From c696c57a5e461afbf8248b24872987cbe55a7a2f Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 17:47:11 -0300 Subject: [PATCH 01/17] feat: implement molecule to test role --- .gitea/workflows/update-traefik-version.yml | 58 +++++++++++++++++++++ molecule/default/converge.yml | 6 +++ molecule/default/molecule.yml | 26 +++++++++ molecule/default/verify.yml | 23 ++++++++ 4 files changed, 113 insertions(+) create mode 100644 .gitea/workflows/update-traefik-version.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml new file mode 100644 index 0000000..8b13654 --- /dev/null +++ b/.gitea/workflows/update-traefik-version.yml @@ -0,0 +1,58 @@ +#SPDX-License-Identifier: GPL-3.0-only +--- +name: Update Traefik Version + +on: + schedule: + - cron: '0 6 * * 1' # Every Monday at 06:00 UTC + workflow_dispatch: + +jobs: + update-version: + runs-on: fedora-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + path: ansible_role_proxy + + - name: Check versions + id: check + working-directory: ansible_role_proxy + run: | + LATEST=$(curl -sf https://api.github.com/repos/traefik/traefik/releases/latest | jq -r '.tag_name') + CURRENT=$(grep "^traefik_version:" defaults/main.yml | sed "s/traefik_version: '//;s/'//") + echo "latest=$LATEST" >> "$GITHUB_OUTPUT" + if [ "$LATEST" = "$CURRENT" ]; then + echo "needs_update=false" >> "$GITHUB_OUTPUT" + echo "Already on latest: $CURRENT" + else + echo "needs_update=true" >> "$GITHUB_OUTPUT" + echo "Update available: $CURRENT -> $LATEST" + fi + + - name: Install Molecule + if: steps.check.outputs.needs_update == 'true' + run: pip install ansible molecule molecule-plugins[podman] + + - name: Update traefik_version + if: steps.check.outputs.needs_update == 'true' + working-directory: ansible_role_proxy + run: | + sed -i "s/^traefik_version: '.*'$/traefik_version: '${{ steps.check.outputs.latest }}'/" defaults/main.yml + + - name: Run Molecule tests + if: steps.check.outputs.needs_update == 'true' + working-directory: ansible_role_proxy + run: molecule test + + # - name: Commit and push + # if: steps.check.outputs.needs_update == 'true' + # working-directory: ansible_role_proxy + # run: | + # git config user.name "giabot" + # git config user.email "bot@mail.gianet.us" + # git remote set-url origin "https://giabot:${{ secrets.GITEA_TOKEN }}@gianet.us/engineering/ansible_role_reverse.git" + # git add defaults/main.yml + # git commit -m "patch: update traefik_version to ${{ steps.check.outputs.latest }}" + # git push origin main diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..d51929c --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: GPL-3.0-only +--- +- name: Converge + hosts: all + roles: + - role: ansible_role_proxy diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..a83c399 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,26 @@ +#SPDX-License-Identifier: GPL-3.0-only +--- +dependency: + name: galaxy + +driver: + name: podman + +platforms: + - name: instance + image: ghcr.io/geerlingguy/docker-debian12-ansible:latest + pre_build_image: true + privileged: true + systemd: always + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + +provisioner: + name: ansible + playbooks: + converge: converge.yml + verify: verify.yml + +verifier: + name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..947b7f0 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,23 @@ +#SPDX-License-Identifier: GPL-3.0-only +--- +- name: Verify + hosts: all + tasks: + - name: Check traefik binary + ansible.builtin.stat: + path: /opt/traefik/traefik + register: traefik_binary + + - name: Assert traefik binary is executable + ansible.builtin.assert: + that: + - traefik_binary.stat.exists + - traefik_binary.stat.executable + + - name: Gather service facts + ansible.builtin.service_facts: + + - name: Assert traefik service is present + ansible.builtin.assert: + that: + - "'traefik.service' in ansible_facts.services" -- 2.43.0 From 333e94eedfcd929c0ba48574a158914825e50027 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 17:51:08 -0300 Subject: [PATCH 02/17] fix: only commit on main --- .gitea/workflows/update-traefik-version.yml | 23 ++++++++++++--------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml index 8b13654..f256576 100644 --- a/.gitea/workflows/update-traefik-version.yml +++ b/.gitea/workflows/update-traefik-version.yml @@ -6,6 +6,9 @@ on: schedule: - cron: '0 6 * * 1' # Every Monday at 06:00 UTC workflow_dispatch: + pull_request: + branches: + - main jobs: update-version: @@ -46,13 +49,13 @@ jobs: working-directory: ansible_role_proxy run: molecule test - # - name: Commit and push - # if: steps.check.outputs.needs_update == 'true' - # working-directory: ansible_role_proxy - # run: | - # git config user.name "giabot" - # git config user.email "bot@mail.gianet.us" - # git remote set-url origin "https://giabot:${{ secrets.GITEA_TOKEN }}@gianet.us/engineering/ansible_role_reverse.git" - # git add defaults/main.yml - # git commit -m "patch: update traefik_version to ${{ steps.check.outputs.latest }}" - # git push origin main + - name: Commit and push + if: steps.check.outputs.needs_update == 'true' && github.ref == 'refs/heads/main' + working-directory: ansible_role_proxy + run: | + git config user.name "giabot" + git config user.email "bot@mail.gianet.us" + git remote set-url origin "https://giabot:${{ secrets.GITEA_TOKEN }}@gianet.us/engineering/ansible_role_reverse.git" + git add defaults/main.yml + git commit -m "patch: update traefik_version to ${{ steps.check.outputs.latest }}" + git push origin main -- 2.43.0 From e1e9989a0abc91fd751467ab7a6ce74ec0fc9fcd Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:23:13 -0300 Subject: [PATCH 03/17] fix: molecule path --- .gitea/workflows/update-traefik-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml index f256576..1c70a5f 100644 --- a/.gitea/workflows/update-traefik-version.yml +++ b/.gitea/workflows/update-traefik-version.yml @@ -47,7 +47,7 @@ jobs: - name: Run Molecule tests if: steps.check.outputs.needs_update == 'true' working-directory: ansible_role_proxy - run: molecule test + run: ~/.local/bin/molecule test - name: Commit and push if: steps.check.outputs.needs_update == 'true' && github.ref == 'refs/heads/main' -- 2.43.0 From 88cdd69adc711efd18a3534aa93204db3a69dd09 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:27:29 -0300 Subject: [PATCH 04/17] fix: add PATH --- .gitea/workflows/update-traefik-version.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml index 1c70a5f..884795d 100644 --- a/.gitea/workflows/update-traefik-version.yml +++ b/.gitea/workflows/update-traefik-version.yml @@ -14,6 +14,9 @@ jobs: update-version: runs-on: fedora-latest steps: + - name: Add ~/.local/bin to PATH + run: echo "$HOME/.local/bin" >> "$GITEA_PATH" + - name: Checkout uses: actions/checkout@v6 with: @@ -47,7 +50,7 @@ jobs: - name: Run Molecule tests if: steps.check.outputs.needs_update == 'true' working-directory: ansible_role_proxy - run: ~/.local/bin/molecule test + run: molecule test - name: Commit and push if: steps.check.outputs.needs_update == 'true' && github.ref == 'refs/heads/main' -- 2.43.0 From 2e7625ee29203b79217a8a2ce0ed6da3810a8e7f Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:31:56 -0300 Subject: [PATCH 05/17] fix: ansible role namespace --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 38c9a31..681a96b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,5 +1,6 @@ galaxy_info: role_name: "ansible_role_proxy" + namespace: "gianet" author: "Luciano Giacchetta" description: "Complete Proxy Server Role" company: "Giacchetta Networks LLC" -- 2.43.0 From 79c0fa7ed94454e8426149064ef681d97842a453 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:34:38 -0300 Subject: [PATCH 06/17] fix: molecule syntax errors --- molecule/default/molecule.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index a83c399..d585773 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -18,6 +18,8 @@ platforms: provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." playbooks: converge: converge.yml verify: verify.yml -- 2.43.0 From bdc8dbf8751784317c3cc828b370e7930edb39ef Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:37:04 -0300 Subject: [PATCH 07/17] fix: podman containers missing --- molecule/default/molecule.yml | 2 ++ molecule/default/requirements.yml | 4 ++++ 2 files changed, 6 insertions(+) create mode 100644 molecule/default/requirements.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d585773..b153a14 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,6 +2,8 @@ --- dependency: name: galaxy + options: + requirements-file: requirements.yml driver: name: podman diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..ad7a05e --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,4 @@ +#SPDX-License-Identifier: GPL-3.0-only +--- +collections: + - name: containers.podman -- 2.43.0 From 0ded41f7d0a3ba276749d99a1bfce2ece22a9787 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Mar 2026 18:40:12 -0300 Subject: [PATCH 08/17] fix: install collections --- .gitea/workflows/update-traefik-version.yml | 4 ++++ molecule/default/molecule.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml index 884795d..0954c64 100644 --- a/.gitea/workflows/update-traefik-version.yml +++ b/.gitea/workflows/update-traefik-version.yml @@ -41,6 +41,10 @@ jobs: if: steps.check.outputs.needs_update == 'true' run: pip install ansible molecule molecule-plugins[podman] + - name: Install Ansible collections + if: steps.check.outputs.needs_update == 'true' + run: ansible-galaxy collection install containers.podman + - name: Update traefik_version if: steps.check.outputs.needs_update == 'true' working-directory: ansible_role_proxy diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b153a14..cd78b6a 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,7 +3,7 @@ dependency: name: galaxy options: - requirements-file: requirements.yml + requirements-file: molecule/default/requirements.yml driver: name: podman -- 2.43.0 From 90b813c2c5b8eb3b16ad255864561f101cf16fec Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 09:18:02 -0300 Subject: [PATCH 09/17] fix: OCI image doesn't exist, so changed --- molecule/default/molecule.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index cd78b6a..065ff03 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,10 +10,11 @@ driver: platforms: - name: instance - image: ghcr.io/geerlingguy/docker-debian12-ansible:latest + image: docker.io/geerlingguy/docker-debian12-ansible:latest pre_build_image: true privileged: true systemd: always + command: /usr/sbin/init volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw cgroupns_mode: host -- 2.43.0 From 022bb0ab2891384e54a1f8134de5ded134deefbc Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 09:30:43 -0300 Subject: [PATCH 10/17] fix: change image to official debian:stable --- molecule/default/Dockerfile | 13 +++++++++++++ molecule/default/molecule.yml | 5 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 molecule/default/Dockerfile diff --git a/molecule/default/Dockerfile b/molecule/default/Dockerfile new file mode 100644 index 0000000..2f0fcf5 --- /dev/null +++ b/molecule/default/Dockerfile @@ -0,0 +1,13 @@ +FROM docker.io/library/debian:stable + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + python3 \ + systemd \ + systemd-sysv \ + dbus \ + ca-certificates && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +CMD ["/usr/sbin/init"] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 065ff03..efec28c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,8 +10,9 @@ driver: platforms: - name: instance - image: docker.io/geerlingguy/docker-debian12-ansible:latest - pre_build_image: true + image: docker.io/library/debian:stable + pre_build_image: false + dockerfile: Dockerfile privileged: true systemd: always command: /usr/sbin/init -- 2.43.0 From e42947df8891afada20783b3bafa525ba71b6041 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 09:39:15 -0300 Subject: [PATCH 11/17] fix: remote temporal folder --- molecule/default/molecule.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index efec28c..4819844 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -22,6 +22,9 @@ platforms: provisioner: name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible/tmp env: ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." playbooks: -- 2.43.0 From 0990854ca9b441c41d7b93c73eaf3caa915174cc Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 09:45:08 -0300 Subject: [PATCH 12/17] fix: creating ansible_tmp --- molecule/default/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile b/molecule/default/Dockerfile index 2f0fcf5..2adba02 100644 --- a/molecule/default/Dockerfile +++ b/molecule/default/Dockerfile @@ -8,6 +8,7 @@ RUN apt-get update && \ dbus \ ca-certificates && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* + rm -rf /var/lib/apt/lists/* && \ + mkdir -p /root/.ansible/tmp CMD ["/usr/sbin/init"] -- 2.43.0 From 1430c2847c12b83c4f7c36d109ab8724a18c8336 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 09:53:46 -0300 Subject: [PATCH 13/17] fix: remove old podman settings --- molecule/default/molecule.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4819844..5fa1b0f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -16,9 +16,6 @@ platforms: privileged: true systemd: always command: /usr/sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host provisioner: name: ansible -- 2.43.0 From 9abe53d7d19a8825bc82d3adcc67be346414b6cf Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 10:05:27 -0300 Subject: [PATCH 14/17] fix: remove ansible_tmp workaround --- molecule/default/Dockerfile | 3 +-- molecule/default/molecule.yml | 3 --- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/molecule/default/Dockerfile b/molecule/default/Dockerfile index 2adba02..2f0fcf5 100644 --- a/molecule/default/Dockerfile +++ b/molecule/default/Dockerfile @@ -8,7 +8,6 @@ RUN apt-get update && \ dbus \ ca-certificates && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - mkdir -p /root/.ansible/tmp + rm -rf /var/lib/apt/lists/* CMD ["/usr/sbin/init"] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 5fa1b0f..b1e7ba9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -19,9 +19,6 @@ platforms: provisioner: name: ansible - config_options: - defaults: - remote_tmp: /tmp/.ansible/tmp env: ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.." playbooks: -- 2.43.0 From 25fda019a03635dd62342b141b148c1f9faaeafd Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 10:10:12 -0300 Subject: [PATCH 15/17] fix: supress warning messages --- molecule/default/molecule.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b1e7ba9..67003d9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -25,5 +25,16 @@ provisioner: converge: converge.yml verify: verify.yml +scenario: + test_sequence: + - dependency + - destroy + - syntax + - create + - converge + - idempotence + - verify + - destroy + verifier: name: ansible -- 2.43.0 From 3c62a1410bc7226b806eb568fd886e217311ce65 Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 10:18:43 -0300 Subject: [PATCH 16/17] feat: added debian:oldstable --- molecule/default/molecule.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 67003d9..dac9a83 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,7 +9,7 @@ driver: name: podman platforms: - - name: instance + - name: debian-stable image: docker.io/library/debian:stable pre_build_image: false dockerfile: Dockerfile @@ -17,6 +17,14 @@ platforms: systemd: always command: /usr/sbin/init + - name: debian-oldstable + image: docker.io/library/debian:oldstable + pre_build_image: false + dockerfile: Dockerfile + privileged: true + systemd: always + command: /usr/sbin/init + provisioner: name: ansible env: -- 2.43.0 From d55187e35ca8f303f35d7c6fcf3081a797f4ad5b Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Wed, 11 Mar 2026 10:42:47 -0300 Subject: [PATCH 17/17] feat: Added Ubuntu's and tags versions --- .gitea/workflows/update-traefik-version.yml | 11 ++++++++++- molecule/default/molecule.yml | 16 ++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/update-traefik-version.yml b/.gitea/workflows/update-traefik-version.yml index 0954c64..14a222f 100644 --- a/.gitea/workflows/update-traefik-version.yml +++ b/.gitea/workflows/update-traefik-version.yml @@ -50,6 +50,12 @@ jobs: working-directory: ansible_role_proxy run: | sed -i "s/^traefik_version: '.*'$/traefik_version: '${{ steps.check.outputs.latest }}'/" defaults/main.yml + UPDATED=$(grep "^traefik_version:" defaults/main.yml | sed "s/traefik_version: '//;s/'//") + if [ "$UPDATED" != "${{ steps.check.outputs.latest }}" ]; then + echo "::error::Failed to update traefik_version (expected '${{ steps.check.outputs.latest }}', got '$UPDATED')" + exit 1 + fi + echo "Verified: traefik_version updated to $UPDATED" - name: Run Molecule tests if: steps.check.outputs.needs_update == 'true' @@ -65,4 +71,7 @@ jobs: git remote set-url origin "https://giabot:${{ secrets.GITEA_TOKEN }}@gianet.us/engineering/ansible_role_reverse.git" git add defaults/main.yml git commit -m "patch: update traefik_version to ${{ steps.check.outputs.latest }}" - git push origin main + git tag "${{ steps.check.outputs.latest }}" + git tag -f latest + git push origin main "${{ steps.check.outputs.latest }}" + git push -f origin latest diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index dac9a83..878ce77 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -25,6 +25,22 @@ platforms: systemd: always command: /usr/sbin/init + - name: ubuntu-latest + image: docker.io/library/ubuntu:latest + pre_build_image: false + dockerfile: Dockerfile + privileged: true + systemd: always + command: /usr/sbin/init + + - name: ubuntu-jammy + image: docker.io/library/ubuntu:jammy + pre_build_image: false + dockerfile: Dockerfile + privileged: true + systemd: always + command: /usr/sbin/init + provisioner: name: ansible env: -- 2.43.0