From 32307386d4062e4ffb716960c6e153cd4137e1c8 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 2 Apr 2023 14:33:48 +0300 Subject: [PATCH 1/6] debian: add signed-by param to the apt source list, fixes #409 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 870a94c..8a69b02 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,7 +35,7 @@ docker_repo_url: https://download.docker.com/linux # Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed. docker_apt_release_channel: stable docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" From a29e9d51e9793107452ab99e9f9516177476ae51 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 20 Apr 2023 17:27:13 -0500 Subject: [PATCH 2/6] Fix Molecule CI workflow since docker plugin has moved. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1a22d23..f877319 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,7 +61,7 @@ jobs: python-version: '3.x' - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker + run: pip3 install ansible molecule molecule-plugins[docker] docker - name: Run Molecule tests. run: molecule test From 635061e0a44e94e7c855f45f96364f98af645fc9 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 23 Jun 2023 10:56:08 -0500 Subject: [PATCH 3/6] Remove official support for RHEL. Rocky/Alma/Stream support is best-effort. --- meta/main.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index edc5f8e..6bed80d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,12 +7,8 @@ galaxy_info: description: Docker for Linux. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 2.4 + min_ansible_version: 2.10 platforms: - - name: EL - versions: - - 7 - - 8 - name: Fedora versions: - all From 7c86fe17399818ece18650149de6eea02a78f706 Mon Sep 17 00:00:00 2001 From: nevart Date: Thu, 15 Jun 2023 14:34:07 +0000 Subject: [PATCH 4/6] APT key: don't force and provide checksum, to fix check mode As described in https://github.com/ansible/ansible/issues/65687, get_url only partially supports check_mode: "the changed status will reflect comparison to an empty source file". Before this change, executing this code, with the key already being in place on the target system, would report "OK", while check_mode would report "changed". Due to this change, both now either report "OK" or "changed", depending on the state of the target system. --- defaults/main.yml | 1 + tasks/setup-Debian.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 870a94c..f3d0992 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,6 +38,7 @@ docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' } docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" +docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" # Used only for RedHat/CentOS/Fedora. docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 0abcd17..55c8e62 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -31,7 +31,8 @@ url: "{{ docker_apt_gpg_key }}" dest: /etc/apt/trusted.gpg.d/docker.asc mode: '0644' - force: true + force: false + checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" register: add_repository_key ignore_errors: "{{ docker_apt_ignore_key_error }}" when: docker_add_repo | bool From 78e50d46e25de43f9efb78c8607b3ebfb3d85900 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 10 Jul 2023 17:47:39 -0500 Subject: [PATCH 5/6] Stale bot is now Stale GitHub Action. --- .github/stale.yml | 57 ------------------------------------- .github/workflows/stale.yml | 34 ++++++++++++++++++++++ .yamllint | 3 +- 3 files changed, 35 insertions(+), 59 deletions(-) delete mode 100644 .github/stale.yml create mode 100644 .github/workflows/stale.yml diff --git a/.github/stale.yml b/.github/stale.yml deleted file mode 100644 index 3e8d931..0000000 --- a/.github/stale.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale ---- -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - bug - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..5a2fd42 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,34 @@ +--- +name: Close inactive issues +'on': + schedule: + - cron: "55 6 * * 1" # semi-random time + +jobs: + close-issues: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - uses: actions/stale@v8 + with: + days-before-stale: 120 + days-before-close: 60 + exempt-issue-labels: bug,pinned,security,planned + exempt-pr-labels: bug,pinned,security,planned + stale-issue-label: "stale" + stale-pr-label: "stale" + stale-issue-message: | + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + close-issue-message: | + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + stale-pr-message: | + This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + close-pr-message: | + This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.yamllint b/.yamllint index e6fc538..4dd9139 100644 --- a/.yamllint +++ b/.yamllint @@ -7,5 +7,4 @@ rules: level: warning ignore: | - .github/stale.yml - .travis.yml + .github/workflows/stale.yml From 81f23a11dcc247ad41f620b9b4c98295bc663e6d Mon Sep 17 00:00:00 2001 From: nevart Date: Sun, 6 Aug 2023 13:01:27 +0000 Subject: [PATCH 6/6] Add Debian 12 bookworm support --- .github/workflows/ci.yml | 1 + meta/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f877319..a243ffa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,6 +45,7 @@ jobs: - ubuntu2204 - ubuntu2004 - ubuntu1804 + - debian12 - debian11 - debian10 - fedora34 diff --git a/meta/main.yml b/meta/main.yml index 6bed80d..a492efe 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,6 +16,7 @@ galaxy_info: versions: - buster - bullseye + - bookworm - name: Ubuntu versions: - bionic