Add CI workflow

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+---
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - main
+
+defaults:
+  run:
+    working-directory: 'bcook254.vaultwarden'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'bcook254.vaultwarden'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: python -m pip install yamllint
+
+      - name: Lint code.
+        run: yamllint .
+
+  molecule:
+    name: Molecule Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'bcook254.vaultwarden'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: python -m pip install ansible molecule molecule-plugins[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test --driver-name docker --scenario-name all
+        env:
+          VAULTWARDEN_VERSION: '1.30.5'
+          VAULTWARDEN_URL: ${{ secrets.VAULTWARDEN_URL }}
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'

.yamllint

@@ -4,6 +4,7 @@ extends: default
 
 ignore: |
   molecule/
+  .github/
 
 rules:
   braces:

defaults/main.yml

@@ -2,6 +2,13 @@
 vaultwarden_user: vaultwarden
 vaultwarden_group: vaultwarden
 vaultwarden_daemon: vaultwarden
+vaultwarden_bin_dir: /usr/local/bin
+vaultwarden_bin_file: "{{ vaultwarden_bin_dir }}/vaultwarden"
+vaultwarden_home_dir: /var/lib/vaultwarden
+vaultwarden_data_dir: "{{ vaultwarden_home_dir }}/data"
+vaultwarden_web_vault_dir: "{{ vaultwarden_home_dir }}/web-vault"
+vaultwarden_config_dir: /etc/vaultwarden
+vaultwarden_config_file: "{{ vaultwarden_config_dir }}/vaultwarden.env"
 vaultwarden_database_name: vaultwarden
 vaultwarden_web_vault_version: 2023.10.0
 vaultwarden_enable_web_vault: true

meta/main.yml

@@ -17,17 +17,15 @@ galaxy_info:
         - 9
     - name: Fedora
       versions:
-        - 37
         - 38
+        - 39
     - name: Debian
       versions:
-        - bullseye
         - bookworm
     - name: Ubuntu
       versions:
-        - bionic
-        - focal
         - jammy
   galaxy_tags:
     - vaultwarden
     - bitwardenrs
+    - bitwarden_rs

molecule/all/converge.yml

@@ -3,7 +3,7 @@
   hosts: all
 
   vars:
-    vaultwarden_file: "{{ 'molecule/vaultwarden-openssl1' if ('openssl1' in group_names) else 'molecule/vaultwarden' }}"
+    vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}"
     vaultwarden_manage_config: true
 
   roles:

molecule/all/molecule.yml

@@ -9,96 +9,51 @@ platforms:
   - name: ubuntu2204
     image: docker.io/geerlingguy/docker-ubuntu2204-ansible
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
-    cgroupns_mode: host
-    pre_build_image: true
-  - name: ubuntu2004
-    groups:
-      - openssl1
-    image: docker.io/geerlingguy/docker-ubuntu2004-ansible
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
   - name: debian12
     image: docker.io/geerlingguy/docker-debian12-ansible
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
-  - name: debian11
-    groups:
-      - openssl1
-    image: docker.io/geerlingguy/docker-debian11-ansible
+  - name: fedora39
+    image: docker.io/geerlingguy/docker-fedora39-ansible
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
   - name: fedora38
     image: docker.io/geerlingguy/docker-fedora38-ansible
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
-    cgroupns_mode: host
-    pre_build_image: true
-  - name: fedora37
-    image: docker.io/geerlingguy/docker-fedora37-ansible
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
   - name: centosstream9
     image: ghcr.io/bcook254/docker-centosstream9-ansible
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
 provisioner:
   name: ansible
   inventory:
     group_vars:
-      openssl1:
+      all:
+        vaultwarden_version: "${VAULTWARDEN_VERSION}"
+        vaultwarden_url: "${VAULTWARDEN_URL}"
+        vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256"
     host_vars:
       centosstream9:
         vaultwarden_packages:
@@ -117,5 +72,4 @@ verifier:
   name: ansible
 lint: |
   set -e
-  yamllint .
   ansible-lint .

molecule/all/verify.yml

@@ -14,7 +14,7 @@
       chdir: /usr/local/bin
     changed_when: false
     register: __vaultwarden_version
-    failed_when: __vaultwarden_version is not search('1.29.0')
+    failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5')
 
   - name: Check if Vaultwarden web-vault is installed.
     ansible.builtin.stat:

molecule/default/converge.yml

@@ -3,7 +3,7 @@
   hosts: all
 
   vars:
-    vaultwarden_file: "{{ 'molecule/vaultwarden-openssl1' if ('openssl1' in group_names) else 'molecule/vaultwarden' }}"
+    vaultwarden_file: "{{ None if (vaultwarden_url is defined and vaultwarden_url | length > 0) else 'molecule/vaultwarden' }}"
     vaultwarden_manage_config: true
 
   roles:

molecule/default/molecule.yml

@@ -7,21 +7,29 @@ driver:
   name: podman
 platforms:
   - name: ${MOLECULE_DISTRO:-ubuntu2204}
-    groups:
-      - ${MOLECULE_OPENSSL:-openssl3}
     image: docker.io/geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest
     command: ${MOLECULE_DOCKER_COMMAND:-""}
-    tmpfs:
-      - /run
-      - /tmp
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    capabilities:
-      - SYS_ADMIN
+    privileged: true
     cgroupns_mode: host
     pre_build_image: true
 provisioner:
   name: ansible
+  inventory:
+    group_vars:
+      all:
+        vaultwarden_version: "${VAULTWARDEN_VERSION}"
+        vaultwarden_url: "${VAULTWARDEN_URL}"
+        vaultwarden_url_checksum: "sha256:{{ vaultwarden_url }}.sha256"
+    host_vars:
+      centosstream9:
+        vaultwarden_packages:
+          - openssl
+          - ca-certificates
+          - curl-minimal
+          - mariadb-devel
+          - libpq
   config_options:
     defaults:
       interpreter_python: auto_silent

molecule/default/verify.yml

@@ -14,7 +14,7 @@
       chdir: /usr/local/bin
     changed_when: false
     register: __vaultwarden_version
-    failed_when: __vaultwarden_version is not search('1.29.0')
+    failed_when: __vaultwarden_version is not search(vaultwarden_version if vaultwarden_version | length > 0 else '1.30.5')
 
   - name: Check if Vaultwarden web-vault is installed.
     ansible.builtin.stat:

tasks/assertions.yml

@@ -2,6 +2,6 @@
 - name: Check either vaultwarden_url or vaultwarden_file is set.
   ansible.builtin.assert:
     that:
-      - vaultwarden_url is defined or vaultwarden_file is defined
+      - (vaultwarden_url is defined and vaultwarden_url | length > 0) or (vaultwarden_file is defined and vaultwarden_file | length > 0)
     fail_msg: "One of 'vaultwarden_url' or 'vaultwarden_file' must be set."
     quiet: true

tasks/configure.yml

@@ -2,7 +2,7 @@
 - name: Configure environment variables.
   ansible.builtin.template:
     src: "env.j2"
-    dest: "{{ vaultwarden_config_path }}"
+    dest: "{{ vaultwarden_config_file }}"
     owner: "{{ vaultwarden_user }}"
     group: "{{ vaultwarden_group }}"
     mode: 0600

tasks/install.yml

@@ -18,26 +18,28 @@
     url: "{{ vaultwarden_url }}"
     checksum: "{{ vaultwarden_url_checksum | default(omit) }}"
     headers: "{{ vaultwarden_url_headers | default(omit) }}"
-    dest: "{{ vaultwarden_bin_dir }}/vaultwarden"
+    dest: "{{ vaultwarden_bin_file }}"
     owner: "{{ vaultwarden_user }}"
     group: "{{ vaultwarden_group }}"
     mode: 0755
     force: "{{ vaultwarden_url_checksum is not defined }}"
   notify: restart vaultwarden
   when:
     - vaultwarden_url is defined
+    - vaultwarden_url | length > 0
 
 - name: Install Vaultwarden (Local).
   ansible.builtin.copy:
     src: "{{ vaultwarden_file }}"
-    dest: "{{ vaultwarden_bin_dir }}/vaultwarden"
+    dest: "{{ vaultwarden_bin_file }}"
     owner: "{{ vaultwarden_user }}"
     group: "{{ vaultwarden_group }}"
     mode: 0755
     force: true
   notify: restart vaultwarden
   when:
     - vaultwarden_file is defined
+    - vaultwarden_file | length > 0
 
 - name: Ensure Vaultwarden data directory exists.
   ansible.builtin.file:

tasks/setup-Debian.yml

@@ -4,4 +4,3 @@
     name: "{{ vaultwarden_packages }}"
     state: present
     update_cache: true
-    cache_valid_time: 43200

tasks/variables.yml

@@ -1,47 +1,13 @@
 ---
 # Variable configuration.
 - name: Include OS-specific variables (Debian).
-  ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
   when: ansible_os_family == 'Debian'
 
 - name: Include OS-specific variables (RedHat).
   ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
   when:
     - ansible_os_family == 'RedHat'
-    - ansible_distribution != 'Fedora'
-
-- name: Include OS-specific variables (Fedora).
-  ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
-  when: ansible_distribution == 'Fedora'
-
-- name: Define vaultwarden_bin_dir.
-  ansible.builtin.set_fact:
-    vaultwarden_bin_dir: "{{ __vaultwarden_bin_dir }}"
-  when: vaultwarden_bin_dir is not defined
-
-- name: Define vaultwarden_home_dir.
-  ansible.builtin.set_fact:
-    vaultwarden_home_dir: "{{ __vaultwarden_home_dir }}"
-  when: vaultwarden_home_dir is not defined
-
-- name: Define vaultwarden_data_dir.
-  ansible.builtin.set_fact:
-    vaultwarden_data_dir: "{{ __vaultwarden_data_dir }}"
-  when: vaultwarden_data_dir is not defined
-
-- name: Define vaultwarden_config_dir.
-  ansible.builtin.set_fact:
-    vaultwarden_config_dir: "{{ __vaultwarden_config_dir }}"
-  when: vaultwarden_config_dir is not defined
-
-- name: Define vaultwarden_config_path.
-  ansible.builtin.set_fact:
-    vaultwarden_config_path: "{{ vaultwarden_config_dir }}/vaultwarden.env"
-
-- name: Define vaultwarden_web_vault_dir.
-  ansible.builtin.set_fact:
-    vaultwarden_web_vault_dir: "{{ __vaultwarden_web_vault_dir }}"
-  when: vaultwarden_web_vault_dir is not defined
 
 - name: Define vaultwarden_packages.
   ansible.builtin.set_fact: