@ verifier: name: ansible lint: | set -e - yamllint . ansible-lint . \ No newline at end of file diff --git a/molecule/all/verify.yml b/molecule/all/verify.yml index 7a316ef..0b81a21 100644 --- a/molecule/all/verify.yml +++ b/molecule/all/verify.yml @@ -14,7 +14,7 @@ chdir: /usr/local/bin changed_when: false register: __vaultwarden_version - failed_when: __vaultwarden_version is not search('1.29.0') + failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5') - name: Check if Vaultwarden web-vault is installed. ansible.builtin.stat: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 6c79244..5f5dae9 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,6 +3,7 @@ hosts: all vars: + vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}" vaultwarden_manage_config: true roles: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 1168e02..69204ec 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,13 +9,9 @@ platforms: - name: ${MOLECULE_DISTRO:-ubuntu2204} image: docker.io/geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest command: ${MOLECULE_DOCKER_COMMAND:-""} - tmpfs: - - /run - - /tmp volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - capabilities: - - SYS_ADMIN + privileged: true cgroupns_mode: host pre_build_image: true provisioner: @@ -23,7 +19,17 @@ provisioner: inventory: group_vars: all: - vaultwarden_file: 'molecule/vaultwarden' + vaultwarden_version: "${VAULTWARDEN_VERSION}" + vaultwarden_url: "${VAULTWARDEN_URL}" + vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256" + host_vars: + centosstream9: + vaultwarden_packages: + - openssl + - ca-certificates + - curl-minimal + - mariadb-devel + - libpq config_options: defaults: interpreter_python: auto_silent diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ebb1dfa..ce4e32b 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -14,7 +14,7 @@ chdir: /usr/local/bin changed_when: false register: __vaultwarden_version - failed_when: __vaultwarden_version is not search('1.29.0') + failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5') - name: Check if Vaultwarden web-vault is installed. ansible.builtin.stat: diff --git a/tasks/assertions.yml b/tasks/assertions.yml index d8b5a21..a9173b4 100644 --- a/tasks/assertions.yml +++ b/tasks/assertions.yml @@ -2,6 +2,6 @@ - name: Check either vaultwarden_url or vaultwarden_file is set. ansible.builtin.assert: that: - - vaultwarden_url is defined or vaultwarden_file is defined + - (vaultwarden_url is defined and vaultwarden_url | length > 0) or (vaultwarden_file is defined and vaultwarden_file | length > 0) fail_msg: "One of 'vaultwarden_url' or 'vaultwarden_file' must be set." quiet: true diff --git a/tasks/install.yml b/tasks/install.yml index 7600001..295f040 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -26,6 +26,7 @@ notify: restart vaultwarden when: - vaultwarden_url is defined + - vaultwarden_url | length > 0 - name: Install Vaultwarden (Local). ansible.builtin.copy: @@ -38,6 +39,7 @@ notify: restart vaultwarden when: - vaultwarden_file is defined + - vaultwarden_file | length > 0 - name: Ensure Vaultwarden data directory exists. ansible.builtin.file: diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index ce0a492..940fa85 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,4 +4,3 @@ name: "{{ vaultwarden_packages }}" state: present update_cache: true - cache_valid_time: 43200