Fr/release preparation

.ansible-lint

@@ -0,0 +1,145 @@
+---
+# .ansible-lint
+
+profile: production
+
+# Allows dumping of results in SARIF format
+# sarif_file: result.sarif
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
+exclude_paths:
+  - playbooks/aws/results/*
+  - playbooks/azure/results/*
+# parseable: true
+# quiet: true
+# strict: true
+verbosity: 1
+
+# # Mock modules or roles in order to pass ansible-playbook --syntax-check
+mock_modules:
+  - cisco.catalystwan.wait_for_api_server
+  - azure.azcollection.azure_rm_account_info
+#   - zuul_return
+#   # note the foo.bar is invalid as being neither a module or a collection
+#   - fake_namespace.fake_collection.fake_module
+#   - fake_namespace.fake_collection.fake_module.fake_submodule
+mock_roles:
+  - cisco.sdwan_deployment.aws_network_infrastructure
+  - cisco.sdwan_deployment.aws_teardown
+  - cisco.sdwan_deployment.aws_controllers
+  - cisco.sdwan_deployment.aws_edges
+  - cisco.sdwan_deployment.azure_network_infrastructure
+  - cisco.sdwan_deployment.azure_teardown
+  - cisco.sdwan_deployment.azure_controllers
+  - cisco.sdwan_deployment.azure_edges
+  - cisco.catalystwan.software_upgrades_remote
+  - cisco.catalystwan.api_ready
+  - cisco.catalystwan.administration_settings
+  - cisco.catalystwan.onboarding_controllers
+  - cisco.catalystwan.sync_pnp_edges
+  - cisco.catalystwan.activate_edges
+  - cisco.catalystwan.vmanage_mode
+  - cisco.catalystwan.health_checks
+
+#   - mocked_role
+#   - author.role_name # old standalone galaxy role
+#   - fake_namespace.fake_collection.fake_role # role within a collection
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: "^(__|{role}_)"
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: "^[a-z_][a-z0-9_]*$"
+
+use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  - skip_this_tag
+  - name[prefix]
+  - var-naming[no-role-prefix]
+  - loop-var-prefix[wrong]
+  - galaxy[no-changelog]  # FIXME after release
+  - galaxy[version-incorrect]  # FIXME after release
+  - meta-runtime[unsupported-version]  # FIXME after release
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  - name[prefix] # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  - yaml
+# Report only a subset of tags and fully ignore any others
+# tags:
+#   - jinja[spacing]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - skip_this_tag
+  - experimental # experimental is included in the implicit list
+
+  # - role-name
+  # - yaml[document-start]  # you can also use sub-rule matches
+
+# Some rules can transform files to fix (or make it easier to fix) identified
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
+# By default it will run all transforms (effectively `write_list: ["all"]`).
+# You can disable running transforms by setting `write_list: ["none"]`.
+# Or only enable a subset of rule transforms by listing rules/tags here.
+# write_list:
+#   - all
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: true
+
+# Define required Ansible's variables to satisfy syntax check
+extra_vars:
+  foo: bar
+  multiline_string_variable: |
+    line1
+    line2
+  complex_variable: ":{;\t$()"
+
+# Uncomment to enforce action validation with tasks, usually is not
+# needed as Ansible syntax check also covers it.
+# skip_action_validation: false
+
+# List of additional kind:pattern to be added at the top of the default
+# match list, first match determines the file kind.
+kinds:
+  # - playbook: "**/examples/*.{yml,yaml}"
+  # - galaxy: "**/folder/galaxy.yml"
+  # - tasks: "**/tasks/*.yml"
+  # - vars: "**/vars/*.yml"
+  # - meta: "**/meta/main.yml"
+  - yaml: "**/*.yaml-too"
+
+# List of additional collections to allow in only-builtins rule.
+# only_builtins_allow_collections:
+#   - example_ns.example_collection
+
+# List of additions modules to allow in only-builtins rule.
+# only_builtins_allow_modules:
+#   - example_module
+
+# Allow setting custom prefix for name[prefix] rule
+task_name_prefix: "{stem} | "

.github/PULL_REQUEST_TEMPLATE.md

@@ -8,4 +8,4 @@
 
 - [ ] PR description is clear and comprehensive
 - [ ] Mentioned the issue that this PR solves (if applicable)
-- [ ] Make sure you test the changes
+- [ ] Make sure you test the changes

.github/workflows/galaxy-importer.yml

@@ -0,0 +1,59 @@
+# Its role is to performe the same checks that would be performed when publishing to galaxy
+# Running them earlier helps to detect issues locally
+
+name: galaxy-importer
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  galaxy-importer:
+    runs-on:
+      - ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Get collection namespace and name from galaxy.yml
+        id: collection-name
+        run: |
+          NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then
+            echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml"
+            exit 1
+          fi
+          echo "Collection namespace is $NAMESPACE"
+          echo "Collection name is $NAME"
+          echo "Collection version is $VERSION"
+          echo "COLLECTION_NAMESPACE=$NAMESPACE" >> $GITHUB_ENV
+          echo "COLLECTION_NAME=$NAME" >> $GITHUB_ENV
+          echo "COLLECTION_VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Install Ansible and importer
+        run: |
+          pip install ansible==9.4.0
+          pip install ansible-importer
+          pip install galaxy-importer
+
+      - name: Build and install the collection
+        run: |
+          ansible-galaxy collection build $GITHUB_WORKSPACE --force
+          ansible-galaxy collection install $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz
+
+      - name: Run ac-galaxy-importer
+        run: |
+          python -m galaxy_importer.main $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz

.github/workflows/linters.yml

@@ -0,0 +1,43 @@
+name: Static Code Analyzer
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - main
+
+jobs:
+  analyze-code:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.10']
+    defaults:
+      run:
+        shell: sh
+
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - uses: isort/isort-action@master
+        with:
+          requirementsFiles: "requirements.txt"
+
+      - name: Run check-yaml, end-of-file-fixer, trailing-whitespace
+        uses: pre-commit/action@v3.0.0
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+
+      - name: Install detect-secrets
+        run: pip install detect-secrets==1.4.0
+
+      - name: Run detect-secrets
+        run: detect-secrets scan

.github/workflows/release-from-tag.yml

@@ -0,0 +1,70 @@
+name: Release to ansible-galaxy from tag
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  publish-release:
+    runs-on:
+      - ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Get collection version from galaxy.yml
+        id: collection-version
+        run: |
+          NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then
+            echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml"
+            exit 1
+          fi
+          echo "Collection namespace is $NAMESPACE"
+          echo "Collection name is $NAME"
+          echo "Collection version is $VERSION"
+          echo "AC_NAMESPACE=$NAMESPACE" >> "$GITHUB_ENV"
+          echo "AC_NAME=$NAME" >> "$GITHUB_ENV"
+          echo "AC_VERSION=$VERSION" >> "$GITHUB_ENV"
+
+      - name: Get Git tag
+        id: git-tag
+        run: |
+          TAG=${GITHUB_REF#refs/tags/}
+          echo "Git tag is $TAG"
+          echo "GIT_TAG=$TAG" >> "$GITHUB_ENV"
+
+      - name: Compare collection version and Git tag
+        shell: bash
+        run: |
+          if [[ "v$AC_VERSION" == "$GIT_TAG" ]]; then
+            echo "The collection version matches the Git tag."
+          else
+            echo "Error: The collection version ($AC_VERSION) does not match the Git tag ($GIT_TAG)."
+            exit 1
+          fi
+
+      - name: Install Ansible
+        run: |
+          pip install ansible==9.4.0
+
+      - name: Build collection
+        run: |
+          ansible-galaxy collection build $GITHUB_WORKSPACE --force
+
+      - name: Check collection install locally to verify tar.gz correctness
+        run: |
+          ansible-galaxy collection install $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz
+
+      - name: Publish Collection to Ansible-Galaxy
+        run: |
+           ansible-galaxy collection publish $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz --api-key "${{ secrets.ANSIBLE_GALAXY_API_KEY }}"

.pre-commit-config.yaml

@@ -0,0 +1,18 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v24.2.1 # latest release tag from https://github.com/ansible-community/ansible-lint/releases/
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets