.gitea/workflows/update-traefik-version.yml

@@ -0,0 +1,77 @@
+#SPDX-License-Identifier: GPL-3.0-only
+---
+name: Update Traefik Version
+
+on:
+  schedule:
+    - cron: '0 6 * * 1'  # Every Monday at 06:00 UTC
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  update-version:
+    runs-on: fedora-latest
+    steps:
+      - name: Add ~/.local/bin to PATH
+        run: echo "$HOME/.local/bin" >> "$GITEA_PATH"
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          path: ansible_role_proxy
+
+      - name: Check versions
+        id: check
+        working-directory: ansible_role_proxy
+        run: |
+          LATEST=$(curl -sf https://api.github.com/repos/traefik/traefik/releases/latest | jq -r '.tag_name')
+          CURRENT=$(grep "^traefik_version:" defaults/main.yml | sed "s/traefik_version: '//;s/'//")
+          echo "latest=$LATEST" >> "$GITHUB_OUTPUT"
+          if [ "$LATEST" = "$CURRENT" ]; then
+            echo "needs_update=false" >> "$GITHUB_OUTPUT"
+            echo "Already on latest: $CURRENT"
+          else
+            echo "needs_update=true" >> "$GITHUB_OUTPUT"
+            echo "Update available: $CURRENT -> $LATEST"
+          fi
+
+      - name: Install Molecule
+        if: steps.check.outputs.needs_update == 'true'
+        run: pip install ansible molecule molecule-plugins[podman]
+
+      - name: Install Ansible collections
+        if: steps.check.outputs.needs_update == 'true'
+        run: ansible-galaxy collection install containers.podman
+
+      - name: Update traefik_version
+        if: steps.check.outputs.needs_update == 'true'
+        working-directory: ansible_role_proxy
+        run: |
+          sed -i "s/^traefik_version: '.*'$/traefik_version: '${{ steps.check.outputs.latest }}'/" defaults/main.yml
+          UPDATED=$(grep "^traefik_version:" defaults/main.yml | sed "s/traefik_version: '//;s/'//")
+          if [ "$UPDATED" != "${{ steps.check.outputs.latest }}" ]; then
+            echo "::error::Failed to update traefik_version (expected '${{ steps.check.outputs.latest }}', got '$UPDATED')"
+            exit 1
+          fi
+          echo "Verified: traefik_version updated to $UPDATED"
+
+      - name: Run Molecule tests
+        if: steps.check.outputs.needs_update == 'true'
+        working-directory: ansible_role_proxy
+        run: molecule test
+
+      - name: Commit and push
+        if: steps.check.outputs.needs_update == 'true' && github.ref == 'refs/heads/main'
+        working-directory: ansible_role_proxy
+        run: |
+          git config user.name "giabot"
+          git config user.email "bot@mail.gianet.us"
+          git remote set-url origin "https://giabot:${{ secrets.GITEA_TOKEN }}@gianet.us/engineering/ansible_role_reverse.git"
+          git add defaults/main.yml
+          git commit -m "patch: update traefik_version to ${{ steps.check.outputs.latest }}"
+          git tag "${{ steps.check.outputs.latest }}"
+          git tag -f latest
+          git push origin main "${{ steps.check.outputs.latest }}"
+          git push -f origin latest

meta/main.yml

@@ -1,5 +1,6 @@
 galaxy_info:
   role_name: "ansible_role_proxy"
+  namespace: "gianet"
   author: "Luciano Giacchetta"
   description: "Complete Proxy Server Role"
   company: "Giacchetta Networks LLC"

molecule/default/Dockerfile

@@ -0,0 +1,13 @@
+FROM docker.io/library/debian:stable
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      python3 \
+      systemd \
+      systemd-sysv \
+      dbus \
+      ca-certificates && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+CMD ["/usr/sbin/init"]

molecule/default/converge.yml

@@ -0,0 +1,6 @@
+#SPDX-License-Identifier: GPL-3.0-only
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: ansible_role_proxy

molecule/default/molecule.yml

@@ -0,0 +1,64 @@
+#SPDX-License-Identifier: GPL-3.0-only
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: molecule/default/requirements.yml
+
+driver:
+  name: podman
+
+platforms:
+  - name: debian-stable
+    image: docker.io/library/debian:stable
+    pre_build_image: false
+    dockerfile: Dockerfile
+    privileged: true
+    systemd: always
+    command: /usr/sbin/init
+
+  - name: debian-oldstable
+    image: docker.io/library/debian:oldstable
+    pre_build_image: false
+    dockerfile: Dockerfile
+    privileged: true
+    systemd: always
+    command: /usr/sbin/init
+
+  - name: ubuntu-latest
+    image: docker.io/library/ubuntu:latest
+    pre_build_image: false
+    dockerfile: Dockerfile
+    privileged: true
+    systemd: always
+    command: /usr/sbin/init
+
+  - name: ubuntu-jammy
+    image: docker.io/library/ubuntu:jammy
+    pre_build_image: false
+    dockerfile: Dockerfile
+    privileged: true
+    systemd: always
+    command: /usr/sbin/init
+
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: "${MOLECULE_PROJECT_DIRECTORY}/.."
+  playbooks:
+    converge: converge.yml
+    verify: verify.yml
+
+scenario:
+  test_sequence:
+    - dependency
+    - destroy
+    - syntax
+    - create
+    - converge
+    - idempotence
+    - verify
+    - destroy
+
+verifier:
+  name: ansible

molecule/default/requirements.yml

@@ -0,0 +1,4 @@
+#SPDX-License-Identifier: GPL-3.0-only
+---
+collections:
+  - name: containers.podman

molecule/default/verify.yml

@@ -0,0 +1,23 @@
+#SPDX-License-Identifier: GPL-3.0-only
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Check traefik binary
+      ansible.builtin.stat:
+        path: /opt/traefik/traefik
+      register: traefik_binary
+
+    - name: Assert traefik binary is executable
+      ansible.builtin.assert:
+        that:
+          - traefik_binary.stat.exists
+          - traefik_binary.stat.executable
+
+    - name: Gather service facts
+      ansible.builtin.service_facts:
+
+    - name: Assert traefik service is present
+      ansible.builtin.assert:
+        that:
+          - "'traefik.service' in ansible_facts.services"