From 6e8d6fce840b6af33d9599fc866da1ca6f3170cc Mon Sep 17 00:00:00 2001 From: labasubagia <31754766+labasubagia@users.noreply.github.com> Date: Sat, 20 Jul 2024 00:59:36 +0800 Subject: [PATCH] CI Ansible (#1) * chore: libsecret * ci: gitleaks * ci: ansible-lint * chore: move tmux to tools * ci: debian * ci: try ansible * ci: ansible * ci: ansible * ci: ansible * ci: ansible * chore: flatpak * ci: ansible * chore: pip pipx executable * chore: pip * chore: podman * chore: podman * ci: ansible * ci: ansible setup ubuntu * chore: htop * ci: update --- .github/workflows/absible-ubuntu.yml | 48 +++++++++++++++++++ .github/workflows/ansible-lint.yml | 16 +++++++ .github/workflows/gitleaks.yml | 17 +++++++ .vscode/settings.json | 3 +- ansible/playbooks/debian.yml | 2 + .../tasks/container/podman/setup-debian.yml | 5 +- ansible/tasks/dev/python/pip-packages.yml | 11 ++++- ansible/tasks/dev/python/pipx-packages.yml | 4 ++ ansible/tasks/hello.yml | 1 + ansible/tasks/pkg/apt.yml | 1 - ansible/tasks/pkg/flatpak/setup-debian.yml | 3 +- ansible/tasks/tools/htop/setup-debian.yml | 25 ++++++++++ ansible/tasks/tools/tmux/setup-debian.yml | 25 ++++++++++ nix/home/common/program/shell/default.nix | 1 + 14 files changed, 154 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/absible-ubuntu.yml create mode 100644 .github/workflows/ansible-lint.yml create mode 100644 .github/workflows/gitleaks.yml create mode 100644 ansible/tasks/tools/htop/setup-debian.yml create mode 100644 ansible/tasks/tools/tmux/setup-debian.yml diff --git a/.github/workflows/absible-ubuntu.yml b/.github/workflows/absible-ubuntu.yml new file mode 100644 index 0000000..2907658 --- /dev/null +++ b/.github/workflows/absible-ubuntu.yml @@ -0,0 +1,48 @@ +name: Ansible Setup Ubuntu +on: + pull_request: + paths: ansible/playbooks/debian.yml + push: + paths: ansible/playbooks/debian.yml + workflow_dispatch: + +jobs: + run: + name: Setup Ubuntu + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt install -y age python3-paramiko + + curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 + sudo mv sops-v3.9.0.linux.amd64 /usr/local/bin/sops + sudo chmod +x /usr/local/bin/sops + + - name: Add age key + run: | + mkdir -p ~/.config/sops/age + echo "${{ secrets.AGE_KEY }}" > ~/.config/sops/age/keys.txt + + - name: Pre setup + run: cp ansible/inventory.example.yml ansible/inventory.yml + + - name: Setup install + run: | + ansible-playbook ansible/playbooks/debian.yml \ + -i ansible/inventory.yml \ + -e _hosts="localhost" \ + -e _connection="local" \ + -e '{"is_remove": false}' \ + -e "ansible_python_interpreter=$(which python3)" + + - name: Setup remove + run: | + ansible-playbook ansible/playbooks/debian.yml \ + -i ansible/inventory.yml \ + -e _hosts="localhost" \ + -e _connection="local" \ + -e '{"is_remove": true}' \ + -e "ansible_python_interpreter=$(which python3)" diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..00bf10c --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,16 @@ +name: Ansible Lint +on: + pull_request: + paths: ansible/** + push: + paths: ansible/** + workflow_dispatch: + +jobs: + lint: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..d9ab936 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,17 @@ +name: gitleaks +on: + pull_request: + push: + workflow_dispatch: + +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.vscode/settings.json b/.vscode/settings.json index 5db8077..b243bcd 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -97,5 +97,6 @@ ] } } - } + }, + "ansible.python.interpreterPath": "/home/user/.nix-profile/bin/python" } diff --git a/ansible/playbooks/debian.yml b/ansible/playbooks/debian.yml index 20b8a1f..dbd9e53 100644 --- a/ansible/playbooks/debian.yml +++ b/ansible/playbooks/debian.yml @@ -35,6 +35,8 @@ - "{{ workdir }}/ansible/tasks/tools/ripgrep/setup-debian.yml" - "{{ workdir }}/ansible/tasks/tools/adb/setup-debian.yml" - "{{ workdir }}/ansible/tasks/tools/scrcpy/setup-debian.yml" + - "{{ workdir }}/ansible/tasks/tools/tmux/setup-debian.yml" + - "{{ workdir }}/ansible/tasks/tools/htop/setup-debian.yml" - "{{ workdir }}/ansible/tasks/container/podman/setup-debian.yml" diff --git a/ansible/tasks/container/podman/setup-debian.yml b/ansible/tasks/container/podman/setup-debian.yml index d6b7ff7..4ed74a0 100644 --- a/ansible/tasks/container/podman/setup-debian.yml +++ b/ansible/tasks/container/podman/setup-debian.yml @@ -3,9 +3,8 @@ vars: is_remove: false - pkgs: - - podman - - podman-compose + # in debian, podman need separate podman-compose (due to old pkg) + pkgs: "{{ ['podman', 'podman-compose'] if ansible_distribution == 'Debian' else ['podman'] }}" shell_indicator: "PODMAN" shell_alias: | diff --git a/ansible/tasks/dev/python/pip-packages.yml b/ansible/tasks/dev/python/pip-packages.yml index c8d960f..9e4bfa1 100644 --- a/ansible/tasks/dev/python/pip-packages.yml +++ b/ansible/tasks/dev/python/pip-packages.yml @@ -15,6 +15,11 @@ path: "{{ pip_executable }}" register: pip + - name: Setup pip > set facts + ansible.builtin.set_fact: + pip_extra_args: + - "{{ '--break-system-packages' if ansible_distribution == 'Debian' else '' }}" + - name: Setup pip > executable exists when: pip.stat.exists block: @@ -25,8 +30,9 @@ ansible.builtin.pip: name: "{{ pip_pkgs }}" # break_system_packages: true # only ansible >=v2.17 - extra_args: --break-system-packages + extra_args: "{{ pip_extra_args | join(' ') }}" state: present + executable: "{{ pip_executable }}" - name: Setup pip > Setup Remove when: is_remove @@ -35,5 +41,6 @@ ansible.builtin.pip: name: "{{ pip_pkgs }}" # break_system_packages: true # only ansible >=v2.17 - extra_args: --break-system-packages + extra_args: "{{ pip_extra_args | join(' ') }}" state: absent + executable: "{{ pip_executable }}" diff --git a/ansible/tasks/dev/python/pipx-packages.yml b/ansible/tasks/dev/python/pipx-packages.yml index 8492ecc..175ab3f 100644 --- a/ansible/tasks/dev/python/pipx-packages.yml +++ b/ansible/tasks/dev/python/pipx-packages.yml @@ -46,6 +46,7 @@ community.general.pipx: name: "{{ pkg.name }}" state: "{{ pkg.state | default('present') }}" + executable: "{{ pipx_executable }}" loop: "{{ pipx_pkgs }}" loop_control: loop_var: pkg @@ -56,6 +57,7 @@ name: "{{ pkg.name }}" inject_packages: "{{ pkg.inject_deps }}" state: inject + executable: "{{ pipx_executable }}" loop: "{{ pipx_pkgs }}" loop_control: loop_var: pkg @@ -67,6 +69,7 @@ inject_packages: "{{ pkg.inject_apps }}" install_apps: true state: inject + executable: "{{ pipx_executable }}" loop: "{{ pipx_pkgs }}" loop_control: loop_var: pkg @@ -78,6 +81,7 @@ community.general.pipx: name: "{{ pkg.name }}" state: absent + executable: "{{ pipx_executable }}" loop: "{{ pipx_pkgs }}" loop_control: loop_var: pkg diff --git a/ansible/tasks/hello.yml b/ansible/tasks/hello.yml index 576604f..e252ced 100644 --- a/ansible/tasks/hello.yml +++ b/ansible/tasks/hello.yml @@ -7,3 +7,4 @@ msg: host: "{{ ansible_host }}" connection: "{{ ansible_connection }}" + distribution: "{{ ansible_distribution }}" diff --git a/ansible/tasks/pkg/apt.yml b/ansible/tasks/pkg/apt.yml index f029543..b5fcb80 100644 --- a/ansible/tasks/pkg/apt.yml +++ b/ansible/tasks/pkg/apt.yml @@ -5,7 +5,6 @@ is_remove: false pkgs: - - tmux - htop - age - curl diff --git a/ansible/tasks/pkg/flatpak/setup-debian.yml b/ansible/tasks/pkg/flatpak/setup-debian.yml index c4203dd..1f9ceac 100644 --- a/ansible/tasks/pkg/flatpak/setup-debian.yml +++ b/ansible/tasks/pkg/flatpak/setup-debian.yml @@ -19,6 +19,7 @@ state: present - name: Setup Flatpak > Add repositories + become: true community.general.flatpak_remote: name: "{{ item.name }}" flatpakrepo_url: "{{ item.url }}" @@ -29,7 +30,7 @@ when: is_remove block: - name: Setup Flatpak > Remove repositories - when: false # skip for now due to stuck + become: true community.general.flatpak_remote: name: "{{ item.name }}" state: absent diff --git a/ansible/tasks/tools/htop/setup-debian.yml b/ansible/tasks/tools/htop/setup-debian.yml new file mode 100644 index 0000000..41250a7 --- /dev/null +++ b/ansible/tasks/tools/htop/setup-debian.yml @@ -0,0 +1,25 @@ +--- +- name: Setup htop + vars: + is_remove: false + + pkgs: + - htop + block: + - name: Setup htop > Setup Install + when: not is_remove + block: + - name: Setup htop > Install packages + become: true + ansible.builtin.apt: + name: "{{ pkgs }}" + state: present + + - name: Setup htop > Setup Remove + when: is_remove + block: + - name: Setup htop > Remove packages + become: true + ansible.builtin.apt: + name: "{{ pkgs }}" + state: absent diff --git a/ansible/tasks/tools/tmux/setup-debian.yml b/ansible/tasks/tools/tmux/setup-debian.yml new file mode 100644 index 0000000..ddc8620 --- /dev/null +++ b/ansible/tasks/tools/tmux/setup-debian.yml @@ -0,0 +1,25 @@ +--- +- name: Setup tmux + vars: + is_remove: false + + pkgs: + - tmux + block: + - name: Setup tmux > Setup Install + when: not is_remove + block: + - name: Setup tmux > Install packages + become: true + ansible.builtin.apt: + name: "{{ pkgs }}" + state: present + + - name: Setup tmux > Setup Remove + when: is_remove + block: + - name: Setup tmux > Remove packages + become: true + ansible.builtin.apt: + name: "{{ pkgs }}" + state: absent diff --git a/nix/home/common/program/shell/default.nix b/nix/home/common/program/shell/default.nix index 0824af6..88b0feb 100644 --- a/nix/home/common/program/shell/default.nix +++ b/nix/home/common/program/shell/default.nix @@ -16,6 +16,7 @@ gnupg ssh-to-age sshpass + libsecret # archive rar