feat: migrate from aap-libvirt-infra

.envrc

@@ -0,0 +1 @@
+export ANSIBLE_VAULT_PASSWORD_FILE=./scripts/vault.bash

.github/workflows/check.yml

@@ -0,0 +1,62 @@
+name: check
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/makeitworkcloud/runner:latest
+    env:
+      SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+      ANSIBLE_VAULT_PASSWORD_FILE: ./scripts/vault.bash
+      ANSIBLE_LOCALHOST_WARNING: "false"
+      ANSIBLE_INVENTORY_UNPARSED_WARNING: "false"
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: dependencies
+        run: ansible-galaxy collection install -r requirements.yml
+
+      - name: lint
+        run: pre-commit run --all-files
+
+      - name: check
+        id: check
+        continue-on-error: true
+        run: |
+          ansible-playbook .setup_project.yml --check --diff 2>&1 | tee check-output.txt
+          tail -n 1000 check-output.txt > check-output-truncated.txt
+          mv check-output-truncated.txt check-output.txt
+
+      - name: prepare-comment
+        if: github.event_name == 'pull_request'
+        run: |
+          {
+            echo '<!-- ansible-check -->'
+            echo '#### Ansible Check (dry-run)'
+            echo '```'
+            cat check-output.txt
+            echo '```'
+          } > comment-body.md
+
+      - name: comment
+        if: github.event_name == 'pull_request'
+        uses: johanwulf/replace-comment@v1.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body-includes: '<!-- ansible-check -->'
+          body-path: comment-body.md
+
+      - name: fail-on-error
+        if: steps.check.outcome == 'failure'
+        run: exit 1

.github/workflows/deploy.yml

@@ -0,0 +1,34 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    name: Deploy AAP Content
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/makeitworkcloud/runner:latest
+    env:
+      SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+      ANSIBLE_VAULT_PASSWORD_FILE: ./scripts/vault.bash
+      ANSIBLE_LOCALHOST_WARNING: "false"
+      ANSIBLE_INVENTORY_UNPARSED_WARNING: "false"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Ansible collections
+        run: ansible-galaxy collection install -r requirements.yml
+
+      - name: Run pre-commit
+        run: pre-commit run --all-files
+
+      - name: Deploy AAP Content
+        run: ansible-playbook .setup_project.yml

.gitignore

@@ -0,0 +1,4 @@
+**/*.ansible
+**/*.swp
+**/*.log
+**/1

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-vcs-permalinks
+      - id: destroyed-symlinks
+      - id: detect-private-key
+      - id: mixed-line-ending
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v25.12.1
+    hooks:
+      - id: ansible-lint
+        language_version: python3
+        additional_dependencies:
+          - ansible
+        args: [--exclude=secrets/, --exclude=vars/]

.setup_project.yml

@@ -0,0 +1,111 @@
+#!/usr/bin/env ansible-playbook
+# File: .setup_project.yml
+# GitHub: https://github.com/makeitworkcloud/ansible-project-libvirt
+# Description: Creates the libvirt project in Ansible Automation Platform (AAP).
+# Author:
+#                                   _|
+#   _|    _|  _|_|_|      _|_|    _|_|_|_|    _|_|
+#     _|_|    _|    _|  _|    _|    _|      _|    _|
+#   _|    _|  _|    _|  _|    _|    _|      _|    _|
+#   _|    _|  _|    _|    _|_|        _|_|    _|_|
+---
+- name: Load SOPS secrets
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Load SOPS secrets
+      community.sops.load_vars:
+        file: secrets/secrets.yaml
+
+- name: Deploy AAP content
+  hosts: localhost
+  gather_facts: false
+  environment:
+    CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX: /api/controller/
+  vars:
+    aap_project_name: libvirt
+    aap_organization: Default
+  module_defaults:
+    group/awx.awx.controller:
+      controller_host: "{{ controller_host }}"
+      controller_username: "{{ controller_username }}"
+      controller_password: "{{ controller_password }}"
+      validate_certs: true
+  tasks:
+    - name: Create project
+      awx.awx.project:
+        name: "{{ aap_project_name }}"
+        description: "Managed by ansible-project-libvirt"
+        organization: "{{ aap_organization }}"
+        scm_type: git
+        scm_url: https://github.com/makeitworkcloud/ansible-project-libvirt.git
+        scm_update_on_launch: false
+        state: present
+
+    - name: Sync project
+      awx.awx.project_update:
+        name: "{{ aap_project_name }}"
+        wait: true
+        timeout: 300
+      when: not ansible_check_mode
+
+    - name: Create inventory
+      awx.awx.inventory:
+        name: "{{ aap_project_name }}"
+        description: "Managed by ansible-project-libvirt"
+        organization: "{{ aap_organization }}"
+        state: present
+
+    - name: Add libvirt host to inventory
+      awx.awx.host:
+        name: "{{ libvirt_host }}"
+        inventory: "{{ aap_project_name }}"
+        variables:
+          ansible_host: "{{ libvirt_fqdn }}"
+        state: present
+
+    - name: Create SSH credential
+      awx.awx.credential:
+        name: "{{ aap_project_name }} SSH"
+        description: "SSH key for libvirt host"
+        organization: "{{ aap_organization }}"
+        credential_type: Machine
+        inputs:
+          username: "{{ libvirt_ssh_user }}"
+          ssh_key_data: "{{ libvirt_ssh_private_key }}"
+        state: present
+
+    - name: Create Vault credential
+      awx.awx.credential:
+        name: "{{ aap_project_name }} Vault"
+        description: "Ansible Vault password"
+        organization: "{{ aap_organization }}"
+        credential_type: Vault
+        inputs:
+          vault_password: "{{ vault_password }}"
+        state: present
+
+    - name: Find playbooks
+      ansible.builtin.find:
+        paths: playbooks/
+        patterns: "*.yml,*.yaml"
+        file_type: file
+        recurse: false
+      register: found_playbooks
+
+    - name: Create job templates
+      awx.awx.job_template:
+        name: "{{ item.path | basename | regex_replace('\\.ya?ml$', '') }}"
+        description: "Job template for {{ item.path | basename }}"
+        organization: "{{ aap_organization }}"
+        project: "{{ aap_project_name }}"
+        inventory: "{{ aap_project_name }}"
+        playbook: "playbooks/{{ item.path | basename }}"
+        job_type: run
+        credentials:
+          - "{{ aap_project_name }} SSH"
+          - "{{ aap_project_name }} Vault"
+        state: present
+      loop: "{{ found_playbooks.files }}"
+      loop_control:
+        label: "{{ item.path | basename }}"

.sops.yaml

@@ -0,0 +1,3 @@
+---
+creation_rules:
+  - age: age152ek83tm4fj5u70r3fecytn4kg7c5xca24erjchxexx4pfqg6das7q763l