name: ansible-lint
on:
  workflow_dispatch:
  push:
    branches: [ master ]
  pull_request:

jobs:
  ansible-lint:
    name: Ansible Lint
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: write vault-pass
        run: echo ${{ secrets.VAULTPASS }} > ./vault-pass

      - name: Run ansible-lint
        uses: docker://registry.mgrote.net/ansible-devspace:latest
        with:
          args: /home/ansible-dev/.local/bin/ansible-lint --force-color --format pep8 --show-relpath

  gitleaks:
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run Gitleaks
        uses: docker://zricethezav/gitleaks:v8.21.2
        with:
          args: detect --no-git --verbose --source ${{ github.workspace }}

# VAULTPASS ist als Secrets auf Repo-Ebene angelegt