GHA: fix contributors token #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
paths-ignore: | |
- '.github/**' | |
- '*.md' | |
- '.gitignore' | |
- 'roles/settings/**' | |
branches-ignore: | |
- 'dependabot/**' | |
pull_request: | |
paths-ignore: | |
- '*.md' | |
- '.gitignore' | |
- 'roles/settings/**' | |
workflow_dispatch: | |
permissions: | |
contents: write | |
actions: write | |
jobs: | |
ansible-lint: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
cache-dependency-path: 'requirements/requirements-lint.txt' | |
- name: Install packages | |
run: pip install -r ./requirements/requirements-lint.txt | |
- name: Run ansible linter | |
working-directory: ${{ github.workspace }} | |
run: ansible-lint | |
- name: Run salty linter | |
run: python3 ./scripts/salty-linter.py ./roles | |
check-entries: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check Missing Entries | |
run: ./scripts/check_missing_entries.sh | |
find-roles: | |
runs-on: ubuntu-22.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: set-matrix | |
run: echo "matrix={\"roles\":[$(awk '/# Apps Start/{flag=1;next}/# Apps End/{flag=0}flag' sandbox.yml | awk '!/#/' | awk -F'[][]' '{print $2}' | tr '\n' ',' | sed 's/,*$//' | awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' | awk '{ gsub(/ /,""); print }'| sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/')]}" >> $GITHUB_OUTPUT | |
install: | |
name: '${{ matrix.roles }}' | |
needs: [ansible-lint, check-entries, find-roles] | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: ${{ fromJson(needs.find-roles.outputs.matrix) }} | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Dependencies | |
run: curl https://raw.githubusercontent.com/saltyorg/sb/master/sb_install.sh --output sb_install.sh && sudo bash sb_install.sh -v && ansible --version | |
- name: Chown /srv/git | |
run: sudo chown -R runner:runner /srv/git | |
- name: Print pip dependencies | |
run: cat /srv/git/sb/requirements-saltbox.txt | |
- name: Edit accounts.yml | |
run: cd /srv/git/saltbox && sed -i 's/seed/runner/g' accounts.yml | |
- name: Create, chown and chmod /tmp/ansible | |
run: sudo mkdir /tmp/ansible && sudo chown -R runner:runner /tmp/ansible && chmod 0777 /tmp/ansible | |
- name: Syntax Check | |
run: cd /srv/git/saltbox && sudo ansible-playbook saltbox.yml --syntax-check | |
- name: Create CI vars file | |
run: | | |
echo "continuous_integration: true" > /tmp/vars.yml | |
echo "dockerhub:" >> /tmp/vars.yml | |
echo " token: ${{ secrets.DOCKERHUB_TOKEN }}" >> /tmp/vars.yml | |
echo " user: ${{ secrets.DOCKERHUB_USERNAME }}" >> /tmp/vars.yml | |
- name: Install Saltbox Core | |
run: cd /srv/git/saltbox && sudo ansible-playbook saltbox.yml --tags "core" --skip-tags "settings" --extra-vars "@/tmp/vars.yml" | |
- name: Copy default configuration | |
run: cp -n defaults/ansible.cfg.default ansible.cfg && cp -n defaults/settings.yml.default settings.yml | |
- name: Install ${{ matrix.roles }} | |
run: sudo ansible-playbook sandbox.yml --tags "${{ matrix.roles }}" --skip-tags "settings" --extra-vars "@/tmp/vars.yml" | |
webhook: | |
name: 'webhook' | |
runs-on: ubuntu-22.04 | |
needs: [ansible-lint, check-entries, find-roles, install] | |
if: always() && (github.actor == 'dependabot[bot]' || (github.event_name != 'pull_request' && github.event.repository.fork == false)) | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Determine Workflow Conclusion | |
run: python3 ./scripts/workflow-status.py '${{ toJSON(needs) }}' | |
- uses: sarisia/actions-status-discord@v1 | |
with: | |
webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
status: ${{ env.WORKFLOW_CONCLUSION }} | |
description: "Run attempt: ${{ github.run_attempt }}" | |
retry-on-failure: | |
if: failure() && github.actor != 'dependabot[bot]' && fromJSON(github.run_attempt) < 3 | |
needs: [install, webhook] | |
runs-on: ubuntu-latest | |
steps: | |
- env: | |
GH_REPO: ${{ github.repository }} | |
GH_TOKEN: ${{ github.token }} | |
run: gh workflow run retry.yml -F run_id=${{ github.run_id }} |