I love using GitLab to test and build my Ansible content, but it can be hard to find documentation and examples online. That’s a bummer, I bet there are some really cool implementations using GitLab, and we should share those! So I’m going to kick off the effort to share some examples of stuff I’ve used/figured out here. If nothing else to help “future me” that will forget it and probably land back on this from a search online.
Linting:
To test collection dependency issues, I ignore any collections that may have be bundled into the base image and start a new collections path that I can test the requirements.yml with.
# Default variables available to all jobs unless overridden
variables:
ANSIBLE_COLLECTIONS_PATH: "${CI_PROJECT_DIR}/collections"
I define a linting template that lets me override the profile and an extra args to do fun stuff later.
.ansible-lint-template: &ansible-lint-configuration
stage: test
# Seting this to allow failures as a default
allow_failure: true
before_script:
- echo $ANSIBLE_COLLECTIONS_PATH
- ansible-lint --version
- echo "Using $EXTRA_ARGS extra arguments"
- echo "Using $PROFILE profile"
- ansible-galaxy collection list
script:
# Force color options keeps the pretty output in gitlab web ui
- ansible-lint $EXTRA_ARGS --force-color --profile $PROFILE
Using the template looks like this
# Do not tolerate threshold
ansible-lint-min-profile:
<<: *ansible-lint-configuration
# You have failed to meet the minimum standard, try again
allow_failure: false
variables:
PROFILE: "min"
# Target without failing pipeline
ansible-lint-target-profile:
<<: *ansible-lint-configuration
variables:
PROFILE: "production"
Code Climate / Quality:
If you really want to get fancy, you can take advantage of Gitlab’s built in Code Quality widget and reports (Code Quality | GitLab) by outputting in sarif format and converting it to their standard. The convertor is easy to install and use and can be found here Sarif-tools Github
# Don't break the build but capture findings threshold
ansible-lint-production-profile:
<<: *ansible-lint-configuration
variables:
# Set to maximum to catch everything we can
PROFILE: "production"
# Store the output in sarif format
EXTRA_ARGS: "--sarif-file gl-code-quality-report.sarif"
script:
# Test fully but always return true
- ansible-lint $EXTRA_ARGS --force-color --profile $PROFILE || echo true
artifacts:
paths:
# This can be any name as long as you reference correctly later
- gl-code-quality-report.sarif
expire_in: 1 hour
# This needs to be in a later stage of the pipeline to pass artifacts
ansible-lint-code-quality-report:
stage: code-quality
dependencies:
- ansible-lint-production-profile
script:
- set -x
- echo "Convert gl-code-quality-report.sarif to Gitlab code quality format"
- pip install sarif-tools
- sarif codeclimate gl-code-quality-report.sarif
artifacts:
reports:
# This name needs to be exactly this
codequality: gl-code-quality-report.json
I’m pretty excited about the Code Climate / Quality reporting. I only recently figured it out and I’m excited to see if it’ll help raise standards without the frustration of failing every pipeline.
Authenticating to pull Ansible content:
The last thing I’ll mention here is pulling from authenticated galaxy and automation hub instances. Rather than having to hard code values into the ansible.cfg it is possible to entirely use ENV variables. These can be set in GitLab’s CI/CD variables at the project or group level and things just work.
If you’re pulling content from cloud.redhat.com and galaxy, you would just need the settings below. It’s clever enough to look for ENVs matching the servers you add to your ANSIBLE_GALAXY_SERVER_LIST.
ANSIBLE_GALAXY_SERVER_LIST = automation_hub,upstream_galaxy
ANSIBLE_GALAXY_SERVER_UPSTREAM_GALAXY_URL = https://galaxy.ansible.com/
ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN = <your_secret_token>
ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL = https://cloud.redhat.com/api/automation-hub/
Hope that helps, and share some examples if you have them. I’m looking forward to playing more with the templating features in python-semantic-versioning, and auto documenting with Docsible next personally.
EDIT: Formatting fixes