release preparation

.github/workflows/galaxy-importer.yml

@@ -0,0 +1,59 @@
+# Its role is to performe the same checks that would be performed when publishing to galaxy
+# Running them earlier helps to detect issues locally
+
+name: galaxy-importer
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  galaxy-importer:
+    runs-on:
+      - ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Get collection namespace and name from galaxy.yml
+        id: collection-name
+        run: |
+          NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then
+            echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml"
+            exit 1
+          fi
+          echo "Collection namespace is $NAMESPACE"
+          echo "Collection name is $NAME"
+          echo "Collection version is $VERSION"
+          echo "COLLECTION_NAMESPACE=$NAMESPACE" >> $GITHUB_ENV
+          echo "COLLECTION_NAME=$NAME" >> $GITHUB_ENV
+          echo "COLLECTION_VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Install Ansible and importer
+        run: |
+          pip install ansible==9.4.0
+          pip install ansible-importer
+          pip install galaxy-importer
+
+      - name: Build and install the collection
+        run: |
+          ansible-galaxy collection build $GITHUB_WORKSPACE --force
+          ansible-galaxy collection install $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz
+
+      - name: Run ac-galaxy-importer
+        run: |
+          python -m galaxy_importer.main $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz

.github/workflows/linters.yml

@@ -0,0 +1,38 @@
+# .github/workflows/ansible-lint.yml
+name: Ansible Lint
+
+on:
+  pull_request:
+
+  push:
+    branches:
+      - main
+
+jobs:
+  analyze-code:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.10']
+    defaults:
+      run:
+        shell: sh
+
+
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main # or version tag instead of 'main'
+
+      - name: Install detect-secrets
+        run: pip install detect-secrets==1.4.0
+
+      - name: Run detect-secrets
+        run: detect-secrets scan

.github/workflows/release-from-tag.yml

@@ -0,0 +1,70 @@
+name: Release to ansible-galaxy from tag
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  publish-release:
+    runs-on:
+      - ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Get collection version from galaxy.yml
+        id: collection-version
+        run: |
+          NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"")
+          if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then
+            echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml"
+            exit 1
+          fi
+          echo "Collection namespace is $NAMESPACE"
+          echo "Collection name is $NAME"
+          echo "Collection version is $VERSION"
+          echo "AC_NAMESPACE=$NAMESPACE" >> "$GITHUB_ENV"
+          echo "AC_NAME=$NAME" >> "$GITHUB_ENV"
+          echo "AC_VERSION=$VERSION" >> "$GITHUB_ENV"
+
+      - name: Get Git tag
+        id: git-tag
+        run: |
+          TAG=${GITHUB_REF#refs/tags/}
+          echo "Git tag is $TAG"
+          echo "GIT_TAG=$TAG" >> "$GITHUB_ENV"
+
+      - name: Compare collection version and Git tag
+        shell: bash
+        run: |
+          if [[ "v$AC_VERSION" == "$GIT_TAG" ]]; then
+            echo "The collection version matches the Git tag."
+          else
+            echo "Error: The collection version ($AC_VERSION) does not match the Git tag ($GIT_TAG)."
+            exit 1
+          fi
+
+      - name: Install Ansible
+        run: |
+          pip install ansible==9.4.0
+
+      - name: Build collection
+        run: |
+          ansible-galaxy collection build $GITHUB_WORKSPACE --force
+
+      - name: Check collection install locally to verify tar.gz correctness
+        run: |
+          ansible-galaxy collection install $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz
+
+      - name: Publish Collection to Ansible-Galaxy
+        run: |
+           ansible-galaxy collection publish $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz --api-key "${{ secrets.ANSIBLE_GALAXY_API_KEY }}"

.pre-commit-config.yaml

@@ -11,3 +11,8 @@ repos:
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets

README.md

@@ -6,13 +6,16 @@ Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS a
 
 - [Overview](#overview)
 - [Roadmap](#roadmap)
-- [Prerequisites](#prerequisites)
-- [Getting Started](#getting-started)
+- [Requirements](#requirements)
+- [Installing this collection](#installing-this-collection)
+- [Using this collection](#using-this-collection)
 - [Troubleshooting](#troubleshooting)
 - [Useful Links](#useful-links)
 - [Contact Information](#contact-information)
 - [License](#license)
 - [Contributing](#contributing)
+- [Code of Conduct](#code-of-conduct)
+- [Releasing, Versioning and Deprecation](#releasing-versioning-and-deprecation)
 
 ---
 
@@ -69,21 +72,29 @@ Future Goals:
 
 ---
 
-## Prerequisites
+## Requirements
 
-This collection is based on `ansible-core==2.16`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix).
+This collection is based on `ansible-core==2.16.6`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix).
 
 Before you begin, ensure you have met the following requirements:
 
 - You have installed Python 3.10 - 3.12
 - You have an AWS or Azure account with the necessary permissions
 - You have access to a Cisco SD-WAN AMIs on AWS or images on Azure
 
+### Python dependencies
+
+The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip:
+
+```bash
+pip install -r requirements.txt
+```
+
 ---
 
-## Getting started
+## Installing this collection
 
-### Using collection in your playbooks
+### Using `requirements.yml`
 
 In `requirements.yml` inside your project add:
 
@@ -110,13 +121,7 @@ At the end always run:
 ansible-galaxy install -r requirements.yml
 ```
 
-### Python dependencies
-
-The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip:
-
-```bash
-pip install -r requirements.txt
-```
+## Using this collection
 
 ### Prepare your configuration
 
@@ -274,3 +279,11 @@ See [LICENSE](./LICENSE) file.
 ## Contributing
 
 See [Contributing](./docs/CONTRIBUTING.md) file.
+
+## Code of Conduct
+
+See [Code of Conduct](./docs/CODE_OF_CONDUCT.md) file.
+
+## Releasing, Versioning and Deprecation
+
+This collection follows Semantic Versioning. More details on versioning can be found in [Understanding collection versioning](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections_distributing.html#understanding-collection-versioning).

galaxy.yml

@@ -1,70 +1,24 @@
-# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
-# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
-# underscores or numbers and cannot contain consecutive underscores
 namespace: cisco
-
-# The name of the collection. Has the same character restrictions as 'namespace'
 name: sdwan_deployment
-
-# The version of the collection. Must be compatible with semantic versioning
 version: 0.1.0
-
-# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
-
-# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
-# @nicks:irc/im.site#channel'
 authors:
   - Arkadiusz Cichon <[email protected]>
+description: Ansible collection to deploy Cisco SD-WAN on AWS and Azure
 
-### OPTIONAL but strongly recommended
-# A short summary description of the collection
-description: Ansible collection to deploy Cisco SD-WAN on AWS (Azure in roadmap)
+repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment
+documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md
+homepage: https://github.com/cisco-open/ansible-collection-sdwan-deployment
+issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues
 
-# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
-# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
 license:
-  - "Apache-2.0"
+  - "GPL-3.0-only"
 
-# The path to the license file for the collection. This path is relative to the root of the collection. This key is
-# mutually exclusive with 'license'
-# license_file: '' #TODO
-
-# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
-# requirements as 'namespace' and 'name'
 tags:
-  - demo
-  - collection
-  - cloud
-  - infrastructure
+  - cisco
+  - sdwan
+  - catalystwan
+  - networking
 
-# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
-# collection label 'namespace.name'. The value is a version range
-# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
-# range specifiers can be set and are separated by ','
 dependencies: {}
-
-# The URL of the originating SCM repository
-repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment
-
-# The URL to any online docs
-documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md
-
-# The URL to the homepage of the collection/project
-homepage: http://cisco.com
-
-# The URL to the collection issue tracker
-issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues
-
-# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
-# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
-# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
-# and '.git' are always filtered. Mutually exclusive with 'manifest'
 build_ignore: []
-
-# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
-# list of MANIFEST.in style
-# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
-# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
-# with 'build_ignore'
-# manifest: null

meta/runtime.yml

@@ -1,2 +1,3 @@
 ---
-requires_ansible: ">=2.15.6"
+
+requires_ansible: '>=2.16.6'

playbooks/aws_sdwan_config.yml

@@ -65,7 +65,7 @@ aws_key_name: null
 
 # Cloud-init general configurations
 admin_username: admin
-admin_password: Cisco#123@Viptela
+admin_password: example_password  # pragma: allowlist secret
 vbond_port: 12346
 # vbond_transport_private_ip: null   # note that default: 192.168.1.199
 # vbond_transport_public_ip: null    # note that default: 192.168.1.199

playbooks/template_cloudinit_config.yml

@@ -18,7 +18,7 @@ cloud_provider: null  # can be either aws or azure
 
 # Cloud-init general configurations
 admin_username: admin
-admin_password: Cisco#123@Viptela
+admin_password: example_password  # pragma: allowlist secret
 vbond_port: 12346
 vbond_transport_private_ip: null
 vbond_transport_public_ip: null

roles/aws_controllers/defaults/main.yml

@@ -28,7 +28,7 @@ aws_key_name: null
 
 # Cloud-init general configurations
 admin_username: admin
-admin_password: Cisco#123@Viptela
+admin_password: example_password  # pragma: allowlist secret
 vbond_port: 12346
 default_vbond_ip: 192.168.1.199  # default ips from official Cisco guides
 # vpn0_interface_color: default

roles/aws_edges/defaults/main.yml

@@ -28,7 +28,7 @@ aws_key_name: null
 
 # Cloud-init general configurations
 admin_username: admin
-admin_password: Cisco#123@Viptela
+admin_password: example_password  # pragma: allowlist secret
 vbond_port: 12346
 default_vbond_ip: 192.168.1.199  # default ips from official Cisco guides
 # vpn0_interface_color: default