artis3n / ansible_galaxy_collection Goto Github PK

Deploy a Collection to Ansible Galaxy.

License: MIT License

Dockerfile 5.50% TypeScript 92.88% JavaScript 1.62%

ansible ansible-collections github-actions

ansible_galaxy_collection's Introduction

Hello there.

I've been a security engineer and penetration tester and currently trick companies into letting me lead Application Security programs.

I tend to build open source projects around improving the user experience of security tooling and integrations. The secure thing should be the easiest thing for a developer to do.

Some of my active projects include:

artis3n.tailscale Ansible role to manage Tailscale on your servers
digitalocean/github-oidc/vault Terraform module for GitHub OIDC auth to Hashicorp Vault from GitHub Action runners
artis3n/ansible_galaxy_collection GitHub Action to deploy an Ansible collection to Ansible Galaxy

ansible_galaxy_collection's People

Stargazers

Watchers

Forkers

sckelemen bbq-beets anaismaili kolucci69 crypropolice huyz bettery24e

ansible_galaxy_collection's Issues

Allow templating of galaxy.yml file for version key

I've been working on publishing collections on git tags from GitHub automatically, and have it set up for some of my personal collections, but have had to hold of on doing it for other collections like community.kubernetes (see https://github.com/ansible-collections/kubernetes/issues/43) because the Galaxy token is global to my account, and anyone who could get some code into the Kubernetes collection could technically push to any project I have rights to in Galaxy.

However, in my personal collections, I also use a templated galaxy.yml file which lets me inject a version at build time (so I don't have to commit the version to GitHub, then tag it, then release it). Is there any way this action could support injecting a tag, e.g. when GitHub Actions runs, it grabs the tag (if it's a tag build), templates it into galaxy.yml, then runs the build and pushes the artifact?

Action cannot find galaxy.yml, but it exists

I'm attempting to add this action to a project, but it seems to be unable to find galaxy.yml.

Run artis3n/ansible_galaxy_collection@v2
  with:
    api_key: ***
    galaxy_version: v0.0.2
    galaxy_config_file: galaxy.yml
/usr/bin/docker run --name cc49567a1c911dfea64b8380238506c768c89f_b94aab --label cc4956 --workdir /github/workspace --rm -e INPUT_API_KEY -e INPUT_GALAXY_VERSION -e INPUT_COLLECTION_DIR -e INPUT_GALAXY_CONFIG_FILE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/home_assistant/home_assistant":"/github/workspace" cc4956:7a1c911dfea64b8380238506c768c89f
Error: ENOENT: no such file or directory, open 'galaxy.yml'

There is a galaxy.yml file in the repository root, so I'm not sure why it is saying it cannot find it.

Add a CHANGELOG

https://keepachangelog.com/en/1.0.0/

Add an input variable for non-project root collections

If your collection is not layed out in your repository root directory, support a collection_root input variable to pass to the ansible-galaxy collection build command. The publish command should not be affected, as the built .tar.gz would still be project root inside the action's container.

Resolve typescript failure

https://github.com/artis3n/ansible_galaxy_collection/runs/3508719008?check_suite_focus=true

Add tests

Create a dummy collection in Ansible Galaxy for use in a test suite.

npm ERR! Tracker "idealTree" already exists

Hi
I'm getting npm ERR! Tracker "idealTree" already exists error.
checkout this job for more info

Support galaxy.yml and galaxy.yaml

Speed up invocation of the action with Docker image

The runs section of the action.yml file can point to the built Docker image for each release. Invocations of this action will then use the built image instead of building each time, which save users ~3 minutes every time they call this.

Test checks don't run HEAD, v2.0.0 is broken

The built archive doesn't exist for the publish command

The first command executes successfully, presumably, but the publish command fails because it cannot find the .tar.gz file.

Also, I am not handling errors on the promise and it does not propagate up to the action. So the error is thrown in the log, but the step thinks it completed successfully.

Run artis3n/[email protected]
Building collection artis3n.github_version, version 1.0.1
ansible-galaxy collection build
Created collection for artis3n.github_version at /home/runner/work/github_version-ansible_plugin/github_version-ansible_plugin/artis3n-github_version-1.0.1.tar.gz
ansible-galaxy collection publish artis3n.github_version-1.0.1.tar.gz --api-key=***
Publishing collection artifact '/home/runner/work/github_version-ansible_plugin/github_version-ansible_plugin/artis3n.github_version-1.0.1.tar.gz' to default https://galaxy.ansible.com/api/
ERROR! The collection path specified '/home/runner/work/github_version-ansible_plugin/github_version-ansible_plugin/artis3n.github_version-1.0.1.tar.gz' does not exist.
(node:3189) UnhandledPromiseRejectionWarning: Error: The process 'ansible-galaxy' failed with exit code 1
    at ExecState._setResult (/home/runner/work/_actions/artis3n/ansible_galaxy_collection/v1.0.6/dist/index.js:597:25)
    at ExecState.CheckComplete (/home/runner/work/_actions/artis3n/ansible_galaxy_collection/v1.0.6/dist/index.js:580:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/artis3n/ansible_galaxy_collection/v1.0.6/dist/index.js:480:27)
    at ChildProcess.emit (events.js:200:13)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
(node:3189) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:3189) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

https://github.com/artis3n/github_version-ansible_plugin/commit/078b9c0e1fac7e20e733fc34dbdec1ac66453d8a/checks?check_suite_id=276872865

Support `manifest` in galaxy.yml

Ansible 2.14 added support for a manifest key in galaxy.yml: https://docs.ansible.com/ansible/latest/dev_guide/collections_galaxy_meta.html

I started using that but with this action, I get:

Run artis3n/ansible_galaxy_collection@v2
/usr/bin/docker run --name ghcrioartis3nansible_galaxy_collectionv283_8d28f9 --label ed866e --workdir /github/workspace --rm -e "WORKING_DIR" -e "ANSIBLE_FORCE_COLOR" -e "RELEASE_VERSION" -e "INPUT_COLLECTION_DIR" -e "INPUT_API_KEY" -e "INPUT_GALAXY_VERSION" -e "INPUT_BUILD" -e "INPUT_PUBLISH" -e "INPUT_GALAXY_CONFIG_FILE" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/ansible-collection-huyz-general/ansible-collection-huyz-general":"/github/workspace" ghcr.io/artis3n/ansible_galaxy_collection:v2.8.3
/usr/local/bin/ansible-galaxy collection build ansible_collections/huyz/general
ERROR! Use of "manifest" requires the python "distlib" library
Error: The process '/usr/local/bin/ansible-galaxy' failed with exit code 1

(details of Github action run: https://github.com/huyz/ansible-collection-huyz-general/actions/runs/4960150653/jobs/8875236322)

Is there an easy way to fix this?

v2.4.1 shows "code: 'MODULE_NOT_FOUND'".

Using this action:

---

name: Build and Deploy Collection

on:
  push:

jobs:
  deploy:
    runs-on: "Ubuntu-20.04"
    steps:
      - uses: actions/checkout@v2
      - name: Deploy Ansible Galaxy Collection
        uses: artis3n/[email protected]
        with:
          api_key: '${{ secrets.GALAXY_API_KEY }}'

An error is returned:

Run artis3n/[email protected]
  with:
    api_key: ***
    collection_dir: ./
    galaxy_config_file: galaxy.yml
/usr/bin/docker run --name a33c1e0073cbc558a485dbc2a2a878700ec94_025941 --label 8a33c1 --workdir /github/workspace --rm -e INPUT_API_KEY -e INPUT_COLLECTION_DIR -e INPUT_GALAXY_VERSION -e INPUT_GALAXY_CONFIG_FILE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/ansible-collection-roles/ansible-collection-roles":"/github/workspace" 8a33c1:e0073cbc558a485dbc2a2a878700ec94
node:internal/modules/cjs/loader:944
  throw err;
  ^

Error: Cannot find module '@actions/core'
Require stack:
- /app/dist/main.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:941:15)
    at Function.Module._load (node:internal/modules/cjs/loader:774:27)
    at Module.require (node:internal/modules/cjs/loader:1013:19)
    at require (node:internal/modules/cjs/helpers:93:18)
    at Object.<anonymous> (/app/dist/main.js:3:16)
    at Module._compile (node:internal/modules/cjs/loader:1109:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1138:10)
    at Module.load (node:internal/modules/cjs/loader:989:32)
    at Function.Module._load (node:internal/modules/cjs/loader:829:14)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:76:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/app/dist/main.js' ]
}

See the error

Maybe I made an error somewhere, but I guess something is wrong with the action.

BTW: Thanks for the action, it (normally) works great!

seeing some warning messages during the ansible_galaxy_collection@v2 container build.

The issue seems to be because of missing package.json file in the automated release of this action.

Can we explicitly remove the RUN npm install --production from the Dockerfile during the auto release phase as the repo already contains the compiled dist/ directory.

The change would like below:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b38c019..c848f09 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,6 +13,7 @@ jobs:
         uses: technote-space/[email protected]
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BUILD_COMMAND: npm install && npm run build && sed -i '/RUN npm install --production/d' Dockerfile

   deploy:
     runs-on: ubuntu-latest

Please let me know if you want me to raise a PR for this issue

Error: Was unable to read the galaxy.yml file at path: galaxy.yml

I am testing this action in this repo https://github.com/scicore-unibas-ch/ansible-modules-guacamole , which has a galaxy.yml file in the root folder, but I still get the error Error: Was unable to read the galaxy.yml file at path: galaxy.yml

Is this a bug or am I missing anything?

Automatically increment version in galaxy.yml

This action should supply 2 input parameters:

galaxy_version_increment and galaxy_version_commit

that read in the current value in galaxy.yml, increment it in major/minor/patch and commit the changed file to the branch that triggered the action run.

The package for 2.2.0 fails to run

The Dockerfile tries to copy the package.json file (https://github.com/artis3n/ansible_galaxy_collection/blob/master/Dockerfile#L17) but it is not included in the package

Migrate to Docker-based Action

Makes the action simpler to use by removing the required dependency steps a consumer must place in their workflow.

[feat]: Ability to publish to Automation Hub or alternate galaxies

Looks like the above image.

Allow for separate build and publish calls

See ansible-collections/overview#56 (comment) for further context:

That action also mixes up two stages that are meant to be separate: build + publish. I'm strongly against promoting such an approach.
Ideally, it should be possible to test what's going to be published rather than just source. When build+publish are squashed there's a possibility that you'll be testing not exactly what the user will get. And this flow looks as follows:

test the src.
build a tarball + immediately publish it w/o testing that tarball.
What I advocate for is the following:

Build a tarball and store it as an artifact.
Have a test matrix that downloads that tarball, installs it and tests its contents (this is most likely a separate job or a collection of jobs).
Have a publish step that downloads the very same tarball that's been tested and uploads it to galaxy. This ensures that this step doesn't have a different build that's being tested.

The intention for this Action is to provide a painless way to publish a Collection to Galaxy, so the default will remain build + publish, however we will support a flag to build-only and publish-only from a local artifact.