ansible-check #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ansible-check | |
| # We only launch this job if we're on main and the Main pipeline has succedded, if we're on a pull request (to ensure no | |
| # regressions are introduced), or if it's manually triggered | |
| on: | |
| workflow_run: | |
| workflows: ["Main pipeline"] | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| ansible-lint: | |
| runs-on: ubuntu-22.04 | |
| # We set the working directory of this pipeline to our ansible dir | |
| defaults: | |
| run: | |
| working-directory: ./ansible | |
| # We need to lint the vaulted files too | |
| env: | |
| VAULT_PASS: ${{ secrets.VAULT_PASSWORD }} | |
| steps: | |
| - name: Fail if main pipeline failed | |
| if: ${{ github.event_name == 'pull_request' && github.event_name == 'workflow_dispatch' && github.event.workflowgithub.event.workflow_run.conclusion != 'success' }} | |
| run: exit 1 | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| # We install ansible-lint | |
| - name: Install ansible-lint with pip | |
| run: | | |
| sudo apt update | |
| sudo apt install pip git | |
| pip install ansible-core ansible-lint | |
| # We copy our VAULT_PASSWORD so as to allow ansible-lint to decrypt and lint them. | |
| # We also install our playbooks' dependencies | |
| - name: Run ansible-lint on our playbook | |
| run: | | |
| echo ${VAULT_PASS} > .vault_password | |
| ansible-galaxy collection install -r requirements.yml | |
| ANSIBLE_VAULT_PASSWORD_FILE=.vault_password ansible-lint -v -s --project-dir . |