From 6f6c814d93e793ac214791e79f07000146c05381 Mon Sep 17 00:00:00 2001 From: Bernie Nicasio Date: Mon, 4 Mar 2024 10:06:47 -0400 Subject: [PATCH] DSO-2017: License, code of conducts & issues template (#3) * DSO-2017: added conde of conduct, license and update to actions * DSO-2017: update README * Update .github/ISSUE_TEMPLATE/bug_report.md Co-authored-by: Angel M. Adames <9947992+angelmadames@users.noreply.github.com> * Update action.yml Co-authored-by: Angel M. Adames <9947992+angelmadames@users.noreply.github.com> * DSO-2017: solve comments * DSO-2017: added playbook path to missing command * DSO-2017: test deployment action * DSO-2017: test deployment action * DSO-2017: test deployment action * DSO-2017: removed ansible vault pass * DSO-2017: fix typo on tags * DSO-2017: fix typo on tags * DSO-2017: force colors * DSO-2017: removed collections and env colors on action * DSO-2017: update readme * DSO-2017: remove readme on ansible --------- Co-authored-by: Angel M. Adames <9947992+angelmadames@users.noreply.github.com> --- .github/ISSUE_TEMPLATE/bug_report.md | 31 +++++++++ .github/ISSUE_TEMPLATE/config.yml | 1 + .github/ISSUE_TEMPLATE/feature_request.md | 16 +++++ .github/workflows/action.yml | 28 ++++++++ CODE_OF_CONDUCT.md | 76 +++++++++++++++++++++ LICENSE | 21 ++++++ README.md | 19 ++++-- action.yml | 30 ++++---- ansible/.ansible-lint | 5 ++ ansible/.gitignore | 8 +++ ansible/ansible.cfg | 13 ++++ ansible/hosts.yml | 6 ++ ansible/playbooks/site.yml | 9 +++ ansible/playbooks/stage.yml | 4 ++ ansible/roles/authentication/tasks/auth.yml | 5 ++ ansible/roles/authentication/tasks/main.yml | 4 ++ ansible/roles/env_vars/tasks/env.yml | 5 ++ ansible/roles/env_vars/tasks/main.yml | 4 ++ ansible/roles/info/tasks/info.yml | 5 ++ ansible/roles/info/tasks/main.yml | 4 ++ 20 files changed, 274 insertions(+), 20 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/workflows/action.yml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 LICENSE create mode 100644 ansible/.ansible-lint create mode 100644 ansible/.gitignore create mode 100644 ansible/ansible.cfg create mode 100644 ansible/hosts.yml create mode 100644 ansible/playbooks/site.yml create mode 100644 ansible/playbooks/stage.yml create mode 100644 ansible/roles/authentication/tasks/auth.yml create mode 100644 ansible/roles/authentication/tasks/main.yml create mode 100644 ansible/roles/env_vars/tasks/env.yml create mode 100644 ansible/roles/env_vars/tasks/main.yml create mode 100644 ansible/roles/info/tasks/info.yml create mode 100644 ansible/roles/info/tasks/main.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..fef701f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,31 @@ +--- +name: Bug report +about: Create a bug report +title: '' +labels: bug, needs triage +assignees: '' +--- + +**Description:** +A clear and concise description of what the bug is. + +**Action version:** +Specify the action version. + +**Platform:** +- [ ] Ubuntu +- [ ] macOS +- [ ] Windows + +**Runner type:** +- [ ] Hosted +- [ ] Self-hosted + +**Repro steps:** +A description with steps to reproduce the issue. If you have a public example or repo to share, please provide the link. + +**Expected behavior:** +A description of what you expected to happen. + +**Actual behavior:** +A description of what is actually happening. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..3ba13e0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..d664c74 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,16 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: feature request, needs triage +assignees: '' +--- + +**Description:** +Describe your proposal. + +**Justification:** +Justification or a use case for your proposal. + +**Are you willing to submit a PR?** + diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml new file mode 100644 index 0000000..ba5665b --- /dev/null +++ b/.github/workflows/action.yml @@ -0,0 +1,28 @@ +name: 🚢 Deployment Action Tests + +on: + pull_request: + branches: + - main + +env: + ANSIBLE_FORCE_COLOR: '1' + PY_COLORS: '1' + FORCE_COLOR: '1' + +jobs: + deployment_test: + runs-on: ubuntu-latest + steps: + - name: 💻 Checkout current pull-request revision code + uses: actions/checkout@v4 + + - name: 🚀 Test Deployment Action + uses: ./ + with: + dry_run: true + playbook_name: 'stage' + ansible_tags: >- + auth, + env-vars, + info diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..3a64696 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to make participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies within all project spaces, and it also applies when +an individual is representing the project or its community in public spaces. +Examples of representing a project or community include using an official +project e-mail address, posting via an official social media account, or acting +as an appointed representative at an online or offline event. Representation of +a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at opensource@github.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d12d8e6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 gbh + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 1d7490d..7a33086 100644 --- a/README.md +++ b/README.md @@ -10,13 +10,13 @@ See [action.yml](action.yml) - uses: actions/ansible-deployment@v1 with: # Optional. Specifies the path to the playbook - playbook_path: '.' + playbook_path: 'playbooks' # The name of the playbook playbook_name: '' # Optional. Set to true to run Ansible playbooks in --check mode - dry_run: true + dry_run: false # Specifies the AWS region name for configuration aws_region: '' @@ -26,15 +26,18 @@ See [action.yml](action.yml) # Example: 'system,deployment,nginx,certbot' ansible_tags: '' - # AWS service account access key + # The ansible working directory + workdir: 'ansible' + + # Optional. AWS service account access key aws_access_key_id: '' # Ensure the following values are treated as secrets: - # Ansible vault password to decrypt secrets + # Optional. Ansible vault password to decrypt secrets ansible_vault_password: '' - # AWS service account secret access key + # Optional. AWS service account secret access key aws_secret_access_key: '' ``` @@ -45,10 +48,14 @@ Example usage: with: playbook_path: 'playbooks' playbook_name: 'stage.yaml' + workdir: 'ansible' dry_run: true aws_region: 'us-east-1' - ansible_tags: 'system,deployment,nginx,certbot' ansible_vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ansible_tags: >- + auth, + env-vars, + info ``` diff --git a/action.yml b/action.yml index a7d2e26..92b3ed2 100644 --- a/action.yml +++ b/action.yml @@ -9,39 +9,40 @@ inputs: playbook_path: description: 'The location of the playbook' required: false - default: '.' + default: 'playbooks' playbook_name: description: 'The playbook file name' required: true ansible_vault_password: description: 'Ansible vault password to decrypt secrets' - required: true + required: false dry_run: description: 'Whenever to run Ansible on check mode' required: false - default: 'true' + default: 'false' aws_region: description: 'AWS runner region' - required: true + required: false aws_access_key_id: description: 'AWS service account access key' - required: true + required: false aws_secret_access_key: description: 'AWS service account secret access key' - required: true + required: false ansible_tags: description: 'A comma-separated string of tags to filter which tasks to run in the playbook' required: true default: 'kubeconfig,info' - -env: - ANSIBLE_FORCE_COLOR: '1' - PY_COLORS: '1' + workdir: + description: 'The Ansible working directory' + required: true + default: 'ansible' runs: using: 'composite' steps: - name: Configure AWS service account credentials + if: ${{ inputs.aws_access_key_id != '' }} uses: aws-actions/configure-aws-credentials@v4 with: aws-region: ${{ inputs.aws_region }} @@ -59,7 +60,7 @@ runs: - name: Set Ansible configuration and dry run options shell: bash -leo pipefail {0} - working-directory: ansible + working-directory: ${{ inputs.workdir }} run: | set_env() { echo "$1" >> $GITHUB_ENV; } echo "Dry Run set to: ${{ inputs.dry_run }}" @@ -70,16 +71,17 @@ runs: set_env "OPTS=" fi - sed -i "/- hosts:/a\ no_log: yes" playbooks/site.yml + sed -i "/- hosts:/a\ no_log: yes" ${{ inputs.playbook_path }}/site.yml - name: Add Ansible vault password to vault key file shell: bash -leo pipefail {0} - working-directory: ansible + if: ${{ inputs.ansible_vault_password != '' }} + working-directory: ${{ inputs.workdir }} run: echo "${{ inputs.ansible_vault_password }}" > vault.key - name: Running Ansible tasks shell: bash -leo pipefail {0} - working-directory: ansible + working-directory: ${{ inputs.workdir }} run: | tags="${{ inputs.ansible_tags }}" diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint new file mode 100644 index 0000000..11d1c87 --- /dev/null +++ b/ansible/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - no-changed-when + - name[play] + - name[missing] + - ignore-errors diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000..d46a50a --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1,8 @@ +# gitignore file + +*.log +*.txt +collections/ +facts_cache/ +tmp/ +vault.key diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..23efd04 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,13 @@ +# Ansible configuration + +[defaults] +forks = 10 +gathering = smart +interpreter_python = auto +inventory = ./hosts.yml +local_tmp = ./tmp +private_role_vars = true +roles_path = ./roles + +[inventory] +enable_plugins = yaml diff --git a/ansible/hosts.yml b/ansible/hosts.yml new file mode 100644 index 0000000..768d4fc --- /dev/null +++ b/ansible/hosts.yml @@ -0,0 +1,6 @@ +--- +all: + children: + stage: + hosts: + stage01: diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml new file mode 100644 index 0000000..e4972bf --- /dev/null +++ b/ansible/playbooks/site.yml @@ -0,0 +1,9 @@ +--- +- name: Run deployment playbook + hosts: "{{ target }}" + gather_facts: false + connection: local + roles: + - role: authentication + - role: env_vars + - role: info diff --git a/ansible/playbooks/stage.yml b/ansible/playbooks/stage.yml new file mode 100644 index 0000000..8378f5b --- /dev/null +++ b/ansible/playbooks/stage.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: site.yml + vars: + target: stage diff --git a/ansible/roles/authentication/tasks/auth.yml b/ansible/roles/authentication/tasks/auth.yml new file mode 100644 index 0000000..2f82f51 --- /dev/null +++ b/ansible/roles/authentication/tasks/auth.yml @@ -0,0 +1,5 @@ +--- +- name: Authenticate to EKS and update kubeconfig + ansible.builtin.command: + cmd: + echo "Test authentication" diff --git a/ansible/roles/authentication/tasks/main.yml b/ansible/roles/authentication/tasks/main.yml new file mode 100644 index 0000000..ba5d8bc --- /dev/null +++ b/ansible/roles/authentication/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- ansible.builtin.import_tasks: auth.yml + tags: + - auth diff --git a/ansible/roles/env_vars/tasks/env.yml b/ansible/roles/env_vars/tasks/env.yml new file mode 100644 index 0000000..9565f0d --- /dev/null +++ b/ansible/roles/env_vars/tasks/env.yml @@ -0,0 +1,5 @@ +--- +- name: Test env + ansible.builtin.command: + cmd: + echo "Test env" diff --git a/ansible/roles/env_vars/tasks/main.yml b/ansible/roles/env_vars/tasks/main.yml new file mode 100644 index 0000000..a7d07d2 --- /dev/null +++ b/ansible/roles/env_vars/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- ansible.builtin.import_tasks: env.yml + tags: + - env-vars diff --git a/ansible/roles/info/tasks/info.yml b/ansible/roles/info/tasks/info.yml new file mode 100644 index 0000000..cf6267c --- /dev/null +++ b/ansible/roles/info/tasks/info.yml @@ -0,0 +1,5 @@ +--- +- name: Test info + ansible.builtin.command: + cmd: + echo "Test info" diff --git a/ansible/roles/info/tasks/main.yml b/ansible/roles/info/tasks/main.yml new file mode 100644 index 0000000..0e0e3fd --- /dev/null +++ b/ansible/roles/info/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- ansible.builtin.import_tasks: info.yml + tags: + - info