Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor ♻️: Convert string to boolean for condition and changed_when #11

Merged
Jose merged 5 commits from dev into main 2026-02-14 08:45:14 +01:00
Conversation 2 Commits 5 Files Changed 5 +176 -9
5 changed files with 176 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/ansible-lint.yml
View File

@@ -2,7 +2,7 @@
# .gitea/workflows/ansible-lint.yml
name: ansible-lint
gitea-actions commented 2026-02-14 08:41:05 +01:00
Review
Copy Link

[Lines 2-3] [Score: 3] Removing the 'on: pull_request' event may impact issue detection for pull requests. Consider if this change is intended.

[Lines 2-3] [Score: 3] Removing the 'on: pull_request' event may impact issue detection for pull requests. Consider if this change is intended.
on: [pull_request, issues, push]
on: [issues, push]
jobs:
build:

4
.gitea/workflows/gitleaks.yml
View File

@@ -1,9 +1,7 @@
---
name: Gitleaks Scan
on:
push:
pull_request:
on: [issues, push]
jobs:
gitleaks:

2
.gitea/workflows/markdown-lint.yml
View File

@@ -2,7 +2,7 @@
# .gitea/workflows/markdown-lint.yml
name: Markdown Lint
on: [pull_request, issues, push]
on: [issues, push]
gitea-actions commented 2026-02-14 08:41:05 +01:00
Review
Copy Link

[Score: 2] Removing the 'pull_request' event could impact timely linting for pull requests. Consider adding it back if necessary.

[Score: 2] Removing the 'pull_request' event could impact timely linting for pull requests. Consider adding it back if necessary.
gitea-actions commented 2026-02-14 08:43:18 +01:00
Review
Copy Link

[Score: 2] Removed on event for pull requests which might cause a delay in linting pull requests as they are no longer automatically checked.

[Score: 2] Removed on event for pull requests which might cause a delay in linting pull requests as they are no longer automatically checked.
jobs:
build:

163
.gitea/workflows/pr-check-yaml Normal file
View File

@@ -0,0 +1,163 @@
# https://github.com/kekxv/pr-check
name: PR check
on:
pull_request:
types: [opened, synchronize]
jobs:
leak_test:
name: Gitleaks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
github-server-url: ${{ vars.GIT_SERVER_URL }}
- name: Install Gitleaks
run: |
curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
| tar -xz
sudo mv gitleaks /usr/local/bin/
- name: Run Gitleaks
run: |
gitleaks dir . \
--redact=10 \
--verbose \
--exit-code 1
lint_test:
name: lint test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
github-server-url: ${{ vars.GIT_SERVER_URL }}
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Run markdownlint
run: npx markdownlint-cli2 "**/*.md" "#node_modules"
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install ansible-lint and yamllint
run: |
python -m pip install --upgrade pip
pip install ansible ansible-lint yamllint
- name: Run yamllint
run: |
yamllint .
- name: Run ansible-lint
run: |
ansible-lint
handle_failures:
runs-on: ubuntu-latest
needs: [leak_test, lint_test]
if: needs.leak_test.result != 'success' || needs.lint_test.result != 'success'
steps:
- name: Comment, label, and close PR
run: |
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}"
TOKEN="${{ secrets.GITEA_TOKEN }}"
COMMENT_BODY="❌ CI checks failed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
# Find existing comment
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
"$API/issues/$PR/comments" \
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
# Update or create comment
if [ -n "$EXISTING_COMMENT_ID" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
else
curl -s -X POST \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments"
fi
# Add label if missing
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
if ! echo "$LABELS" | grep -q "^ci-failed$"; then
curl -s -X POST \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '["ci-failed"]' \
"$API/issues/$PR/labels"
fi
# Close PR
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"state":"closed"}' \
"$API/pulls/$PR"
handle_success:
runs-on: ubuntu-latest
needs: [leak_test, lint_test]
if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
steps:
- name: Update comment, remove label, reopen PR
run: |
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}"
TOKEN="${{ secrets.GITEA_TOKEN }}"
COMMENT_BODY="✅ All CI checks passed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
# Find existing comment
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
"$API/issues/$PR/comments" \
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
# Update comment if exists
if [ -n "$EXISTING_COMMENT_ID" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
fi
# Remove label if exists
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
if echo "$LABELS" | grep -q "^ci-failed$"; then
curl -s -X DELETE \
-H "Authorization: token $TOKEN" \
"$API/issues/$PR/labels/ci-failed"
fi
# Reopen PR if closed
PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
if [ "$PR_STATE" = "closed" ]; then
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"state":"open"}' \
"$API/pulls/$PR"
fi

14
tasks/swap.yml
View File

@@ -6,18 +6,24 @@
state: present
reload: yes
- name: swap | Gather active swaps
ansible.builtin.command: swapon --noheadings --show=NAME
register: active_swaps
changed_when: false
- name: swap | Disable swap if host has enough RAM
ansible.builtin.command: swapoff -a
when:
- proxmox_disable_swap
- ansible_memtotal_mb >= proxmox_min_ram_mb_for_no_swap
changed_when: false
- active_swaps.stdout | bool
changed_when: active_swaps.stdout | bool
- name: swap | Remove swap from fstab
- name: swap | Comment swap entries in fstab
ansible.builtin.replace:
path: /etc/fstab
regexp: '^\S+\s+\S+\s+swap\s+.*$'
replace: ''
regexp: '^(\s*)(?!#)(\S+\s+\S+\s+swap\s+.*)$'
gitea-actions commented 2026-02-14 08:43:18 +01:00
Review
Copy Link

[Score: 3] Consider using an anchored regular expression to avoid potential false positives or unintended modifications. For example, use (?x)^(\s*)(?P<swap>^(\S+\s+\S+\s+swap\s.*))$ instead. This will ensure that only the swap lines are commented and not other lines containing 'swap'.

[Score: 3] Consider using an anchored regular expression to avoid potential false positives or unintended modifications. For example, use `(?x)^(\s*)(?P<swap>^(\S+\s+\S+\s+swap\s.*))$` instead. This will ensure that only the swap lines are commented and not other lines containing 'swap'.
replace: '\1# \2'
when:
- proxmox_disable_swap
- ansible_memtotal_mb >= proxmox_min_ram_mb_for_no_swap