Merge pull request #70 from haydenseitz/github-actions

Add GitHub Actions CI
uoi-io · Jun 8, 2023 · c432b3a · c432b3a
2 parents 3fa27e4 + 5276869
commit c432b3a
Show file tree

Hide file tree

Showing 16 changed files with 181 additions and 81 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,4 +1,11 @@
 ---
 # This makes the linter display but not fail for rules/tags listed below
 warn_list:
-  - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
+  - "106" # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
+
+skip_list:
+  - fqcn[action-core]
+
+exclude_paths:
+  - tests
+  - molecule
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,80 @@
+---
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  yamllint:
+    name: yamllint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.x"
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Run yamllint
+        run: |
+          yamllint -s .
+
+  ansible-lint:
+    name: ansible-lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.x"
+
+      - name: Install test dependencies.
+        run: pip3 install ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          ansible-lint
+
+  molecule:
+    name: molecule
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - debian11
+          - debian10
+          - rockylinux8
+          - rockylinux9
+          - fedora37
+          - fedora38
+          - fedora39
+          - ubuntu22.04
+          - ubuntu20.04
+          - ubuntu18.04
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.x"
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule molecule-plugins[docker] docker pytest-testinfra
+
+      - name: Run Molecule tests.
+        run: molecule test -p ${MOLECULE_DISTRO}
+        env:
+          PY_COLORS: "1"
+          ANSIBLE_FORCE_COLOR: "1"
+          MOLECULE_DISTRO: ${{ matrix.distro }}
diff --git a/.yamllint b/.yamllint
@@ -1,16 +1,32 @@
 ---
+# Based on ansible-lint config
 extends: default
-
 rules:
   braces:
-    min-spaces-inside: 1
     max-spaces-inside: 1
     level: error
   brackets:
     max-spaces-inside: 1
     level: error
-  comments:
-    min-spaces-from-content: 1
-  empty-values: enable
-  line-length:
-    max: 160
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
diff --git a/README.md b/README.md
@@ -417,7 +417,7 @@ Currently the molecule configuration is based on the `docker` driver.
 ```console
 apt/yum install docker
 systemctl start docker
-pip install docker molecule
+pip install docker molecule molecule-plugins pytest-testinfra
 molecule test
 ```
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -5,7 +5,7 @@ haproxy_bind_nonlocal_ip: true
 haproxy_ip_forward: true
 
 # Common
-haproxy_mode: system  # or docker
+haproxy_mode: system # or docker
 haproxy_firewalld: true
 haproxy_selinux: true
 haproxy_apt_backports: false
@@ -85,7 +85,7 @@ haproxy_default_errorfiles:
 
 # Stats
 haproxy_stats: true
-haproxy_stats_address: '*'
+haproxy_stats_address: "*"
 haproxy_stats_port: 9001
 haproxy_stats_ssl: false
 haproxy_stats_auth: true
@@ -110,7 +110,7 @@ haproxy_stats_timeouts:
 haproxy_ssl_certificate: /etc/ssl/uoi.io/uoi.io.pem
 haproxy_ssl_options: no-sslv3 no-tls-tickets force-tlsv12
 haproxy_ssl_ciphers: AES128+EECDH:AES128+EDH
-haproxy_ssl: 'ssl crt {{ haproxy_ssl_certificate }} ciphers {{ haproxy_ssl_ciphers }} {{ haproxy_ssl_options }}'
+haproxy_ssl: "ssl crt {{ haproxy_ssl_certificate }} ciphers {{ haproxy_ssl_ciphers }} {{ haproxy_ssl_options }}"
 
 # Frontend
 haproxy_frontend: []
@@ -136,8 +136,8 @@ haproxy_docker_ports:
   - "8443:8443"
   - "{{ haproxy_stats_port }}:{{ haproxy_stats_port }}"
 haproxy_docker_sysctls:
-  net.ipv4.ip_nonlocal_bind: "{{ 1 if haproxy_bind_nonlocal_ip|bool else 0 }}"
-  net.ipv4.ip_forward: "{{ 1 if haproxy_ip_forward|bool else 0 }}"
+  net.ipv4.ip_nonlocal_bind: "{{ 1 if haproxy_bind_nonlocal_ip | bool else 0 }}"
+  net.ipv4.ip_forward: "{{ 1 if haproxy_ip_forward | bool else 0 }}"
   net.core.somaxconn: 4096
   net.ipv4.tcp_syncookies: 1
 haproxy_docker_ulimits:

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,12 +1,12 @@
 ---
 # file: roles/haproxy/handlers/main.yml
-- name: restart haproxy
+- name: Restart haproxy
   ansible.builtin.service:
     name: "{{ haproxy_service }}"
     state: restarted
   when: haproxy_mode == "system"
 
-- name: reload haproxy
+- name: Reload haproxy
   ansible.builtin.service:
     name: "{{ haproxy_service }}"
     state: reloaded

diff --git a/meta/main.yml b/meta/main.yml
@@ -7,16 +7,16 @@ galaxy_info:
   company: InCloudUs
   issue_tracker_url: https://github.com/uoi-io/ansible-haproxy/issues
   license: Apache
-  min_ansible_version: 2.8
+  min_ansible_version: "2.8"
   github_branch: master
   platforms:
     - name: EL
       versions:
-        - 7
-        - 8
+        - "7"
+        - "8"
     - name: Fedora
       versions:
-        - 32
+        - "32"
     - name: Ubuntu
       versions:
         - xenial

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -4,11 +4,6 @@ dependency:
   enabled: false
 driver:
   name: docker
-lint: |
-  set -ex
-  yamllint -s .
-  ansible-lint --nocolor -p --exclude=molecule/ --exclude=tests/
-  flake8
 platforms:
   # https://wiki.debian.org/DebianReleases
   - name: debian11
@@ -21,40 +16,39 @@ platforms:
     command: sleep infinity
     groups: [Debian]
     privileged: true
-  - name: debian9
-    image: debian:9
-    command: sleep infinity
-    groups: [Debian]
-    privileged: true
   # https://rockylinux.org/
   - name: rockylinux8
     image: rockylinux:8
     command: /sbin/init
     groups: [RedHat]
     privileged: true
-  # https://www.centos.org/centos-linux/
-  # - name: centos8
-  #   image: centos:8
-  #   command: /sbin/init
-  #   groups: [ RedHat ]
-  #   privileged: true
-  - name: centos7
-    image: centos:7
+  - name: rockylinux9
+    image: rockylinux:9
     command: /sbin/init
     groups: [RedHat]
     privileged: true
   # https://fedoraproject.org/wiki/Releases
-  - name: f33
-    image: fedora:33
+  - name: fedora37
+    image: fedora:37
     command: /sbin/init
     groups: [RedHat]
     privileged: true
-  - name: f32
-    image: fedora:32
+  - name: fedora38
+    image: fedora:38
+    command: /sbin/init
+    groups: [RedHat]
+    privileged: true
+  - name: fedora39
+    image: fedora:39
     command: /sbin/init
     groups: [RedHat]
     privileged: true
   # https://wiki.ubuntu.com/Releases
+  - name: ubuntu22.04
+    image: ubuntu:22.04
+    command: sleep infinity
+    groups: [Debian]
+    privileged: true
   - name: ubuntu20.04
     image: ubuntu:20.04
     command: sleep infinity
@@ -79,23 +73,18 @@ provisioner:
         apache_service: httpd
         apache_ports: /etc/httpd/conf/httpd.conf
         apache_conf_d: /etc/httpd/conf.d
-    host_vars:
-      f33:
-        ansible_python_interpreter: python3
-      f32:
-        ansible_python_interpreter: python3
 scenario:
   name: default
   test_sequence:
     - dependency
-    - lint
+    # - lint
     - cleanup
     - destroy
     - syntax
     - create
     - prepare
     - converge
-    # - idempotence
+    - idempotence
     - side_effect
     - verify
     - cleanup

diff --git a/tasks/config.yml b/tasks/config.yml
@@ -7,4 +7,4 @@
     mode: "0640"
     # FIXME: find a way to validate in Docker mode
     # validate: "{{ haproxy_bin }} -f %s -c"
-  notify: reload haproxy
+  notify: Reload haproxy
diff --git a/tasks/docker.yml b/tasks/docker.yml
@@ -1,6 +1,6 @@
 ---
 - name: HAProxy - run a Docker container
-  docker_container:
+  community.docker.docker_container:
     # common settings
     name: "{{ haproxy_docker_name }}"
     hostname: "{{ inventory_hostname }}"
@@ -26,7 +26,7 @@
     ports: "{{ haproxy_docker_ports }}"
     purge_networks: true
     # persistent volumes
-    volumes: "{{ haproxy_docker_volumes | default([haproxy_config+':/usr/local/etc/haproxy/haproxy.cfg:ro']) }}"
+    volumes: "{{ haproxy_docker_volumes | default([haproxy_config + ':/usr/local/etc/haproxy/haproxy.cfg:ro']) }}"
     # runtime settings
     etc_hosts: >
       {
@@ -38,7 +38,7 @@
 
 # TODO: keep docker_container module support for Ansible < 2.10
 - name: HAProxy - run a Docker container (old style)
-  docker_container:
+  community.docker.docker_container:
     # common settings
     name: "{{ haproxy_docker_name }}"
     hostname: "{{ inventory_hostname }}"
@@ -64,7 +64,7 @@
     ports: "{{ haproxy_docker_ports }}"
     purge_networks: true
     # persistent volumes
-    volumes: "{{ haproxy_docker_volumes | default([haproxy_config+':/usr/local/etc/haproxy/haproxy.cfg:ro']) }}"
+    volumes: "{{ haproxy_docker_volumes | default([haproxy_config + ':/usr/local/etc/haproxy/haproxy.cfg:ro']) }}"
     # runtime settings
     etc_hosts: >
       {

diff --git a/tasks/firewall.yml b/tasks/firewall.yml
@@ -4,8 +4,8 @@
 #       collection. This feature will be removed from community.general in version
 #       2.0.0.
 - name: HAproxy firewalld rule
-  firewalld:
-    port: '{{ item }}'
+  ansible.posix.firewalld:
+    port: "{{ item }}"
     permanent: true
     state: enabled
     immediate: true

diff --git a/tasks/install-Generic.yml b/tasks/install-Generic.yml
@@ -3,12 +3,12 @@
 - name: "RedHat | Install basic repo file"
   ansible.builtin.yum_repository:
     name: "{{ item.name }}"
-    description: "{{ item.description  | default(omit) }}"
+    description: "{{ item.description | default(omit) }}"
     baseurl: "{{ item.baseurl }}"
-    gpgcheck: "{{ item.gpgcheck  | default(omit) }}"
-    gpgkey: "{{ item.gpgkey  | default(omit) }}"
+    gpgcheck: "{{ item.gpgcheck | default(omit) }}"
+    gpgkey: "{{ item.gpgkey | default(omit) }}"
     repo_gpgcheck: "{{ item.repo_gpgcheck | default(omit) }}"
-    file: "{{ item.file  | default(omit) }}"
+    file: "{{ item.file | default(omit) }}"
     skip_if_unavailable: "{{ item.skip_if_unavailable | default(omit) }}"
     priority: "{{ item.priority | default('99') }}"
     enabled: "{{ item.enabled | default(true) }}"

diff --git a/tasks/install.yml b/tasks/install.yml
@@ -1,8 +1,10 @@
 ---
-- include: install-Debian.yml
+- name: Include Debian tasks
+  include_tasks: install-Debian.yml
   when: ansible_os_family == 'Debian'
 
-- include: install-Generic.yml
+- name: Include Generic tasks
+  include_tasks: install-Generic.yml
   when: ansible_os_family != 'Debian'
 
 - name: Enabling and starting HAproxy service