Automatically publish collections to galaxy when a release is published

.github/workflows/publish.yaml

@@ -0,0 +1,27 @@
+---
+name: Deploy collection to galaxy
+on:
+  release:
+    types:
+      - released
+
+jobs:
+  publish:
+    name: Publish to Galaxy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Build collection
+        run: ansible-galaxy collection build
+
+      - name: Get expected version string
+        shell: VERSION=$(echo ${{ github.ref_name }} | sed -e 's/v\(.*\)/\1/'
+
+      - name: Publish to Galaxy
+        run: |
+          ansible-galaxy collection publish \
+          tofugarden-secureboot-$VERSION.tar.gz \
+          --token ${{ secrets.GALAXY_API_KEY }}

.github/workflows/release.yaml

@@ -0,0 +1,37 @@
+---
+name: Release
+on:
+  push:
+    tags:
+      - v*
+
+    tags-ignore:
+      - "*-alpha"
+      - "*-beta"
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install antibull-changelog
+        run: pip install ansibull-changelog
+
+      - name: Generate changelog
+        run: ansibull-changelog release
+
+      - name: Build collection tarball
+        run: ansible-galaxy collection build
+
+      - name: Get version string
+        shell: echo "VERSION=${GITHUB_REF_NAME:1}" >> "$GITHUB_ENV"
+
+      - uses: ncipollo/release-action@v1
+        with:
+          artifacts:
+            - crichez-secureboot-${{ env.VERSION }}.tar.gz
+          body_file: CHANGELOG.md

README.md

@@ -1,4 +1,4 @@
-# tofugarden.secureboot
+# crichez.secureboot
 
 This repository contains an Ansible roles to configure secure boot. 
 

changelogs/changelog.yaml

@@ -0,0 +1,10 @@
+---
+ancestor: null
+releases:
+  1.0.0:
+    objects:
+      role:
+        - description: UKI Configuration.
+          name: uki_config
+          namespace: null
+    release_date: '2024-08-02'

changelogs/config.yaml

@@ -0,0 +1,37 @@
+add_plugin_period: true
+changelog_filename_template: ../CHANGELOG.rst
+changelog_filename_version_depth: 0
+changelog_nice_yaml: true
+changelog_sort: alphanumerical
+changes_file: changelog.yaml
+changes_format: combined
+ignore_other_fragment_extensions: true
+keep_fragments: false
+mention_ancestor: true
+new_plugins_after_name: removed_features
+notesdir: fragments
+output_formats:
+  - md
+prelude_section_name: release_summary
+prelude_section_title: Release Summary
+sanitize_changelog: true
+sections:
+  - - major_changes
+    - Major Changes
+  - - minor_changes
+    - Minor Changes
+  - - breaking_changes
+    - Breaking Changes / Porting Guide
+  - - deprecated_features
+    - Deprecated Features
+  - - removed_features
+    - Removed Features (previously deprecated)
+  - - security_fixes
+    - Security Fixes
+  - - bugfixes
+    - Bugfixes
+  - - known_issues
+    - Known Issues
+title: Crichez.Secureboot
+trivial_section_name: trivial
+use_fqcn: true

galaxy.yml

@@ -0,0 +1,25 @@
+---
+namespace: crichez
+name: secureboot
+version: 1.0.0
+readme: README.md
+authors:
+  - Christopher Palmer-Richez tofu.ansible@chorky.net @crichez
+description: A collection related to secure boot management.
+license:
+  - GPL-3.0-only
+tags:
+  - linux
+  - security
+  - tools
+  - secureboot
+  - mok
+  - shim
+  - tpm
+  - uki
+dependencies:
+  community.crypto: ">=2.21.0,<3.0.0"
+  community.general: ">=9.0.0,<10.0.0"
+repository: https://github.com/crichez/crichez.secureboot.git
+documentation: https://github.com/crichez/crichez.secureboot
+issues: https://github.com/crichez/crichez.secureboot/issues

meta/runtime.yml

@@ -0,0 +1,2 @@
+---
+requires_ansible: ">=2.17.0"

roles/uki_config/meta/argument_specs.yaml

@@ -1,8 +1,9 @@
+---
 argument_specs:
   main:
     short_description: UKI Configuration
     description: Configure kernel-install to build and sign UKIs
-    version_added: "0.0.1"
+    version_added: "1.0.0"
     author: "Christopher Palmer-Richez (tofugarden)"
     options:
       uki_config_initrd_generator: