From aa65ac1beff950f708bc226f99b49329ec0e5380 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 6 Nov 2023 20:34:57 -0600 Subject: [PATCH 01/16] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0a0520d..8981f5b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # Infisical Collection This Ansible Infisical collection includes a variety of Ansible content to help automate the management of Infisical services. This collection is maintained by the Infisical team. +[View full documentation](https://galaxy.ansible.com/ui/repo/published/infisical_inc/vault/) + ## Ansible version compatibility Tested with the Ansible Core >= 2.12.0 versions, and the current development version of Ansible. Ansible Core versions prior to 2.12.0 have not been tested. From 521d5f9a95a9e7039a68bad3b51fa4a00d85b80d Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 8 Nov 2023 22:07:19 -0600 Subject: [PATCH 02/16] update namespace --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index b7a6e2d..1fb2fe0 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -2,7 +2,7 @@ # The namespace of the collection. This can be a company/brand/organization or product namespace under which all # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with # underscores or numbers and cannot contain consecutive underscores -namespace: infisical_inc +namespace: infisical # The name of the collection. Has the same character restrictions as 'namespace' name: vault From c154f3a039721a4d623d9c8010ff369cf1eb9d7e Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Thu, 9 Nov 2023 18:54:12 -0600 Subject: [PATCH 03/16] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8981f5b..1bcabf3 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Requires Python 3.7 or greater. You can install the Infisical collection with the Ansible Galaxy CLI: - ansible-galaxy collection install maidul98.infisical_vault + ansible-galaxy collection install infisical.vault The python module dependencies are not installed by `ansible-galaxy`. They can be manually installed using pip: From 8d441604471b28dcb1b21d5279ec3d5a567f024f Mon Sep 17 00:00:00 2001 From: ku9nov Date: Thu, 30 Nov 2023 16:56:13 +0200 Subject: [PATCH 04/16] fix get single secret bug, upd secret_name variable --- README.md | 2 +- plugins/lookup/read_secrets.py | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1bcabf3..3b03a23 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ vars: read_all_secrets_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }] - read_secret_by_name_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', name='HOST', url='https://spotify.infisical.com') }}" + read_secret_by_name_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }] ``` diff --git a/plugins/lookup/read_secrets.py b/plugins/lookup/read_secrets.py index 3e30077..acd89f1 100644 --- a/plugins/lookup/read_secrets.py +++ b/plugins/lookup/read_secrets.py @@ -56,7 +56,7 @@ vars: read_all_secrets_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }] - read_secret_by_name_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', name='HOST', url='https://spotify.infisical.com') }}" + read_secret_by_name_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }] """ @@ -87,12 +87,11 @@ class LookupModule(LookupBase): def get_single_secret(self, client, secret_name, environment, path): try: - print(secret_name, environment, path) secret = client.get_secret(secret_name=secret_name, environment=environment, path=path) - return [{"value": s.secret_value, "key": s.secret_name}] + return [{"value": secret.secret_value, "key": secret.secret_name}] except Exception as e: print(e) - raise AnsibleError(f"Error fetching all secrets {e}") + raise AnsibleError(f"Error fetching single secret {e}") def get_all_secrets(self, client, environment="dev", path="/"): try: From 414ce80fc3273016f40d8f6f7fdd8a9b65280c05 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 20 Dec 2023 13:00:14 -0500 Subject: [PATCH 05/16] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3b03a23..cad4dfa 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Infisical Collection This Ansible Infisical collection includes a variety of Ansible content to help automate the management of Infisical services. This collection is maintained by the Infisical team. -[View full documentation](https://galaxy.ansible.com/ui/repo/published/infisical_inc/vault/) +[View full documentation](https://galaxy.ansible.com/ui/repo/published/infisical/vault/) ## Ansible version compatibility From 4bda5c777abb45223bee2fc2b5a60d2de5138e37 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:00:38 +0100 Subject: [PATCH 06/16] Create .gitignore --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..58cd12e --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.venv/**/* +ansible.cfg +inventory +test.yml +__pycache__ \ No newline at end of file From 3734effe53b1d99235cbdb11ac67840a9b16902a Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:00:47 +0100 Subject: [PATCH 07/16] Feat: Update to new Python SDK --- plugins/lookup/read_secrets.py | 81 +++++++++++++++++++++++++--------- 1 file changed, 61 insertions(+), 20 deletions(-) diff --git a/plugins/lookup/read_secrets.py b/plugins/lookup/read_secrets.py index acd89f1..d1459e8 100644 --- a/plugins/lookup/read_secrets.py +++ b/plugins/lookup/read_secrets.py @@ -3,9 +3,10 @@ from ansible.plugins.lookup import LookupBase HAS_INFISICAL = False try: - from infisical import InfisicalClient + from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions, ListSecretsOptions HAS_INFISICAL = True -except ImportError: +except ImportError as e: + print(e) HAS_INFISICAL = False DOCUMENTATION = r""" @@ -19,10 +20,17 @@ description: - Secrets can be located either by their name for individual secret loopups or by environment/folder path to return all secrets within the given scope. options: - token: - description: The Infisical token used to authenticate + universal_auth_client_id: + description: The Machine Identity Client ID used to authenticate env: - - name: INFISICAL_TOKEN + - name: UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_ID + required: True + type: string + version_added: 1.0.0 + universal_auth_client_secret: + description: The Machine Identity Client Secret used to authenticate + env: + - name: UNIVERSAL_AUTH_MACHINE_IDENTITY_CLIENT_SECRET required: True type: string version_added: 1.0.0 @@ -44,6 +52,11 @@ options: required: True type: string version_added: 1.0.0 + project_id: + description: "The ID of the project where the secrets are stored" + required: True + type: string + version_added: 1.0.0 secret_name: description: The name of the secret that should be fetched. The name should be exactly as it appears in Infisical required: False @@ -53,10 +66,10 @@ options: EXAMPLES = r""" vars: - read_all_secrets_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" + read_all_secrets_within_scope: "{{ lookup('infisical_vault', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }] - read_secret_by_name_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" + read_secret_by_name_within_scope: "{{ lookup('infisical_vault', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }] """ @@ -65,38 +78,66 @@ class LookupModule(LookupBase): self.set_options(var_options=variables, direct=kwargs) if not HAS_INFISICAL: - raise AnsibleError("Please pip install infisical to use the infisical_vault lookup module.") + raise AnsibleError("Please pip install infisical-python to use the infisical_vault lookup module.") - infisical_token = self.get_option("token") + machine_identity_client_id = self.get_option("universal_auth_client_id") + machine_identity_client_secret = self.get_option("universal_auth_client_secret") url = self.get_option("url") - if not infisical_token: - raise AnsibleError("Infisical token is required") + # Check if the required environment variables are set + if not machine_identity_client_id or not machine_identity_client_secret: + raise AnsibleError("Please provide the universal_auth_client_id and universal_auth_client_secret") + + + + + # Create the client settings + settings = ClientSettings( + client_id=machine_identity_client_id, + client_secret=machine_identity_client_secret, + site_url=url + ) # Initialize the Infisical client - client = InfisicalClient(token=infisical_token, site_url=url) + client = InfisicalClient(settings=settings) secretName = kwargs.get('secret_name') envSlug = kwargs.get('env_slug') path = kwargs.get('path') + project_id = kwargs.get('project_id') if secretName: - return self.get_single_secret(client, secretName, envSlug, path) + return self.get_single_secret(client, project_id, secretName, envSlug, path) else: - return self.get_all_secrets(client, envSlug, path) + return self.get_all_secrets(client, project_id, envSlug, path) - def get_single_secret(self, client, secret_name, environment, path): + def get_single_secret(self, client, project_id, secret_name, environment, path): try: - secret = client.get_secret(secret_name=secret_name, environment=environment, path=path) - return [{"value": secret.secret_value, "key": secret.secret_name}] + + options = GetSecretOptions( + environment=environment, + project_id=project_id, + secret_name=secret_name, + path=path, + type="shared" + ) + + secret = client.getSecret(options=options) + return [{"value": secret.secret_value, "key": secret.secret_key}] except Exception as e: print(e) raise AnsibleError(f"Error fetching single secret {e}") - def get_all_secrets(self, client, environment="dev", path="/"): + def get_all_secrets(self, client, project_id, environment="dev", path="/"): try: - secrets = client.get_all_secrets(environment=environment, path=path) - return [{"value": s.secret_value, "key": s.secret_name} for s in secrets] + options = ListSecretsOptions( + environment=environment, + project_id=project_id, + path=path, + ) + secrets = client.listSecrets(options=options) + + return [{"value": s.secret_value, "key": s.secret_key} for s in secrets] except Exception as e: raise AnsibleError(f"Error fetching all secrets {e}") From 054c8eecdae8b3edc7089d2c9905ded29fc366fd Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:03:21 +0100 Subject: [PATCH 08/16] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cad4dfa..aec7583 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ You can install the Infisical collection with the Ansible Galaxy CLI: The python module dependencies are not installed by `ansible-galaxy`. They can be manually installed using pip: - pip install infisical + pip install infisical-python ## Using this collection @@ -31,10 +31,10 @@ You can either call modules by their Fully Qualified Collection Name (FQCN), suc ```yaml --- vars: - read_all_secrets_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" + read_all_secrets_within_scope: "{{ lookup('infisical.vault.read_secrets', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }] - read_secret_by_name_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" + read_secret_by_name_within_scope: "{{ lookup('infisical.vault.read_secrets', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}" # [{ "key": "HOST", "value": "google.com" }] ``` From 324514d92ed069dfbc6965fbf02da7a5bb2ef996 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Fri, 26 Apr 2024 06:02:58 +0200 Subject: [PATCH 09/16] Test release --- .github/workflows/distribute.yaml | 31 +++++++++++++++++-------------- .gitignore | 3 ++- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.github/workflows/distribute.yaml b/.github/workflows/distribute.yaml index 6639efd..358b37f 100644 --- a/.github/workflows/distribute.yaml +++ b/.github/workflows/distribute.yaml @@ -3,19 +3,22 @@ name: Deploy Collection # Trigger the workflow however you prefer on: - release: - types: - - published + workflow_dispatch: + release: + types: + - published jobs: - deploy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Get the version name from the tags - run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV - - name: Build and Deploy Collection - uses: artis3n/ansible_galaxy_collection@v2 - with: - api_key: "${{ secrets.GALAXY_API_KEY }}" - galaxy_version: "${{ env.RELEASE_VERSION }}" + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # - name: Get the version name from the tags + # run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + - name: Build and Deploy Collection + uses: artis3n/ansible_galaxy_collection@v2 + with: + api_key: "${{ secrets.GALAXY_API_KEY }}" + # galaxy_version: "${{ env.RELEASE_VERSION }}" + galaxy_version: "1.0.0" # Testing + publish: false # Testing diff --git a/.gitignore b/.gitignore index 58cd12e..2d2b4a1 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ ansible.cfg inventory test.yml -__pycache__ \ No newline at end of file +__pycache__ +infisical-vault-1.0.0.tar.gz From 59f556f769d909bbb3fe32d6ddae8354baa24b0c Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Fri, 26 Apr 2024 06:05:44 +0200 Subject: [PATCH 10/16] Update distribute.yaml --- .github/workflows/distribute.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/distribute.yaml b/.github/workflows/distribute.yaml index 358b37f..6d63dc6 100644 --- a/.github/workflows/distribute.yaml +++ b/.github/workflows/distribute.yaml @@ -21,4 +21,4 @@ jobs: api_key: "${{ secrets.GALAXY_API_KEY }}" # galaxy_version: "${{ env.RELEASE_VERSION }}" galaxy_version: "1.0.0" # Testing - publish: false # Testing + # publish: false # Testing From 3f11722a9d978316cb527b1a0e343641c1239201 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Fri, 26 Apr 2024 06:36:42 +0200 Subject: [PATCH 11/16] Update distribute.yaml --- .github/workflows/distribute.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/distribute.yaml b/.github/workflows/distribute.yaml index 6d63dc6..4ab2bf3 100644 --- a/.github/workflows/distribute.yaml +++ b/.github/workflows/distribute.yaml @@ -1,9 +1,7 @@ --- name: Deploy Collection -# Trigger the workflow however you prefer on: - workflow_dispatch: release: types: - published @@ -13,12 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - # - name: Get the version name from the tags - # run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + - name: Get the version name from the tags + run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV - name: Build and Deploy Collection uses: artis3n/ansible_galaxy_collection@v2 with: api_key: "${{ secrets.GALAXY_API_KEY }}" - # galaxy_version: "${{ env.RELEASE_VERSION }}" - galaxy_version: "1.0.0" # Testing - # publish: false # Testing + galaxy_version: "${{ env.RELEASE_VERSION }}" From 50e046d71e7713fd9578d0f97dfcacf031beeb84 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Fri, 26 Apr 2024 20:09:52 +0200 Subject: [PATCH 12/16] Fix: Potential fix for publishing failing --- plugins/lookup/read_secrets.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/lookup/read_secrets.py b/plugins/lookup/read_secrets.py index d1459e8..96ff1e9 100644 --- a/plugins/lookup/read_secrets.py +++ b/plugins/lookup/read_secrets.py @@ -6,7 +6,6 @@ try: from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions, ListSecretsOptions HAS_INFISICAL = True except ImportError as e: - print(e) HAS_INFISICAL = False DOCUMENTATION = r""" From 189c664df716dd8a582bdadce90f1f4078f62697 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Thu, 23 Jan 2025 05:00:50 +0100 Subject: [PATCH 13/16] Update read_secrets.py --- plugins/lookup/read_secrets.py | 60 ++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/plugins/lookup/read_secrets.py b/plugins/lookup/read_secrets.py index 96ff1e9..08a20ae 100644 --- a/plugins/lookup/read_secrets.py +++ b/plugins/lookup/read_secrets.py @@ -3,9 +3,10 @@ from ansible.plugins.lookup import LookupBase HAS_INFISICAL = False try: - from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions, ListSecretsOptions + from infisical_sdk import InfisicalSDKClient HAS_INFISICAL = True except ImportError as e: + print(e) HAS_INFISICAL = False DOCUMENTATION = r""" @@ -72,12 +73,12 @@ vars: # [{ "key": "HOST", "value": "google.com" }] """ + class LookupModule(LookupBase): def run(self, terms, variables=None, **kwargs): self.set_options(var_options=variables, direct=kwargs) - if not HAS_INFISICAL: - raise AnsibleError("Please pip install infisical-python to use the infisical_vault lookup module.") + raise AnsibleError("Please pip install infisicalsdk to use the infisical_vault lookup module.") machine_identity_client_id = self.get_option("universal_auth_client_id") machine_identity_client_secret = self.get_option("universal_auth_client_secret") @@ -87,56 +88,59 @@ class LookupModule(LookupBase): if not machine_identity_client_id or not machine_identity_client_secret: raise AnsibleError("Please provide the universal_auth_client_id and universal_auth_client_secret") + client = InfisicalSDKClient(host=url) - - - # Create the client settings - settings = ClientSettings( - client_id=machine_identity_client_id, - client_secret=machine_identity_client_secret, - site_url=url + client.auth.universal_auth.login( + machine_identity_client_id, + machine_identity_client_secret ) - # Initialize the Infisical client - client = InfisicalClient(settings=settings) - secretName = kwargs.get('secret_name') envSlug = kwargs.get('env_slug') path = kwargs.get('path') project_id = kwargs.get('project_id') if secretName: - return self.get_single_secret(client, project_id, secretName, envSlug, path) + return self.get_single_secret( + client, + project_id, + secretName, + envSlug, + path + ) else: return self.get_all_secrets(client, project_id, envSlug, path) - def get_single_secret(self, client, project_id, secret_name, environment, path): + def get_single_secret( + self, + client, + project_id, + secret_name, + environment, + path + ): try: - - options = GetSecretOptions( - environment=environment, - project_id=project_id, + secret = client.secrets.get_secret_by_name( secret_name=secret_name, - path=path, - type="shared" + project_id=project_id, + environment_slug=environment, + secret_path=path ) - secret = client.getSecret(options=options) - return [{"value": secret.secret_value, "key": secret.secret_key}] + return [{"value": secret.secretValue, "key": secret.secretKey}] except Exception as e: print(e) raise AnsibleError(f"Error fetching single secret {e}") def get_all_secrets(self, client, project_id, environment="dev", path="/"): try: - options = ListSecretsOptions( - environment=environment, + secrets = client.secrets.list_secrets( project_id=project_id, - path=path, + environment_slug=environment, + secret_path=path ) - secrets = client.listSecrets(options=options) - return [{"value": s.secret_value, "key": s.secret_key} for s in secrets] + return [{"value": s.secretValue, "key": s.secretKey} for s in secrets.secrets] except Exception as e: raise AnsibleError(f"Error fetching all secrets {e}") From 510e8c666f84ab5e4d907d957bd81fd3fe36bb76 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Thu, 23 Jan 2025 23:41:24 +0100 Subject: [PATCH 14/16] Update read_secrets.py --- plugins/lookup/read_secrets.py | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/lookup/read_secrets.py b/plugins/lookup/read_secrets.py index 08a20ae..e843530 100644 --- a/plugins/lookup/read_secrets.py +++ b/plugins/lookup/read_secrets.py @@ -6,7 +6,6 @@ try: from infisical_sdk import InfisicalSDKClient HAS_INFISICAL = True except ImportError as e: - print(e) HAS_INFISICAL = False DOCUMENTATION = r""" From 89ab21f235c221207d59896802d94553ccd822d6 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Wed, 23 Jul 2025 02:01:52 +0400 Subject: [PATCH 15/16] feat: ansible docker image --- .github/workflows/distribute.yaml | 40 +++++++++++++++++++++++++------ docker/Dockerfile | 25 +++++++++++++++++++ galaxy.yml | 2 +- 3 files changed, 59 insertions(+), 8 deletions(-) create mode 100644 docker/Dockerfile diff --git a/.github/workflows/distribute.yaml b/.github/workflows/distribute.yaml index 4ab2bf3..d25531c 100644 --- a/.github/workflows/distribute.yaml +++ b/.github/workflows/distribute.yaml @@ -2,19 +2,45 @@ name: Deploy Collection on: - release: - types: - - published + push: + tags: + - "*.*.*" jobs: - deploy: + release-galaxy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Get the version name from the tags - run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV - name: Build and Deploy Collection uses: artis3n/ansible_galaxy_collection@v2 with: api_key: "${{ secrets.GALAXY_API_KEY }}" - galaxy_version: "${{ env.RELEASE_VERSION }}" + galaxy_version: "${{ github.ref_name }}" + + release-docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: 🔧 Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: 🔧 Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: 🐋 Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v2 + with: + build-args: VERSION=${{ github.ref_name }} + context: docker + push: true + platforms: linux/amd64,linux/arm64 + tags: | + infisical/ansible-collection:latest + infisical/ansible-collection:${{ github.ref_name }} diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..2b81984 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,25 @@ +FROM python:3.11-slim + +ENV PYTHONUNBUFFERED=1 +ENV ANSIBLE_HOST_KEY_CHECKING=false +ENV ANSIBLE_STDOUT_CALLBACK=yaml +ENV ANSIBLE_CALLBACKS_ENABLED=profile_tasks + +ARG VERSION + +RUN apt-get update && apt-get install -y \ + git \ + openssh-client \ + sshpass \ + && rm -rf /var/lib/apt/lists/* + +RUN pip install --no-cache-dir ansible infisicalsdk + +RUN ansible-galaxy collection install infisical.vault==${VERSION} + +WORKDIR /ansible + +RUN mkdir -p /root/.ansible + +# Set default command +CMD ["/bin/bash"] \ No newline at end of file diff --git a/galaxy.yml b/galaxy.yml index 1fb2fe0..f912dc9 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -62,7 +62,7 @@ issues: https://github.com/Infisical/ansible-collection/issues # artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', # and '.git' are always filtered. Mutually exclusive with 'manifest' -build_ignore: [] +build_ignore: ["/docker/*"] # A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a # list of MANIFEST.in style # L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key From 7f992d3e597acc5853d853928819d71760bea9ac Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Wed, 23 Jul 2025 02:03:54 +0400 Subject: [PATCH 16/16] Update distribute.yaml --- .github/workflows/distribute.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/distribute.yaml b/.github/workflows/distribute.yaml index d25531c..de31a12 100644 --- a/.github/workflows/distribute.yaml +++ b/.github/workflows/distribute.yaml @@ -18,6 +18,7 @@ jobs: galaxy_version: "${{ github.ref_name }}" release-docker: + needs: release-galaxy runs-on: ubuntu-latest steps: - uses: actions/checkout@v3