Skip to content

Commit 7e879c6

Browse files
committed
Fix ansible-lint CI: add vault password and changed_when
Add ANSIBLE_VAULT_PASSWORD_FILE env var to the GitHub Action so ansible-lint can parse vault-encrypted secret.yaml. Add missing changed_when: true to two tasks in get_openshift_release_binaries.yml that modify state (extract pull secret, extract OCP tools) to fix no-changed-when violations. Ref: OSPRH-32049 Change-Id: Id34425370a73e003b0fa1160105713ed8691c6cd Signed-off-by: Itay Matza <imatza@redhat.com>
1 parent b592a8b commit 7e879c6

2 files changed

Lines changed: 4 additions & 0 deletions

File tree

.github/workflows/ansible-lint.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,3 +21,5 @@ jobs:
2121

2222
- name: Run ansible-lint
2323
run: ansible-lint --strict
24+
env:
25+
ANSIBLE_VAULT_PASSWORD_FILE: /home/cloud-admin/.vault-pass

collection/tools/roles/tools_get_openshift_release/tasks/get_openshift_release_binaries.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
when: openshift_release_pull_spec is not defined or openshift_release_pull_spec == ''
2828

2929
- name: Extract pull secret from host cluster via Kubernetes API
30+
changed_when: true
3031
ansible.builtin.shell: |
3132
python3 << 'PYEOF'
3233
import yaml, json, base64, subprocess, os, sys, tempfile
@@ -127,6 +128,7 @@
127128
mode: u=rwx,g=rw,o=r
128129

129130
- name: Extract OCP tools from release image {{ openshift_release_pull_spec }}
131+
changed_when: true
130132
ansible.builtin.command:
131133
cmd: >-
132134
timeout 900

0 commit comments

Comments
 (0)