[pre-commit.ci] pre-commit autoupdate #482
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
validate: | |
strategy: | |
fail-fast: false | |
matrix: | |
template: | |
- ubuntu-server | |
- consul | |
- vault | |
name: Validate | |
runs-on: ubuntu-latest | |
env: | |
VAULT_ADDR: http://localhost:8200 | |
VAULT_TOKEN: token | |
PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Run ansible-lint | |
uses: ansible/[email protected] | |
with: | |
path: "${{ matrix.template }}" | |
- name: Create bin dir for cached binaries | |
run: mkdir "${HOME}/bin" | |
- name: Start Vault Server | |
run: | | |
curl https://releases.hashicorp.com/vault/1.13.0/vault_1.13.0_linux_amd64.zip | \ | |
gunzip -> "${HOME}/bin/vault" ; \ | |
chmod u+x "${HOME}/bin/vault" ; \ | |
${HOME}/bin/vault server -dev -dev-root-token-id=${VAULT_TOKEN} | tee vault-output.txt & | |
- name: Enable Secrets mounts | |
run: | | |
${HOME}/bin/vault secrets enable -path="digitalocean" -description="KV data" kv-v2 ; \ | |
${HOME}/bin/vault secrets enable -path="kv" kv-v2 | |
- name: Populate the DO secret | |
run: ${HOME}/bin/vault kv put -mount="digitalocean" tokens packer=${{ secrets.DO_TOKEN }} | |
- name: Populate the GH secret | |
run: ${HOME}/bin/vault kv put -mount="kv" github ghcr_token=${{ secrets.GITHUB_TOKEN }} | |
- name: Populate Consul Encryption Key | |
run: ${HOME}/bin/vault kv put -mount="kv" consul encrypt=${{ secrets.CONSUL_ENCRYPT_KEY }} | |
- name: "Get Packer" | |
run: | | |
curl https://releases.hashicorp.com/packer/1.8.2/packer_1.8.2_linux_amd64.zip | \ | |
gunzip -> "${HOME}/bin/packer" ; \ | |
chmod u+x "${HOME}/bin/packer" | |
- name: Add Ansible requirements | |
run: python3 -m pip install -r requirements.txt | |
- name: Add Ansible collections | |
run: ansible-galaxy collection install community.hashi_vault | |
- name: Add Ansible roles | |
run: | | |
cd ${{ matrix.template }} | |
if [[ -f requirements.yml ]] ; then | |
ansible-galaxy install -r requirements.yml | |
fi | |
- name: "Init Packer" | |
run: | | |
cd ${{ matrix.template }} ; ${HOME}/bin/packer init . | |
- name: "Validate Packer templates" | |
run: cd ${{ matrix.template }} ; PATH=${PATH}:${HOME}/bin/ packer validate . | |
release: | |
needs: | |
- validate | |
name: Release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 'lts/*' | |
- name: Install dependencies | |
run: | | |
npm install -D \ | |
"@semantic-release/commit-analyzer" \ | |
"@semantic-release/release-notes-generator" \ | |
"@semantic-release/changelog" \ | |
"@semantic-release/github" \ | |
"@semantic-release/git" | |
- name: Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: npx semantic-release |