From 3be8cd10be9616363a0a6d40cabe5df67ceefa02 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:29:59 +0100 Subject: [PATCH 1/5] =?UTF-8?q?feat=20=E2=9C=A8:=20Add=20task=20to=20gathe?= =?UTF-8?q?r=20active=20swaps=20and=20comment=20swap=20entries=20in=20fsta?= =?UTF-8?q?b?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit introduces a new feature that adds a task to gather information about active swaps on the system. Additionally, it comments out existing swap entries in the `/etc/fstab` file to prevent them from being mounted at boot. --- tasks/swap.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tasks/swap.yml b/tasks/swap.yml index 8dccfb6..ff80d44 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -6,18 +6,23 @@ state: present reload: yes +- name: swap | Gather active swaps + command: swapon --noheadings --show=NAME + register: active_swaps + changed_when: false + - name: swap | Disable swap if host has enough RAM ansible.builtin.command: swapoff -a when: - proxmox_disable_swap - ansible_memtotal_mb >= proxmox_min_ram_mb_for_no_swap - changed_when: false + - active_swaps.stdout != "" -- name: swap | Remove swap from fstab +- name: swap | Comment swap entries in fstab ansible.builtin.replace: path: /etc/fstab - regexp: '^\S+\s+\S+\s+swap\s+.*$' - replace: '' + regexp: '^(\s*)(?!#)(\S+\s+\S+\s+swap\s+.*)$' + replace: '\1# \2' when: - proxmox_disable_swap - ansible_memtotal_mb >= proxmox_min_ram_mb_for_no_swap -- 2.49.1 From 8199aabc380d345d9b1a864cd4b47fedb2cfbd68 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:32:17 +0100 Subject: [PATCH 2/5] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor?= =?UTF-8?q?=20task=20to=20use=20`ansible.builtin.command`=20for=20compatib?= =?UTF-8?q?ility?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated the task to use `ansible.builtin.command` instead of the deprecated `command` module for better compatibility with newer Ansible versions. --- tasks/swap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/swap.yml b/tasks/swap.yml index ff80d44..70aee77 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -7,7 +7,7 @@ reload: yes - name: swap | Gather active swaps - command: swapon --noheadings --show=NAME + ansible.builtin.command: swapon --noheadings --show=NAME register: active_swaps changed_when: false -- 2.49.1 From 75693ebf2e60b0edefe63e344d5d602b307a244d Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 14 Feb 2026 08:35:56 +0100 Subject: [PATCH 3/5] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor?= =?UTF-8?q?=20workflows=20to=20include=20issues=20and=20push=20events,=20a?= =?UTF-8?q?dd=20PR=20check=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit refactors the existing workflows by removing 'pull_request' triggers from ansible-lint and markdown-lint.yml files. It also adds a new workflow file `.gitea/workflows/pr-check-yaml` for performing checks on pull requests. --- .gitea/workflows/ansible-lint.yml | 2 +- .gitea/workflows/gitleaks.yml | 4 +- .gitea/workflows/markdown-lint.yml | 2 +- .gitea/workflows/pr-check-yaml | 163 +++++++++++++++++++++++++++++ 4 files changed, 166 insertions(+), 5 deletions(-) create mode 100644 .gitea/workflows/pr-check-yaml diff --git a/.gitea/workflows/ansible-lint.yml b/.gitea/workflows/ansible-lint.yml index f1fd650..649b84f 100644 --- a/.gitea/workflows/ansible-lint.yml +++ b/.gitea/workflows/ansible-lint.yml @@ -2,7 +2,7 @@ # .gitea/workflows/ansible-lint.yml name: ansible-lint -on: [pull_request, issues, push] +on: [issues, push] jobs: build: diff --git a/.gitea/workflows/gitleaks.yml b/.gitea/workflows/gitleaks.yml index 56f1ac1..528ef5d 100644 --- a/.gitea/workflows/gitleaks.yml +++ b/.gitea/workflows/gitleaks.yml @@ -1,9 +1,7 @@ --- name: Gitleaks Scan -on: - push: - pull_request: +on: [issues, push] jobs: gitleaks: diff --git a/.gitea/workflows/markdown-lint.yml b/.gitea/workflows/markdown-lint.yml index 80a6846..cc37469 100644 --- a/.gitea/workflows/markdown-lint.yml +++ b/.gitea/workflows/markdown-lint.yml @@ -2,7 +2,7 @@ # .gitea/workflows/markdown-lint.yml name: Markdown Lint -on: [pull_request, issues, push] +on: [issues, push] jobs: build: diff --git a/.gitea/workflows/pr-check-yaml b/.gitea/workflows/pr-check-yaml new file mode 100644 index 0000000..c7e23f2 --- /dev/null +++ b/.gitea/workflows/pr-check-yaml @@ -0,0 +1,163 @@ +# https://github.com/kekxv/pr-check +name: ai-reviews + +on: + pull_request: + types: [opened, synchronize] + +jobs: + leak_test: + name: Gitleaks + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + github-server-url: ${{ vars.GIT_SERVER_URL }} + + - name: Install Gitleaks + run: | + curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \ + | tar -xz + sudo mv gitleaks /usr/local/bin/ + + - name: Run Gitleaks + run: | + gitleaks dir . \ + --redact=10 \ + --verbose \ + --exit-code 1 + + lint_test: + name: lint test + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + github-server-url: ${{ vars.GIT_SERVER_URL }} + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Run markdownlint + run: npx markdownlint-cli2 "**/*.md" "#node_modules" + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.14" + + - name: Install ansible-lint and yamllint + run: | + python -m pip install --upgrade pip + pip install ansible ansible-lint yamllint + + - name: Run yamllint + run: | + yamllint . + + - name: Run ansible-lint + run: | + ansible-lint + +handle_failures: + runs-on: ubuntu-latest + needs: [leak_test, lint_test] + if: needs.leak_test.result != 'success' || needs.lint_test.result != 'success' + + steps: + - name: Comment, label, and close PR + run: | + API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" + PR="${{ github.event.pull_request.number }}" + TOKEN="${{ secrets.GITEA_TOKEN }}" + + COMMENT_BODY="❌ CI checks failed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" + + # Find existing comment + EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/comments" \ + | jq -r '.[] | select(.body | test("")) | .id') + + # Update or create comment + if [ -n "$EXISTING_COMMENT_ID" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" + else + curl -s -X POST \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments" + fi + + # Add label if missing + LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') + if ! echo "$LABELS" | grep -q "^ci-failed$"; then + curl -s -X POST \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '["ci-failed"]' \ + "$API/issues/$PR/labels" + fi + + # Close PR + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"state":"closed"}' \ + "$API/pulls/$PR" + +handle_success: + runs-on: ubuntu-latest + needs: [leak_test, lint_test] + if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success' + + steps: + - name: Update comment, remove label, reopen PR + run: | + API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" + PR="${{ github.event.pull_request.number }}" + TOKEN="${{ secrets.GITEA_TOKEN }}" + + COMMENT_BODY="✅ All CI checks passed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" + + # Find existing comment + EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/comments" \ + | jq -r '.[] | select(.body | test("")) | .id') + + # Update comment if exists + if [ -n "$EXISTING_COMMENT_ID" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" + fi + + # Remove label if exists + LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') + if echo "$LABELS" | grep -q "^ci-failed$"; then + curl -s -X DELETE \ + -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/labels/ci-failed" + fi + + # Reopen PR if closed + PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state') + if [ "$PR_STATE" = "closed" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"state":"open"}' \ + "$API/pulls/$PR" + fi -- 2.49.1 From cbd2f38da095213628254ca210379db80f758164 Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 14 Feb 2026 08:39:57 +0100 Subject: [PATCH 4/5] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Convert=20?= =?UTF-8?q?string=20to=20boolean=20for=20condition=20and=20changed=5Fwhen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactored the code to convert string values to boolean for conditional checks and update the `changed_when` attribute accordingly. --- tasks/swap.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/swap.yml b/tasks/swap.yml index 70aee77..adf3fb2 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -16,7 +16,8 @@ when: - proxmox_disable_swap - ansible_memtotal_mb >= proxmox_min_ram_mb_for_no_swap - - active_swaps.stdout != "" + - active_swaps.stdout | bool + changed_when: active_swaps.stdout | bool - name: swap | Comment swap entries in fstab ansible.builtin.replace: -- 2.49.1 From 535aeb2c0cc21cb21f93bf4c399145e73127f461 Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 14 Feb 2026 08:42:29 +0100 Subject: [PATCH 5/5] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Rename=20w?= =?UTF-8?q?orkflow=20from=20'ai-reviews'=20to=20'PR=20check'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactored the workflow name from 'ai-reviews' to 'PR check' to improve clarity and consistency within the project. --- .gitea/workflows/pr-check-yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-check-yaml b/.gitea/workflows/pr-check-yaml index c7e23f2..049e714 100644 --- a/.gitea/workflows/pr-check-yaml +++ b/.gitea/workflows/pr-check-yaml @@ -1,5 +1,5 @@ # https://github.com/kekxv/pr-check -name: ai-reviews +name: PR check on: pull_request: -- 2.49.1