diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..8a80fa3 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,21 @@ +--- +name: lint + +on: # yamllint disable-line rule:truthy + push: + pull_request: + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: install dependencies + run: > + pip install -r .dev_requirements.txt + + - run: yamllint --strict -c .yamllint . + + - run: ansible-lint diff --git a/handlers/main.yml b/handlers/main.yml index 9b601c7..4b07baa 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: reload nginx +- name: Reload nginx ansible.builtin.service: name: nginx state: reloaded diff --git a/meta/main.yml b/meta/main.yml index a1a2751..6c7cb62 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,14 +7,14 @@ galaxy_info: company: ELAN e.V. description: Installs and prepares Nginx for Opencast license: BSD-3-Clause - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: - opencast platforms: - name: EL versions: - - 8 - - 9 + - "8" + - "9" - name: Debian versions: - bullseye diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 8547a04..876bd3a 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -4,31 +4,31 @@ hosts: all gather_facts: false tasks: - - name: test that nginx redirects to https + - name: Test that nginx redirects to https ansible.builtin.uri: url: http://127.0.0.1/ follow_redirects: none status_code: 301 - - name: test that nginx acts as proxy on https + - name: Test that nginx acts as proxy on https ansible.builtin.uri: url: https://127.0.0.1/ validate_certs: false follow_redirects: none status_code: 502 - - name: add extra configuration + - name: Add extra configuration ansible.builtin.copy: content: 'location /test { return 204; }' dest: /etc/nginx/conf.d/extra.conf mode: '0644' - - name: reload nginx + - name: Reload nginx ansible.builtin.service: name: nginx state: reloaded - - name: test extra configuration + - name: Test extra configuration ansible.builtin.uri: url: https://127.0.0.1/test validate_certs: false diff --git a/tasks/main.yml b/tasks/main.yml index bf09fc9..fda6820 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: install nginx +- name: Install nginx ansible.builtin.package: name: nginx state: present -- name: create configuration directories +- name: Create configuration directories ansible.builtin.file: path: /etc/nginx/{{ item }} state: directory @@ -16,29 +16,29 @@ - ssl - conf.d -- name: configure nginx for opencast +- name: Configure nginx for opencast ansible.builtin.template: src: '{{ item }}' dest: /etc/nginx/{{ item }} mode: '0644' owner: root group: root - notify: reload nginx + notify: Reload nginx loop: - nginx.conf - conf.d/tls.conf - conf.d/http.conf -- name: generate diffie-hellman parameters +- name: Generate diffie-hellman parameters community.crypto.openssl_dhparam: path: /etc/nginx/ssl/dhparam.pem size: 2048 mode: '0640' owner: root group: root - notify: reload nginx + notify: Reload nginx -- name: create extra configuration file +- name: Create extra configuration file ansible.builtin.copy: src: extra.conf dest: /etc/nginx/conf.d/extra.conf @@ -46,9 +46,9 @@ group: root mode: '0644' force: false - notify: reload nginx + notify: Reload nginx -- name: install dummy tls certificate +- name: Install dummy tls certificate ansible.builtin.copy: src: dummy-tls-{{ item }}.pem dest: /etc/nginx/ssl/{{ inventory_hostname }}.{{ item }} @@ -56,12 +56,12 @@ group: root mode: '0400' force: false - notify: reload nginx + notify: Reload nginx loop: - key - crt -- name: enable nginx +- name: Enable nginx ansible.builtin.service: name: nginx enabled: true