GitHub Actions Workflow

.github/workflows/ci.yml

@@ -16,25 +16,41 @@ jobs:
   ci:
     name: Test Ansible provisioning
     runs-on: macos-latest
+    env:
+      INVENTORY: work
     steps:
-      - run: |
-          echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
-          echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
-          echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
+      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
+      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
+      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
 
       - name: Check out repository code
         uses: actions/checkout@v4
 
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
 
-      - name: List files in the repository
+      - name: Install Ansible
+        run: brew install ansible
+
+      - run: ansible --version
+
+      - name: Verify the playbook's syntax
+        run: ansible-playbook --inventory ${INVENTORY} --syntax-check site.yml
+
+      - name: Test the playbook
+        run: ansible-playbook --inventory ${INVENTORY} site.yml
+
+      - name: Test the playbook's idempotence
         run: |
-          ls ${{ github.workspace }}
+          output=$(mktemp)
+          ansible-playbook --inventory ${INVENTORY} site.yml | tee ${output}
 
-      - run: echo "🍏 This job's status is ${{ job.status }}."
+          # anything_changed=$(tail ${output} | grep -q 'changed=0.*failed=0')
+          # if [[ "${anything_changed}" -gt 0 ]]; then
+          #   echo "Playbook not idempotent!" >> $GITHUB_OUTPUT
+          #   # TODO fix up playbook
+          #   # exit 1
+          # fi;
 
-      # - name: Check Syntax
+      - run: echo "🍏 This job's status is ${{ job.status }}."
 
-      # test-installation:
-      # test-idempotence:

README.md

@@ -1,5 +1,4 @@
-# Ansible macOS provisioning
-[![Build Status](https://travis-ci.org/andrewdavidbell/macos-infra.svg?branch=generic-list-style)](https://travis-ci.org/andrewdavidbell/macos-infra)
+# Ansible macOS infrastructure provisioning
+![CI workflow status](https://github.com/andrewdavidbell/macos-infra/actions/workflows/ci.yml/badge.svg)
 
-Ansible automation to configure macOS-based machines for software development
-and personal use.
+Ansible automation to configure my macOS machines

install.sh

@@ -68,7 +68,7 @@ function main() {
 
     # install_ansible_vault_password
     echo "Run the following command to provision the infrastructure:"
-    echo "ansible-playbook -K -i <home|work|client> site.yml -v"
+    echo "ansible-playbook -i <home|work|client> site.yml -v"
 }
 
 main

roles/awscli/tasks/main.yml

@@ -14,6 +14,10 @@
     group: staff
     mode: 0755
 
+- name: Check if config dir exists
+  local_action: stat path="{{ aws_config_dir }}"
+  register: dir
+
 - name: Install AWS config file from fragments
   assemble:
     src: "{{ aws_config_dir }}/config.d"
@@ -22,6 +26,7 @@
     owner: "{{ ansible_user_id }}"
     group: staff
     mode: 0600
+  when: dir.stat.exists
 
 - name: Install aws aliases for zsh
   lineinfile:
@@ -30,10 +35,10 @@
     insertafter: '# ANSIBLE MANAGED: Antigen'
     line: '  aws'
 
-- name: Ensure /usr/local/bin directory exists
-  file:
-    path: /usr/local/bin
-    state: directory
-    owner: root
-    group: wheel
-    mode: 0755
+# - name: Ensure /usr/local/bin directory exists
+#   file:
+#     path: /usr/local/bin
+#     state: directory
+#     owner: root
+#     group: wheel
+#     mode: 0755

roles/ssh/tasks/main.yml

@@ -33,18 +33,24 @@
     group: staff
     mode: 0600
 
+- name: Check if config dir exists
+  local_action: stat path="{{ ssh_config_dir }}"
+  register: dir
+
 - name: Copy configuration files into place
   copy:
     src: "{{ ssh_config_dir }}/config.d/"
     dest: "{{ ansible_user_dir }}/.ssh/config.d/"
     owner: "{{ ansible_user_id }}"
     group: staff
     mode: 0600
+  when: dir.stat.exists
 
-- name: Copy keys into place
+- name: Copy key files into place
   copy:
     src: "{{ ssh_config_dir }}/keys/"
     dest: "{{ ansible_user_dir }}/.ssh/keys/"
     owner: "{{ ansible_user_id }}"
     group: staff
     mode: 0600
+  when: dir.stat.exists