Merge branch 'master' into master

automationxpert · Nov 6, 2022 · 2f42ad3 · 2f42ad3
2 parents 03147b6 + 6b37ba5
commit 2f42ad3
Show file tree

Hide file tree

Showing 7 changed files with 324 additions and 80 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -5,20 +5,42 @@ on:
   push:
     branches:
       - master
-
+    paths-ignore:
+      - '**/README.md'
 jobs:
   pre-commit-ci:
     name: Pre-Commit
     runs-on: ubuntu-latest
+    env:
+      PYTHON_VERSION: "3.10"
 
     steps:
       - name: Check out the codebase
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # 4.3.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip' # caching pip dependencies
+
+      - name: Cache pip
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
 
-      - name: Set up Python 3.x
-        uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 #4.0.2
+      - name: Cache Ansible
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
         with:
-          python-version: "3.x"
+          path: ~/.ansible/collections
+          key: ${{ runner.os }}-ansible-${{ hashFiles('collections/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-ansible-
 
       - name: Install dependencies
         run: |
@@ -35,4 +57,17 @@ jobs:
           echo "::endgroup::"
 
       - name: Run pre-commit
-        uses: pre-commit/[email protected]
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0
+
+  ensure-pinned-actions:
+    name: Ensure SHA Pinned Actions
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6ca5574367befbc9efdb2fa25978084159c5902d # 1.3.0
+        with:
+          allowlist: |
+            aws-actions/
+            docker/login-action
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -25,6 +25,8 @@ jobs:
     steps:
       - name: Check out the codebase
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Configure VirtualBox
         run: |-
@@ -34,8 +36,16 @@ jobs:
           * fdad:bad:ba55::/64
           EOF
 
+      - name: Cache pip
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
       - name: Cache Vagrant boxes
-        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # 3.0.8
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
         with:
           path: |
             ~/.vagrant.d/boxes
@@ -50,14 +60,20 @@ jobs:
         run: ./.github/download-boxes.sh
 
       - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # 4.3.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip' # caching pip dependencies
 
       - name: Install dependencies
-        run: >-
-          python3 -m pip install --upgrade pip &&
+        run: |
+          echo "::group::Upgrade pip"
+          python3 -m pip install --upgrade pip
+          echo "::endgroup::"
+
+          echo "::group::Install Python requirements from requirements.txt"
           python3 -m pip install -r requirements.txt
+          echo "::endgroup::"
 
       - name: Test with molecule
         run: molecule test --scenario-name ${{ matrix.scenario }}
@@ -70,7 +86,7 @@ jobs:
 
       - name: Upload log files
         if: always() # do this even if a step before has failed
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # 3.1.0
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # 3.1.1
         with:
           name: logs
           path: |

diff --git a/ansible.cfg b/ansible.cfg
@@ -1,12 +1,23 @@
 [defaults]
-nocows = True
-roles_path = ./roles
-inventory  = ./hosts.ini
+nocows                  = True
+roles_path              = ./roles
+inventory               = ./hosts.ini
+stdout_callback         = yaml
 
-remote_tmp = $HOME/.ansible/tmp
-local_tmp  = $HOME/.ansible/tmp
-pipelining = True
-become = True
-host_key_checking = False
-deprecation_warnings = False
-callback_whitelist = profile_tasks
+remote_tmp              = $HOME/.ansible/tmp
+local_tmp               = $HOME/.ansible/tmp
+timeout                 = 60
+host_key_checking       = False
+deprecation_warnings    = False
+callback_whitelist      = profile_tasks
+log_path                = ./ansible.log
+
+[privilege_escalation]
+become                  = True
+
+[ssh_connection]
+scp_if_ssh              = smart
+retries                 = 3
+ssh_args                = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s
+pipelining              = True
+control_path            = %(directory)s/%%h-%%r
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -3,56 +3,73 @@ dependency:
   name: galaxy
 driver:
   name: vagrant
-.platform_presets:
-  - &control
+platforms:
+
+  - name: control1
+    box: generic/ubuntu2204
     memory: 2048
     cpus: 2
     groups:
       - k3s_cluster
       - master
-  - &node
-    memory: 2048
-    cpus: 2
-    groups:
-      - k3s_cluster
-      - node
-  - &debian
-    box: generic/debian11
-  - &rocky
-    box: generic/rocky9
-  - &ubuntu
-    box: generic/ubuntu2204
+    interfaces:
+      - network_name: private_network
+        ip: 192.168.30.38
     config_options:
       # We currently can not use public-key based authentication on Ubuntu 22.04,
       # see: https://github.com/chef/bento/issues/1405
       ssh.username: "vagrant"
       ssh.password: "vagrant"
-platforms:
-  - <<: [*control, *ubuntu]
-    name: control1
-    interfaces:
-      - network_name: private_network
-        ip: 192.168.30.38
-  - <<: [*control, *debian]
-    name: control2
+
+  - name: control2
+    box: generic/debian11
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - master
     interfaces:
       - network_name: private_network
         ip: 192.168.30.39
-  - <<: [*control, *rocky]
-    name: control3
+
+  - name: control3
+    box: generic/rocky9
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - master
     interfaces:
       - network_name: private_network
         ip: 192.168.30.40
-  - <<: [*node, *ubuntu]
-    name: node1
+
+  - name: node1
+    box: generic/ubuntu2204
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - node
     interfaces:
       - network_name: private_network
         ip: 192.168.30.41
-  - <<: [*node, *rocky]
-    name: node2
+    config_options:
+      # We currently can not use public-key based authentication on Ubuntu 22.04,
+      # see: https://github.com/chef/bento/issues/1405
+      ssh.username: "vagrant"
+      ssh.password: "vagrant"
+
+  - name: node2
+    box: generic/rocky9
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - node
     interfaces:
       - network_name: private_network
         ip: 192.168.30.42
+
 provisioner:
   name: ansible
   playbooks:

diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml
@@ -3,37 +3,39 @@ dependency:
   name: galaxy
 driver:
   name: vagrant
-.platform_presets:
-  - &control
+platforms:
+
+  - name: control1
+    box: generic/ubuntu2204
     memory: 2048
     cpus: 2
     groups:
       - k3s_cluster
       - master
-  - &node
+    interfaces:
+      - network_name: private_network
+        ip: fdad:bad:ba55::de:11
+    config_options:
+      # We currently can not use public-key based authentication on Ubuntu 22.04,
+      # see: https://github.com/chef/bento/issues/1405
+      ssh.username: "vagrant"
+      ssh.password: "vagrant"
+
+  - name: node1
+    box: generic/ubuntu2204
     memory: 2048
     cpus: 2
     groups:
       - k3s_cluster
       - node
-  - &ubuntu
-    box: generic/ubuntu2204
+    interfaces:
+      - network_name: private_network
+        ip: fdad:bad:ba55::de:21
     config_options:
       # We currently can not use public-key based authentication on Ubuntu 22.04,
       # see: https://github.com/chef/bento/issues/1405
       ssh.username: "vagrant"
       ssh.password: "vagrant"
-platforms:
-  - <<: [*control, *ubuntu]
-    name: control1
-    interfaces:
-      - network_name: private_network
-        ip: fdad:bad:ba55::de:11
-  - <<: [*node, *ubuntu]
-    name: node1
-    interfaces:
-      - network_name: private_network
-        ip: fdad:bad:ba55::de:21
 provisioner:
   name: ansible
   playbooks:

diff --git a/requirements.in b/requirements.in
@@ -0,0 +1,13 @@
+molecule>=4.0.1
+ansible-core>=2.13.2
+ansible-lint>=6.6.0
+kubernetes>=12.0.0
+molecule-vagrant>=1.0.0
+molecule>=4.0.1
+netaddr>=0.8.0
+pyyaml>=3.11
+yamllint>=1.28.0
+jmespath>=1.0.1
+jsonpatch>=1.32
+pre-commit>=2.20.0
+netaddr>=0.8.0