diff --git a/.github/workflows/validate-ansible.yml b/.github/workflows/validate-ansible.yml index 11657ac..6fa6500 100644 --- a/.github/workflows/validate-ansible.yml +++ b/.github/workflows/validate-ansible.yml @@ -33,6 +33,7 @@ jobs: runs-on: ubuntu-latest permissions: id-token: write + pull-requests: write strategy: matrix: host: ${{ fromJson(needs.discover.outputs.hosts) }} @@ -74,7 +75,51 @@ jobs: done - name: Run playbook (check mode) + id: check working-directory: ansible/ + continue-on-error: true env: ANSIBLE_HOST_KEY_CHECKING: "false" - run: ansible-playbook deploy.yml --limit "${{ matrix.host }}" --check --diff + run: | + ansible-playbook deploy.yml --limit "${{ matrix.host }}" --check --diff 2>&1 | tee playbook_output.txt + + - name: Post recap as PR comment + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const output = fs.readFileSync('ansible/playbook_output.txt', 'utf8'); + const host = '${{ matrix.host }}'; + const recap = output.split('\n').filter(l => l.startsWith('PLAY RECAP') || l.includes(host + ' ')).join('\n'); + const outcome = '${{ steps.check.outcome }}'; + const header = outcome === 'failure' + ? `## Ansible Check → ${host} — FAILED` + : `## Ansible Check → ${host}`; + const body = `${header}\n\`\`\`\n${recap}\n\`\`\``; + + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + const marker = `## Ansible Check → ${host}`; + const existing = comments.find(c => c.body.startsWith(marker) || c.body.startsWith(marker + ' —')); + if (existing) { + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: existing.id, + body, + }); + } else { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body, + }); + } + + - name: Fail if check failed + if: steps.check.outcome == 'failure' + run: exit 1