CI Ansible (#1)

* chore: libsecret * ci: gitleaks * ci: ansible-lint * chore: move tmux to tools * ci: debian * ci: try ansible * ci: ansible * ci: ansible * ci: ansible * ci: ansible * chore: flatpak * ci: ansible * chore: pip pipx executable * chore: pip * chore: podman * chore: podman * ci: ansible * ci: ansible setup ubuntu * chore: htop * ci: update
labasubagia · Jul 19, 2024 · 6e8d6fc · 6e8d6fc
1 parent 12de968
commit 6e8d6fc
Show file tree

Hide file tree

Showing 14 changed files with 154 additions and 8 deletions.
diff --git a/.github/workflows/absible-ubuntu.yml b/.github/workflows/absible-ubuntu.yml
@@ -0,0 +1,48 @@
+name: Ansible Setup Ubuntu
+on:
+  pull_request:
+    paths: ansible/playbooks/debian.yml
+  push:
+    paths: ansible/playbooks/debian.yml
+  workflow_dispatch:
+
+jobs:
+  run:
+    name: Setup Ubuntu
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt install -y age python3-paramiko
+
+          curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64
+          sudo mv sops-v3.9.0.linux.amd64 /usr/local/bin/sops
+          sudo chmod +x /usr/local/bin/sops
+
+      - name: Add age key
+        run: |
+          mkdir -p ~/.config/sops/age
+          echo "${{ secrets.AGE_KEY }}" > ~/.config/sops/age/keys.txt
+
+      - name: Pre setup
+        run: cp ansible/inventory.example.yml ansible/inventory.yml
+
+      - name: Setup install
+        run: |
+          ansible-playbook ansible/playbooks/debian.yml \
+            -i ansible/inventory.yml \
+            -e _hosts="localhost" \
+            -e _connection="local" \
+            -e '{"is_remove": false}' \
+            -e "ansible_python_interpreter=$(which python3)"
+
+      - name: Setup remove
+        run: |
+          ansible-playbook ansible/playbooks/debian.yml \
+            -i ansible/inventory.yml \
+            -e _hosts="localhost" \
+            -e _connection="local" \
+            -e '{"is_remove": true}' \
+            -e "ansible_python_interpreter=$(which python3)"
diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
@@ -0,0 +1,16 @@
+name: Ansible Lint
+on:
+  pull_request:
+    paths: ansible/**
+  push:
+    paths: ansible/**
+  workflow_dispatch:
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -0,0 +1,17 @@
+name: gitleaks
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+
+jobs:
+  scan:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -97,5 +97,6 @@
         ]
       }
     }
-  }
+  },
+  "ansible.python.interpreterPath": "/home/user/.nix-profile/bin/python"
 }
diff --git a/ansible/playbooks/debian.yml b/ansible/playbooks/debian.yml
@@ -35,6 +35,8 @@
           - "{{ workdir }}/ansible/tasks/tools/ripgrep/setup-debian.yml"
           - "{{ workdir }}/ansible/tasks/tools/adb/setup-debian.yml"
           - "{{ workdir }}/ansible/tasks/tools/scrcpy/setup-debian.yml"
+          - "{{ workdir }}/ansible/tasks/tools/tmux/setup-debian.yml"
+          - "{{ workdir }}/ansible/tasks/tools/htop/setup-debian.yml"
 
           - "{{ workdir }}/ansible/tasks/container/podman/setup-debian.yml"
 

diff --git a/ansible/tasks/container/podman/setup-debian.yml b/ansible/tasks/container/podman/setup-debian.yml
@@ -3,9 +3,8 @@
   vars:
     is_remove: false
 
-    pkgs:
-      - podman
-      - podman-compose
+    # in debian, podman need separate podman-compose (due to old pkg)
+    pkgs: "{{ ['podman', 'podman-compose'] if ansible_distribution == 'Debian' else ['podman'] }}"
 
     shell_indicator: "PODMAN"
     shell_alias: |

diff --git a/ansible/tasks/dev/python/pip-packages.yml b/ansible/tasks/dev/python/pip-packages.yml
@@ -15,6 +15,11 @@
         path: "{{ pip_executable }}"
       register: pip
 
+    - name: Setup pip > set facts
+      ansible.builtin.set_fact:
+        pip_extra_args:
+          - "{{ '--break-system-packages' if ansible_distribution == 'Debian' else '' }}"
+
     - name: Setup pip > executable exists
       when: pip.stat.exists
       block:
@@ -25,8 +30,9 @@
               ansible.builtin.pip:
                 name: "{{ pip_pkgs }}"
                 # break_system_packages: true # only ansible >=v2.17
-                extra_args: --break-system-packages
+                extra_args: "{{ pip_extra_args | join(' ') }}"
                 state: present
+                executable: "{{ pip_executable }}"
 
         - name: Setup pip > Setup Remove
           when: is_remove
@@ -35,5 +41,6 @@
               ansible.builtin.pip:
                 name: "{{ pip_pkgs }}"
                 # break_system_packages: true # only ansible >=v2.17
-                extra_args: --break-system-packages
+                extra_args: "{{ pip_extra_args | join(' ') }}"
                 state: absent
+                executable: "{{ pip_executable }}"
diff --git a/ansible/tasks/dev/python/pipx-packages.yml b/ansible/tasks/dev/python/pipx-packages.yml
@@ -46,6 +46,7 @@
               community.general.pipx:
                 name: "{{ pkg.name }}"
                 state: "{{ pkg.state | default('present') }}"
+                executable: "{{ pipx_executable }}"
               loop: "{{ pipx_pkgs }}"
               loop_control:
                 loop_var: pkg
@@ -56,6 +57,7 @@
                 name: "{{ pkg.name }}"
                 inject_packages: "{{ pkg.inject_deps }}"
                 state: inject
+                executable: "{{ pipx_executable }}"
               loop: "{{ pipx_pkgs }}"
               loop_control:
                 loop_var: pkg
@@ -67,6 +69,7 @@
                 inject_packages: "{{ pkg.inject_apps }}"
                 install_apps: true
                 state: inject
+                executable: "{{ pipx_executable }}"
               loop: "{{ pipx_pkgs }}"
               loop_control:
                 loop_var: pkg
@@ -78,6 +81,7 @@
               community.general.pipx:
                 name: "{{ pkg.name }}"
                 state: absent
+                executable: "{{ pipx_executable }}"
               loop: "{{ pipx_pkgs }}"
               loop_control:
                 loop_var: pkg

diff --git a/ansible/tasks/hello.yml b/ansible/tasks/hello.yml
@@ -7,3 +7,4 @@
     msg:
       host: "{{ ansible_host }}"
       connection: "{{ ansible_connection }}"
+      distribution: "{{ ansible_distribution }}"
diff --git a/ansible/tasks/pkg/apt.yml b/ansible/tasks/pkg/apt.yml
@@ -5,7 +5,6 @@
     is_remove: false
 
     pkgs:
-      - tmux
       - htop
       - age
       - curl

diff --git a/ansible/tasks/pkg/flatpak/setup-debian.yml b/ansible/tasks/pkg/flatpak/setup-debian.yml
@@ -19,6 +19,7 @@
             state: present
 
         - name: Setup Flatpak > Add repositories
+          become: true
           community.general.flatpak_remote:
             name: "{{ item.name }}"
             flatpakrepo_url: "{{ item.url }}"
@@ -29,7 +30,7 @@
       when: is_remove
       block:
         - name: Setup Flatpak > Remove repositories
-          when: false # skip for now due to stuck
+          become: true
           community.general.flatpak_remote:
             name: "{{ item.name }}"
             state: absent

diff --git a/ansible/tasks/tools/htop/setup-debian.yml b/ansible/tasks/tools/htop/setup-debian.yml
@@ -0,0 +1,25 @@
+---
+- name: Setup htop
+  vars:
+    is_remove: false
+
+    pkgs:
+      - htop
+  block:
+    - name: Setup htop > Setup Install
+      when: not is_remove
+      block:
+        - name: Setup htop > Install packages
+          become: true
+          ansible.builtin.apt:
+            name: "{{ pkgs }}"
+            state: present
+
+    - name: Setup htop > Setup Remove
+      when: is_remove
+      block:
+        - name: Setup htop > Remove packages
+          become: true
+          ansible.builtin.apt:
+            name: "{{ pkgs }}"
+            state: absent
diff --git a/ansible/tasks/tools/tmux/setup-debian.yml b/ansible/tasks/tools/tmux/setup-debian.yml
@@ -0,0 +1,25 @@
+---
+- name: Setup tmux
+  vars:
+    is_remove: false
+
+    pkgs:
+      - tmux
+  block:
+    - name: Setup tmux > Setup Install
+      when: not is_remove
+      block:
+        - name: Setup tmux > Install packages
+          become: true
+          ansible.builtin.apt:
+            name: "{{ pkgs }}"
+            state: present
+
+    - name: Setup tmux > Setup Remove
+      when: is_remove
+      block:
+        - name: Setup tmux > Remove packages
+          become: true
+          ansible.builtin.apt:
+            name: "{{ pkgs }}"
+            state: absent
diff --git a/nix/home/common/program/shell/default.nix b/nix/home/common/program/shell/default.nix
@@ -16,6 +16,7 @@
     gnupg
     ssh-to-age
     sshpass
+    libsecret
 
     # archive
     rar
-Original file line number
+Diff line change
@@ Expand Up / @@ -97,5 +97,6 @@ @@
             ]
           }
         }
-      }
+      },
+      "ansible.python.interpreterPath": "/home/user/.nix-profile/bin/python"
     }