Tweaks for DAG-related items.
Validate DAGs / validate (push) Failing after 1m0s

This commit is contained in:
2025-09-13 22:10:05 -04:00
parent 4fd3238857
commit 49432e16d9
2 changed files with 16 additions and 6 deletions
+1 -1
View File
@@ -49,6 +49,6 @@ jobs:
- name: Validate DAGs
run: |
for dag in $(find ${DAGS_PATH} -type f -name "*.yaml" -a ! -name "*example*"); do
echo "========Validating ${dag}========"
echo "=========Validating ${dag}========="
dagu dry "${dag}"
done
+15 -5
View File
@@ -22,18 +22,28 @@
- name: Pre-check Vault secrets in templates
when: dag_templates | length > 0
block:
- name: Find all Vault lookup expressions in templates
- name: Read each DAG template safely
ansible.builtin.slurp:
src: "{{ item }}"
loop: "{{ dag_templates }}"
register: slurped_templates
- name: Extract Vault keys from DAG templates
ansible.builtin.set_fact:
vault_keys: >-
{{
dag_templates
| map('file', 'r')
| select('string')
slurped_templates.results
| map(attribute='content')
| map('b64decode')
| map('regex_findall',
"lookup\\('community.hashi_vault.vault_kv2_get',\\s*'[^']+',\\s*engine_mount_point='[^']+',\\s*url=[^,]+,\\s*token=[^\\)]+\\)\\['secret'\\]\\['([^']+)'\\]")
| sum(start=[])
}}
when: dag_templates | length > 0
- name: Warn if any Vault keys might be missing
loop: "{{ vault_keys }}"
ansible.builtin.debug:
msg: "Vault key '{{ item }}' will be required by templates"
- name: Warn if any Vault keys might be missing