fix: Fixed GitHub Release Workflow (#57)

* fix: Fixed GitHub Release Workflow
zscaler · Feb 5, 2025 · 7a2d17b · 7a2d17b
1 parent ce797ab
commit 7a2d17b
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 55 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,34 +1,20 @@
-name: Release the ansible collection
+name: CI
 
 on:
-  workflow_call:
-    inputs:
-      ah_publish:
-        description: Publish the collection on automation hub
-        default: true
-        type: boolean
-      environment:
-        description: The deployment environment
-        required: true
-        type: string
-      galaxy_publish:
-        default: true
-        description: Publish the collection on galaxy
-        type: boolean
-    secrets:
-      ah_token:
-        required: false
-      ansible_galaxy_api_key:
-        required: false
+  push:
+    branches: [master]
+  pull_request:
 
 env:
   NAMESPACE: zscaler
   COLLECTION_NAME: zpacloud
   PYTHON_VERSION: 3.8
 
 jobs:
-  ## 1) Sanity Job
-  # --------------------------------------------------
+  ## ---------------------------------------------------------------------------
+  ## 1) Sanity is required:
+  ## https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html
+  ## ---------------------------------------------------------------------------
   sanity:
     name: Sanity (Ⓐ${{ matrix.ansible }})
     strategy:
@@ -59,6 +45,7 @@ jobs:
       - name: Install Poetry
         uses: Gr1N/setup-poetry@v9
 
+      # Install the head of the given branch (devel, stable-2.10)
       - name: Install ansible-base (${{ matrix.ansible }})
         run: poetry run pip install https://github.com/ansible/ansible/archive/stable-${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
@@ -72,23 +59,61 @@ jobs:
         timeout-minutes: 10
         run: poetry run make new-sanity
 
-  ## 2) Release Job (NEW)
-  # --------------------------------------------------
+
+  ## ---------------------------------------------------------------------------
+  ## 3) Release
+  ## ---------------------------------------------------------------------------
   release:
     name: release
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     needs: [sanity]
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      # (A) OLD TASK: This writes ~/.ansible/galaxy_token
+      #     We'll remove it later so it's not included in the final tarball.
+      - name: Set up Galaxy auth
+        run: |
+          mkdir -p ~/.ansible
+          echo "token: $GALAXY_API_KEY" > ~/.ansible/galaxy_token
+        env:
+          GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
+        shell: bash
+
+      # (B) Create ansible.cfg with credentials for Galaxy and Automation Hub
+      #     We'll remove this file before building or packaging the collection.
+      - name: Set up Automation Hub and Galaxy ansible.cfg
+        run: |
+          cat << EOF > ansible.cfg
+          [galaxy]
+          server_list = automation_hub, release_galaxy
+          [galaxy_server.automation_hub]
+          url=${{ secrets.AUTOMATION_HUB_URL }}
+          auth_url=${{ secrets.AUTOMATION_HUB_SSO_URL }}
+          token=${{ secrets.AUTOMATION_HUB_API_TOKEN }}
+          [galaxy_server.release_galaxy]
+          url=https://galaxy.ansible.com/
+          token=${{ secrets.GALAXY_API_KEY }}
+          EOF
+        shell: bash
+
+      - name: Remove temporary auth files
+        run: |
+          rm -f ansible.cfg
+          rm -rf ~/.ansible
+
+      # (D) Import GPG key (signing)
       - name: Import GPG key
         id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v6
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
 
+      # (E) Create release and publish to GitHub Releases (semantic-release)
       - name: Create release and publish
         id: release
         uses: cycjimmy/semantic-release-action@v4
@@ -103,46 +128,28 @@ jobs:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      # (F) Store built collection (artifact) AFTER we removed ansible.cfg
       - name: Store built collection
         uses: actions/upload-artifact@v4
         with:
           name: collection
           path: |
             *.tar.gz
 
-  ## 3) Release Automation Hub Job
-  # --------------------------------------------------
-  release_automation_hub:
-    name: release_automation_hub
-    uses: ansible/team-devtools/.github/workflows/release_ah.yml@main
-    # Make it run AFTER the release job
-    needs: [release]
-    with:
-      environment: release
-    secrets:
-      ah_token: ${{ secrets.AH_TOKEN }}
-
-  ## 4) Release Galaxy Job
-  # --------------------------------------------------
-  release_galaxy:
-    name: release_galaxy
-    uses: ansible/team-devtools/.github/workflows/release_galaxy.yml@main
-    needs: [release_automation_hub]
-    with:
-      environment: release
-    secrets:
-      ansible_galaxy_api_key: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
-
-  ## 5) Documentation Job
-  # --------------------------------------------------
+
+  ## ---------------------------------------------------------------------------
+  ## 4) Documentation
+  ## ---------------------------------------------------------------------------
   docs:
     name: docs
     if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     needs: [release]
     runs-on: ubuntu-latest
+
     defaults:
       run:
         working-directory: ./ansible_collections/zscaler/zpacloud
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -175,6 +182,9 @@ jobs:
       - name: Generate documentation
         run: poetry run make docs
 
+      # This is here for right now because the action to deploy seems to assume
+      # (and not have a configuration option to) mirror the actions/checkout@v4
+      # the with.path spec.
       - name: Move the repo to where the deploy action is looking for it
         run: |
           cd ../../../..
@@ -183,7 +193,7 @@ jobs:
           mkdir -p zpacloud-ansible/ansible_collections/zscaler/zpacloud
 
       - name: Deploy to GitHub Pages
-        uses: JamesIves/github-pages-deploy-action@v4.7.2
+        uses: JamesIves/github-pages-deploy-action@v4.6.8
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           branch: gh-pages

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Zscaler Private Access (ZPA) Ansible Collection Changelog
 
+## 1.4.5 (February, 5 2025)
+
+### Notes
+
+- Python Versions: **v3.9, v3.10, v3.11**
+
+### Bug Fixes
+
+- [PR #57](https://github.com/zscaler/zpacloud-ansible/pull/57) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
+
 ## 1.4.4 (February, 5 2025)
 
 ### Notes
@@ -8,7 +18,7 @@
 
 ### Bug Fixes
 
-- [PR #56](https://github.com/zscaler/zpacloud-ansible/pull/56) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
+- [PR #57](https://github.com/zscaler/zpacloud-ansible/pull/57) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
 
 ## 1.4.3 (February, 1 2025)
 

diff --git a/docs/source/release_notes.rst b/docs/source/release_notes.rst
@@ -9,9 +9,21 @@ Releases
 Zscaler Private Access (ZPA) Ansible Collection Changelog
 ---------------------------------------------------------
 
-Version 1.4.3
+Version 1.4.5
 ==============
 
+1.4.5 (February, 5 2025)
+---------------------------
+
+### Notes
+
+- Python Versions: **v3.9, v3.10, v3.11**
+
+### Bug Fixes
+
+* (`#57 <https://github.com/zscaler/zpacloud-ansible/pull/57>`_) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
+
+
 1.4.4 (February, 5 2025)
 ---------------------------
 
@@ -21,7 +33,7 @@ Version 1.4.3
 
 ### Bug Fixes
 
-* (`#56 <https://github.com/zscaler/zpacloud-ansible/pull/56>`_) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
+* (`#57 <https://github.com/zscaler/zpacloud-ansible/pull/57>`_) Removed `ansible.cfg` from Ansible Automation Hub and Galaxy GitHub Actions workflow
 
 
 1.4.3 (February, 1 2025)

diff --git a/galaxy.yml b/galaxy.yml
@@ -10,7 +10,7 @@ namespace: zscaler
 name: zpacloud
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.4.4
+version: 1.4.5
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "zpacloud-ansible"
-version = "1.4.4"
+version = "1.4.5"
 description = "Ansible collection for Zscaler Private Access (ZPA)"
 authors = ["Zscaler Technology Alliances <[email protected]>"]
 license = "MIT"