From 048e514e17c669f73f6bf0727ed33080eebcc404 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:13:15 +0100 Subject: [PATCH 01/28] ci: test latests linux distros --- .github/workflows/tests.yml | 56 ++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 451f501..3932942 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,20 +1,18 @@ name: molecule test - on: push: branches: - master - develop paths: - - 'defaults/**' - - 'handlers/**' - - 'molecule/**' - - 'tasks/**' - - 'templates/**' - - 'vars/**' - schedule: - - cron: '0 6 * * 0' + - "defaults/**" + - "handlers/**" + - "molecule/**" + - "tasks/**" + - "templates/**" + - "vars/**" workflow_dispatch: + - master env: MOLECULE_DOCKER_VOLUMES: rw @@ -31,21 +29,25 @@ jobs: max-parallel: 5 matrix: config: - - os: "debian11" - - os: "fedora39" - - os: "ubuntu20" - - os: "ubuntu22" - - os: "rockylinux9" + - os: "debian13" + - os: "fedora43" + - os: "ubuntu24" + - os: "rockylinux10" steps: - name: checkout uses: actions/checkout@v6 with: path: "${{ github.repository }}" + - name: Remove unnecessary files + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf "$AGENT_TOOLSDIRECTORY" + - name: Set up Python 3 uses: actions/setup-python@v6 with: - python-version: '3.14' + python-version: "3.14" - name: Install test dependencies run: | @@ -55,8 +57,8 @@ jobs: run: molecule test --scenario-name repo working-directory: "${{ github.repository }}" env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" MOLECULE_IMAGE: ${{ matrix.config.os }} MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} @@ -75,21 +77,25 @@ jobs: max-parallel: 5 matrix: config: - - os: "debian11" - - os: "fedora37" - - os: "ubuntu20" - - os: "ubuntu22" - - os: "rockylinux9" + - os: "debian13" + - os: "fedora43" + - os: "ubuntu24" + - os: "rockylinux10" steps: - name: checkout uses: actions/checkout@v6 with: path: "${{ github.repository }}" + - name: Remove unnecessary files + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf "$AGENT_TOOLSDIRECTORY" + - name: Set up Python 3 uses: actions/setup-python@v6 with: - python-version: '3.14' + python-version: "3.14" - name: Install test dependencies run: pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath @@ -98,8 +104,8 @@ jobs: run: molecule test --scenario-name org working-directory: "${{ github.repository }}" env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" MOLECULE_IMAGE: ${{ matrix.config.os }} MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} From dc2144efdb90b068cbeaed27af56723c0a3c006d Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:17:41 +0100 Subject: [PATCH 02/28] fix: linting --- molecule/no_default_labels/converge.yml | 3 +-- molecule/no_default_labels/verify.yml | 4 ++-- tasks/assert.yml | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/molecule/no_default_labels/converge.yml b/molecule/no_default_labels/converge.yml index 6b32de6..4408ba5 100644 --- a/molecule/no_default_labels/converge.yml +++ b/molecule/no_default_labels/converge.yml @@ -10,8 +10,7 @@ runner_name: test_name runner_no_default_labels: true runner_labels: - - testlabel1 + - testlabel1 - testlabel2 roles: - role: monolithprojects.github_actions_runner - diff --git a/molecule/no_default_labels/verify.yml b/molecule/no_default_labels/verify.yml index a079a88..b2f2dc2 100644 --- a/molecule/no_default_labels/verify.yml +++ b/molecule/no_default_labels/verify.yml @@ -32,7 +32,7 @@ - debug: var: registered_runners.json.runners.0 - + - name: Set fact - current labels ansible.builtin.set_fact: current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}" @@ -41,4 +41,4 @@ ansible.builtin.assert: that: - current_labels == ['testlabel1', 'testlabel2'] - fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" \ No newline at end of file + fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" diff --git a/tasks/assert.yml b/tasks/assert.yml index 888528a..3c2b9aa 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -45,4 +45,4 @@ that: - not (runner_no_default_labels | bool) or (runner_labels is defined and runner_labels | length > 0) fail_msg: "runner_labels must be set and not empty when runner_no_default_labels is true." - run_once: true \ No newline at end of file + run_once: true From 16268f0a19427afe8a094e43a8c7f48024865023 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:18:45 +0100 Subject: [PATCH 03/28] ci: small fix --- .github/workflows/tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3932942..45d3d16 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -12,7 +12,6 @@ on: - "templates/**" - "vars/**" workflow_dispatch: - - master env: MOLECULE_DOCKER_VOLUMES: rw From 364c4b26470a35af1dd68786c203f1438cfdbee3 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:26:33 +0100 Subject: [PATCH 04/28] fix: linting --- tasks/install_runner_unix.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/tasks/install_runner_unix.yml b/tasks/install_runner_unix.yml index 3355c56..12202b0 100644 --- a/tasks/install_runner_unix.yml +++ b/tasks/install_runner_unix.yml @@ -20,7 +20,7 @@ changed_when: false ignore_errors: true -- name: Force reinstall if runner {{ runner_name }} in registered_runners is offline (meaning the self-hosted runner is not tied to the Github runner) +- name: Force reinstall if runner in registered_runners is offline (not tied to Github runner) - {{ runner_name }} ansible.builtin.set_fact: reinstall_runner: true when: @@ -30,8 +30,9 @@ - name: Unarchive runner package ansible.builtin.unarchive: - src: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ - actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" + src: + "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ + actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" dest: "{{ runner_dir }}/" owner: "{{ runner_user_id.stdout }}" group: "{{ runner_user_group_id.stdout }}" @@ -74,12 +75,11 @@ github_full_url: "{{ github_url }}/enterprises/{{ github_enterprise }}" when: github_enterprise is defined -- name: Register runner # noqa no-changed-when +- name: Register runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" ACTIONS_RUNNER_INPUT_TOKEN: "{{ registration.json.token }}" - ansible.builtin.command: - "{{ runner_dir }}/./config.sh \ + ansible.builtin.command: "{{ runner_dir }}/./config.sh \ --url {{ github_full_url }} \ --name '{{ runner_name }}' \ --labels {{ runner_labels | join(',') }} \ @@ -110,16 +110,15 @@ when: - runner_name in registered_runners.json.runners|map(attribute='name')|list - (runner_labels | sort) != (registered_runners.json.runners | selectattr('name', 'equalto', runner_name) | first).labels | - selectattr('type', 'equalto', 'custom') | - map(attribute='name') | - list + selectattr('type', 'equalto', 'custom') | + map(attribute='name') | + list -- name: Replace registered runner # noqa no-changed-when +- name: Replace registered runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" ACTIONS_RUNNER_INPUT_TOKEN: "{{ registration.json.token }}" - ansible.builtin.command: - "{{ runner_dir }}/config.sh \ + ansible.builtin.command: "{{ runner_dir }}/config.sh \ --url {{ github_full_url }} \ --name '{{ runner_name }}' \ --labels {{ runner_labels | join(',') }} \ @@ -137,7 +136,7 @@ runner_name in registered_runners.json.runners|map(attribute='name')|list and reinstall_runner -- name: Install service # noqa no-changed-when +- name: Install service # noqa no-changed-when ansible.builtin.command: "./svc.sh install {{ runner_user }}" args: chdir: "{{ runner_dir }}" @@ -150,7 +149,7 @@ src: "{{ runner_dir }}/.service" register: runner_service -- name: START and enable Github Actions Runner service (Linux) # noqa no-changed-when +- name: START and enable Github Actions Runner service (Linux) # noqa no-changed-when ansible.builtin.command: "./svc.sh start" args: chdir: "{{ runner_dir }}" @@ -164,7 +163,7 @@ ansible_facts.services[(runner_service.content | b64decode) | trim ]['state'] | default('stopped') != 'running' - name: START and enable Github Actions Runner service (macOS) # TODO: Idempotence - ansible.builtin.command: "./svc.sh start" # noqa no-changed-when + ansible.builtin.command: "./svc.sh start" # noqa no-changed-when args: chdir: "{{ runner_dir }}" become: false @@ -173,7 +172,7 @@ changed_when: true when: ansible_facts.system == 'Darwin' and runner_state|lower -- name: STOP and disable Github Actions Runner service # noqa no-changed-when +- name: STOP and disable Github Actions Runner service # noqa no-changed-when ansible.builtin.command: "./svc.sh stop" args: chdir: "{{ runner_dir }}" From 0ecba627356f103823fa9f54f31d258d8abdea8a Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:28:15 +0100 Subject: [PATCH 05/28] ci: empty line --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 45d3d16..10c0681 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,4 +1,5 @@ name: molecule test + on: push: branches: From 6b1ff3a301580165a479fb89c203f6df99752608 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:31:27 +0100 Subject: [PATCH 06/28] docs: update vars in readme file --- README.md | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index b4169bf..0d6effb 100644 --- a/README.md +++ b/README.md @@ -55,21 +55,20 @@ Personal Access Token for GitHub account can be created [here](https://github.co ## Supported Operating Systems -* Red Hat Enterprise Linux 7+ -* CentOS 7+ +* Red Hat Enterprise Linux 8+ * Rocky Linux 8+ -* Fedora 29+ -* Debian 9+ -* Ubuntu 18.04+ +* Fedora 40+ +* Debian 10+ +* Ubuntu 22.04+ * MacOS High Sierra + * Windows ## Weekly tested on: -* Debian 11 -* Fedora 39 -* Rocky Linux 9 -* Ubuntu 20,22 +* Debian 13 +* Fedora 43 +* Rocky Linux 10 +* Ubuntu 24 ## Role Variables @@ -113,9 +112,6 @@ runner_org: false # Labels to apply to the runner runner_labels: [] -# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. -runner_no_default_labels: false - # Group to add organization runner to runner_group: "" @@ -126,6 +122,9 @@ runner_download_repository: "actions/runner" # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" +# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. +runner_no_default_labels: false + # Name to assign to this runner in GitHub (System hostname as default) runner_name: "{{ ansible_facts.hostname }}" From d2e4f07ec2b96f94fe4288c7c52913d4e107b148 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 11:41:53 +0100 Subject: [PATCH 07/28] ci: use different image source --- molecule/custom_env/molecule.yml | 8 ++++---- molecule/default/molecule.yml | 8 ++++---- molecule/no_default_labels/molecule.yml | 8 ++++---- molecule/org/molecule.yml | 8 ++++---- molecule/repo/molecule.yml | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/molecule/custom_env/molecule.yml b/molecule/custom_env/molecule.yml index 5bc8d31..bb3d980 100644 --- a/molecule/custom_env/molecule.yml +++ b/molecule/custom_env/molecule.yml @@ -5,16 +5,16 @@ provisioner: defaults: verbosity: 0 playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy driver: name: docker platforms: - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4c68ee3..1b31fc9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -5,16 +5,16 @@ provisioner: defaults: verbosity: 0 playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy driver: name: docker platforms: - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 diff --git a/molecule/no_default_labels/molecule.yml b/molecule/no_default_labels/molecule.yml index 8d3aa46..96ed593 100644 --- a/molecule/no_default_labels/molecule.yml +++ b/molecule/no_default_labels/molecule.yml @@ -5,16 +5,16 @@ provisioner: defaults: verbosity: 0 playbooks: - converge: converge.yml - cleanup: ../default/cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: ../default/cleanup.yml + verify: verify.yml dependency: name: galaxy driver: name: docker platforms: - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 diff --git a/molecule/org/molecule.yml b/molecule/org/molecule.yml index a071d05..30f5e8b 100644 --- a/molecule/org/molecule.yml +++ b/molecule/org/molecule.yml @@ -2,9 +2,9 @@ provisioner: name: ansible playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy lint: | @@ -14,7 +14,7 @@ driver: name: docker platforms: - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 diff --git a/molecule/repo/molecule.yml b/molecule/repo/molecule.yml index be81883..ef48ae6 100644 --- a/molecule/repo/molecule.yml +++ b/molecule/repo/molecule.yml @@ -2,9 +2,9 @@ provisioner: name: ansible playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy lint: | @@ -14,7 +14,7 @@ driver: name: docker platforms: - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 From 9254bcf7be86dbec734be8f75cc7bac2f50538d5 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 18:29:56 +0100 Subject: [PATCH 08/28] ci: use different image source --- molecule/custom_env/converge.yml | 7 +++---- molecule/custom_env/molecule.yml | 10 ++++++---- molecule/default/converge.yml | 16 +++++++--------- molecule/default/molecule.yml | 10 ++++++---- molecule/no_default_labels/cleanup.yml | 13 +++++++++++++ molecule/no_default_labels/converge.yml | 2 +- molecule/no_default_labels/molecule.yml | 12 +++++++----- molecule/org/converge.yml | 3 +-- molecule/org/molecule.yml | 18 ++++++++++-------- molecule/repo/converge.yml | 13 ++++++------- molecule/repo/molecule.yml | 16 +++++++++------- 11 files changed, 69 insertions(+), 51 deletions(-) create mode 100644 molecule/no_default_labels/cleanup.yml diff --git a/molecule/custom_env/converge.yml b/molecule/custom_env/converge.yml index bd8f486..6e907bf 100644 --- a/molecule/custom_env/converge.yml +++ b/molecule/custom_env/converge.yml @@ -1,18 +1,17 @@ --- - name: Dev test playbook - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" runner_name: test_name runner_labels: - - label1 - - repo-runner + - label1 + - repo-runner custom_env: | # HTTPS_PROXY=YOUR_URL_HERE diff --git a/molecule/custom_env/molecule.yml b/molecule/custom_env/molecule.yml index bb3d980..08eb032 100644 --- a/molecule/custom_env/molecule.yml +++ b/molecule/custom_env/molecule.yml @@ -10,14 +10,16 @@ provisioner: verify: verify.yml dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 2e15c2d..c99663b 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,11 +1,10 @@ --- - name: Dev test playbook - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" @@ -14,20 +13,19 @@ reinstall_runner: false hide_sensitive_logs: no runner_labels: - - label1 - - repo-runner + - label1 + - repo-runner roles: - robertdebock.epel - monolithprojects.github_actions_runner # Run the playbook again with different labels to test - name: Dev test playbook second run - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" @@ -36,9 +34,9 @@ reinstall_runner: false hide_sensitive_logs: no runner_labels: - - label1 - - repo-runner - - label2 + - label1 + - repo-runner + - label2 roles: - robertdebock.epel - monolithprojects.github_actions_runner diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 1b31fc9..4a10086 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,14 +10,16 @@ provisioner: verify: verify.yml dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true diff --git a/molecule/no_default_labels/cleanup.yml b/molecule/no_default_labels/cleanup.yml new file mode 100644 index 0000000..34bc208 --- /dev/null +++ b/molecule/no_default_labels/cleanup.yml @@ -0,0 +1,13 @@ +--- +- name: Cleanup + user: ansible + hosts: all + become: yes + vars: + runner_user: ansible + github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" + github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" + runner_state: absent + runner_name: test_name + roles: + - monolithprojects.github_actions_runner diff --git a/molecule/no_default_labels/converge.yml b/molecule/no_default_labels/converge.yml index 4408ba5..7a76bf3 100644 --- a/molecule/no_default_labels/converge.yml +++ b/molecule/no_default_labels/converge.yml @@ -3,7 +3,7 @@ hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" diff --git a/molecule/no_default_labels/molecule.yml b/molecule/no_default_labels/molecule.yml index 96ed593..9a5058d 100644 --- a/molecule/no_default_labels/molecule.yml +++ b/molecule/no_default_labels/molecule.yml @@ -6,18 +6,20 @@ provisioner: verbosity: 0 playbooks: converge: converge.yml - cleanup: ../default/cleanup.yml + cleanup: cleanup.yml verify: verify.yml dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 27e6ef6..158c989 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -1,10 +1,9 @@ --- - name: Install Org Runner - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes runner_state: "stopped" diff --git a/molecule/org/molecule.yml b/molecule/org/molecule.yml index 30f5e8b..0d54702 100644 --- a/molecule/org/molecule.yml +++ b/molecule/org/molecule.yml @@ -1,23 +1,25 @@ --- provisioner: name: ansible + config_options: + defaults: + verbosity: 0 playbooks: converge: converge.yml cleanup: cleanup.yml verify: verify.yml dependency: name: galaxy -lint: | - yamllint . - ansible-lint . + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true @@ -32,7 +34,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index c6f1704..1ea8762 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -1,17 +1,16 @@ --- - name: Install Repo runner - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" runner_labels: - - label1 - - repo-runner + - label1 + - repo-runner roles: - robertdebock.epel - monolithprojects.github_actions_runner @@ -28,9 +27,9 @@ github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" runner_labels: - - label1 - - repo-runner - - label2 + - label1 + - repo-runner + - label2 roles: - robertdebock.epel - monolithprojects.github_actions_runner diff --git a/molecule/repo/molecule.yml b/molecule/repo/molecule.yml index ef48ae6..302975a 100644 --- a/molecule/repo/molecule.yml +++ b/molecule/repo/molecule.yml @@ -1,23 +1,25 @@ --- provisioner: name: ansible + config_options: + defaults: + verbosity: 0 playbooks: converge: converge.yml cleanup: cleanup.yml verify: verify.yml dependency: name: galaxy -lint: | - yamllint . - ansible-lint . + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-geerlingguy}/docker-${MOLECULE_IMAGE:-ubuntu22}-ansible:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true From 8cc69a9320db72a30893162d8bbcea3fdc66c53d Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 18:38:40 +0100 Subject: [PATCH 09/28] ci: latest epel role --- molecule/default/requirements.yml | 5 ++--- molecule/no_default_labels/requirements.yml | 5 ++--- molecule/org/requirements.yml | 5 ++--- molecule/repo/converge.yml | 3 +-- molecule/repo/requirements.yml | 5 ++--- 5 files changed, 9 insertions(+), 14 deletions(-) diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/no_default_labels/requirements.yml b/molecule/no_default_labels/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/no_default_labels/requirements.yml +++ b/molecule/no_default_labels/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/org/requirements.yml b/molecule/org/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/org/requirements.yml +++ b/molecule/org/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index 1ea8762..205ecf5 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -17,12 +17,11 @@ # Run the playbook again with different labels to test - name: Update Repo runner - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" diff --git a/molecule/repo/requirements.yml b/molecule/repo/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/repo/requirements.yml +++ b/molecule/repo/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 From 28761e45d40bed7da06bf0ed1276ba445b1fc299 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 19:05:33 +0100 Subject: [PATCH 10/28] ci: root user --- molecule/custom_env/cleanup.yml | 3 +-- molecule/custom_env/requirements.yml | 5 ++--- molecule/custom_env/verify.yml | 3 +-- molecule/default/cleanup.yml | 3 +-- molecule/default/verify.yml | 3 +-- molecule/no_default_labels/cleanup.yml | 3 +-- molecule/no_default_labels/verify.yml | 3 +-- molecule/org/cleanup.yml | 3 +-- molecule/org/verify.yml | 3 +-- molecule/repo/cleanup.yml | 3 +-- molecule/repo/verify.yml | 3 +-- 11 files changed, 12 insertions(+), 23 deletions(-) diff --git a/molecule/custom_env/cleanup.yml b/molecule/custom_env/cleanup.yml index 34bc208..27a80a6 100644 --- a/molecule/custom_env/cleanup.yml +++ b/molecule/custom_env/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/custom_env/requirements.yml b/molecule/custom_env/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/custom_env/requirements.yml +++ b/molecule/custom_env/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/custom_env/verify.yml b/molecule/custom_env/verify.yml index cba84e6..e57c273 100644 --- a/molecule/custom_env/verify.yml +++ b/molecule/custom_env/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml index 34bc208..27a80a6 100644 --- a/molecule/default/cleanup.yml +++ b/molecule/default/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 0ecf5c6..54e6f06 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" diff --git a/molecule/no_default_labels/cleanup.yml b/molecule/no_default_labels/cleanup.yml index 34bc208..27a80a6 100644 --- a/molecule/no_default_labels/cleanup.yml +++ b/molecule/no_default_labels/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/no_default_labels/verify.yml b/molecule/no_default_labels/verify.yml index b2f2dc2..4a01d2a 100644 --- a/molecule/no_default_labels/verify.yml +++ b/molecule/no_default_labels/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" diff --git a/molecule/org/cleanup.yml b/molecule/org/cleanup.yml index 6023cee..8764c8f 100644 --- a/molecule/org/cleanup.yml +++ b/molecule/org/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes runner_state: absent diff --git a/molecule/org/verify.yml b/molecule/org/verify.yml index 7b4a5fa..5f7dcd1 100644 --- a/molecule/org/verify.yml +++ b/molecule/org/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes github_api_url: "https://api.github.com" diff --git a/molecule/repo/cleanup.yml b/molecule/repo/cleanup.yml index 8969cf2..abd82fd 100644 --- a/molecule/repo/cleanup.yml +++ b/molecule/repo/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/repo/verify.yml b/molecule/repo/verify.yml index b948f85..d5746b4 100644 --- a/molecule/repo/verify.yml +++ b/molecule/repo/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" From 486aa9982e6234919de30d6348fbcbbefac727c8 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 19:47:49 +0100 Subject: [PATCH 11/28] ci: os env var --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 10c0681..e7c6a9f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -59,7 +59,7 @@ jobs: env: PY_COLORS: "1" ANSIBLE_FORCE_COLOR: "1" - MOLECULE_IMAGE: ${{ matrix.config.os }} + MOLECULE_DISTRO: ${{ matrix.config.os }} MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} From a1ce97793a4c02d37329e0884dca950d8def7b00 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:05:16 +0100 Subject: [PATCH 12/28] ci: correct ubuntu image --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e7c6a9f..4451abf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -106,7 +106,7 @@ jobs: env: PY_COLORS: "1" ANSIBLE_FORCE_COLOR: "1" - MOLECULE_IMAGE: ${{ matrix.config.os }} + MOLECULE_DISTRO: ${{ matrix.config.os }} MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} From 9d19a06e3cbee2b6218bddca77abf3cd07133935 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:05:55 +0100 Subject: [PATCH 13/28] ci: correct ubuntu image --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4451abf..c3bb8cd 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -31,7 +31,7 @@ jobs: config: - os: "debian13" - os: "fedora43" - - os: "ubuntu24" + - os: "ubuntu2404" - os: "rockylinux10" steps: - name: checkout @@ -79,7 +79,7 @@ jobs: config: - os: "debian13" - os: "fedora43" - - os: "ubuntu24" + - os: "ubuntu2404" - os: "rockylinux10" steps: - name: checkout From 9cae8098a7861b58f00aa40f9c66ca185b3f37a2 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:20:06 +0100 Subject: [PATCH 14/28] ci: remove unnecessary env vars --- .github/workflows/tests.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c3bb8cd..21fd97a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,10 +14,6 @@ on: - "vars/**" workflow_dispatch: -env: - MOLECULE_DOCKER_VOLUMES: rw - MOLECULE_DOCKER_CGROUPS_MODE: host - jobs: repo: name: Test GHA Runner Role @@ -60,8 +56,6 @@ jobs: PY_COLORS: "1" ANSIBLE_FORCE_COLOR: "1" MOLECULE_DISTRO: ${{ matrix.config.os }} - MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} - MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} GITHUB_ACCOUNT: monolithprojects-testorg GITHUB_REPO: ansible-github_actions_runner-testrepo @@ -107,8 +101,6 @@ jobs: PY_COLORS: "1" ANSIBLE_FORCE_COLOR: "1" MOLECULE_DISTRO: ${{ matrix.config.os }} - MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} - MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} GITHUB_ACCOUNT: monolithprojects-testorg GITHUB_REPO: ansible-github_actions_runner-testrepo From ad8f169ff309b2bfa4505202f86955c1b55d5941 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:39:20 +0100 Subject: [PATCH 15/28] ci: try no sudo --- molecule/org/converge.yml | 2 +- molecule/repo/converge.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 158c989..6cea0c4 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -1,7 +1,7 @@ --- - name: Install Org Runner hosts: all - become: yes + # become: yes # Do not use sudo due to https://github.com/geerlingguy/docker-rockylinux10-ansible/issues/2 vars: runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index 205ecf5..7123df2 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -2,7 +2,7 @@ - name: Install Repo runner hosts: all gather_facts: yes - become: yes + # become: yes # Do not use sudo due to https://github.com/geerlingguy/docker-rockylinux10-ansible/issues/2 vars: runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" @@ -19,7 +19,7 @@ - name: Update Repo runner hosts: all gather_facts: yes - become: yes + # become: yes vars: runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" From c8a610621066cbe6fb233bee7f360ca193bfbf31 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:48:58 +0100 Subject: [PATCH 16/28] ci: add wa for rockylinux --- molecule/org/converge.yml | 2 +- molecule/org/prepare.yaml | 10 ++++++++++ molecule/repo/converge.yml | 4 ++-- molecule/repo/prepare.yaml | 10 ++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 molecule/org/prepare.yaml create mode 100644 molecule/repo/prepare.yaml diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 6cea0c4..158c989 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -1,7 +1,7 @@ --- - name: Install Org Runner hosts: all - # become: yes # Do not use sudo due to https://github.com/geerlingguy/docker-rockylinux10-ansible/issues/2 + become: yes vars: runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" diff --git a/molecule/org/prepare.yaml b/molecule/org/prepare.yaml new file mode 100644 index 0000000..b6582f1 --- /dev/null +++ b/molecule/org/prepare.yaml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + +- tasks: + - name: Workaround for RockyLinux + ansible.builtin.shell: + cmd: chmod 0400 /etc/shadow + when: ansible_distribution == 'RockyLinux' diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index 7123df2..205ecf5 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -2,7 +2,7 @@ - name: Install Repo runner hosts: all gather_facts: yes - # become: yes # Do not use sudo due to https://github.com/geerlingguy/docker-rockylinux10-ansible/issues/2 + become: yes vars: runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" @@ -19,7 +19,7 @@ - name: Update Repo runner hosts: all gather_facts: yes - # become: yes + become: yes vars: runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" diff --git a/molecule/repo/prepare.yaml b/molecule/repo/prepare.yaml new file mode 100644 index 0000000..b6582f1 --- /dev/null +++ b/molecule/repo/prepare.yaml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + +- tasks: + - name: Workaround for RockyLinux + ansible.builtin.shell: + cmd: chmod 0400 /etc/shadow + when: ansible_distribution == 'RockyLinux' From 8700a4202feeeeda2a847caefe58fabfca7d24c4 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:51:02 +0100 Subject: [PATCH 17/28] ci: add wa for rockylinux --- molecule/org/prepare.yaml | 8 +++++--- molecule/repo/prepare.yaml | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/molecule/org/prepare.yaml b/molecule/org/prepare.yaml index b6582f1..70712f8 100644 --- a/molecule/org/prepare.yaml +++ b/molecule/org/prepare.yaml @@ -5,6 +5,8 @@ - tasks: - name: Workaround for RockyLinux - ansible.builtin.shell: - cmd: chmod 0400 /etc/shadow - when: ansible_distribution == 'RockyLinux' + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/repo/prepare.yaml b/molecule/repo/prepare.yaml index b6582f1..70712f8 100644 --- a/molecule/repo/prepare.yaml +++ b/molecule/repo/prepare.yaml @@ -5,6 +5,8 @@ - tasks: - name: Workaround for RockyLinux - ansible.builtin.shell: - cmd: chmod 0400 /etc/shadow - when: ansible_distribution == 'RockyLinux' + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" From 98f533ebdad840e74267e66129a126b2b8abe656 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 20:57:54 +0100 Subject: [PATCH 18/28] ci: add wa for rockylinux --- .../{org/prepare.yaml => custom_env/prepare.yml} | 0 molecule/{repo/prepare.yaml => default/prepare.yml} | 0 molecule/no_default_labels/prepare.yml | 12 ++++++++++++ molecule/org/prepare.yml | 12 ++++++++++++ molecule/repo/prepare.yml | 12 ++++++++++++ 5 files changed, 36 insertions(+) rename molecule/{org/prepare.yaml => custom_env/prepare.yml} (100%) rename molecule/{repo/prepare.yaml => default/prepare.yml} (100%) create mode 100644 molecule/no_default_labels/prepare.yml create mode 100644 molecule/org/prepare.yml create mode 100644 molecule/repo/prepare.yml diff --git a/molecule/org/prepare.yaml b/molecule/custom_env/prepare.yml similarity index 100% rename from molecule/org/prepare.yaml rename to molecule/custom_env/prepare.yml diff --git a/molecule/repo/prepare.yaml b/molecule/default/prepare.yml similarity index 100% rename from molecule/repo/prepare.yaml rename to molecule/default/prepare.yml diff --git a/molecule/no_default_labels/prepare.yml b/molecule/no_default_labels/prepare.yml new file mode 100644 index 0000000..70712f8 --- /dev/null +++ b/molecule/no_default_labels/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + +- tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/org/prepare.yml b/molecule/org/prepare.yml new file mode 100644 index 0000000..70712f8 --- /dev/null +++ b/molecule/org/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + +- tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/repo/prepare.yml b/molecule/repo/prepare.yml new file mode 100644 index 0000000..70712f8 --- /dev/null +++ b/molecule/repo/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + +- tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" From f937687f7fd19877b3836c60dbf856b2faef3c8a Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 21:04:15 +0100 Subject: [PATCH 19/28] ci: add wa for rockylinux --- molecule/custom_env/prepare.yml | 2 +- molecule/default/prepare.yml | 2 +- molecule/no_default_labels/prepare.yml | 2 +- molecule/org/prepare.yml | 2 +- molecule/repo/prepare.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/molecule/custom_env/prepare.yml b/molecule/custom_env/prepare.yml index 70712f8..19be888 100644 --- a/molecule/custom_env/prepare.yml +++ b/molecule/custom_env/prepare.yml @@ -3,7 +3,7 @@ hosts: all gather_facts: false -- tasks: + tasks: - name: Workaround for RockyLinux when: ansible_distribution == 'Rocky' # Bug in some upstream distros, /etc/shadow has no file perms in container image diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 70712f8..19be888 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -3,7 +3,7 @@ hosts: all gather_facts: false -- tasks: + tasks: - name: Workaround for RockyLinux when: ansible_distribution == 'Rocky' # Bug in some upstream distros, /etc/shadow has no file perms in container image diff --git a/molecule/no_default_labels/prepare.yml b/molecule/no_default_labels/prepare.yml index 70712f8..19be888 100644 --- a/molecule/no_default_labels/prepare.yml +++ b/molecule/no_default_labels/prepare.yml @@ -3,7 +3,7 @@ hosts: all gather_facts: false -- tasks: + tasks: - name: Workaround for RockyLinux when: ansible_distribution == 'Rocky' # Bug in some upstream distros, /etc/shadow has no file perms in container image diff --git a/molecule/org/prepare.yml b/molecule/org/prepare.yml index 70712f8..19be888 100644 --- a/molecule/org/prepare.yml +++ b/molecule/org/prepare.yml @@ -3,7 +3,7 @@ hosts: all gather_facts: false -- tasks: + tasks: - name: Workaround for RockyLinux when: ansible_distribution == 'Rocky' # Bug in some upstream distros, /etc/shadow has no file perms in container image diff --git a/molecule/repo/prepare.yml b/molecule/repo/prepare.yml index 70712f8..19be888 100644 --- a/molecule/repo/prepare.yml +++ b/molecule/repo/prepare.yml @@ -3,7 +3,7 @@ hosts: all gather_facts: false -- tasks: + tasks: - name: Workaround for RockyLinux when: ansible_distribution == 'Rocky' # Bug in some upstream distros, /etc/shadow has no file perms in container image From 641ca4efc55a8e409d720a8f92700df6952313f4 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 21:08:58 +0100 Subject: [PATCH 20/28] ci: add wa for rockylinux --- molecule/custom_env/prepare.yml | 2 +- molecule/default/prepare.yml | 2 +- molecule/no_default_labels/prepare.yml | 2 +- molecule/org/prepare.yml | 2 +- molecule/repo/prepare.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/molecule/custom_env/prepare.yml b/molecule/custom_env/prepare.yml index 19be888..5c3ee04 100644 --- a/molecule/custom_env/prepare.yml +++ b/molecule/custom_env/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: false + gather_facts: true tasks: - name: Workaround for RockyLinux diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 19be888..5c3ee04 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: false + gather_facts: true tasks: - name: Workaround for RockyLinux diff --git a/molecule/no_default_labels/prepare.yml b/molecule/no_default_labels/prepare.yml index 19be888..5c3ee04 100644 --- a/molecule/no_default_labels/prepare.yml +++ b/molecule/no_default_labels/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: false + gather_facts: true tasks: - name: Workaround for RockyLinux diff --git a/molecule/org/prepare.yml b/molecule/org/prepare.yml index 19be888..5c3ee04 100644 --- a/molecule/org/prepare.yml +++ b/molecule/org/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: false + gather_facts: true tasks: - name: Workaround for RockyLinux diff --git a/molecule/repo/prepare.yml b/molecule/repo/prepare.yml index 19be888..5c3ee04 100644 --- a/molecule/repo/prepare.yml +++ b/molecule/repo/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: false + gather_facts: true tasks: - name: Workaround for RockyLinux From 6660a2346fef56a82ad5d19f7b03abde1fac14d5 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 21:25:41 +0100 Subject: [PATCH 21/28] ci: support rockylinux 9 --- .github/workflows/tests.yml | 4 ++-- README.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 21fd97a..8717cd8 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,7 +28,7 @@ jobs: - os: "debian13" - os: "fedora43" - os: "ubuntu2404" - - os: "rockylinux10" + - os: "rockylinux9" steps: - name: checkout uses: actions/checkout@v6 @@ -74,7 +74,7 @@ jobs: - os: "debian13" - os: "fedora43" - os: "ubuntu2404" - - os: "rockylinux10" + - os: "rockylinux9" steps: - name: checkout uses: actions/checkout@v6 diff --git a/README.md b/README.md index 0d6effb..5d9606e 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ Personal Access Token for GitHub account can be created [here](https://github.co * Runner user has to be pre-created. Recommended role: `monolithprojects.user_management` -* CentOS systems require EPEL repository. +* CentOS and RockyLinuxsystems require EPEL repository. Recommended role: `robertdebock.epel` ## Supported CPU architecture @@ -67,12 +67,12 @@ Personal Access Token for GitHub account can be created [here](https://github.co * Debian 13 * Fedora 43 -* Rocky Linux 10 +* Rocky Linux 9 * Ubuntu 24 ## Role Variables -This is a copy from `defaults/main.yml` +This is a copy of `defaults/main.yml` ```yaml --- From 0ff3ee6104b724887b144410652834700bdb8987 Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 22:28:08 +0100 Subject: [PATCH 22/28] ci: test org --- .github/workflows/tests.yml | 2 +- molecule/org/converge.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8717cd8..d39509d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -94,7 +94,7 @@ jobs: - name: Install test dependencies run: pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath - - name: Run Molecule tests - + - name: Run Molecule tests - org run: molecule test --scenario-name org working-directory: "${{ github.repository }}" env: diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 158c989..d5608ef 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -1,6 +1,7 @@ --- - name: Install Org Runner hosts: all + gather_facts: yes become: yes vars: runner_user: root From 77c5a9285df69b10d8fc25278c485226bc1db86c Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 23:07:02 +0100 Subject: [PATCH 23/28] ci: test org --- molecule/org/converge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index d5608ef..bae86a5 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -9,6 +9,7 @@ runner_org: yes runner_state: "stopped" runner_version: "2.303.0" + no_log: false roles: - robertdebock.epel - monolithprojects.github_actions_runner From 36b30afdcbf27e28bc81c8a6c18fa9740a19e57d Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 23:07:56 +0100 Subject: [PATCH 24/28] ci: test org --- .github/workflows/tests.yml | 82 ++++++++++++++++++------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d39509d..66d61e9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,54 +15,54 @@ on: workflow_dispatch: jobs: - repo: - name: Test GHA Runner Role - environment: - name: test - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - max-parallel: 5 - matrix: - config: - - os: "debian13" - - os: "fedora43" - - os: "ubuntu2404" - - os: "rockylinux9" - steps: - - name: checkout - uses: actions/checkout@v6 - with: - path: "${{ github.repository }}" + # repo: + # name: Test GHA Runner Role + # environment: + # name: test + # runs-on: ubuntu-24.04 + # strategy: + # fail-fast: false + # max-parallel: 5 + # matrix: + # config: + # - os: "debian13" + # - os: "fedora43" + # - os: "ubuntu2404" + # - os: "rockylinux9" + # steps: + # - name: checkout + # uses: actions/checkout@v6 + # with: + # path: "${{ github.repository }}" - - name: Remove unnecessary files - run: | - sudo rm -rf /usr/share/dotnet - sudo rm -rf "$AGENT_TOOLSDIRECTORY" + # - name: Remove unnecessary files + # run: | + # sudo rm -rf /usr/share/dotnet + # sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - name: Set up Python 3 - uses: actions/setup-python@v6 - with: - python-version: "3.14" + # - name: Set up Python 3 + # uses: actions/setup-python@v6 + # with: + # python-version: "3.14" - - name: Install test dependencies - run: | - pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath + # - name: Install test dependencies + # run: | + # pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath - - name: Run Molecule test - repo - run: molecule test --scenario-name repo - working-directory: "${{ github.repository }}" - env: - PY_COLORS: "1" - ANSIBLE_FORCE_COLOR: "1" - MOLECULE_DISTRO: ${{ matrix.config.os }} - PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - GITHUB_ACCOUNT: monolithprojects-testorg - GITHUB_REPO: ansible-github_actions_runner-testrepo + # - name: Run Molecule test - repo + # run: molecule test --scenario-name repo + # working-directory: "${{ github.repository }}" + # env: + # PY_COLORS: "1" + # ANSIBLE_FORCE_COLOR: "1" + # MOLECULE_DISTRO: ${{ matrix.config.os }} + # PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + # GITHUB_ACCOUNT: monolithprojects-testorg + # GITHUB_REPO: ansible-github_actions_runner-testrepo org: name: Test Org Runner - needs: repo + # needs: repo environment: name: test runs-on: ubuntu-24.04 From 68952ef2f023dacce1301d72e89a71155dedfa7f Mon Sep 17 00:00:00 2001 From: Mike Date: Sat, 20 Dec 2025 23:15:06 +0100 Subject: [PATCH 25/28] ci: test org --- molecule/org/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index bae86a5..3fb7402 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -9,7 +9,7 @@ runner_org: yes runner_state: "stopped" runner_version: "2.303.0" - no_log: false + hide_sensitive_logs: false roles: - robertdebock.epel - monolithprojects.github_actions_runner From f28ea18a18309779c253e6e3127f45ba601eca48 Mon Sep 17 00:00:00 2001 From: Mike Date: Sun, 21 Dec 2025 17:33:49 +0100 Subject: [PATCH 26/28] ci: small fixes --- .github/workflows/tests.yml | 82 ++++++++++----------- molecule/custom_env/cleanup.yml | 12 --- molecule/custom_env/converge.yml | 20 ----- molecule/custom_env/molecule.yml | 41 ----------- molecule/custom_env/prepare.yml | 12 --- molecule/custom_env/requirements.yml | 4 - molecule/custom_env/verify.yml | 48 ------------ molecule/default/converge.yml | 24 +----- molecule/no_default_labels/cleanup.yml | 12 --- molecule/no_default_labels/converge.yml | 16 ---- molecule/no_default_labels/molecule.yml | 41 ----------- molecule/no_default_labels/prepare.yml | 12 --- molecule/no_default_labels/requirements.yml | 4 - molecule/no_default_labels/verify.yml | 43 ----------- molecule/org/converge.yml | 10 ++- molecule/org/verify.yml | 14 +++- molecule/repo/converge.yml | 9 ++- molecule/repo/molecule.yml | 2 +- tasks/install_deps.yml | 8 +- tasks/install_runner_unix.yml | 12 ++- tasks/main.yml | 16 ++-- 21 files changed, 87 insertions(+), 355 deletions(-) delete mode 100644 molecule/custom_env/cleanup.yml delete mode 100644 molecule/custom_env/converge.yml delete mode 100644 molecule/custom_env/molecule.yml delete mode 100644 molecule/custom_env/prepare.yml delete mode 100644 molecule/custom_env/requirements.yml delete mode 100644 molecule/custom_env/verify.yml delete mode 100644 molecule/no_default_labels/cleanup.yml delete mode 100644 molecule/no_default_labels/converge.yml delete mode 100644 molecule/no_default_labels/molecule.yml delete mode 100644 molecule/no_default_labels/prepare.yml delete mode 100644 molecule/no_default_labels/requirements.yml delete mode 100644 molecule/no_default_labels/verify.yml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 66d61e9..d39509d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,54 +15,54 @@ on: workflow_dispatch: jobs: - # repo: - # name: Test GHA Runner Role - # environment: - # name: test - # runs-on: ubuntu-24.04 - # strategy: - # fail-fast: false - # max-parallel: 5 - # matrix: - # config: - # - os: "debian13" - # - os: "fedora43" - # - os: "ubuntu2404" - # - os: "rockylinux9" - # steps: - # - name: checkout - # uses: actions/checkout@v6 - # with: - # path: "${{ github.repository }}" + repo: + name: Test GHA Runner Role + environment: + name: test + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + max-parallel: 5 + matrix: + config: + - os: "debian13" + - os: "fedora43" + - os: "ubuntu2404" + - os: "rockylinux9" + steps: + - name: checkout + uses: actions/checkout@v6 + with: + path: "${{ github.repository }}" - # - name: Remove unnecessary files - # run: | - # sudo rm -rf /usr/share/dotnet - # sudo rm -rf "$AGENT_TOOLSDIRECTORY" + - name: Remove unnecessary files + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf "$AGENT_TOOLSDIRECTORY" - # - name: Set up Python 3 - # uses: actions/setup-python@v6 - # with: - # python-version: "3.14" + - name: Set up Python 3 + uses: actions/setup-python@v6 + with: + python-version: "3.14" - # - name: Install test dependencies - # run: | - # pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath + - name: Install test dependencies + run: | + pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath - # - name: Run Molecule test - repo - # run: molecule test --scenario-name repo - # working-directory: "${{ github.repository }}" - # env: - # PY_COLORS: "1" - # ANSIBLE_FORCE_COLOR: "1" - # MOLECULE_DISTRO: ${{ matrix.config.os }} - # PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - # GITHUB_ACCOUNT: monolithprojects-testorg - # GITHUB_REPO: ansible-github_actions_runner-testrepo + - name: Run Molecule test - repo + run: molecule test --scenario-name repo + working-directory: "${{ github.repository }}" + env: + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" + MOLECULE_DISTRO: ${{ matrix.config.os }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + GITHUB_ACCOUNT: monolithprojects-testorg + GITHUB_REPO: ansible-github_actions_runner-testrepo org: name: Test Org Runner - # needs: repo + needs: repo environment: name: test runs-on: ubuntu-24.04 diff --git a/molecule/custom_env/cleanup.yml b/molecule/custom_env/cleanup.yml deleted file mode 100644 index 27a80a6..0000000 --- a/molecule/custom_env/cleanup.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Cleanup - hosts: all - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_state: absent - runner_name: test_name - roles: - - monolithprojects.github_actions_runner diff --git a/molecule/custom_env/converge.yml b/molecule/custom_env/converge.yml deleted file mode 100644 index 6e907bf..0000000 --- a/molecule/custom_env/converge.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Dev test playbook - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_labels: - - label1 - - repo-runner - custom_env: | - # HTTPS_PROXY=YOUR_URL_HERE - - roles: - - robertdebock.epel - - monolithprojects.github_actions_runner diff --git a/molecule/custom_env/molecule.yml b/molecule/custom_env/molecule.yml deleted file mode 100644 index 08eb032..0000000 --- a/molecule/custom_env/molecule.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - verbosity: 0 - playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml -dependency: - name: galaxy - options: - ignore-errors: true -driver: - name: docker -platforms: - - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" - image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true -verifier: - name: ansible -scenario: - name: custom_env - test_sequence: - - dependency - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy diff --git a/molecule/custom_env/prepare.yml b/molecule/custom_env/prepare.yml deleted file mode 100644 index 5c3ee04..0000000 --- a/molecule/custom_env/prepare.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - - tasks: - - name: Workaround for RockyLinux - when: ansible_distribution == 'Rocky' - # Bug in some upstream distros, /etc/shadow has no file perms in container image - ansible.builtin.file: - path: /etc/shadow - mode: "400" diff --git a/molecule/custom_env/requirements.yml b/molecule/custom_env/requirements.yml deleted file mode 100644 index 72e6697..0000000 --- a/molecule/custom_env/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -roles: - - name: robertdebock.epel - version: 4.1.7 diff --git a/molecule/custom_env/verify.yml b/molecule/custom_env/verify.yml deleted file mode 100644 index e57c273..0000000 --- a/molecule/custom_env/verify.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Validate Repo runners - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - github_api_url: "https://api.github.com" - access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}" - runner_name: test_name - - tasks: - - name: Check currently registered runners - ansible.builtin.uri: - url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners" - headers: - Authorization: "token {{ access_token }}" - Accept: "application/vnd.github.v3+json" - method: GET - status_code: 200 - force_basic_auth: yes - register: registered_runners - - - name: Debug | var registered_runners - ansible.builtin.debug: - var: registered_runners.json.runners - - - name: Check Runner - ansible.builtin.assert: - that: - - runner_name in registered_runners.json.runners|map(attribute='name')|list - - registered_runners.json.runners.0.status == "online" - quiet: true - - - name: Check Labels (skipped if labels are OK) - ansible.builtin.fail: - msg: Woops some labels differ "{{ (registered_runners.json.runners.0 | json_query('labels[*].name') | difference(['self-hosted', 'Linux', 'X64', 'label1', 'repo-runner'])) }}" - when: not (registered_runners.json.runners.0 | json_query('labels[*].name') | list ) == (['self-hosted', 'Linux', 'X64', 'label1', 'repo-runner'] | list) - - - name: Check custom env file is configured - ansible.builtin.lineinfile: - dest: /opt/actions-runner/.env - line: "# HTTPS_PROXY=YOUR_URL_HERE" - check_mode: yes - register: presence - failed_when: presence.changed diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index c99663b..d46b547 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -17,26 +17,4 @@ - repo-runner roles: - robertdebock.epel - - monolithprojects.github_actions_runner - -# Run the playbook again with different labels to test -- name: Dev test playbook second run - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_on_ghes: yes - reinstall_runner: false - hide_sensitive_logs: no - runner_labels: - - label1 - - repo-runner - - label2 - roles: - - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/no_default_labels/cleanup.yml b/molecule/no_default_labels/cleanup.yml deleted file mode 100644 index 27a80a6..0000000 --- a/molecule/no_default_labels/cleanup.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Cleanup - hosts: all - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_state: absent - runner_name: test_name - roles: - - monolithprojects.github_actions_runner diff --git a/molecule/no_default_labels/converge.yml b/molecule/no_default_labels/converge.yml deleted file mode 100644 index 7a76bf3..0000000 --- a/molecule/no_default_labels/converge.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Test no_default_labels scenario - hosts: all - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_no_default_labels: true - runner_labels: - - testlabel1 - - testlabel2 - roles: - - role: monolithprojects.github_actions_runner diff --git a/molecule/no_default_labels/molecule.yml b/molecule/no_default_labels/molecule.yml deleted file mode 100644 index 9a5058d..0000000 --- a/molecule/no_default_labels/molecule.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - verbosity: 0 - playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml -dependency: - name: galaxy - options: - ignore-errors: true -driver: - name: docker -platforms: - - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" - image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true -verifier: - name: ansible -scenario: - name: no_default_labels - test_sequence: - - dependency - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy diff --git a/molecule/no_default_labels/prepare.yml b/molecule/no_default_labels/prepare.yml deleted file mode 100644 index 5c3ee04..0000000 --- a/molecule/no_default_labels/prepare.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: true - - tasks: - - name: Workaround for RockyLinux - when: ansible_distribution == 'Rocky' - # Bug in some upstream distros, /etc/shadow has no file perms in container image - ansible.builtin.file: - path: /etc/shadow - mode: "400" diff --git a/molecule/no_default_labels/requirements.yml b/molecule/no_default_labels/requirements.yml deleted file mode 100644 index 72e6697..0000000 --- a/molecule/no_default_labels/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -roles: - - name: robertdebock.epel - version: 4.1.7 diff --git a/molecule/no_default_labels/verify.yml b/molecule/no_default_labels/verify.yml deleted file mode 100644 index 4a01d2a..0000000 --- a/molecule/no_default_labels/verify.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Validate Repo runners - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: root - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - github_api_url: "https://api.github.com" - access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}" - runner_name: "{{ ansible_facts.hostname }}" - - tasks: - - name: Check currently registered runners - ansible.builtin.uri: - url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners" - headers: - Authorization: "token {{ access_token }}" - Accept: "application/vnd.github.v3+json" - method: GET - status_code: 200 - force_basic_auth: yes - register: registered_runners - - - name: Check Runner - ansible.builtin.assert: - that: - - registered_runners.json.runners.0.status == "online" - quiet: true - - - debug: - var: registered_runners.json.runners.0 - - - name: Set fact - current labels - ansible.builtin.set_fact: - current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}" - - - name: Check Labels (skipped if labels are OK) - ansible.builtin.assert: - that: - - current_labels == ['testlabel1', 'testlabel2'] - fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 3fb7402..9184729 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -7,9 +7,11 @@ runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes - runner_state: "stopped" - runner_version: "2.303.0" - hide_sensitive_logs: false + runner_version: "2.330.0" + runner_no_default_labels: true + runner_labels: + - testlabel1 + - testlabel2 roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/org/verify.yml b/molecule/org/verify.yml index 5f7dcd1..3088190 100644 --- a/molecule/org/verify.yml +++ b/molecule/org/verify.yml @@ -27,8 +27,18 @@ force_basic_auth: yes register: registered_runners - - name: Check Runner + - name: Check Runner state ansible.builtin.assert: that: - - registered_runners.json.runners.0.status == "offline" + - registered_runners.json.runners.0.status == "online" quiet: true + + - name: Set fact - current labels + ansible.builtin.set_fact: + current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}" + + - name: Check Labels (skipped if labels are OK) + ansible.builtin.assert: + that: + - current_labels == ['testlabel1', 'testlabel2'] + fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index 205ecf5..858a8e4 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -7,15 +7,15 @@ runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" + runner_version: "2.329.0" runner_labels: - label1 - repo-runner roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" -# Run the playbook again with different labels to test +# Run the playbook again with different labels and version to test - name: Update Repo runner hosts: all gather_facts: yes @@ -25,10 +25,11 @@ github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" + hide_sensitive_logs: false runner_labels: - label1 - repo-runner - label2 roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/repo/molecule.yml b/molecule/repo/molecule.yml index 302975a..6132715 100644 --- a/molecule/repo/molecule.yml +++ b/molecule/repo/molecule.yml @@ -34,7 +34,7 @@ scenario: - create - prepare - converge - - idempotence + # - idempotence # Converge is testing two different versions of the runner - side_effect - verify - cleanup diff --git a/tasks/install_deps.yml b/tasks/install_deps.yml index 2d2f827..32b9882 100644 --- a/tasks/install_deps.yml +++ b/tasks/install_deps.yml @@ -137,7 +137,7 @@ become: true when: (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version == "24") -- name: Install dependencies on RHEL/CentOS/Fedora systems +- name: Install dependencies on RHEL/RockyLinux/CentOS/Fedora systems ansible.builtin.package: name: - lttng-ust @@ -149,6 +149,6 @@ update_cache: true become: true when: (ansible_facts.distribution == "RedHat") or - (ansible_facts.distribution == "CentOS") or - (ansible_facts.distribution == "Fedora") or - (ansible_facts.distribution == "Rocky") + (ansible_facts.distribution == "CentOS") or + (ansible_facts.distribution == "Fedora") or + (ansible_facts.distribution == "Rocky") diff --git a/tasks/install_runner_unix.yml b/tasks/install_runner_unix.yml index 12202b0..4c9fc5b 100644 --- a/tasks/install_runner_unix.yml +++ b/tasks/install_runner_unix.yml @@ -28,7 +28,7 @@ - runner_name in (registered_runners.json.runners | map(attribute='name') | list) - (registered_runners.json.runners | selectattr('name', 'equalto', runner_name) | first).status == 'offline' -- name: Unarchive runner package +- name: Unarchive GitHub Actions Runner package version {{ runner_version }} ansible.builtin.unarchive: src: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ @@ -114,6 +114,12 @@ map(attribute='name') | list +- debug: + var: reinstall_runner + +- debug: + var: registered_runners.json.runners|map(attribute='name')|list + - name: Replace registered runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" @@ -149,7 +155,7 @@ src: "{{ runner_dir }}/.service" register: runner_service -- name: START and enable Github Actions Runner service (Linux) # noqa no-changed-when +- name: START and enable Github Actions Runner service on Linux # noqa no-changed-when ansible.builtin.command: "./svc.sh start" args: chdir: "{{ runner_dir }}" @@ -162,7 +168,7 @@ runner_state|lower == "started" and ansible_facts.services[(runner_service.content | b64decode) | trim ]['state'] | default('stopped') != 'running' -- name: START and enable Github Actions Runner service (macOS) # TODO: Idempotence +- name: START and enable Github Actions Runner service on MacOS # TODO: Idempotence ansible.builtin.command: "./svc.sh start" # noqa no-changed-when args: chdir: "{{ runner_dir }}" diff --git a/tasks/main.yml b/tasks/main.yml index b546592..f74a664 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -22,31 +22,31 @@ - name: Include tasks to uninstall runner (UNIX-like) ansible.builtin.include_tasks: uninstall_runner_unix.yml when: - - reinstall_runner or runner_state|lower == "absent" - - github_actions_system == "linux" or github_actions_system == "osx" + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "linux" or github_actions_system == "osx" tags: - uninstall - name: Include tasks to uninstall runner (Windows) ansible.builtin.include_tasks: uninstall_runner_win.yml when: - - reinstall_runner or runner_state|lower == "absent" - - github_actions_system == "win" + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "win" tags: - uninstall - name: Include tasks to install runner (UNIX-like) ansible.builtin.include_tasks: install_runner_unix.yml when: - - runner_state|lower == "started" or runner_state|lower == "stopped" - - github_actions_system == "linux" or github_actions_system == "osx" + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "linux" or github_actions_system == "osx" tags: - install - name: Include tasks to install runner (Windows) ansible.builtin.include_tasks: install_runner_win.yml when: - - runner_state|lower == "started" or runner_state|lower == "stopped" - - github_actions_system == "win" + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "win" tags: - install From 51bd4400a6bd572e10156c01fa76e945a5abbcf9 Mon Sep 17 00:00:00 2001 From: Mike Date: Sun, 21 Dec 2025 17:53:27 +0100 Subject: [PATCH 27/28] ci: some linting --- .gitignore | 1 + .yamllint | 33 --------------------------------- defaults/main.yml | 3 ++- tasks/install_runner_unix.yml | 6 ------ 4 files changed, 3 insertions(+), 40 deletions(-) delete mode 100644 .yamllint diff --git a/.gitignore b/.gitignore index f76437e..29c61e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .cache *.gz +.ansible diff --git a/.yamllint b/.yamllint deleted file mode 100644 index 8827676..0000000 --- a/.yamllint +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/defaults/main.yml b/defaults/main.yml index 3c98014..64a0620 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,7 +45,8 @@ runner_download_repository: "actions/runner" # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" -# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. +# Disable default labels (self-hosted, Linux, X64) and require custom labels. +# Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. runner_no_default_labels: false # Name to assign to this runner in GitHub (System hostname as default) diff --git a/tasks/install_runner_unix.yml b/tasks/install_runner_unix.yml index 4c9fc5b..f23cac5 100644 --- a/tasks/install_runner_unix.yml +++ b/tasks/install_runner_unix.yml @@ -114,12 +114,6 @@ map(attribute='name') | list -- debug: - var: reinstall_runner - -- debug: - var: registered_runners.json.runners|map(attribute='name')|list - - name: Replace registered runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" From c5298cbbe20fe246ee21764eed42fd4b31fa4bd9 Mon Sep 17 00:00:00 2001 From: Mike Date: Sun, 21 Dec 2025 17:59:17 +0100 Subject: [PATCH 28/28] ci: bump pre-commit repos --- .pre-commit-config.yaml | 4 ++-- .yamllint | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 .yamllint diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 83b3cb6..249b5cd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v6.0.0 hooks: - id: check-yaml args: [--allow-multiple-documents] @@ -9,7 +9,7 @@ repos: args: [--markdown-linebreak-ext=md] - repo: https://github.com/adrienverge/yamllint - rev: v1.26.3 + rev: v1.37.1 hooks: - id: yamllint args: [-c=.yamllint] diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable