diff --git a/.gitea/workflows/ansible-lint.yaml b/.gitea/workflows/ansible-lint.yaml index e16bc7ba..089c65b0 100644 --- a/.gitea/workflows/ansible-lint.yaml +++ b/.gitea/workflows/ansible-lint.yaml @@ -8,17 +8,20 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - - name: Run ansible-lint + - name: Debug + run: echo $${SSHKEY} + + - name: write ssh-key + run: echo $${SSHKEY} > ./id_ed25519 + + - name: set ssh-key permissions + run: chmod 0400 ./id_ed25519 + + - name: write vault-pass + run: echo $${VAULTPASS} > ./vault-pass + + - name: run ansible-lint + run: ansible-lint --force-color --format pep8 --show-relpath uses: docker://registry.mgrote.net/ansible-devspace:latest - run: | - # Secrets - echo $${SSHKEY} # debug - echo $${SSHKEY} > ./id_ed25519 - chmod 0400 ./id_ed25519 - - echo $${VAULTPASS} > ./vault-pass - - # Doing - ansible-lint --force-color --format pep8 --show-relpath # SSHKEY + VAULTPASS sind als Secrets auf Repo-Ebene angelegt diff --git a/.woodpecker/ansible-lint.yml b/.woodpecker/ansible-lint.yml deleted file mode 100644 index ea875b35..00000000 --- a/.woodpecker/ansible-lint.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -depends_on: - - gitleaks - -steps: - ansible-lint: - image: registry.mgrote.net/ansible-devspace:latest - commands: - # Secrets - - echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreaks, daher mit base64 -w0 "kodiert" - - echo $${VAULTPASS} | base64 -d > ./vault-pass # Name des Secrets in Großschreibung - - chmod 0400 ./id_ed25519 - # Doing - - ansible-lint --force-color --format pep8 --show-relpath - # https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands - secrets: [vaultpass] - when: - - event: [push, pull_request, cron, pull_request_closed, tag, release, manual] - evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"' -...