infrastructure/.gitea/workflows/check.yaml

name: Check
on: [push]
jobs:
  "Lint Ansible Files":
    runs-on: ubuntu-22.04
    steps:
      - run: apt-get update
      - run: apt-get install -y python3 python3-pip python3-venv
      - run: python3 --version
      - name: Check out repo
        uses: actions/checkout@v3
      - run: python3 -m venv venv
      - run: venv/bin/pip --disable-pip-version-check install ansible==7.2.0 ansible-lint==6.16.1 > /dev/null 2> /dev/null
      - run: venv/bin/ansible-lint -c .ansible-lint ansible
  "Run ansible-playbook --check":
    runs-on: ubuntu-22.04
    steps:
      - run: apt-get update
      - run: apt-get install -y python3 python3-pip python3-venv
      - run: python3 --version
      - name: Check out repo
        uses: actions/checkout@v3
      - run: python3 -m venv venv
      - run: venv/bin/pip install ansible==7.2.0 > /dev/null 2> /dev/null
      - run: mkdir -p "$HOME/.ssh"
      - run: echo "$SSH_KEY" > "$HOME/.ssh/id"
        env:
          SSH_KEY: ${{ secrets.ssh_key }}
      - run: chmod 0600 ~/.ssh/id
      - run: ssh-keyscan -p 2309 pbrinkmeier.de > "$HOME/.ssh/known_hosts"
      - run: echo "$VAULT_PASSWORD" > "$HOME/vault_password"
        env:
          VAULT_PASSWORD: ${{ secrets.vault_password }}
      # I've been having problems with ssh-keyscan -p 2309 vmd98928.contaboserver.net, which
      # is the current inventory entry for misc. It's probably not a bad idea to remap that anyways.
      - run: echo "[misc]\npbrinkmeier.de ansible_port=2309" > ansible/inventory
      - run: 'cd ansible && ansible-playbook --private-key "$HOME/.ssh/id" --vault-password-file "$HOME/vault_password" --check playbooks/misc-all.yaml'