chore(deps): Update Debian molecule images #357
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'molecule certified EEs' | |
| on: # yamllint disable-line rule:truthy | |
| pull_request_target: | |
| types: | |
| - 'labeled' | |
| paths: | |
| - '.github/workflows/molecule_certified_ees.yml' | |
| - '.github/workflows/wf_call_molecule_certified_ees.yml' | |
| - 'defaults/**' | |
| - 'files/**' | |
| - 'handlers/**' | |
| - 'library/**' | |
| - 'lookup_plugins/**' | |
| - 'meta/**' | |
| - 'module_utils/**' | |
| - 'molecule/**' | |
| - 'tasks/**' | |
| - 'templates/**' | |
| - 'vars/**' | |
| push: | |
| branches: | |
| - 'main' | |
| paths: | |
| - '.github/workflows/molecule_certified_ees.yml' | |
| - '.github/workflows/wf_call_molecule_certified_ees.yml' | |
| - 'defaults/**' | |
| - 'files/**' | |
| - 'handlers/**' | |
| - 'library/**' | |
| - 'lookup_plugins/**' | |
| - 'meta/**' | |
| - 'module_utils/**' | |
| - 'molecule/**' | |
| - 'tasks/**' | |
| - 'templates/**' | |
| - 'vars/**' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| paths: | |
| - '.github/workflows/molecule_certified_ees.yml' | |
| - '.github/workflows/wf_call_molecule_certified_ees.yml' | |
| - 'defaults/**' | |
| - 'files/**' | |
| - 'handlers/**' | |
| - 'library/**' | |
| - 'lookup_plugins/**' | |
| - 'meta/**' | |
| - 'module_utils/**' | |
| - 'molecule/**' | |
| - 'tasks/**' | |
| - 'templates/**' | |
| - 'vars/**' | |
| workflow_dispatch: | |
| inputs: | |
| repoCache: | |
| description: 'Reset or disable the cache?' | |
| type: 'choice' | |
| default: 'enabled' | |
| options: | |
| - 'enabled' | |
| - 'disabled' | |
| - 'reset' | |
| moleculeDebug: | |
| description: 'Enable Molecule debug?' | |
| type: 'choice' | |
| default: 'false' | |
| options: | |
| - 'true' | |
| - 'false' | |
| ansibleVerbosity: | |
| description: 'Enable Ansible verbosity?' | |
| type: 'choice' | |
| default: '0' | |
| options: | |
| - '0' | |
| - '1' | |
| - '2' | |
| - '3' | |
| - '4' | |
| - '5' | |
| # schedule to reset caches once a week on Monday | |
| schedule: | |
| - cron: '30 2 * * 1' | |
| permissions: | |
| contents: 'read' | |
| jobs: | |
| check-secrets: | |
| name: 'Check if required secrets are available' | |
| runs-on: 'ubuntu-24.04' | |
| permissions: | |
| contents: 'read' | |
| outputs: | |
| secrets-defined: '${{ steps.secret-check.outputs.secrets-defined }}' | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: 'step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f' # v2.10.2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: 'block' | |
| - name: 'Check if all required secrets are defined' | |
| id: 'secret-check' | |
| shell: 'bash' | |
| run: | | |
| # fail if: | |
| # - a variable is unbound | |
| # - any command fails | |
| # - a command in a pipe fails | |
| # - a command in a sub-shell fails | |
| set -Eeuo pipefail | |
| ( | |
| [[ "${{ secrets.CRC_USERNAME }}" != '' ]] && | |
| [[ "${{ secrets.CRC_PASSWORD }}" != '' ]] | |
| ) || { | |
| echo "secrets-defined=false" >> "${GITHUB_OUTPUT}"; | |
| exit 0; | |
| }; | |
| # secrets not empty, so assuming defined | |
| echo "secrets-defined=true" >> "${GITHUB_OUTPUT}"; | |
| check-should-cache: | |
| name: 'Check whether caching should be enabled' | |
| # only run the job if the job context's branch is main or the 'run' label is set or | |
| # the secrets are defined (due to a contributor raising the PR) | |
| if: >- | |
| contains(github.event.pull_request.labels.*.name, 'run') || | |
| github.ref == 'refs/heads/main' || | |
| needs.check-secrets.outputs.secrets-defined == 'true' | |
| needs: 'check-secrets' | |
| runs-on: 'ubuntu-24.04' | |
| permissions: | |
| contents: 'read' | |
| outputs: | |
| repo-cache: '${{ steps.cache-check.outputs.repo-cache }}' | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: 'step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f' # v2.10.2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: 'block' | |
| - name: 'Check if caching should be enabled' | |
| id: 'cache-check' | |
| shell: 'bash' | |
| run: | | |
| # fail if: | |
| # - a variable is unbound | |
| # - any command fails | |
| # - a command in a pipe fails | |
| # - a command in a sub-shell fails | |
| set -Eeuo pipefail | |
| # enable debug if runner runs in debug | |
| [[ "${{ runner.debug }}" -ne 1 ]] || { | |
| echo "INFO: Enabling bash trace"; | |
| set -x; | |
| }; | |
| ( | |
| [[ "${{ github.event_name }}" != "schedule" ]] && | |
| [[ "${{ github.event.schedule }}" != "30 2 * * 1" ]] | |
| ) || { | |
| # event is the schedule to reset the cache, resetting cache | |
| echo "INFO: Schedule detected, resetting cache"; | |
| echo "repo-cache=reset" >> "${GITHUB_OUTPUT}"; | |
| exit 0; | |
| }; | |
| [[ "${{ github.event.inputs.repoCache }}" == "" ]] || { | |
| # repoCache is set | |
| echo "INFO: repoCache input variable defined: ${{ github.event.inputs.repoCache }}"; | |
| echo "repo-cache=${{ github.event.intputs.repoCache }}" >> "${GITHUB_OUTPUT}"; | |
| exit 0; | |
| }; | |
| # repoCache not set, caching by default | |
| echo "INFO: repoCache input not defined nor running in a schedule, enabling caching" | |
| echo "repo-cache=enabled" >> "${GITHUB_OUTPUT}" | |
| call-molecule-workflow: | |
| name: 'Include molecule workflow' | |
| if: "needs.check-secrets.outputs.secrets-defined == 'true'" | |
| permissions: | |
| contents: 'write' | |
| needs: | |
| - 'check-secrets' | |
| - 'check-should-cache' | |
| uses: './.github/workflows/wf_call_molecule_certified_ees.yml' | |
| with: | |
| repoCache: "${{ needs.check-should-cache.outputs.repo-cache }}" | |
| moleculeDebug: "${{ github.event.inputs.moleculeDebug }}" | |
| ansibleVerbosity: "${{ github.event.inputs.ansibleVerbosity }}" | |
| secrets: | |
| CRC_USERNAME: '${{ secrets.CRC_USERNAME }}' | |
| CRC_PASSWORD: '${{ secrets.CRC_PASSWORD }}' | |
| token: '${{ secrets.GITHUB_TOKEN }}' | |
| ... |