Switch from Makefile to Taskfile.yml (using go-task)

Also use consul, nomad, vagrant and asciidoctor inside container.
2023-10-27 00:00:00 +07:00 · 2023-10-27 00:00:00 +07:00 · 59ee8750b3
parent e9d702563b
commit 59ee8750b3
18 changed files with 221 additions and 119 deletions
--- a/11
+++ b/11
@ -1,11 +0,0 @@
-.DEFAULT_GOAL := jsonnet
-
-# Requires the Go implementation of Jsonnet
-.PHONY: jsonnet
-jsonnet:
-	@find . -name "*.jsonnet" -o -name "*.libsonnet" -type f | xargs -I{} sh -c 'jsonnet-lint {} && jsonnetfmt -i {}'
-	@find . -name "*.jsonnet" -type f | xargs -I{} sh ./scripts/jsonnet2yaml.sh {}
-
-.PHONY: lint
-lint:
-	@ansible-lint ./playbooks/
--- a/Taskfile.yml
+++ b/Taskfile.yml
@ -0,0 +1,36 @@
+---
+version: '3'
+
+silent: true
+
+tasks:
+  ansible-lint:
+    cmd: ansible-lint ./playbooks/
+    desc: Lint Ansible playbooks
+
+  jsonnet-lint:
+    cmd: |-
+      find . \
+        -name "*.jsonnet" \
+        -o -name "*.libsonnet" \
+        -type f \
+        | xargs -I{} sh -c 'jsonnet-lint {} && jsonnetfmt -i {}'
+    desc: Lint and format Jsonnet files
+
+  lint:
+    deps:
+      - ansible-lint
+      - jsonnet-lint
+    desc: Run various linting tasks
+
+  jsonnet:
+    aliases:
+      - default
+    deps:
+      - jsonnet-lint
+    cmd: |-
+      find . \
+        -name "*.jsonnet" \
+        -type f \
+        | xargs -I{} sh ./scripts/jsonnet2yaml.sh {}
+    desc: Generate YAML Ansible tasks from Jsonnet sources
--- a/requirements/accepted_variables.yml
+++ b/requirements/accepted_variables.yml
--- a/requirements/collections.yml
+++ b/requirements/collections.yml
@ -1,3 +1,4 @@
 ---
 collections:
  - name: community.general
+  - name: containers.podman
--- a/roles/containers/tasks/apptainer.jsonnet
+++ b/roles/containers/tasks/apptainer.jsonnet
@ -66,6 +66,11 @@ local docker_images =
      image: 'gcr.io/bazel-public/bazel',
      tag: '6.4.0',
    },
+    {
+      name: 'asciidoctor',
+      image: 'docker.io/asciidoctor/docker-asciidoctor',
+      tag: '1.58.0',
+    },
    {
      name: 'terraform',
      image: 'docker.io/hashicorp/terraform',
@ -78,6 +83,16 @@ local docker_images =
      tag: '1.15.1',
      args: hashicorp_args,
    },
+    {
+      name: 'consul',
+      image: 'docker.io/hashicorp/consul',
+      tag: '1.16.2',
+    },
+    {
+      name: 'nomad',
+      image: 'docker.io/hashicorp/nomad',
+      tag: '1.6.2',
+    },
  ];

 std.manifestYamlDoc([docker_to_apptainer(x) for x in docker_images])
--- a/roles/containers/tasks/apptainer.yml
+++ b/roles/containers/tasks/apptainer.yml
@ -25,6 +25,28 @@
      name: apptainer | Create bazel-apptainer launch script
  name: apptainer | Create bazel environment
  tags: bazel-apptainer
+- block:
+    - command:
+        cmd: rm -rf ~/.local/libexec/asciidoctor.sif
+        removes: ~/.local/libexec/asciidoctor.sif
+      name: apptainer | Clean old asciidoctor.sif file
+    - command:
+        cmd: /usr/bin/apptainer pull ~/.local/libexec/asciidoctor.sif docker://docker.io/asciidoctor/docker-asciidoctor:1.58.0
+        creates: ~/.local/libexec/asciidoctor.sif
+        removes: /usr/bin/apptainer
+      name: apptainer | Pull and build asciidoctor.sif file
+    - copy:
+        content: |
+          #!/bin/sh
+          TERM=xterm-256color \
+            exec apptainer --silent --quiet exec \
+              --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv  \
+              ~/.local/libexec/asciidoctor.sif asciidoctor "$@"
+        dest: ~/.local/bin/asciidoctor
+        mode: "755"
+      name: apptainer | Create asciidoctor-apptainer launch script
+  name: apptainer | Create asciidoctor environment
+  tags: asciidoctor-apptainer
 - block:
    - command:
        cmd: rm -rf ~/.local/libexec/terraform.sif
@ -69,3 +91,47 @@
      name: apptainer | Create vault-apptainer launch script
  name: apptainer | Create vault environment
  tags: vault-apptainer
+- block:
+    - command:
+        cmd: rm -rf ~/.local/libexec/consul.sif
+        removes: ~/.local/libexec/consul.sif
+      name: apptainer | Clean old consul.sif file
+    - command:
+        cmd: /usr/bin/apptainer pull ~/.local/libexec/consul.sif docker://docker.io/hashicorp/consul:1.16.2
+        creates: ~/.local/libexec/consul.sif
+        removes: /usr/bin/apptainer
+      name: apptainer | Pull and build consul.sif file
+    - copy:
+        content: |
+          #!/bin/sh
+          TERM=xterm-256color \
+            exec apptainer --silent --quiet exec \
+              --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv  \
+              ~/.local/libexec/consul.sif consul "$@"
+        dest: ~/.local/bin/consul
+        mode: "755"
+      name: apptainer | Create consul-apptainer launch script
+  name: apptainer | Create consul environment
+  tags: consul-apptainer
+- block:
+    - command:
+        cmd: rm -rf ~/.local/libexec/nomad.sif
+        removes: ~/.local/libexec/nomad.sif
+      name: apptainer | Clean old nomad.sif file
+    - command:
+        cmd: /usr/bin/apptainer pull ~/.local/libexec/nomad.sif docker://docker.io/hashicorp/nomad:1.6.2
+        creates: ~/.local/libexec/nomad.sif
+        removes: /usr/bin/apptainer
+      name: apptainer | Pull and build nomad.sif file
+    - copy:
+        content: |
+          #!/bin/sh
+          TERM=xterm-256color \
+            exec apptainer --silent --quiet exec \
+              --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv  \
+              ~/.local/libexec/nomad.sif nomad "$@"
+        dest: ~/.local/bin/nomad
+        mode: "755"
+      name: apptainer | Create nomad-apptainer launch script
+  name: apptainer | Create nomad environment
+  tags: nomad-apptainer
--- a/roles/containers/tasks/podman.jsonnet
+++ b/roles/containers/tasks/podman.jsonnet
@ -1,37 +1,10 @@
-local images = ['ltex-ls', 'translate-shell', 'marksman'];
-
-// Special container images
-local aports_dev = {
-  local name = 'aports-dev',
-  local normalized_name = 'aports_dev',
-
-  name: 'podman | Create aports development environment',
-  tags: name,
-  block: [
-    {
-      name: 'podman | Get current date as ' + name + "'s image tag",
-      command: '/bin/date -u "+%Y-%m-%d"',
-      changed_when: false,
-      register: normalized_name + '_version',
-    },
-    {
-      name: 'podman | Build ' + name + ' container image',
-      'containers.podman.podman_image': {
-        name: name,
-        path: '{{ role_path }}/build_dirs/' + name,
-        tag: '{{ ' + normalized_name + '_version.stdout }}',
-        state: 'present',
-      },
-    },
-    {
-      name: 'podman | Install ' + name + ' wrapper script',
-      template: {
-        src: name + '.j2',
-        dest: '~/.local/bin/' + name,
-        mode: '755',
-      },
-    },
-  ],
+local copy_script(name) = {
+  name: 'podman | Install ' + name + ' wrapper script',
+  template: {
+    src: name + '.j2',
+    dest: '~/.local/bin/' + name,
+    mode: '755',
+  },
 };

 local podman(name) = std.prune(
@ -52,16 +25,62 @@ local podman(name) = std.prune(
          state: 'present',
        },
      },
-      {
-        name: 'podman | Install ' + name + ' wrapper script',
-        template: {
-          src: name + '.j2',
-          dest: '~/.local/bin/' + name,
-          mode: '755',
-        },
-      },
+      copy_script(name),
    ],
  }
 );

-std.manifestYamlDoc([podman(x) for x in images] + [aports_dev])
+// Special container images
+local special_containers = [
+  {
+    local name = 'aports-dev',
+    local normalized_name = 'aports_dev',
+
+    name: 'podman | Create aports development environment',
+    tags: name,
+    block: [
+      {
+        name: 'podman | Get current date as ' + name + "'s image tag",
+        command: '/bin/date -u "+%Y-%m-%d"',
+        changed_when: false,
+        register: normalized_name + '_version',
+      },
+      {
+        name: 'podman | Build ' + name + ' container image',
+        'containers.podman.podman_image': {
+          name: name,
+          path: '{{ role_path }}/build_dirs/' + name,
+          tag: '{{ ' + normalized_name + '_version.stdout }}',
+          state: 'present',
+        },
+      },
+      copy_script(name),
+    ],
+  },
+  {
+    local name = 'vagrant',
+
+    name: 'podman | Create ' + name + 'shim',
+    tags: name,
+    vars: {
+      vagrant_image_repository: 'docker.io/vagrantlibvirt/vagrant-libvirt',
+      vagrant_image_tag: 'latest-slim',
+    },
+    block: [
+      {
+        name: 'podman | Keep vagrant Docker image up-to-date',
+        'containers.podman.podman_image': {
+          name: '{{ vagrant_image_repository }}',
+          tag: '{{ vagrant_image_tag }}',
+          force: true,
+        },
+      },
+      copy_script(name),
+    ],
+  },
+];
+
+// Images to be built in a uniform way
+local images = ['ltex-ls', 'translate-shell', 'marksman'];
+
+std.manifestYamlDoc([podman(x) for x in images] + special_containers)
--- a/roles/containers/tasks/podman.yml
+++ b/roles/containers/tasks/podman.yml
@ -69,3 +69,19 @@
        src: aports-dev.j2
  name: podman | Create aports development environment
  tags: aports-dev
+- block:
+    - containers.podman.podman_image:
+        force: true
+        name: '{{ vagrant_image_repository }}'
+        tag: '{{ vagrant_image_tag }}'
+      name: podman | Keep vagrant Docker image up-to-date
+    - name: podman | Install vagrant wrapper script
+      template:
+        dest: ~/.local/bin/vagrant
+        mode: "755"
+        src: vagrant.j2
+  name: podman | Create vagrantshim
+  tags: vagrant
+  vars:
+    vagrant_image_repository: docker.io/vagrantlibvirt/vagrant-libvirt
+    vagrant_image_tag: latest-slim
--- a/roles/containers/templates/ltex-ls.j2
+++ b/roles/containers/templates/ltex-ls.j2
@ -1,6 +1,6 @@
 #!/bin/sh

-podman run \
+exec podman run \
 	--cap-drop ALL \
 	--security-opt no-new-privileges \
 	--read-only-tmpfs \
--- a/roles/containers/templates/marksman.j2
+++ b/roles/containers/templates/marksman.j2
@ -1,6 +1,6 @@
 #!/bin/sh

-podman run \
+exec podman run \
 	--cap-drop ALL \
 	--security-opt no-new-privileges \
 	--read-only-tmpfs \
--- a/roles/containers/templates/translate-shell.j2
+++ b/roles/containers/templates/translate-shell.j2
@ -1,6 +1,6 @@
 #!/bin/sh

-podman run \
+exec podman run \
 	--cap-drop ALL \
 	--cap-add NET_RAW \
 	--security-opt no-new-privileges \
--- a/roles/containers/templates/vagrant.j2
+++ b/roles/containers/templates/vagrant.j2
@ -0,0 +1,18 @@
+#!/bin/sh
+
+# Source: https://vagrant-libvirt.github.io/vagrant-libvirt/installation.html
+
+exec podman run \
+	 --rm -it \
+	-e LIBVIRT_DEFAULT_URI \
+	-e CHECKPOINT_DISABLE=true \
+	-e VAGRANT_BOX_UPDATE_CHECK_DISABLE=true \
+	-v /var/run/libvirt:/var/run/libvirt \
+	-v ~/.vagrant.d:/.vagrant.d \
+	-v "$(realpath "$PWD")":"$PWD" \
+	-w "$PWD" \
+	--network host \
+	--entrypoint /bin/bash \
+	--security-opt label=disable \
+	{{ vagrant_image_repository }}:{{ vagrant_image_tag }} \
+	vagrant "$@"
--- a/roles/packages/tasks/go-packages.jsonnet
+++ b/roles/packages/tasks/go-packages.jsonnet
@ -74,7 +74,7 @@ local packages =
    { name: 'zk', url: 'github.com/mickael-menu/zk' },
    { name: 'mods', url: 'github.com/charmbracelet/mods' },

-    // Nicety Pulumi stuff
+    // Nifty Pulumi stuff
    { name: 'crd2pulumi', url: 'github.com/pulumi/crd2pulumi' },
    { name: 'schema-tools', url: 'github.com/pulumi/schema-tools' },
    { name: 'kubespy', url: 'github.com/pulumi/kubespy' },
--- a/roles/packages/tasks/main.yml
+++ b/roles/packages/tasks/main.yml
@ -29,13 +29,6 @@
    cabal_arguments: --overwrite-policy=always --enable-library-stripping --enable-executable-stripping
  import_tasks: haskell-packages.yml

- name: packages | Install Ruby packages with gem
-  tags: [gem, ruby]
-  environment:
-    GEM_HOME: '{{ ansible_env.HOME }}/.local/share/gem'
-    GEM_SPEC_CACHE: '{{ ansible_env.HOME }}/.cache/gem'
-  import_tasks: ruby-packages.yml
-
 - name: packages | Install Python packages with pip
  tags: [pip, python]
  vars:
@ -49,10 +42,6 @@
    PYENV_ROOT: '{{ ansible_env.HOME }}/.local/share/pyenv'
  import_tasks: pyenv.yml

- name: packages | Install vagrant
-  tags: vagrant
-  import_tasks: vagrant.yml
-
 - name: packages | Install system packages
  tags: apk
  become: true
@ -79,3 +68,4 @@
    - https://github.com/helm/helm-mapkubeapis.git
    - https://github.com/hypnoglow/helm-s3.git
    - https://github.com/jkroepke/helm-secrets.git
+    - https://github.com/chartmuseum/helm-push.git
--- a/roles/packages/tasks/pyenv.yml
+++ b/roles/packages/tasks/pyenv.yml
@ -11,6 +11,7 @@
    repo: 'https://github.com/pyenv/{{ item }}.git'
    dest: '{{ ansible_env.PYENV_ROOT }}/plugins/{{ item }}'
  loop:
+    - pyenv-ccache # requires `ccache` package installed
    - pyenv-update
    - pyenv-virtualenv

--- a/roles/packages/tasks/ruby-packages.yml
+++ b/roles/packages/tasks/ruby-packages.yml
@ -1,7 +0,0 @@
---
- name: packages | Install asciidoctor-diagram
-  community.general.gem:
-    name: asciidoctor-diagram
-    norc: true
-    state: latest
-  tags: asciidoctor-diagram
--- a/roles/packages/tasks/vagrant.yml
+++ b/roles/packages/tasks/vagrant.yml
@ -1,42 +0,0 @@
---
- name: vagrant | Install system dependencies
-  community.general.apk:
-    name: libvirt-dev, ruby-bundler, ruby-dev
-    state: present
-  tags: system
-  become: true
-
- name: vagrant | Clone vagant repository
-  git:
-    depth: 1
-    repo: https://github.com/hashicorp/vagrant.git
-    dest: '{{ vagrant_dir }}'
-
- name: vagrant | Build vagrant
-  community.general.bundler:
-    chdir: '{{ vagrant_dir }}'
-    state: present
-    gem_path: vendor
-    binstub_directory: exec
-
- name: vagrant | Symlink vagrant executable
-  file:
-    src: '{{ vagrant_dir }}/exec/vagrant'
-    dest: ~/.local/bin/vagrant
-    state: link
-
- name: vagrant | Check whether vagrant-libvirt plugin is installed
-  shell:
-    cmd: ~/.local/bin/vagrant plugin list | grep -qF 'vagrant-libvirt'
-    removes: ~/.local/bin/vagrant
-  register: vagrant_plugin_check
-  changed_when: false
-  failed_when: false
-
- name: vagrant | Install vagrant-libvirt plugin
-  command:
-    cmd: ~/.local/bin/vagrant plugin install vagrant-libvirt
-    removes: ~/.local/bin/vagrant
-  when: vagrant_plugin_check.rc == 1
-  environment:
-    CONFIGURE_ARGS: with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib
--- a/tasks/check_variables.yml
+++ b/tasks/check_variables.yml
@ -2,7 +2,7 @@
 - name: check | Import accepted values for defined variables
  include_vars:
    name: accepted_vals
-    file: ../requirements/accepted_variables.yml
+    file: ../requirements/assert.yml

 - name: check | Defined variable values
  fail: