This commit is contained in:
@@ -44,6 +44,7 @@ jobs:
|
||||
- name: Install dagu
|
||||
run: |
|
||||
curl -L https://raw.githubusercontent.com/dagu-org/dagu/main/scripts/installer.sh | bash
|
||||
dagu version
|
||||
|
||||
- name: Validate DAGs
|
||||
run: |
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
gather_facts: false
|
||||
|
||||
vars:
|
||||
# Hardcoded fallback for DAGs path
|
||||
dags_path: "{{ playbook_dir ~ '/../app-configs/rinoa/dagu/dags' }}"
|
||||
vault_addr: "{{ lookup('env', 'VAULT_ADDR') }}"
|
||||
vault_token: "{{ lookup('env', 'VAULT_TOKEN') }}"
|
||||
@@ -12,7 +13,11 @@
|
||||
tasks:
|
||||
- name: Build list of DAG template files
|
||||
ansible.builtin.set_fact:
|
||||
dag_templates: "{{ lookup('fileglob', dags_path ~ '/*.yaml.j2', wantlist=True) }}"
|
||||
dag_templates: >-
|
||||
{{
|
||||
lookup('ansible.builtin.fileglob', dags_path ~ '/*.yaml.j2', wantlist=True)
|
||||
| default([])
|
||||
}}
|
||||
|
||||
- name: Pre-check Vault secrets in templates
|
||||
when: dag_templates | length > 0
|
||||
@@ -21,11 +26,13 @@
|
||||
ansible.builtin.set_fact:
|
||||
vault_keys: >-
|
||||
{{
|
||||
dag_templates
|
||||
| map('lookup', 'file', wantlist=True)
|
||||
| map('regex_findall',
|
||||
"lookup\\('community.hashi_vault.vault_kv2_get',\\s*'[^']+',\\s*engine_mount_point='[^']+',\\s*url=[^,]+,\\s*token=[^\\)]+\\)\\['secret'\\]\\['([^']+)'\\]")
|
||||
| sum(start=[])
|
||||
(
|
||||
dag_templates
|
||||
| map('file', 'r')
|
||||
| map('regex_findall',
|
||||
"lookup\\('community.hashi_vault.vault_kv2_get',\\s*'[^']+',\\s*engine_mount_point='[^']+',\\s*url=[^,]+,\\s*token=[^\\)]+\\)\\['secret'\\]\\['([^']+)'\\]")
|
||||
| list
|
||||
) | default([])
|
||||
}}
|
||||
|
||||
- name: Warn if any Vault keys might be missing
|
||||
|
||||
Reference in New Issue
Block a user