fix: state merged for panos_security_rule #1302
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| pull_request: | |
| #schedule: | |
| # - cron: '0 6 * * *' | |
| env: | |
| NAMESPACE: paloaltonetworks | |
| COLLECTION_NAME: panos | |
| PYTHON_VERSION: 3.8 | |
| jobs: | |
| ## Sanity is required: | |
| # | |
| # https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html | |
| sanity: | |
| name: Sanity (Ⓐ${{ matrix.ansible }}) | |
| strategy: | |
| matrix: | |
| include: | |
| - ansible: "2.14" | |
| python_ver: "3.11" | |
| - ansible: "2.15" | |
| python_ver: "3.11" | |
| - ansible: "2.16" | |
| python_ver: "3.11" | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python_ver }} | |
| - name: Install Poetry | |
| uses: Gr1N/setup-poetry@v8 | |
| #with: | |
| # poetry-version: 1.0.10 | |
| # Install the head of the given branch (devel, stable-2.10) | |
| - name: Install ansible-base (${{ matrix.ansible }}) | |
| run: poetry run pip install https://github.com/ansible/ansible/archive/stable-${{ matrix.ansible }}.tar.gz --disable-pip-version-check | |
| - name: Create lock file | |
| run: poetry lock | |
| #- name: Cache poetry dependencies | |
| # uses: actions/cache@v2 | |
| # with: | |
| # #path: ~/.cache/pypoetry/virtualenvs | |
| # #key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }} | |
| # ##restore-keys: | | |
| # ## ${{ runner.os }}-poetry-${{ matrix.python-version }}- | |
| # path: ${{ steps.poetry-cache.outputs.dir }} | |
| # key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-poetry- | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: Run sanity tests | |
| timeout-minutes: 8 | |
| run: poetry run make new-sanity | |
| # Ansible-lint is a requirement for certification, and was added to the | |
| # certification pipeline 20 June 2023 per Ansible Partner Engineering | |
| # communication emails | |
| # | |
| # Config file is .ansible-lint | |
| lint: | |
| name: Ansible Lint | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Run ansible-lint | |
| uses: ansible/ansible-lint@main | |
| # Tox is used to execute linters required for Event-Driven Ansible (EDA) code: | |
| # github.com/ansible/eda-partner-testing/blob/main/README.md | |
| # Tox should only execute over <root>/extensions/eda/plugins. | |
| # Tox utilises the tox.ini file found in the local directory. | |
| # This action is taken from Ansible Partner Engineering's example: | |
| # github.com/ansible/eda-partner-testing/blob/main/.github/workflows/tox.yml | |
| # Tox is planned by Ansible Partner Engineering to cover other code in future. | |
| tox: | |
| name: Tox Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install deps | |
| run: python -m pip install tox | |
| - name: Move to tox conf file and run tox | |
| run: | | |
| cd .github/workflows | |
| python -m tox -- ../.. | |
| format: | |
| name: Code Format Check | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: ./ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install Poetry | |
| uses: Gr1N/setup-poetry@v8 | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: Do black code format check | |
| run: poetry run make check-format | |
| release: | |
| name: release | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [sanity, tox, lint, format] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # This task could be removed once the task below is confirmed working | |
| - name: Set up Galaxy auth | |
| run: | | |
| mkdir -p ~/.ansible | |
| echo "token: $GALAXY_API_KEY" > ~/.ansible/galaxy_token | |
| env: | |
| GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }} | |
| shell: bash | |
| # New task for combined Galaxy and AutomationHub publishing | |
| - name: Set up Automation Hub and Galaxy ansible.cfg file | |
| run: | | |
| cat << EOF > ansible.cfg | |
| [galaxy] | |
| server_list = automation_hub, release_galaxy | |
| [galaxy_server.automation_hub] | |
| url=${{ secrets.AUTOMATION_HUB_URL }} | |
| auth_url=${{ secrets.AUTOMATION_HUB_SSO_URL }} | |
| token=${{ secrets.AUTOMATION_HUB_API_TOKEN }} | |
| [galaxy_server.release_galaxy] | |
| url=https://galaxy.ansible.com/ | |
| token=${{ secrets.GALAXY_API_KEY }} | |
| EOF | |
| shell: bash | |
| - name: Create release and publish | |
| id: release | |
| uses: cycjimmy/semantic-release-action@v4 | |
| with: | |
| semantic_version: 17.1.1 | |
| extra_plugins: | | |
| conventional-changelog-conventionalcommits@^4.4.0 | |
| @semantic-release/changelog@^5.0.1 | |
| @semantic-release/git@^9.0.0 | |
| @semantic-release/exec@^5.0.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Store built collection | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: collection | |
| path: | | |
| *.tar.gz | |
| docs: | |
| name: docs | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| needs: [release] | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./ansible_collections/paloaltonetworks/panos | |
| steps: | |
| # Just a note here: The Ansible stuff is apparently doing realpath | |
| # checks, so trying to simlink stuff and then run Ansible commands | |
| # such as ansible-test in the symlink directory fails. Thus we need | |
| # to have the real path contain ansible_collections/paloaltonetworks/panos. | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ./ansible_collections/paloaltonetworks/panos | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9 | |
| - name: Install Poetry | |
| uses: Gr1N/setup-poetry@v8 | |
| - name: Add ansible-core | |
| run: poetry add ansible-core^2.14 | |
| - name: Add antsibull-docs | |
| run: poetry add antsibull-docs^1.11.0 | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: Build the collection | |
| run: poetry run ansible-galaxy collection build | |
| # - name: Download built collection | |
| # uses: actions/download-artifact@v2 | |
| # with: | |
| # name: collection | |
| - name: Install built collection | |
| run: poetry run ansible-galaxy collection install *.tar.gz | |
| - name: Generate documentation | |
| run: poetry run make docs | |
| # This is here for right now because the action to deploy seems to assume | |
| # (and not have a configuration option to) mirror the actions/checkout@v4 | |
| # the with.path spec. | |
| - name: Move the repo to where the deploy action is looking for it | |
| run: | | |
| cd ../../../.. | |
| mv pan-os-ansible the_repo | |
| mv the_repo/ansible_collections/paloaltonetworks/panos pan-os-ansible | |
| mkdir -p pan-os-ansible/ansible_collections/paloaltonetworks/panos | |
| - name: Deploy to GitHub Pages | |
| uses: JamesIves/github-pages-deploy-action@v4.4.3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: gh-pages | |
| folder: docs/html | |
| clean: true |