feat/fix-handlers #5

Merged
lanson merged 8 commits from feat/fix-handlers into main 2024-11-09 14:49:50 +00:00
37 changed files with 418 additions and 251 deletions

6
.cz.toml Normal file
View File

@ -0,0 +1,6 @@
[tool.commitizen]
name = "cz_conventional_commits"
version_provider = "scm"
update_changelog_on_bump = true
major_version_zero = true
tag_format = "v$version"

View File

@ -0,0 +1,26 @@
---
name: development
on:
push:
branches-ignore:
- main
jobs:
commit-check:
name: Check commit compliance
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install commitizen
run: pip3 install commitizen
shell: bash
working-directory: ./
- name: Verify commit message compliance
run: |
echo "cz check --message '${{ github.event.head_commit.message }}'"
cz check --message "${{ github.event.head_commit.message }}"
shell: bash
working-directory: ./

View File

@ -0,0 +1,46 @@
---
name: test
on:
pull_request:
types:
- opened
- edited
- synchronize
branches:
- main
jobs:
retrieve-credentials:
name: Retrieve Credentials
runs-on: ubuntu-latest
outputs:
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_role:
needs: retrieve-credentials
strategy:
matrix:
test_os:
["debian11", "debian12", "ubuntu2004", "ubuntu2204", "ubuntu2404"]
scenario: ["default", "with_custom_flags"]
uses: ./.gitea/workflows/e2e-tests.yml
with:
role: docker_systemd_service
scenario: ${{ matrix.scenario }}
test_os: ${{ matrix.test_os }}
secrets:
GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }}
GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }}

View File

@ -0,0 +1,47 @@
---
name: End-to-end tests
on:
workflow_call:
inputs:
role:
required: true
type: string
description: "Which role should be tested"
scenario:
required: true
type: string
description: "Which scenarios should be run"
test_os:
required: true
type: string
description: "On which OS to run the tests"
secrets:
GITEA_ACTIONS_USERNAME:
required: true
GITEA_ACTIONS_TOKEN:
required: true
jobs:
molecule-test:
name: Molecule tests
runs-on: ubuntu-latest
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.GITEA_ACTIONS_USERNAME }}
password: ${{ secrets.GITEA_ACTIONS_TOKEN }}
env:
ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_FORCE_COLOR: "true"
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Molecule test"
run: molecule test -s ${{ inputs.scenario }}
shell: bash
working-directory: ${{ gitea.workspace }}
env:
MOLECULE_TEST_OS: ${{ inputs.test_os }}

View File

@ -0,0 +1,35 @@
---
name: pull-requests-open
on:
pull_request:
types:
- opened
- edited
- synchronize
branches:
- main
jobs:
commit-history-check:
name: Check commit compliance
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Install commitizen
run: pip3 install commitizen
shell: bash
working-directory: ./
- run: git log origin/${{ github.event.pull_request.base.ref }}..
- name: Verify commit message compliance
run: |
echo "cz check --rev-range origin/${{ gitea.event.pull_request.base.ref }}.."
cz check --rev-range origin/${{ gitea.event.pull_request.base.ref }}..
shell: bash
working-directory: ./

View File

@ -0,0 +1,54 @@
---
name: build-deploy
on:
push:
branches:
- main
jobs:
do-release:
if: "!startsWith(github.event.head_commit.message, 'bump:')"
runs-on: ubuntu-latest
name: Bump version and create changelog with commitizen
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
- name: Install commitizen
run: pip3 install commitizen
shell: bash
working-directory: ./
- name: Configure git credentials
uses: oleksiyrudenko/gha-git-credentials@v2
with:
global: true
name: "Gitea-Actions Bot"
email: "gitea-actions@ednz.fr"
actor: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
- name: Do release
run: cz -nr 21 bump --yes
shell: bash
working-directory: ./
- name: Push release
run: git push && git push --tags
shell: bash
working-directory: ./

View File

@ -1,52 +0,0 @@
---
name: test
on: [push]
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Ansible lint"
run: ansible-lint --force-color
working-directory: ${{ gitea.workspace }}
- name: "YAML lint"
run: yamllint . -f colored -c .yamllint
working-directory: ${{ gitea.workspace }}
molecule-test:
name: Molecule tests
runs-on: ubuntu-latest
needs: lint
container:
image: git.ednz.fr/container-factory/ansible-runner:act-latest
credentials:
username: ${{ secrets.ACTIONS_USER }}
password: ${{ secrets.ACTIONS_TOKEN }}
strategy:
matrix:
test_os: [debian11, debian12, ubuntu2004, ubuntu2204]
scenario: [default, with_custom_flags]
env:
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
steps:
- name: Checkout
uses: actions/checkout@v3
- name: "Molecule test"
run: molecule test -s ${{ matrix.scenario }}
shell: bash
working-directory: ${{ gitea.workspace }}
env:
MOLECULE_TEST_OS: ${{ matrix.test_os }}

View File

@ -1,20 +0,0 @@
---
name: publish
on:
push:
branches:
- main
jobs:
publish:
name: Publish to galaxy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Publish
uses: ednxzu/galaxy-import-role@v2
with:
galaxy-api-key: ${{ secrets.GALAXY_API_TOKEN }}
repository-owner: ednxzu
repository-name: docker_systemd_service

20
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,20 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.35.1
hooks:
- id: yamllint
args: [-c=./.yamllint]
- repo: https://github.com/commitizen-tools/commitizen
rev: v3.30.0
hooks:
- id: commitizen
- id: commitizen-branch
stages:
- post-commit
- push

View File

@ -1,14 +0,0 @@
---
# docker_systemd_service_container_name: "My-Service"
# docker_systemd_service_image:
# docker_systemd_service_container_env: {}
# docker_systemd_service_container_pull_image: true
# docker_systemd_service_container_pull_force_source: true
# docker_systemd_service_flags: []
# docker_systemd_service_container_cmd: []
# docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
# docker_systemd_service_systemd_options: []
# docker_systemd_service_enabled: true
# docker_systemd_service_masked: false
# docker_systemd_service_state: started
# docker_systemd_service_restart: true

View File

@ -9,7 +9,5 @@ docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true
docker_systemd_service_start: true

View File

@ -12,6 +12,7 @@ galaxy_info:
versions:
- focal
- jammy
- noble
- name: Debian
versions:
- bullseye

View File

@ -8,7 +8,4 @@ docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: stopped
docker_systemd_service_restart: false
docker_systemd_service_start: false

View File

@ -24,7 +24,7 @@
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == ''
- (slurp_etc_default_nginx.content|b64decode) == '\n'
- name: "Test: service nginx_container"
block:

View File

@ -3,12 +3,9 @@ docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_container_env: {}
docker_systemd_service_container_pull_image: true
docker_systemd_service_container_pull_force_source: true
docker_systemd_service_container_pull_force_source: false
docker_systemd_service_flags: []
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true
docker_systemd_service_start: true

View File

@ -0,0 +1,48 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: openstack
platforms:
- name: instance.example.com
description: Molecule test instance.
flavor: a2-ram4-disk20-perf1
image: Debian 12 bookworm
user: debian
network:
name: pcp-w3rxsrj-backend-network
create: false
security_group:
name: molecule__docker_systemd_service__with_custom_flags_os
create: true
description: Molecule test security group.
rules:
- proto: tcp
port: -1
port_min: 0
port_max: 0
cidr: 0.0.0.0/0
type: IPv4
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default_os
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

View File

@ -24,7 +24,7 @@
- stat_etc_default_nginx.stat.pw_name == 'root'
- stat_etc_default_nginx.stat.gr_name == 'root'
- stat_etc_default_nginx.stat.mode == '0600'
- (slurp_etc_default_nginx.content|b64decode) == ''
- (slurp_etc_default_nginx.content|b64decode) == '\n'
- name: "Test: service nginx_container"
block:

View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: default_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

View File

@ -1,6 +1,6 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_image: nginx:1.27
docker_systemd_service_container_env:
TEST_ENV: test
docker_systemd_service_container_pull_image: false
@ -13,7 +13,4 @@ docker_systemd_service_flags:
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: stopped
docker_systemd_service_restart: false
docker_systemd_service_start: false

View File

@ -62,7 +62,7 @@
--privileged \
--network "host" \
--cap-add "NET_ADMIN" \
nginx
nginx:1.27
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always

View File

@ -1,10 +1,10 @@
---
docker_systemd_service_container_name: "nginx"
docker_systemd_service_image: nginx
docker_systemd_service_image: nginx:1.27
docker_systemd_service_container_env:
TEST_ENV: test
docker_systemd_service_container_pull_image: true
docker_systemd_service_container_pull_force_source: true
docker_systemd_service_container_pull_force_source: false
docker_systemd_service_flags:
- privileged
- network: host
@ -13,7 +13,4 @@ docker_systemd_service_flags:
docker_systemd_service_container_cmd: []
docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
docker_systemd_service_systemd_options: []
docker_systemd_service_enabled: true
docker_systemd_service_masked: false
docker_systemd_service_state: started
docker_systemd_service_restart: true
docker_systemd_service_start: true

View File

@ -0,0 +1,48 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: openstack
platforms:
- name: instance.example.com
description: Molecule test instance.
flavor: a2-ram4-disk20-perf1
image: Debian 12 bookworm
user: debian
network:
name: pcp-w3rxsrj-backend-network
create: false
security_group:
name: molecule__docker_systemd_service__with_custom_flags_os
create: true
description: Molecule test security group.
rules:
- proto: tcp
port: -1
port_min: 0
port_max: 0
cidr: 0.0.0.0/0
type: IPv4
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_flags_os
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

View File

@ -62,7 +62,7 @@
--privileged \
--network "host" \
--cap-add "NET_ADMIN" \
nginx
nginx:1.27
ExecStop=/usr/bin/docker stop nginx
SyslogIdentifier=nginx
Restart=always

View File

@ -1,35 +0,0 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: vagrant
provider:
name: libvirt
platforms:
- name: instance
box: generic/${MOLECULE_TEST_OS}
cpus: 4
memory: 4096
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: ansible
scenario:
name: with_custom_flags_vagrant
test_sequence:
- dependency
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

36
tasks/configure.yml Normal file
View File

@ -0,0 +1,36 @@
---
# task/install file for docker_systemd_service
- name: "Docker systemd service | Create ENV file(s) for docker service(s)"
ansible.builtin.template:
src: env.j2
dest: "{{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}"
owner: root
group: root
mode: '0600'
register: _docker_systemd_service_env_file
- name: "Docker systemd service | Pull docker image(s)"
community.docker.docker_image:
name: "{{ docker_systemd_service_image }}"
force_source: "{{ docker_systemd_service_container_pull_force_source | bool }}"
source: pull
register: _docker_systemd_service_image_pull
when: docker_systemd_service_container_pull_image
- name: "Docker systemd service | Create unit file(s) for service(s)"
ansible.builtin.template:
src: unit.j2
dest: "/etc/systemd/system/{{ docker_systemd_service_name }}.service"
owner: root
group: root
mode: '0644'
register: _docker_systemd_service_unit_file
- name: "Docker systemd service | Set reload-check & restart-check variable"
ansible.builtin.set_fact:
_docker_systemd_service_need_daemon_reload: >-
{{ _docker_systemd_service_unit_file.changed | bool }}
_docker_systemd_service_need_restart: true
when: _docker_systemd_service_env_file.changed or
_docker_systemd_service_unit_file.changed or
_docker_systemd_service_image_pull.changed

View File

@ -1,36 +0,0 @@
---
# task/install file for docker_systemd_service
- name: "Create ENV file(s) for docker service(s)"
ansible.builtin.template:
src: env.j2
dest: "{{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}"
owner: root
group: root
mode: '0600'
notify: systemctl-restart-service
- name: "Pull docker image(s)"
community.docker.docker_image:
name: "{{ docker_systemd_service_image }}"
force_source: "{{ docker_systemd_service_container_pull_force_source | bool }}"
source: pull
when: docker_systemd_service_container_pull_image
notify: systemctl-restart-service
- name: "Create unit file(s) for service(s)"
ansible.builtin.template:
src: unit.j2
dest: "/etc/systemd/system/{{ docker_systemd_service_name }}.service"
owner: root
group: root
mode: '0644'
notify: systemctl-restart-service
- name: "Enable and start service(s)"
ansible.builtin.systemd:
name: '{{ docker_systemd_service_name }}.service'
daemon_reload: true
enabled: "{{ docker_systemd_service_enabled }}"
masked: "{{ docker_systemd_service_masked }}"
state: "{{ docker_systemd_service_state }}"
register: _enable_and_start

View File

@ -1,9 +1,37 @@
---
# task/main file for docker_systemd_service
- name: "Import install.yml"
ansible.builtin.include_tasks: install.yml
when: docker_systemd_service_state != "absent"
- name: "Docker systemd service | Set reload-check & restart-check variable"
ansible.builtin.set_fact:
_docker_systemd_service_need_daemon_reload: false
_docker_systemd_service_need_restart: false
- name: "Import uninstall.yml"
ansible.builtin.include_tasks: uninstall.yml
when: docker_systemd_service_state == "absent"
- name: "Docker systemd service | Import configure.yml"
ansible.builtin.include_tasks: configure.yml
- name: "Docker systemd service | Populate service facts"
ansible.builtin.service_facts:
- name: "Docker systemd service | Set restart-check variable"
ansible.builtin.set_fact:
_docker_systemd_service_need_restart: true
when:
- ansible_facts.services[docker_systemd_service_name~'.service'].state != 'running'
- name: "Docker systemd service | Enable service: {{ docker_systemd_service_name }}"
ansible.builtin.service:
name: "{{ docker_systemd_service_name }}"
enabled: true
- name: "Docker systemd service | Reload systemd daemon"
ansible.builtin.systemd:
daemon_reload: true
when: _docker_systemd_service_need_daemon_reload
- name: "Docker systemd service | Start service: {{ docker_systemd_service_name }}"
ansible.builtin.service:
name: "{{ docker_systemd_service_name }}"
state: restarted
throttle: 1
when:
- _docker_systemd_service_need_restart
- docker_systemd_service_start

View File

@ -1,22 +0,0 @@
---
# task/uninstall file for docker_systemd_service
- name: "Remove ENV file(s) for service(s)"
ansible.builtin.file:
path: "{{ docker_systemd_service_sysconf_dir }}/{{ docker_systemd_service_container_name }}"
state: absent
- name: "Disable and stop service(s)"
ansible.builtin.systemd:
name: '{{ docker_systemd_service_name }}.service'
enabled: false
state: stopped
- name: "Remove unit file(s) for service(s)"
ansible.builtin.file:
path: /etc/systemd/system/{{ docker_systemd_service_name }}.service
state: absent
- name: "Reload systemd units"
ansible.builtin.systemd:
daemon_reload: true
changed_when: false