feat/update-molecue-setup

.github/workflows/lint.yml

@@ -18,7 +18,7 @@ jobs:
     name: Lint yaml files
     uses: stuttgart-things/stuttgart-things/.github/workflows/lint-yaml.yaml@yaml-lint-1
     with:
-      runs-on: ghr-install-requirements-labda-test
+      runs-on: ghr-install-requirements-in-cluster
       environment-name: k8s
       continue-error: true
       yamllint-version: 1
@@ -29,7 +29,7 @@ jobs:
     name: Lint ansible code
     uses: stuttgart-things/stuttgart-things/.github/workflows/lint-ansible.yaml@main # ansible-lint-24.2.1
     with:
-      runs-on: ghr-install-requirements-labda-test
+      runs-on: ghr-install-requirements-in-cluster
       environment-name: k8s
       continue-error: true
       ansible-image: eu.gcr.io/stuttgart-things/sthings-ansible:9.3.0-1

.github/workflows/release.yaml

@@ -4,9 +4,11 @@ on:
   workflow_dispatch:
     inputs:
       release-tag:
+        description: 'Tag name for the release'
         required: true
         type: string
       release-message:
+        description: 'Release message/notes'
         required: true
         type: string
 
@@ -20,5 +22,5 @@ jobs:
       release-message: "${{ github.event.inputs.release-message }}"
       environment-name: k8s
       archive-kind: tar.gz
-      runs-on: ghr-install-requirements-labda-test
+      runs-on: ghr-install-requirements-in-cluster
       continue-error: false

.gitignore

@@ -0,0 +1,201 @@
+.DS_Store
+.task/
+logs
+TODO
+*.log
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+package-lock.json
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# Next.js build output
+.next
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# End of https://www.toptal.com/developers/gitignore/api/node
+
+# Created by https://www.toptal.com/developers/gitignore/api/macos
+# Edit at https://www.toptal.com/developers/gitignore?templates=macos
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+# End of https://www.toptal.com/developers/gitignore/api/macos
+
+# Created by https://www.toptal.com/developers/gitignore/api/windows
+# Edit at https://www.toptal.com/developers/gitignore?templates=windows
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.toptal.com/developers/gitignore/api/windows
+
+#Added by cargo
+
+/target
+Cargo.lock
+
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+*.node

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-symlinks
+      #- id: check-yaml
+      - id: detect-private-key
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0  # or specific git tag
+    hooks:
+      - id: shellcheck
+        args:
+          - "-e"
+          - "SC1090"
+          - "-e"
+          - "SC1091"
+  - repo: https://github.com/hadolint/hadolint
+    rev: "v2.12.0"
+    hooks:
+      - id: hadolint-docker
+        args:
+          - --ignore
+          - DL4006
+          - --ignore
+          - DL3015
+  - repo: https://github.com/sirosen/check-jsonschema
+    rev: 0.30.0
+    hooks:
+      - id: check-github-workflows
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        name: Detect secrets
+        description: Detects high entropy strings that are likely to be passwords.
+        entry: detect-secrets-hook
+        language: python
+        # for backward compatibility
+        files: .*  # all files
+        args: ["--exclude-files", ".dagger/postgresdb/dagger.json"]

README.md

@@ -10,7 +10,7 @@ The following vars can be set:
 vars:
   update_packages: true     # set for update or not update your os packages (update_packages: true/ false)
   os_packages:
-    - htop  
+    - htop
     - unzip # the os package that you want to install. If not set, no os package will be installed. (os_packages: <package_name>)
   python_modules:
     - name: kubernetes      # the pip package that you want to install. If not set, no os package will be installed. If pip doesn't exist, it will be installed automatically. The pip version is decided based on the python version that is used by ansible on the target host.
@@ -113,7 +113,7 @@ ansible-playbook -i inventory install-requirements.yml
 <details><summary>EXAMPLE ROLE INCLUDE OF ANOTHER ROLE</summary>
 
 ```yaml
-# task file 
+# task file
 ...
 - name: Install prerequisites
   include_role:

Taskfile.yaml

@@ -1,8 +1,8 @@
 ---
 version: 3
-vars:
-  BRANCH:
-    sh: if [ $(git rev-parse --abbrev-ref HEAD) != "main" ]; then echo $(git rev-parse --abbrev-ref HEAD); else echo main ; fi
+includes:
+  git:
+    taskfile: https://raw.githubusercontent.com/stuttgart-things/platform-engineering-showcase/refs/heads/main/taskfiles/git.yaml
 
 # PRECONDITION TO CHECK IF THE VIRTUAL ENVIRONMENT IS ACTIVATED
 venv-precondition: &venv
@@ -12,11 +12,13 @@ venv-precondition: &venv
 
 tasks:
   run-molecule:
+    desc: "Run molecule tests"
     preconditions: *venv
     cmds:
       - molecule test -s default
 
   setup-molecule:
+    desc: "Setup python virtual environment"
     preconditions: *venv
     cmds:
       - pip install -U setuptools pip 'molecule'
@@ -30,55 +32,12 @@ tasks:
       - python3 -m venv ./venv
       - echo "Don't forget to run\nsource ./venv/bin/activate"
 
-  branch:
-    desc: Create branch from main
+  do:
+    desc: Select a task to run
     cmds:
-      - git checkout main
-      - git branch
-      - git pull
       - |
-        echo "Enter to be created (remote) branch:"
-        read BRANCH_NAME;
-        git checkout -b ${BRANCH_NAME}
-        git push origin ${BRANCH_NAME}
-      - git branch
-      - git branch --set-upstream-to=origin/main ${BRANCH_NAME}
+        # Extract task names (keep internal colons, remove only trailing colon)
+        task_name=$(task -l | awk '/^\*/ {print $2}' | sed 's/:$//' | gum choose)
 
-  commit:
-    desc: Commit + push code into branch
-    cmds:
-      - rm -rf dist/
-      - git branch --set-upstream-to=origin/{{ .BRANCH }}
-      - git pull
-      - |
-        echo "ENTER COMMIT MESSAGE"
-        read COMMIT_MESSAGE;
-        git add *
-        if [[ -n $(git status --porcelain) ]]; then
-          echo "committing changes"
-          git commit --allow-empty -a -m "$(echo ${COMMIT_MESSAGE})"
-        else
-          echo "no changes"
-        fi
-        git push origin -u {{ .BRANCH }}
-      - sleep 20s
-      - |
-        RUN_ID=$(gh run list | grep {{ .BRANCH }} | head -1 | awk '{for (i=1; i<=NF; i++) if ($i ~ /^[0-9]+$/) print $i}')
-        gh run watch ${RUN_ID} --exit-status
-
-  pr:
-    desc: Create pull request into main
-    cmds:
-      - task: commit
-      - |
-        if gh pr list | grep -q "{{.BRANCH}}"; then
-          echo "⚠️ PR already exists for branch {{.BRANCH}}, closing it..."
-          gh pr close {{.BRANCH}}
-        else
-          echo "✅ No existing PR found for branch {{.BRANCH}}."
-        fi
-      - gh pr create -t "{{ .BRANCH }}" -b "{{ .BRANCH }} branch into main"
-      - sleep 20s
-      - gh pr checks $(gh pr list | grep "^[^#;]" | grep '{{ .BRANCH }}' | awk '{print $1}') --watch
-      - gh pr merge $(gh pr list | grep "^[^#;]" | grep '{{ .BRANCH }}' | awk '{print $1}') --auto --rebase --delete-branch
-      - git checkout main && git pull
+        # Run the selected task
+        [ -n "$task_name" ] && task "$task_name"