ansible-infra/Taskfile.yml

version: '3'

includes:
  setup: ./tasks/setup_{{OS}}.yml
  test: ./tasks/tests.yml
  utils:
    taskfile: ./tasks/utils.yml
    flatten: true

env:
  DOCKER_REPOSITORY: pouncetech/molecule
  ANSIBLE_VAULT_PASSWORD_FILE: ./scripts/pass_get_vault_id.sh

vars:
  PYTHON_WRAPPER: '{{.ROOT_DIR}}/scripts/python_wrapper.sh'
  MOLECULE_DIR: '{{.ROOT_DIR}}/collections/ansible_collections/nullified/infrastructure/extensions'
  COLLECTIONS_DIR: '{{.ROOT_DIR}}/ansible_collections'
  ANSIBLE_PASS_PATH: ansible/vault-id
  ANSIBLE_PASS_LENGTH: 50

tasks:
  setup:
    desc: install requirements, set up a Python virtualenv and install ansible dependencies
    cmds:
      - task: 'setup:requirements'
      - task: 'setup:venv'
      - task: 'setup:ansible'
      - task: 'setup:galaxy'
      - task: 'vault:init'

  docker:build:
    desc: build docker images locally.
    vars:
      DOCKERFILE_IMAGES:
        sh: find images -type f -name 'Dockerfile-*'
    cmds:
      - for: { var: DOCKERFILE_IMAGES }
        task: 'docker:build:image'
        vars:
          DOCKERFILE: '{{.ITEM}}'
          DOCKER_CONTEXT: images
          IMAGE_TAG: '{{.ITEM | splitList "/" | last | replace "Dockerfile-" ""}}'

  docker:build:image:
    internal: true
    sources:
      - '{{.DOCKERFILE}}'
    cmds:
      - docker buildx build --load -t "{{.DOCKER_REPOSITORY}}:{{.IMAGE_TAG}}" -f {{.DOCKERFILE}} {{.DOCKER_CONTEXT}}
    status:
      - docker image ls --format '{{"{{"}} .Tag {{"}}"}}' | grep -E '^{{.IMAGE_TAG}}$'

  nosey:
    desc: start noseyparker to ensure no secrets or passwords are committed
    cmds:
      - noseyparker scan --datastore=$(basename $PWD).np --ignore=.gitignore --color=always --progress=always .
      - noseyparker report --datastore=$(basename $PWD).np

  venv:
    desc: execute a python3 command using the virtualenv wrapper
    cmd: '{{.PYTHON_WRAPPER}} {{.CLI_ARGS}}'

  molecule:
    desc: execute a molecule command
    dir: '{{.MOLECULE_DIR}}'
    cmd: '{{.PYTHON_WRAPPER}} molecule {{.CLI_ARGS}}'

  molecule:purge:
    desc: purge libvirtd and reset firewall rules
    vars:
      VIRSH_CONNECT: '{{.VIRSH_CONNECT | default "qemu:///system"}}'
    cmds:
      - ./scripts/reset_virtd.sh
      - task: 'molecule'
        vars:
          CLI_ARGS: 'destroy'
      - sudo systemctl restart nftables.service
      - sudo systemctl restart libvirtd.service # reset libvirtd related nft rules
      - sudo systemctl restart docker.service # reset docker related nft rules

  ansible:new:role:*:
    desc: create a new role for the specified collection
    vars:
      COLLECTION_NAME: '{{default "nullified.infrastructure" .COLLECTION_NAME}}'
      ROLE_NAME: '{{index .MATCH 0}}'
    cmds:
      - '{{.PYTHON_WRAPPER}} ansible-galaxy role init {{.ROLE_NAME}} --role-skeleton ./templates/ansible_role_skeleton --init-path {{.COLLECTIONS_DIR}}/{{.COLLECTION_NAME | replace "." "/"}}/roles'

  ansible:new:collection:*:
    desc: create a new collection
    vars:
      COLLECTION_NAME: '{{index .MATCH 0}}'
      COLLECTION_SUBPATH: 'collections/ansible_collections'
    cmds:
      - '{{.PYTHON_WRAPPER}} ansible-galaxy collection init {{.COLLECTION_NAME}} --init-path {{.COLLECTIONS_DIR}}'
      - 'echo "!{{.COLLECTION_SUBPATH}}/{{(.COLLECTION_NAME | split ".")._0}}" | tee -a .gitignore > /dev/null'