-
Notifications
You must be signed in to change notification settings - Fork 9
159 lines (139 loc) · 5.94 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
---
name: ansible-test
on:
# Run CI against all pushes (direct commits, also merged PRs), Pull Requests
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
# Run CI once per week (at 06:00 UTC)
# This ensures that even if there haven't been commits that we are still
# testing against latest version of ansible-test for each ansible-core
# version
schedule:
- cron: '0 6 * * 1'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
ansible-sanity-tests:
name: Sanity (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
strategy:
matrix:
ansible:
# It's important that Sanity is tested against all stable-X.Y branches
# Testing against `devel` may fail as new tests are added.
- stable-2.15
- stable-2.16
- stable-2.17
- devel
python:
- "3.11"
runs-on: >-
${{ contains(fromJson(
'["stable-2.9", "stable-2.10", "stable-2.11"]'
), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }}
steps:
# ansible-test requires the collection to be in a directory in the form
# .../ansible_collections/NAMESPACE/COLLECTION_NAME/
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
path: ansible_collections/telekom_mms/acme
- name: Set up Python ${{ matrix.ansible }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ matrix.python }}
# Install the head of the given branch (devel, stable-2.10)
- name: Install ansible-base (${{ matrix.ansible }})
run: python -m pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
# run ansible-test sanity inside of Docker.
# The docker container has all the pinned dependencies that are required.
# Explicitly specify the version of Python we want to test
- name: Run sanity tests
run: ansible-test sanity --docker -v --color --python ${{ matrix.python }}
working-directory: ./ansible_collections/telekom_mms/acme
linting:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Run Linting
uses: ansible/ansible-lint@44be233dbd6a8a6d8f3c5297c318ed4ed4644c32 # 24.10.0
integration-tests:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ansible_collections/telekom_mms/acme
strategy:
fail-fast: false
matrix:
ansible:
- devel
# - milestone
python:
- '3.11'
- '3.12'
include:
# Add new versions announced in
# https://github.com/ansible-collections/news-for-maintainers in a timely manner,
# consider dropping testing against EOL versions and versions you don't support.
# ansible-core 2.15
- ansible: stable-2.15
python: '3.9'
- ansible: stable-2.15
python: '3.10'
- ansible: stable-2.15
python: '3.11'
# ansible-core 2.16
- ansible: stable-2.16
python: '3.10'
- ansible: stable-2.16
python: '3.11'
- ansible: stable-2.16
python: '3.12'
# ansible-core 2.17
- ansible: stable-2.17
python: '3.10'
- ansible: stable-2.17
python: '3.11'
- ansible: stable-2.17
python: '3.12'
# start nginx as service to test validation via http-challenge local path
services:
nginx:
image: nginx@sha256:fb197595ebe76b9c0c14ab68159fd3c08bd067ec62300583543f0ebda353b5be
volumes:
- /tmp:/usr/share/nginx/html
ports:
- 5002:80
steps:
- name: Check out code to collections-folder, so ansible finds it
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
path: ansible_collections/telekom_mms/acme
- name: Run Pebble and challtestsrv
run: curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml | docker compose -f - up -d
- name: Set up Pebble
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
# change uid of nginx user in nginx service container to uid of github runner id to allow reading of created hash file by nginx process
- name: change uid of nginx user in container
run: docker exec -i ${{ job.services.nginx.id }} usermod -u 1001 nginx
# restart docker container to start nginx process with new uid
- name: restart docker container of service
run: docker restart ${{ job.services.nginx.id }}
- name: Set up Python ${{ matrix.ansible }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ matrix.python }}
- name: Install ansible-base (${{ matrix.ansible }})
run: python -m pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
- name: build the collection
run: ansible-galaxy collection build
- name: install the collection
run: ansible-galaxy collection install -p /home/runner/work/ansible-collection-acme/ansible-collection-acme *.tar.gz
- name: install community.crypto collection
run: ansible-galaxy collection install -p /home/runner/work/ansible-collection-acme/ansible-collection-acme community.crypto
- name: Run integration tests
run: ansible-test integration -v --color --retry-on-error --continue-on-error --diff --python ${{ matrix.python }} --requirements
working-directory: ./ansible_collections/telekom_mms/acme