CI #926
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| - cron: "5 17 * * *" | |
| # Allow one concurrent deployment | |
| concurrency: | |
| group: "ansible-test" | |
| cancel-in-progress: true | |
| jobs: | |
| check: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.8" | |
| - uses: abatilo/[email protected] | |
| with: | |
| poetry-version: "1.3.2" | |
| - name: Create poetry virtualenv | |
| run: poetry install | |
| working-directory: ansible | |
| - name: Lint | |
| run: make lint-ansible lint-yaml | |
| shellcheck: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run ShellCheck | |
| uses: ludeeus/action-shellcheck@master | |
| with: | |
| version: v0.8.0 | |
| check_together: "yes" | |
| additional_files: "pre-commit" | |
| env: | |
| SHELLCHECK_OPTS: -e SC1091 | |
| vm: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: ["ubuntu-22.04", "ubuntu-20.04"] | |
| env: | |
| ANSIBLE_LOG_PATH: ${{ github.workspace }}/ansible/logs/ansible-vm-${{ matrix.os }}.log | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Copy dotfiles | |
| run: cp -vr "${{ github.workspace }}" ~ | |
| - name: Run the bootstrap script | |
| run: bash -e bootstrap.sh | |
| - name: Apply ansible playbook | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ~/dotfiles/ansible | |
| && ansible-galaxy install -r requirements.yml | |
| && ansible-playbook -u "$USER" -i test_hosts.ini site.yml --limit wsl | |
| - name: Apply ansible playbook again | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ~/dotfiles/ansible | |
| && ansible-playbook -u "$USER" -i test_hosts.ini site.yml --limit wsl | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: ansible-logs | |
| path: ansible/logs/ansible-*.log | |
| if: always() | |
| container: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ["ubuntu-22.04", "ubuntu-20.04"] | |
| env: | |
| ANSIBLE_LOG_PATH: /home/runner/dotfiles/ansible/logs/ansible-container-${{ matrix.image }}.log | |
| RUNNER_UID: "1001" # User ID for runner user | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Launch a target container | |
| run: >- | |
| docker run -d --name target --init -e ANSIBLE_LOG_PATH -w /home/$USER/dotfiles | |
| -v "$PWD:/home/$USER/dotfiles" | |
| -v "/home/$USER/work/_temp:/home/$USER/work/_temp" | |
| $(echo "${{ matrix.image }}" | tr "-" ":") tail -f | |
| - name: Create a non-root user and enable password-less sudo in the target container | |
| run: >- | |
| docker exec target bash -c " | |
| apt update | |
| && apt install -y sudo | |
| && useradd $USER -u $RUNNER_UID | |
| && echo '$USER ALL=(ALL:ALL) NOPASSWD: ALL' > /etc/sudoers.d/$USER | |
| && chown $USER:$USER /home/$USER | |
| " | |
| - name: Run the bootstrap script | |
| run: docker exec -u runner target bash -c "./bootstrap.sh" | |
| - name: Apply ansible playbook | |
| shell: docker exec -u runner target bash {0} | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ansible | |
| && ansible-galaxy install -r requirements.yml | |
| && ansible-playbook -u "$(whoami)" -i test_hosts.ini site.yml --limit wsl | |
| - name: Apply ansible playbook again | |
| shell: docker exec -u runner target bash {0} | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ansible | |
| && ansible-playbook -u "$(whoami)" -i test_hosts.ini site.yml --limit wsl | |
| - name: Kill the target container | |
| run: docker rm --force target | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: ansible-logs | |
| path: ansible/logs/ansible-*.log | |
| if: always() | |
| windows: | |
| runs-on: windows-2019 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - group: wsl | |
| distribution: Ubuntu-22.04 | |
| - group: wsl | |
| distribution: Ubuntu-20.04 | |
| - group: windows | |
| distribution: Ubuntu-20.04 | |
| env: | |
| WSLENV: ANSIBLE_LOG_PATH/up:GITHUB_ACTIONS | |
| ANSIBLE_LOG_PATH: >- | |
| ${{ github.workspace }}\ansible\logs\ansible-${{ matrix.group }}-${{ matrix.distribution }}.log | |
| defaults: | |
| run: | |
| shell: wsl-bash {0} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: Vampire/setup-wsl@v2 | |
| with: | |
| distribution: ${{ matrix.distribution }} | |
| set-as-default: "true" | |
| wsl-shell-user: wsl | |
| additional-packages: openssh-client | |
| wsl-conf: | | |
| [automount] | |
| enabled = true | |
| options = "metadata,uid=1000,gid=1000,umask=22,fmask=11 | |
| - name: Enable no password sudo by user | |
| shell: cmd | |
| run: >- | |
| wsl.exe --user root bash -c "echo 'wsl ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" | |
| - name: Generate a ssh key pair in WSL | |
| run: | | |
| ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" | |
| if: ${{ matrix.group == 'windows' }} | |
| - name: Setup Windows SSH Server | |
| shell: powershell | |
| run: | | |
| # Install SSH Server | |
| choco install --no-progress -y openssh --params "/SSHServerFeature" | |
| # Register a authorized key | |
| (wsl.exe -- cat /home/wsl/.ssh/id_rsa.pub) -join "`n" ` | |
| | % { [Text.Encoding]::UTF8.GetBytes($_) } ` | |
| | Set-Content -Path 'C:\ProgramData\ssh\administrators_authorized_keys' -Encoding Byte | |
| # Repair permissions for authorized key file | |
| icacls 'C:\ProgramData\ssh\administrators_authorized_keys' /inheritance:d | |
| icacls 'C:\ProgramData\ssh\administrators_authorized_keys' /remove 'NT AUTHORITY\Authenticated Users' | |
| icacls 'C:\ProgramData\ssh\administrators_authorized_keys' | |
| Restart-Service -Name sshd -Force | |
| if: ${{ matrix.group == 'windows' }} | |
| - name: Upgrade gzip version | |
| # Workaround for gzip error on Ubuntu 22.04 | |
| # https://github.com/microsoft/WSL/issues/4461#issuecomment-1134042360 | |
| run: >- | |
| curl -fsSL -o gzip_1.12-1_amd64.deb http://ftp.debian.org/debian/pool/main/g/gzip/gzip_1.12-1_amd64.deb | |
| && sudo dpkg -i ./gzip_1.12-1_amd64.deb && rm -f ./gzip_1.12-1_amd64.deb | |
| if: ${{ matrix.distribution == 'Ubuntu-22.04' }} | |
| - name: Copy dotfiles | |
| run: umask 0022 && mkdir -p ~/dotfiles && cp -vr . ~/dotfiles | |
| - name: Run the bootstrap script | |
| run: ./bootstrap.sh | |
| - name: Apply ansible playbook | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ~/dotfiles/ansible | |
| && ansible-galaxy install -r requirements.yml | |
| && ansible-playbook -u "$USER" -i test_hosts.ini site.yml --limit ${{ matrix.group }} | |
| - name: Apply ansible playbook again | |
| run: >- | |
| . /opt/ansible-venv/bin/activate | |
| && cd ~/dotfiles/ansible | |
| && ansible-playbook -u "$USER" -i test_hosts.ini site.yml --limit ${{ matrix.group }} | |
| - name: Show logs | |
| shell: powershell | |
| run: | | |
| ls ansible\logs | |
| wsl.exe -- ls -alh ansible/logs | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: ansible-logs | |
| path: ansible/logs/ansible-*.log | |
| if: always() |