Ansible lint fixes and workflows (#12)

# Pull Request Description
- Added workflows (CI, Release Drafter, Ansible Galaxy Publish) 
- Fixed Ansible lint

## Change type
- [X] Bug fix (non-breaking change which fixes a specific issue)
- [ ] New feature (non-breaking change adding new functionality)
- [ ] Breaking change (fix or feature that potentially causes existing
functionality to fail)
- [X] Change that does not affect Ansible Role code (Github Actions
Workflow, Documentation, or similair)

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -2,72 +2,72 @@
 name: Bug report
 description: Report a bug!
 title: "[BUG]: "
-labels: ['bug']
+labels: ["bug"]
 
 body:
-- type: markdown
-  attributes:
-    value: >
-      **Report a bug you found/experienced!**
+  - type: markdown
+    attributes:
+      value: >
+        **Report a bug you found/experienced!**
 
-      Please first check if the issue exists in the Issues tab.
+        Please first check if the issue exists in the Issues tab.
 
-- type: textarea
-  attributes:
-    label: Summary
-    description: Write a brief explanation of the problem.
-    placeholder: >-
-      When running role xyz with variables xyz, xyz breaks...
-  validations:
-    required: true
+  - type: textarea
+    attributes:
+      label: Summary
+      description: Write a brief explanation of the problem.
+      placeholder: >-
+        When running role xyz with variables xyz, xyz breaks...
+    validations:
+      required: true
 
-- type: textarea
-  attributes:
-    label: Ansible Version
-    description: >-
-      Paste verbatim output from `ansible --version` below.
-    render: console
-    placeholder: >-
-      ansible [core 2.15.8]
-        config file = /etc/ansible/ansible.cfg
-        configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
-        ansible python module location = /usr/lib/python3/dist-packages/ansible
-        ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
-        executable location = /usr/bin/ansible
-        python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
-        jinja version = 3.0.3
-        libyaml = True
-  validations:
-    required: true
+  - type: textarea
+    attributes:
+      label: Ansible Version
+      description: >-
+        Paste verbatim output from `ansible --version` below.
+      render: console
+      placeholder: >-
+        ansible [core 2.15.8]
+          config file = /etc/ansible/ansible.cfg
+          configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
+          ansible python module location = /usr/lib/python3/dist-packages/ansible
+          ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
+          executable location = /usr/bin/ansible
+          python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
+          jinja version = 3.0.3
+          libyaml = True
+    validations:
+      required: true
 
-- type: textarea
-  attributes:
-    label: Repro Steps
-    description: >-
-      Describe steps to reproduce the problem.
+  - type: textarea
+    attributes:
+      label: Repro Steps
+      description: >-
+        Describe steps to reproduce the problem.
 
-      **HINT:** You can paste https://gist.github.com links for larger files.
-    value: |
-      Paste an example playbook/vars file below
-  validations:
-    required: true
+        **HINT:** You can paste https://gist.github.com links for larger files.
+      value: |
+        Paste an example playbook/vars file below
+    validations:
+      required: true
 
-- type: textarea
-  attributes:
-    label: Expected Results
-    description: >-
-      Describe the expected result of running the steps above.
-    placeholder: >-
-      When I ran X, assuming Y I expected Z to happen.
-  validations:
-    required: true
+  - type: textarea
+    attributes:
+      label: Expected Results
+      description: >-
+        Describe the expected result of running the steps above.
+      placeholder: >-
+        When I ran X, assuming Y I expected Z to happen.
+    validations:
+      required: true
 
-- type: textarea
-  attributes:
-    label: Actual Results
-    description: >-
-      Describe the actual result.
-    placeholder: >-
-      For example, paste Ansible Output here.
-  validations:
-    required: true
+  - type: textarea
+    attributes:
+      label: Actual Results
+      description: >-
+        Describe the actual result.
+      placeholder: >-
+        For example, paste Ansible Output here.
+    validations:
+      required: true

.github/release_drafter.yml

@@ -0,0 +1,41 @@
+---
+name-template: "$RESOLVED_VERSION"
+tag-template: "$RESOLVED_VERSION"
+categories:
+  - title: "Breaking"
+    lables:
+      - "major"
+      - "breaking"
+  - title: "Features"
+    labels:
+      - "feature"
+      - "enhancement"
+  - title: "Bug Fixes"
+    labels:
+      - "bug"
+      - "fix"
+  - title: "Documentation"
+    labels:
+      - "documentation"
+  - title: "Workflows"
+    labels:
+      - "workflow"
+version-resolver:
+  major:
+    labels:
+      - "major"
+      - "breaking"
+  minor:
+    labels:
+      - "feature"
+      - "enhancement"
+  patch:
+    labels:
+      - "bug"
+      - "fix"
+  default: patch
+change-template: "- $TITLE, by @$AUTHOR (#$NUMBER)"
+template: |
+  # Changes
+
+  $CHANGES

.github/workflows/ci.yml

@@ -0,0 +1,42 @@
+---
+name: CI
+
+on:
+  pull_request:
+    branches:
+      - main
+    types: [opened, reopened, synchronize]
+
+
+jobs:
+  yamllint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.0
+
+      - name: Setup Python
+        uses: actions/setup-python@v5.2.0
+        with:
+          python-version: "3.x"
+
+      - name: Install deps
+        run: pip3 install yamllint
+
+      - name: Lint code
+        run: yamllint .
+
+  ansiblelint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+        with:
+          args: "--profile production"
+          setup_python: "true"
+          requirements_file: "./requirements.yml"

.github/workflows/release-drafter.yml

@@ -0,0 +1,25 @@
+---
+name: Release Drafter
+
+permissions:
+  contents: write
+  pull-requests: read
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    types: [opened, reopened, synchronize, labeled]
+
+jobs:
+  draft_release:
+    name: Draft Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release_drafter.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,17 @@
+---
+name: Release to Ansible Galaxy
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    name: Ansible Galaxy Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.1
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}
+          git_branch: ${{ github.ref_name }}

.yamllint.yaml

@@ -0,0 +1,15 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 170
+    level: warning
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  braces:
+    max-spaces-inside: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true

defaults/main.yml

@@ -1,3 +1,4 @@
+---
 ### Azure AD App registration related variables ###
 # Azure AD App display name
 # az_app_display_name:

requirements.yml

@@ -0,0 +1,5 @@
+---
+collections:
+  - name: azure.azcollection
+    version: 2.4.0
+    type: galaxy

tasks/add_rbac_roles.yml

@@ -1,11 +1,12 @@
 ---
-- name: get role definitions id
+- name: Get role definitions id
   azure.azcollection.azure_rm_roledefinition_info:
     role_name: "{{ item.name }}"
     scope: /
   register: az_rbac_role_definition
 
-- ansible.builtin.include_tasks: tasks/assign_rbac_roles.yml
+- name: Assign RBAC roles
+  ansible.builtin.include_tasks: tasks/assign_rbac_roles.yml
   loop: "{{ item.scopes }}"
   loop_control:
     loop_var: scp

tasks/assign_rbac_roles.yml

@@ -1,14 +1,15 @@
+---
 # this check exists because there is a problem with idempotency in azure.azcollection.azure_rm_roleassignment
 # https://github.com/ansible-collections/azure/issues/1137
 # same reason the state: absent does not work in azure.azcollection.azure_rm_roleassignment
-- name: check if RBAC assignment exists
+- name: Check if RBAC assignment exists
   azure.azcollection.azure_rm_roleassignment_info:
     scope: "{{ scp.path }}"
     assignee: "{{ az_service_principal.object_id }}"
     role_definition_id: "{{ az_rbac_role_definition.roledefinitions[0].id }}"
   register: az_rbac_role_existing
 
-- name: assign RBAC roles to {{ az_service_principal.app_display_name }} Service Principal
+- name: Assign RBAC roles to Service Principal - {{ az_service_principal.app_display_name }}
   azure.azcollection.azure_rm_roleassignment:
     scope: "{{ scp.path }}"
     assignee_object_id: "{{ az_service_principal.object_id }}"

tasks/main.yml

@@ -1,15 +1,15 @@
 ---
-- name: get Azure AD App info
+- name: Get Azure AD App info
   azure.azcollection.azure_rm_adapplication_info:
     app_display_name: "{{ az_app_display_name }}"
   register: azure_ad_app_existing
 
-- name: fail if more than one Azure AD App registration is found
+- name: Fail if more than one Azure AD App registration is found
   ansible.builtin.fail:
     msg: more than 1 Azure App Registration found with the same name, please check.
   when: azure_ad_app_existing.applications | length > 1
 
-- name: create/update {{ az_app_display_name }} Azure AD App
+- name: Create/update Azure AD App - {{ az_app_display_name }}
   azure.azcollection.azure_rm_adapplication:
     display_name: "{{ az_app_display_name }}"
     app_id: "{{ azure_ad_app_existing.applications[0].app_id | default(omit) }}"
@@ -27,18 +27,20 @@
     required_resource_accesses: "{{ az_app_req_access | default(omit) }}"
   register: azure_ad_app_new
 
-- name: set Azure AD Application id
+- name: Set Azure AD Application id
   ansible.builtin.set_fact:
     az_app_id: "{{ azure_ad_app_existing.applications[0].app_id | default(azure_ad_app_new.app_id, true) }}"
 
-- ansible.builtin.include_tasks: tasks/manage_service_principal.yml
+- name: Manage Service Principal
+  ansible.builtin.include_tasks: tasks/manage_service_principal.yml
   when: az_app_create_sp | bool
 
-- ansible.builtin.include_tasks: tasks/manage_app_secrets.yml
+- name: Manage App secrets
+  ansible.builtin.include_tasks: tasks/manage_app_secrets.yml
   when: az_app_manage_secrets | bool
 
-- name: place new secret in KV secret
-  azure_rm_keyvaultsecret:
+- name: Place new secret in KV secret
+  azure.azcollection.azure_rm_keyvaultsecret:
     secret_name: "{{ az_app_kv_secret_name }}"
     secret_value: "{{ az_app_new_password.secret_text }}"
     keyvault_uri: "{{ az_app_kv_uri }}"
@@ -50,6 +52,7 @@
     - az_app_save_password_in_kv | bool
     - az_app_new_password.changed | bool
 
-- ansible.builtin.include_tasks: tasks/add_rbac_roles.yml
+- name: Add RBAC roles
+  ansible.builtin.include_tasks: tasks/add_rbac_roles.yml
   loop: "{{ az_app_rbac_roles }}"
   when: az_app_assign_rbac_roles | bool