From fe02bcd8a36b78b534c955f6d839a61f2fb0962b Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Fri, 13 Feb 2026 16:40:22 +0100 Subject: [PATCH 1/5] Extract git repo management to a separate role --- .../deploy_git_repository/defaults/main.yml | 12 ++++++++ .../deploy_git_repository/tasks/main.yml | 20 +++++++++++++ .../roles/foreman_development/tasks/main.yaml | 29 +++++++------------ .../foreman_development/tasks/plugin.yaml | 28 ++++++------------ 4 files changed, 51 insertions(+), 38 deletions(-) create mode 100644 development/roles/deploy_git_repository/defaults/main.yml create mode 100644 development/roles/deploy_git_repository/tasks/main.yml diff --git a/development/roles/deploy_git_repository/defaults/main.yml b/development/roles/deploy_git_repository/defaults/main.yml new file mode 100644 index 00000000..d53130a8 --- /dev/null +++ b/development/roles/deploy_git_repository/defaults/main.yml @@ -0,0 +1,12 @@ +deploy_git_repository_remote_name: "origin" +deploy_git_repository_revision: "HEAD" + +# deploy_git_repository_repository_owner +# deploy_git_repository_repository_name +# deploy_git_repository_destination_dir + +# deploy_git_repository_secondary_remote_owner +# deploy_git_repository_secondary_remote_name + +# # Ansible is silly and won't allow using become and become_user together with include_role +# deploy_git_repository_user diff --git a/development/roles/deploy_git_repository/tasks/main.yml b/development/roles/deploy_git_repository/tasks/main.yml new file mode 100644 index 00000000..3eb76b1d --- /dev/null +++ b/development/roles/deploy_git_repository/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Clone Foreman repository + ansible.builtin.git: + repo: "https://github.com/{{ deploy_git_repository_repository_owner }}/{{ deploy_git_repository_repository_name }}" + dest: "{{ deploy_git_repository_destination_dir }}" + version: "{{ deploy_git_repository_revision }}" + force: true + remote: "{{ deploy_git_repository_remote_name }}" + become: true + become_user: "{{ deploy_git_repository_user }}" + +- name: Add GitHub username as additional remote for Foreman + community.general.git_config: + name: "remote.{{ deploy_git_repository_secondary_remote_name | default(deploy_git_repository_secondary_remote_owner) }}.url" + scope: local + repo: "{{ deploy_git_repository_destination_dir }}" + value: "git@github.com:{{ deploy_git_repository_secondary_remote_owner }}/{{ deploy_git_repository_repository_name }}.git" + state: present + when: deploy_git_repository_secondary_remote_owner | default("") != "" + become: true + become_user: "{{ deploy_git_repository_user }}" diff --git a/development/roles/foreman_development/tasks/main.yaml b/development/roles/foreman_development/tasks/main.yaml index 340185ed..70bd360d 100644 --- a/development/roles/foreman_development/tasks/main.yaml +++ b/development/roles/foreman_development/tasks/main.yaml @@ -85,25 +85,16 @@ - src: "{{ foreman_development_client_key }}" dest: "{{ foreman_development_cert_dir }}/client_key.pem" -- name: Clone Foreman repository - ansible.builtin.git: - repo: "{{ foreman_development_git_repo }}" - dest: "{{ foreman_development_foreman_dir }}" - version: "{{ foreman_development_git_revision }}" - force: true - become: true - become_user: "{{ foreman_development_user }}" - -- name: Add GitHub username as additional remote for Foreman - community.general.git_config: - name: "remote.{{ foreman_development_github_username }}.url" - scope: local - repo: "{{ foreman_development_foreman_dir }}" - value: "git@github.com:{{ foreman_development_github_username }}/foreman.git" - state: present - become: true - become_user: "{{ foreman_development_user }}" - when: foreman_development_github_username != "" +- name: Deploy Foreman git repository + ansible.builtin.include_role: + name: deploy_git_repository + vars: + deploy_git_repository_destination_dir: "{{ foreman_development_foreman_dir }}" + deploy_git_repository_user: "{{ foreman_development_user }}" + deploy_git_repository_repository_owner: "theforeman" + deploy_git_repository_repository_name: "foreman" + deploy_git_repository_revision: "{{ foreman_development_git_revision }}" + deploy_git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" - name: Create database configuration ansible.builtin.template: diff --git a/development/roles/foreman_development/tasks/plugin.yaml b/development/roles/foreman_development/tasks/plugin.yaml index 5fb2215e..5a2a4b71 100644 --- a/development/roles/foreman_development/tasks/plugin.yaml +++ b/development/roles/foreman_development/tasks/plugin.yaml @@ -1,25 +1,15 @@ --- -- name: Clone plugin repository # noqa latest[git] - ansible.builtin.git: - repo: "{{ foreman_development_plugin_repo_url }}" - dest: "{{ foreman_development_deployment_dir }}/{{ foreman_development_plugin_name }}" - force: true - become: true - become_user: "{{ foreman_development_user }}" - when: foreman_development_plugin_manage_repo - -- name: Add GitHub username as additional remote for plugin - community.general.git_config: - name: "remote.{{ foreman_development_github_username }}.url" - scope: local - repo: "{{ foreman_development_deployment_dir }}/{{ foreman_development_plugin_name }}" - value: "git@github.com:{{ foreman_development_github_username }}/{{ foreman_development_plugin_name }}.git" - state: present - become: true - become_user: "{{ foreman_development_user }}" +- name: Deploy plugin git repository + ansible.builtin.include_role: + name: deploy_git_repository + vars: + deploy_git_repository_destination_dir: "{{ foreman_development_deployment_dir }}/{{ foreman_development_plugin_name }}" + deploy_git_repository_user: "{{ foreman_development_user }}" + deploy_git_repository_repository_owner: "{{ foreman_development_plugin_org }}" + deploy_git_repository_repository_name: "{{ foreman_development_plugin_name }}" + deploy_git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" when: - foreman_development_plugin_manage_repo - - foreman_development_github_username != "" - name: Create plugin settings file ansible.builtin.template: From d08f5d430a120f47075e45d242d7108363fcfb47 Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Mon, 16 Feb 2026 09:12:39 +0100 Subject: [PATCH 2/5] s/deploy_git_repository/git_repository/ --- .../deploy_git_repository/defaults/main.yml | 12 ----------- .../deploy_git_repository/tasks/main.yml | 20 ------------------- .../roles/foreman_development/tasks/main.yaml | 14 ++++++------- .../foreman_development/tasks/plugin.yaml | 12 +++++------ .../roles/git_repository/defaults/main.yml | 12 +++++++++++ .../roles/git_repository/tasks/main.yml | 20 +++++++++++++++++++ 6 files changed, 45 insertions(+), 45 deletions(-) delete mode 100644 development/roles/deploy_git_repository/defaults/main.yml delete mode 100644 development/roles/deploy_git_repository/tasks/main.yml create mode 100644 development/roles/git_repository/defaults/main.yml create mode 100644 development/roles/git_repository/tasks/main.yml diff --git a/development/roles/deploy_git_repository/defaults/main.yml b/development/roles/deploy_git_repository/defaults/main.yml deleted file mode 100644 index d53130a8..00000000 --- a/development/roles/deploy_git_repository/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -deploy_git_repository_remote_name: "origin" -deploy_git_repository_revision: "HEAD" - -# deploy_git_repository_repository_owner -# deploy_git_repository_repository_name -# deploy_git_repository_destination_dir - -# deploy_git_repository_secondary_remote_owner -# deploy_git_repository_secondary_remote_name - -# # Ansible is silly and won't allow using become and become_user together with include_role -# deploy_git_repository_user diff --git a/development/roles/deploy_git_repository/tasks/main.yml b/development/roles/deploy_git_repository/tasks/main.yml deleted file mode 100644 index 3eb76b1d..00000000 --- a/development/roles/deploy_git_repository/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Clone Foreman repository - ansible.builtin.git: - repo: "https://github.com/{{ deploy_git_repository_repository_owner }}/{{ deploy_git_repository_repository_name }}" - dest: "{{ deploy_git_repository_destination_dir }}" - version: "{{ deploy_git_repository_revision }}" - force: true - remote: "{{ deploy_git_repository_remote_name }}" - become: true - become_user: "{{ deploy_git_repository_user }}" - -- name: Add GitHub username as additional remote for Foreman - community.general.git_config: - name: "remote.{{ deploy_git_repository_secondary_remote_name | default(deploy_git_repository_secondary_remote_owner) }}.url" - scope: local - repo: "{{ deploy_git_repository_destination_dir }}" - value: "git@github.com:{{ deploy_git_repository_secondary_remote_owner }}/{{ deploy_git_repository_repository_name }}.git" - state: present - when: deploy_git_repository_secondary_remote_owner | default("") != "" - become: true - become_user: "{{ deploy_git_repository_user }}" diff --git a/development/roles/foreman_development/tasks/main.yaml b/development/roles/foreman_development/tasks/main.yaml index 70bd360d..197994c6 100644 --- a/development/roles/foreman_development/tasks/main.yaml +++ b/development/roles/foreman_development/tasks/main.yaml @@ -87,14 +87,14 @@ - name: Deploy Foreman git repository ansible.builtin.include_role: - name: deploy_git_repository + name: git_repository vars: - deploy_git_repository_destination_dir: "{{ foreman_development_foreman_dir }}" - deploy_git_repository_user: "{{ foreman_development_user }}" - deploy_git_repository_repository_owner: "theforeman" - deploy_git_repository_repository_name: "foreman" - deploy_git_repository_revision: "{{ foreman_development_git_revision }}" - deploy_git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" + git_repository_destination_dir: "{{ foreman_development_foreman_dir }}" + git_repository_user: "{{ foreman_development_user }}" + git_repository_repository_owner: "theforeman" + git_repository_repository_name: "foreman" + git_repository_revision: "{{ foreman_development_git_revision }}" + git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" - name: Create database configuration ansible.builtin.template: diff --git a/development/roles/foreman_development/tasks/plugin.yaml b/development/roles/foreman_development/tasks/plugin.yaml index 5a2a4b71..4d417156 100644 --- a/development/roles/foreman_development/tasks/plugin.yaml +++ b/development/roles/foreman_development/tasks/plugin.yaml @@ -1,13 +1,13 @@ --- - name: Deploy plugin git repository ansible.builtin.include_role: - name: deploy_git_repository + name: git_repository vars: - deploy_git_repository_destination_dir: "{{ foreman_development_deployment_dir }}/{{ foreman_development_plugin_name }}" - deploy_git_repository_user: "{{ foreman_development_user }}" - deploy_git_repository_repository_owner: "{{ foreman_development_plugin_org }}" - deploy_git_repository_repository_name: "{{ foreman_development_plugin_name }}" - deploy_git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" + git_repository_destination_dir: "{{ foreman_development_deployment_dir }}/{{ foreman_development_plugin_name }}" + git_repository_user: "{{ foreman_development_user }}" + git_repository_repository_owner: "{{ foreman_development_plugin_org }}" + git_repository_repository_name: "{{ foreman_development_plugin_name }}" + git_repository_secondary_remote_owner: "{{ foreman_development_github_username }}" when: - foreman_development_plugin_manage_repo diff --git a/development/roles/git_repository/defaults/main.yml b/development/roles/git_repository/defaults/main.yml new file mode 100644 index 00000000..de42c858 --- /dev/null +++ b/development/roles/git_repository/defaults/main.yml @@ -0,0 +1,12 @@ +git_repository_remote_name: "origin" +git_repository_revision: "HEAD" + +# git_repository_repository_owner +# git_repository_repository_name +# git_repository_destination_dir + +# git_repository_secondary_remote_owner +# git_repository_secondary_remote_name + +# # Ansible is silly and won't allow using become and become_user together with include_role +# git_repository_user diff --git a/development/roles/git_repository/tasks/main.yml b/development/roles/git_repository/tasks/main.yml new file mode 100644 index 00000000..faf4c449 --- /dev/null +++ b/development/roles/git_repository/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Clone Foreman repository + ansible.builtin.git: + repo: "https://github.com/{{ git_repository_repository_owner }}/{{ git_repository_repository_name }}" + dest: "{{ git_repository_destination_dir }}" + version: "{{ git_repository_revision }}" + force: true + remote: "{{ git_repository_remote_name }}" + become: true + become_user: "{{ git_repository_user }}" + +- name: Add GitHub username as additional remote for Foreman + community.general.git_config: + name: "remote.{{ git_repository_secondary_remote_name | default(git_repository_secondary_remote_owner) }}.url" + scope: local + repo: "{{ git_repository_destination_dir }}" + value: "git@github.com:{{ git_repository_secondary_remote_owner }}/{{ git_repository_repository_name }}.git" + state: present + when: git_repository_secondary_remote_owner | default("") != "" + become: true + become_user: "{{ git_repository_user }}" From c0f8a0b05be1635196848ea86e6fb5147f6dc69e Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Mon, 16 Feb 2026 09:13:45 +0100 Subject: [PATCH 3/5] Add readme --- development/roles/git_repository/README.md | 36 +++++++++++++++++++ .../roles/git_repository/defaults/main.yml | 10 ------ 2 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 development/roles/git_repository/README.md diff --git a/development/roles/git_repository/README.md b/development/roles/git_repository/README.md new file mode 100644 index 00000000..50c85d9d --- /dev/null +++ b/development/roles/git_repository/README.md @@ -0,0 +1,36 @@ +# git_repository + +A role that clones a git repository from GitHub and optionally adds an additional remote to it. + +Roughly corresponds to + +```shell +$ su {{ git_repository_user }} + +$ git clone https://github.com/{{ git_repository_repository_owner }}/{{ git_repository_repository_name }} \ + --branch {{ git_repository_revision }} \ + --remote {{ git repository_remote_name || "origin" }} + {{ git_repository_destination_dir }} + +$ if {{ git_repository_secondary_remote_owner }}; then + cd {{ git_repository_destination_dir }} + git remote add \ + {{ git_repository_secondary_remote_name || git_repository_secondary_remote_owner }} \ + git@github.com:{{ git_repository_secondary_remote_owner }}/{{ git_repository_repository_name }} +fi +``` + +## Parameters + +| Variable | Description | Required | +|----------|-------------|------| +| `git_repository_repository_owner` | The owner of the repository to clone from | Yes | +| `git_repository_repository_name` | The name of the repository to clone | Yes | +| `git_repository_revision` | The revision to clone the repository at | No, defaults to `HEAD` | +| `git_repository_remote_name` | The name of the remote the repository was cloned from | No, defaults to `origin` | +| `git_repository_destination_dir` | Path to the directory where the repository will be cloned to | Yes | +| `git_repository_secondary_remote_owner` | Name of the owner of the secondary remote to be added to the local clone | No, secondary remote will not be added if left blank | +| `git_repository_secondary_remote_name` | Name of the remote of the secondary repository | No, defaults to `{{ git_repository_secondary_remote_owner }}` | +| `git_repository_user` | The owner of the git checkout | Yes | + +Generally it would be preferrable to avoid the need for `git_repository_user` by controlling the user with `become` and `become_user`, but those are not available in all contexts. diff --git a/development/roles/git_repository/defaults/main.yml b/development/roles/git_repository/defaults/main.yml index de42c858..8ec4d734 100644 --- a/development/roles/git_repository/defaults/main.yml +++ b/development/roles/git_repository/defaults/main.yml @@ -1,12 +1,2 @@ git_repository_remote_name: "origin" git_repository_revision: "HEAD" - -# git_repository_repository_owner -# git_repository_repository_name -# git_repository_destination_dir - -# git_repository_secondary_remote_owner -# git_repository_secondary_remote_name - -# # Ansible is silly and won't allow using become and become_user together with include_role -# git_repository_user From 1d5bf945b4ea87945fa4d9a8ef2990f08d72c7bb Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Mon, 16 Feb 2026 14:30:19 +0100 Subject: [PATCH 4/5] More apt task naming --- development/roles/git_repository/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/development/roles/git_repository/tasks/main.yml b/development/roles/git_repository/tasks/main.yml index faf4c449..fddfacfc 100644 --- a/development/roles/git_repository/tasks/main.yml +++ b/development/roles/git_repository/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Clone Foreman repository +- name: Clone repository ansible.builtin.git: repo: "https://github.com/{{ git_repository_repository_owner }}/{{ git_repository_repository_name }}" dest: "{{ git_repository_destination_dir }}" @@ -8,7 +8,7 @@ become: true become_user: "{{ git_repository_user }}" -- name: Add GitHub username as additional remote for Foreman +- name: Add GitHub username as additional remote community.general.git_config: name: "remote.{{ git_repository_secondary_remote_name | default(git_repository_secondary_remote_owner) }}.url" scope: local From 89e46a052555d1cdccc5a16d233a5bc0a1ef96a7 Mon Sep 17 00:00:00 2001 From: Adam Ruzicka Date: Mon, 16 Feb 2026 14:39:55 +0100 Subject: [PATCH 5/5] wording --- development/roles/git_repository/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/development/roles/git_repository/README.md b/development/roles/git_repository/README.md index 50c85d9d..4a4748b9 100644 --- a/development/roles/git_repository/README.md +++ b/development/roles/git_repository/README.md @@ -31,6 +31,6 @@ fi | `git_repository_destination_dir` | Path to the directory where the repository will be cloned to | Yes | | `git_repository_secondary_remote_owner` | Name of the owner of the secondary remote to be added to the local clone | No, secondary remote will not be added if left blank | | `git_repository_secondary_remote_name` | Name of the remote of the secondary repository | No, defaults to `{{ git_repository_secondary_remote_owner }}` | -| `git_repository_user` | The owner of the git checkout | Yes | +| `git_repository_user` | The system user on the target host that the role will be applied as, this user ends up being the owner of the git checkout | Yes | Generally it would be preferrable to avoid the need for `git_repository_user` by controlling the user with `become` and `become_user`, but those are not available in all contexts.