Fix: Added Ansible Sanity best practices (#26)

* feat: Applied Ansible best practices * Fix: Applied several Ansible sanity best practices * fix: Added ansible-test.sanity
zscaler · Apr 22, 2024 · 693eabb · 693eabb
1 parent 4671e0d
commit 693eabb
Show file tree

Hide file tree

Showing 141 changed files with 4,744 additions and 3,542 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -10,7 +10,7 @@ profile: production
 # and not relative to the CWD of execution. CLI arguments passed to the --exclude
 # option are parsed relative to the CWD of execution.
 exclude_paths:
-#   - .cache/ # implicit unless exclude_paths is defined in config
+  #   - .cache/ # implicit unless exclude_paths is defined in config
   - .github/
 #   - test/fixtures/formatting-before/
 #   - test/fixtures/formatting-prettier/
@@ -21,9 +21,8 @@ exclude_paths:
 
 # Mock modules or roles in order to pass ansible-playbook --syntax-check
 # mock_modules:
-#   - paloaltonetworks.panos.panos_op
 #   - zuul_return
-#   # note the foo.bar is invalid as being neither a module or a collection
+# note the foo.bar is invalid as being neither a module or a collection
 #   - fake_namespace.fake_collection.fake_module
 #   - fake_namespace.fake_collection.fake_module.fake_submodule
 # mock_roles:
@@ -53,7 +52,7 @@ exclude_paths:
 # When putting ignores inside the ignore file, they are marked as ignored, but
 # still visible, making it easier to address later.
 # skip_list:
-#   - role-name
+#   - skip_this_tag
 
 # Ansible-lint does not automatically load rules that have the 'opt-in' tag.
 # You must enable opt-in rules by listing each rule 'id' below.
@@ -72,13 +71,13 @@ enable_list:
 
 # Ansible-lint does not fail on warnings from the rules or tags listed below
 # warn_list:
-  # - skip_this_tag
-  # - experimental # experimental is included in the implicit list
-  # - role-name
-  # - yaml[document-start]  # you can also use sub-rule matches
+#   - skip_this_tag
+#   - experimental # experimental is included in the implicit list
+# - role-name
+# - yaml[document-start]  # you can also use sub-rule matches
 
 # Some rules can transform files to fix (or make it easier to fix) identified
-# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
 # By default it will run all transforms (effectively `write_list: ["all"]`).
 # You can disable running transforms by setting `write_list: ["none"]`.
 # Or only enable a subset of rule transforms by listing rules/tags here.
@@ -88,11 +87,6 @@ enable_list:
 # Offline mode disables installation of requirements.yml and schema refreshing
 # offline: true
 
-# Return success if number of violations compared with previous git
-# commit has not increased. This feature works only in git
-# repositories.
-# progressive: false
-
 # Define required Ansible's variables to satisfy syntax check
 # extra_vars:
 #   foo: bar
@@ -108,12 +102,12 @@ enable_list:
 # List of additional kind:pattern to be added at the top of the default
 # match list, first match determines the file kind.
 # kinds:
-  # - playbook: "**/examples/*.{yml,yaml}"
-  # - galaxy: "**/folder/galaxy.yml"
-  # - tasks: "**/tasks/*.yml"
-  # - vars: "**/vars/*.yml"
-  # - meta: "**/meta/main.yml"
-  # - yaml: "**/*.yaml-too"
+# - playbook: "**/examples/*.{yml,yaml}"
+# - galaxy: "**/folder/galaxy.yml"
+# - tasks: "**/tasks/*.yml"
+# - vars: "**/vars/*.yml"
+# - meta: "**/meta/main.yml"
+# - yaml: "**/*.yaml-too"
 
 # List of additional collections to allow in only-builtins rule.
 # only_builtins_allow_collections:
@@ -125,3 +119,7 @@ enable_list:
 
 # Allow setting custom prefix for name[prefix] rule
 # task_name_prefix: "{stem} | "
+# Complexity related settings
+
+# Limit the depth of the nested blocks:
+# max_block_depth: 20
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -51,4 +51,4 @@ assignees: ''
 - Collection:
 - Python:
 - Ansible:
-- Zscaler SDK Python Library & version (e.g. zscaler-sdk-python 1.0.0)
+- Zscaler SDK Python Library & version (e.g. zscaler-sdk-python 0.1.1)
diff --git a/.github/do-release.sh b/.github/do-release.sh
diff --git a/.github/set-version.sh b/.github/set-version.sh
diff --git a/.github/workflows/ansible-test-sanity.yml b/.github/workflows/ansible-test-sanity.yml
@@ -0,0 +1,30 @@
+name: sanity
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+jobs:
+  sanity:
+    timeout-minutes: 30
+    name: Sanity (Ⓐ$${{ matrix.versions.ansible }})
+    strategy:
+      fail-fast: false
+      matrix:
+        versions:
+          - ansible: stable-2.15
+            python: "3.10"
+          - ansible: stable-2.16
+            python: "3.11"
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Perform testing
+        uses: ansible-community/ansible-test-gh-action@release/v1
+        with:
+          ansible-core-version: ${{ matrix.versions.ansible }}
+          origin-python-version: ${{ matrix.versions.python }}
+          target-python-version: ${{ matrix.versions.python }}
+          testing-type: sanity
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,46 @@
+name: Release
+
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.8
+      - name: Install pip
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+      - name: Create release artifacts
+        run: |
+          ansible-galaxy collection build
+          ansible-galaxy collection publish *.tar.gz --api-key ${{ secrets.GALAXY_API_KEY }}
+      - name: Release artifacts to GitHub
+        run: |
+          gh release upload $TAG ./zscaler-ziacloud*.tar.gz
+        env:
+          TAG: ${{ github.event.release.tag_name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload to Ansible Automation Hub
+        run: |
+          cat << EOF > ansible.cfg
+          [galaxy]
+          server_list = automation_hub
+
+          [galaxy_server.automation_hub]
+          url=https://console.redhat.com/api/automation-hub/content/inbound-zscaler/
+          auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+          token=$AAP_KEY
+          EOF
+          ansible-galaxy collection publish ./zscaler-ziacloud*.tar.gz
+        env:
+          AAP_KEY: ${{ secrets.AAP_KEY }}