github-actions: The vault password file was not found #3713
Replies: 8 comments 9 replies
-
This seems to be a duplicate of #2443 |
Beta Was this translation helpful? Give feedback.
-
@mszumilak Maybe similar but I don't think it's a duplicate. They are having jinja and variable issues. I am having the issue where it cannot find the vault password file that does exist. |
Beta Was this translation helpful? Give feedback.
-
@ReenigneArcher I do think that the vault password is not found because the current directory is different when running from lint. I would recommend you to ensure that you configure the path to vault file to be a full path, just in case. Print the full of your dumped file, to check it. |
Beta Was this translation helpful? Give feedback.
-
Specifying a full path to the password file is not the most practical advice as when you deploy the playbooks, the environments/directory structure likely don't match what you get with a GitHub runner. Anyway, the password file exists at this location, which ansible lint is saying doesn't exist.
|
Beta Was this translation helpful? Give feedback.
-
I also encountered the same problem. I think the reason for this is that actions/checkout deletes existing files when it runs. This is a specification and maybe impossible to work around. |
Beta Was this translation helpful? Give feedback.
-
How about dumping the file outside the cloning area, maybe even in TMP. This should work. I will convert the issue into a discussion as it does not seem like a bug. |
Beta Was this translation helpful? Give feedback.
-
Acutally I believe it's the same as it has the common denominator: ansible-lint does not accept vault configuration ansible does. So Additionaly: So to summarize: ansible-lint is not compliant with ansible configuration and that's the main issue here. In addition: ansible-lint does not support supplying vault password in any way as a runtime parameter. Considering all mentioned above THIS IS A BUG. It's ansible-lint, otherwise I'd use yaml.lint and it should be fine. |
Beta Was this translation helpful? Give feedback.
-
You can't modify the environment to add a vault password file because the ansible-lint action destroys the existing environment each run by running actions/checkout with clean:true. I recommend using the archived ansible/anisble-lint-action with vault files until this is resolved. |
Beta Was this translation helpful? Give feedback.
-
Summary
Ansible lint gives warnings/errors that it cannot find the vault password file. I create my vault password using the following step before the ansible lint step.
I run ansible lint with this step:
Issue Type
OS / ENVIRONMENT
ansible-lint --version
6.18.0 (using ansible-lint as github action)
STEPS TO REPRODUCE
Set password file location in config.
ansible.cfg
vault_password_file=.vault-password
Create vault passowrd file in workflow, as shown above.
Run ansible lint action, as shown above.
Desired Behavior
Find the file, that was created.
Possible security bugs should be reported via email to
security@ansible.com
Actual Behavior
File was not found.
Additional Information
I use the same method of creating the .vault-password file to actually run ansible playbooks inside of GitHub actions, and that works fine. I also did not have this problem on the now depreciated
ansible-lint-action
repository.Beta Was this translation helpful? Give feedback.
All reactions