ci: fix gitea release plugin [skip ci]

Reviewed-on: #8
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
Co-committed-by: Robert Kaussow <mail@thegeeklab.de>

.chglog/CHANGELOG.tpl.md

@@ -1,23 +0,0 @@
-# Changelog
-
-{{ range .Versions -}}
-## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
-
-{{ range .CommitGroups -}}
-### {{ .Title }}
-
-{{ range .Commits -}}
-- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ (regexReplaceAll "(.*)/issues/(.*)" (regexReplaceAll "(Co-\\w*-by.*)" .Subject "") "${1}/pulls/${2}") | trim }}
-{{ end }}
-{{- end -}}
-
-{{- if .NoteGroups -}}
-{{ range .NoteGroups -}}
-### {{ .Title }}
-
-{{ range .Notes }}
-{{ .Body }}
-{{ end }}
-{{ end -}}
-{{ end -}}
-{{ end -}}

.chglog/config.yml

@@ -1,24 +0,0 @@
-style: github
-template: CHANGELOG.tpl.md
-info:
-  title: CHANGELOG
-  repository_url: https://gitea.rknet.org/ansible/xoxys.general
-options:
-  commit_groups:
-    title_maps:
-      feat: Features
-      fix: Bug Fixes
-      perf: Performance Improvements
-      refactor: Code Refactoring
-      chore: Others
-      test: Testing
-      ci: CI Pipeline
-  header:
-    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
-    pattern_maps:
-      - Type
-      - Scope
-      - Subject
-  notes:
-    keywords:
-      - BREAKING CHANGE

.dictionary

@@ -0,0 +1,2 @@
+Ansible
+Kaussow

.drone.jsonnet

@@ -1,260 +0,0 @@
-local PythonVersion(pyversion='3.8') = {
-  name: 'python' + std.strReplace(pyversion, '.', '') + '-pytest',
-  image: 'python:' + pyversion,
-  environment: {
-    PY_COLORS: 1,
-  },
-  commands: [
-    'pip install poetry -qq',
-    'poetry config experimental.new-installer false',
-    'poetry install --all-extras',
-    'poetry run pytest',
-  ],
-  depends_on: [
-    'clone',
-  ],
-};
-
-local AnsibleVersion(version='devel') = {
-  local gitversion = if version == 'devel' then 'devel' else 'stable-' + version,
-  name: 'ansible-' + std.strReplace(version, '.', ''),
-  image: 'python:3.9',
-  environment: {
-    PY_COLORS: 1,
-  },
-  commands: [
-    'pip install poetry -qq',
-    'poetry config experimental.new-installer false',
-    'poetry install',
-    'poetry run pip install https://github.com/ansible/ansible/archive/' + gitversion + '.tar.gz --disable-pip-version-check',
-    'poetry run ansible --version',
-    'poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9',
-  ],
-  depends_on: [
-    'clone',
-  ],
-};
-
-local PipelineLint = {
-  kind: 'pipeline',
-  name: 'lint',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  steps: [
-    {
-      name: 'check-format',
-      image: 'python:3.11',
-      environment: {
-        PY_COLORS: 1,
-      },
-      commands: [
-        'git fetch -tq',
-        'pip install poetry -qq',
-        'poetry config experimental.new-installer false',
-        'poetry install --all-extras',
-        'poetry run yapf -dr ./plugins',
-      ],
-    },
-    {
-      name: 'check-coding',
-      image: 'python:3.11',
-      environment: {
-        PY_COLORS: 1,
-      },
-      commands: [
-        'git fetch -tq',
-        'pip install poetry -qq',
-        'poetry config experimental.new-installer false',
-        'poetry install --all-extras',
-        'poetry run ruff ./plugins',
-      ],
-    },
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
-  },
-};
-
-local PipelineUnitTest = {
-  kind: 'pipeline',
-  name: 'unit-test',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  steps: [
-    PythonVersion(pyversion='3.8'),
-    PythonVersion(pyversion='3.9'),
-    PythonVersion(pyversion='3.10'),
-    PythonVersion(pyversion='3.11'),
-  ],
-  depends_on: [
-    'lint',
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
-  },
-};
-
-local PipelineSanityTest = {
-  kind: 'pipeline',
-  name: 'sanity-test',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  workspace: {
-    path: '/drone/src/ansible_collections/${DRONE_REPO_NAME/./\\/}',
-  },
-  steps: [
-    AnsibleVersion(version='devel'),
-    AnsibleVersion(version='2.14'),
-    AnsibleVersion(version='2.13'),
-  ],
-  depends_on: [
-    'unit-test',
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
-  },
-};
-
-local PipelineBuild = {
-  kind: 'pipeline',
-  name: 'build',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  steps: [
-    {
-      name: 'build',
-      image: 'python:3.11',
-      commands: [
-        'GALAXY_VERSION=${DRONE_TAG##v}',
-        "sed -i 's/version: 0.0.0/version: '\"$${GALAXY_VERSION:-0.0.0}\"'/g' galaxy.yml",
-        'pip install poetry -qq',
-        'poetry config experimental.new-installer false',
-        'poetry install --all-extras',
-        'poetry run ansible-galaxy collection build --output-path dist/',
-      ],
-    },
-    {
-      name: 'checksum',
-      image: 'alpine',
-      commands: [
-        'cd dist/ && sha256sum * > ../sha256sum.txt',
-      ],
-    },
-    {
-      name: 'changelog-generate',
-      image: 'thegeeklab/git-chglog',
-      commands: [
-        'git fetch -tq',
-        'git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}',
-      ],
-    },
-    {
-      name: 'changelog-format',
-      image: 'thegeeklab/alpine-tools',
-      commands: [
-        'prettier CHANGELOG.md',
-        'prettier -w CHANGELOG.md',
-      ],
-    },
-    {
-      name: 'publish-gitea',
-      image: 'plugins/gitea-release',
-      settings: {
-        overwrite: true,
-        api_key: { from_secret: 'gitea_token' },
-        files: ['dist/*', 'sha256sum.txt'],
-        base_url: 'https://gitea.rknet.org',
-        title: '${DRONE_TAG}',
-        note: 'CHANGELOG.md',
-      },
-      when: {
-        ref: ['refs/tags/**'],
-      },
-    },
-  ],
-  depends_on: [
-    'sanity-test',
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
-  },
-};
-
-local PipelineDocumentation = {
-  kind: 'pipeline',
-  name: 'documentation',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  steps: [
-    {
-      name: 'publish',
-      image: 'plugins/gh-pages',
-      settings: {
-        netrc_machine: 'gitea.rknet.org',
-        pages_directory: 'docs/',
-        password: {
-          from_secret: 'gitea_token',
-        },
-        remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
-        target_branch: 'docs',
-        username: {
-          from_secret: 'gitea_username',
-        },
-      },
-    },
-  ],
-  depends_on: [
-    'build',
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**'],
-  },
-};
-
-local PipelineNotifications = {
-  kind: 'pipeline',
-  name: 'notifications',
-  platform: {
-    os: 'linux',
-    arch: 'amd64',
-  },
-  steps: [
-    {
-      name: 'matrix',
-      image: 'thegeeklab/drone-matrix',
-      settings: {
-        homeserver: { from_secret: 'matrix_homeserver' },
-        roomid: { from_secret: 'matrix_roomid' },
-        template: 'Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}',
-        username: { from_secret: 'matrix_username' },
-        password: { from_secret: 'matrix_password' },
-      },
-    },
-  ],
-  depends_on: [
-    'documentation',
-  ],
-  trigger: {
-    ref: ['refs/heads/main', 'refs/tags/**'],
-    status: ['success', 'failure'],
-  },
-};
-
-[
-  PipelineLint,
-  PipelineUnitTest,
-  PipelineSanityTest,
-  PipelineBuild,
-  PipelineDocumentation,
-  PipelineNotifications,
-]

.drone.yml

@@ -1,294 +0,0 @@
----
-kind: pipeline
-name: lint
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: check-format
-    image: python:3.11
-    commands:
-      - git fetch -tq
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run yapf -dr ./plugins
-    environment:
-      PY_COLORS: 1
-
-  - name: check-coding
-    image: python:3.11
-    commands:
-      - git fetch -tq
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run ruff ./plugins
-    environment:
-      PY_COLORS: 1
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-    - refs/pull/**
-
----
-kind: pipeline
-name: unit-test
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: python38-pytest
-    image: python:3.8
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run pytest
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-  - name: python39-pytest
-    image: python:3.9
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run pytest
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-  - name: python310-pytest
-    image: python:3.10
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run pytest
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-  - name: python311-pytest
-    image: python:3.11
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run pytest
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-    - refs/pull/**
-
-depends_on:
-  - lint
-
----
-kind: pipeline
-name: sanity-test
-
-platform:
-  os: linux
-  arch: amd64
-
-workspace:
-  path: /drone/src/ansible_collections/${DRONE_REPO_NAME/./\/}
-
-steps:
-  - name: ansible-devel
-    image: python:3.9
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install
-      - poetry run pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
-      - poetry run ansible --version
-      - poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-  - name: ansible-214
-    image: python:3.9
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install
-      - poetry run pip install https://github.com/ansible/ansible/archive/stable-2.14.tar.gz --disable-pip-version-check
-      - poetry run ansible --version
-      - poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-  - name: ansible-213
-    image: python:3.9
-    commands:
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install
-      - poetry run pip install https://github.com/ansible/ansible/archive/stable-2.13.tar.gz --disable-pip-version-check
-      - poetry run ansible --version
-      - poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9
-    environment:
-      PY_COLORS: 1
-    depends_on:
-      - clone
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-    - refs/pull/**
-
-depends_on:
-  - unit-test
-
----
-kind: pipeline
-name: build
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: build
-    image: python:3.11
-    commands:
-      - GALAXY_VERSION=${DRONE_TAG##v}
-      - "sed -i 's/version: 0.0.0/version: '\"$${GALAXY_VERSION:-0.0.0}\"'/g' galaxy.yml"
-      - pip install poetry -qq
-      - poetry config experimental.new-installer false
-      - poetry install --all-extras
-      - poetry run ansible-galaxy collection build --output-path dist/
-
-  - name: checksum
-    image: alpine
-    commands:
-      - cd dist/ && sha256sum * > ../sha256sum.txt
-
-  - name: changelog-generate
-    image: thegeeklab/git-chglog
-    commands:
-      - git fetch -tq
-      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
-
-  - name: changelog-format
-    image: thegeeklab/alpine-tools
-    commands:
-      - prettier CHANGELOG.md
-      - prettier -w CHANGELOG.md
-
-  - name: publish-gitea
-    image: plugins/gitea-release
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.rknet.org
-      files:
-        - dist/*
-        - sha256sum.txt
-      note: CHANGELOG.md
-      overwrite: true
-      title: ${DRONE_TAG}
-    when:
-      ref:
-        - refs/tags/**
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-    - refs/pull/**
-
-depends_on:
-  - sanity-test
-
----
-kind: pipeline
-name: documentation
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: publish
-    image: plugins/gh-pages
-    settings:
-      netrc_machine: gitea.rknet.org
-      pages_directory: docs/
-      password:
-        from_secret: gitea_token
-      remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
-      target_branch: docs
-      username:
-        from_secret: gitea_username
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-
-depends_on:
-  - build
-
----
-kind: pipeline
-name: notifications
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: matrix
-    image: thegeeklab/drone-matrix
-    settings:
-      homeserver:
-        from_secret: matrix_homeserver
-      password:
-        from_secret: matrix_password
-      roomid:
-        from_secret: matrix_roomid
-      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
-      username:
-        from_secret: matrix_username
-
-trigger:
-  ref:
-    - refs/heads/main
-    - refs/tags/**
-  status:
-    - success
-    - failure
-
-depends_on:
-  - documentation
-
----
-kind: signature
-hmac: 407d145ab4483651c579eea4e1e9375536caee1aa0579abcdf57b5653e595cb5
-
-...

.gitsv/config.yml

@@ -0,0 +1,47 @@
+---
+version: "1.1"
+
+versioning:
+  update-major: []
+  update-minor: [feat]
+  update-patch: [fix, perf, refactor, chore, test, ci, docs]
+
+tag:
+  pattern: "v%d.%d.%d"
+
+release-notes:
+  sections:
+    - name: Features
+      commit-types: [feat]
+      section-type: commits
+    - name: Bug Fixes
+      commit-types: [fix]
+      section-type: commits
+    - name: Performance Improvements
+      commit-types: [perf]
+      section-type: commits
+    - name: Code Refactoring
+      commit-types: [refactor]
+      section-type: commits
+    - name: Others
+      commit-types: [chore]
+      section-type: commits
+    - name: Testing
+      commit-types: [test]
+      section-type: commits
+    - name: CI Pipeline
+      commit-types: [ci]
+      section-type: commits
+    - name: Documentation
+      commit-types: [docs]
+      section-type: commits
+    - name: Breaking Changes
+      section-type: breaking-changes
+
+commit-message:
+  footer:
+    issue:
+      key: issue
+      add-value-prefix: "#"
+  issue:
+    regex: "#?[0-9]+"

.markdownlint.yml

@@ -0,0 +1,7 @@
+---
+default: True
+MD013: False
+MD041: False
+MD024: False
+MD004:
+  style: dash

.prettierignore

@@ -1,3 +1,2 @@
-.drone.yml
 *.tpl.md
 LICENSE

.woodpecker/build-package.yml

@@ -0,0 +1,46 @@
+---
+when:
+  - event: [pull_request, tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+  - name: build
+    image: docker.io/library/python:3.12
+    commands:
+      - GALAXY_VERSION=${CI_COMMIT_TAG##v}
+      - 'sed -i ''s/version: 0.0.0/version: ''"$${GALAXY_VERSION:-0.0.0}"''/g'' galaxy.yml'
+      - pip install poetry -qq
+      - poetry install --all-extras --no-root
+      - poetry run ansible-galaxy collection build --output-path dist/
+
+  - name: checksum
+    image: quay.io/thegeeklab/alpine-tools
+    commands:
+      - cd dist/ && sha256sum * > ../sha256sum.txt
+
+  - name: changelog
+    image: quay.io/thegeeklab/git-sv
+    commands:
+      - git sv current-version
+      - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
+      - cat CHANGELOG.md
+
+  - name: publish-gitea
+    image: quay.io/thegeeklab/wp-gitea-release
+    settings:
+      api_key:
+        from_secret: gitea_token
+      base_url: https://gitea.rknet.org
+      files:
+        - dist/*
+        - sha256sum.txt
+      note: CHANGELOG.md
+      title: ${CI_COMMIT_TAG}
+    when:
+      - event: [tag]
+
+depends_on:
+  - unit-test
+  - sanity-test

.woodpecker/docs.yml

@@ -0,0 +1,49 @@
+---
+when:
+  - event: [pull_request, tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+  - name: markdownlint
+    image: quay.io/thegeeklab/markdownlint-cli
+    group: test
+    commands:
+      - markdownlint 'docs/**/*.md' 'README.md'
+
+  - name: spellcheck
+    image: quay.io/thegeeklab/alpine-tools
+    group: test
+    commands:
+      - spellchecker --files 'docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls frontmatter --frontmatter-keys title tags
+    environment:
+      FORCE_COLOR: "true"
+
+  - name: link-validation
+    image: docker.io/lycheeverse/lychee
+    group: test
+    commands:
+      - lychee --no-progress --format detailed docs/ README.md
+
+  - name: publish
+    image: quay.io/thegeeklab/wp-git-action
+    settings:
+      action:
+        - pages
+      author_email: shipper@rknet.org
+      author_name: shipper
+      branch: docs
+      message: auto-update documentation
+      netrc_machine: gitea.rknet.org
+      netrc_password:
+        from_secret: gitea_token
+      pages_directory: docs/
+      remote_url: https://gitea.rknet.org/ansible/${CI_REPO_NAME}
+    when:
+      - event: [push, manual]
+        branch:
+          - ${CI_REPO_DEFAULT_BRANCH}
+
+depends_on:
+  - build-package

.woodpecker/lint.yml

@@ -0,0 +1,25 @@
+---
+when:
+  - event: [pull_request, tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+  - name: check-format
+    image: docker.io/library/python:3.12
+    commands:
+      - pip install poetry -qq
+      - poetry install --all-extras --no-root
+      - poetry run ruff format --check --diff ./plugins
+    environment:
+      PY_COLORS: "1"
+
+  - name: check-coding
+    image: docker.io/library/python:3.12
+    commands:
+      - pip install poetry -qq
+      - poetry install --all-extras --no-root
+      - poetry run ruff ./plugins
+    environment:
+      PY_COLORS: "1"

.woodpecker/notify.yml

@@ -0,0 +1,26 @@
+---
+when:
+  - event: [tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+runs_on: [success, failure]
+
+steps:
+  - name: matrix
+    image: quay.io/thegeeklab/wp-matrix
+    settings:
+      homeserver:
+        from_secret: matrix_homeserver
+      password:
+        from_secret: matrix_password
+      roomid:
+        from_secret: matrix_roomid
+      username:
+        from_secret: matrix_username
+    when:
+      - status: [success, failure]
+
+depends_on:
+  - docs

.woodpecker/sanity-test.yml

@@ -0,0 +1,45 @@
+---
+when:
+  - event: [pull_request, tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+variables:
+  - &ansible_base
+    image: docker.io/library/python:3.10
+    group: ansible
+    commands:
+      - pip install poetry -qq
+      - poetry install --all-extras --no-root
+      - poetry run pip install https://github.com/ansible/ansible/archive/$${ANSIBLE_VERSION}.tar.gz --disable-pip-version-check
+      - poetry run ansible --version
+      - poetry run ansible-test sanity --exclude .gitsv/ --exclude .woodpecker/ --python 3.10
+  - &ansible_env
+    PY_COLORS: "1"
+
+workspace:
+  base: /woodpecker/src
+  path: ansible_collections/${CI_REPO_NAME/./\/}
+
+steps:
+  - name: ansible-devel
+    <<: *ansible_base
+    environment:
+      ANSIBLE_VERSION: "devel"
+      <<: *ansible_env
+
+  - name: ansible-216
+    <<: *ansible_base
+    environment:
+      ANSIBLE_VERSION: "stable-2.16"
+      <<: *ansible_env
+
+  - name: ansible-215
+    <<: *ansible_base
+    environment:
+      ANSIBLE_VERSION: "stable-2.15"
+      <<: *ansible_env
+
+depends_on:
+  - lint

.woodpecker/unit-test.yml

@@ -0,0 +1,36 @@
+---
+when:
+  - event: [pull_request, tag]
+  - event: [push, manual]
+    branch:
+      - ${CI_REPO_DEFAULT_BRANCH}
+
+variables:
+  - &pytest_base
+    group: pytest
+    commands:
+      - pip install poetry -qq
+      - poetry install --all-extras --no-root
+      - poetry run pytest
+    environment:
+      PY_COLORS: "1"
+
+steps:
+  - name: pyton-312
+    image: docker.io/library/python:3.12
+    <<: *pytest_base
+
+  - name: pyton-311
+    image: docker.io/library/python:3.11
+    <<: *pytest_base
+
+  - name: pyton-310
+    image: docker.io/library/python:3.10
+    <<: *pytest_base
+
+  - name: pyton-39
+    image: docker.io/library/python:3.9
+    <<: *pytest_base
+
+depends_on:
+  - lint

README.md

@@ -1,14 +1,10 @@
 # xoxys.general
 
-[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.general?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.general)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](LICENSE)
+[![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.general/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.general)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.general/src/branch/main/LICENSE)
 
 Custom general Ansible collection.
 
 ## License
 
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
-
-## Maintainers and Contributors
-
-[Robert Kaussow](https://gitea.rknet.org/xoxys)
+This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/ansible/xoxys.general/src/branch/main/LICENSE) file for details.

docs/_index.md

@@ -6,5 +6,7 @@ geekdocFlatSection: true
 General custom content collection for Ansible.
 
 <!-- spellchecker-disable -->
+
 {{< toc-tree >}}
+
 <!-- spellchecker-enable -->

docs/filters/prefix.md

@@ -14,6 +14,7 @@ my_list:
 ```
 
 Or pass a custom prefix:
+
 ```Yaml
 my_list:
   - item1

docs/filters/wrap.md

@@ -14,6 +14,7 @@ my_list:
 ```
 
 Or pass a custom wrapper:
+
 ```Yaml
 my_list:
   - item1

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: xoxys
 name: general
-# The version is generated during the release by Drone CI.
+# The version is generated during the release by Woocpecker CI.
 version: 0.0.0
 readme: README.md
 authors:

plugins/doc_fragments/hashivault.py

@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+"""Implement documentation fragment for Hashivault module."""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+class ModuleDocFragment:  # noqa
+    # Standard documentation
+    DOCUMENTATION = r"""
+    requirements:
+        - hvac>=0.10.1
+        - ansible>=2.0.0
+        - requests
+    options:
+        url:
+            description:
+                - URL of the Vault server.
+                - You can use C(VAULT_ADDR) environment variable.
+            default: ""
+            type: str
+        ca_cert:
+            description:
+                - Path to a PEM-encoded CA cert file to use to verify the Vault server
+                  TLS certificate.
+                - You can use C(VAULT_CACERT) environment variable.
+            default: ""
+            type: str
+        ca_path:
+            description:
+                - Path to a directory of PEM-encoded CA cert files to verify the Vault server
+                  TLS certificate. If ca_cert is specified, its value will take precedence.
+                - You can use C(VAULT_CAPATH) environment variable.
+            default: ""
+            type: str
+        client_cert:
+            description:
+                - Path to a PEM-encoded client certificate for TLS authentication to the Vault
+                  server.
+                - You can use C(VAULT_CLIENT_CERT) environment variable.
+            default: ""
+            type: str
+        client_key:
+            description:
+                - Path to an unencrypted PEM-encoded private key matching the client certificate.
+                - You can use C(VAULT_CLIENT_KEY) environment variable.
+            default: ""
+            type: str
+        verify:
+            description:
+                - If set, do not verify presented TLS certificate before communicating with Vault
+                  server. Setting this variable is not recommended except during testing.
+                - You can use C(VAULT_SKIP_VERIFY) environment variable.
+            default: false
+            type: bool
+        authtype:
+            description:
+                - Authentication type.
+                - You can use C(VAULT_AUTHTYPE) environment variable.
+            default: "token"
+            type: str
+            choices: ["token", "userpass", "github", "ldap", "approle"]
+        login_mount_point:
+            description:
+                - Authentication mount point.
+                - You can use C(VAULT_LOGIN_MOUNT_POINT) environment variable.
+            type: str
+        token:
+            description:
+                - Token for vault.
+                - You can use C(VAULT_TOKEN) environment variable.
+            type: str
+        username:
+            description:
+                - Username to login to vault.
+                - You can use C(VAULT_USER) environment variable.
+            default: ""
+            type: str
+        password:
+            description:
+                - Password to login to vault.
+                - You can use C(VAULT_PASSWORD) environment variable.
+            type: str
+        role_id:
+            description:
+                - Role id for vault.
+                - You can use C(VAULT_ROLE_ID) environment variable.
+            type: str
+        secret_id:
+            description:
+                - Secret id for vault.
+                - You can use C(VAULT_SECRET_ID) environment variable.
+            type: str
+        aws_header:
+            description:
+                - X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
+                - You can use C(VAULT_AWS_HEADER) environment variable.
+            type: str
+        namespace:
+            description:
+                - Namespace for vault.
+                - You can use C(VAULT_NAMESPACE) environment variable.
+            type: str
+"""

plugins/filter/prefix.py

@@ -1,6 +1,6 @@
 """Filter to prefix all itams from a list."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -10,6 +10,5 @@ def prefix(value, prefix="--"):
 
 
 class FilterModule(object):  # noqa
-
     def filters(self):
         return {"prefix": prefix}

plugins/filter/wrap.py

@@ -1,6 +1,6 @@
 """Filter to wrap all items from a list."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -10,6 +10,5 @@ def wrap(value, wrapper="'"):
 
 
 class FilterModule(object):  # noqa
-
     def filters(self):
         return {"wrap": wrap}

plugins/inventory/proxmox.py

@@ -4,7 +4,7 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 """Dynamic inventory plugin for Proxmox VE."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -28,24 +28,33 @@ options:
       - Specify the target host of the Proxmox VE cluster.
     type: str
     required: true
+    env:
+      - name: PROXMOX_SERVER
   api_user:
     description:
       - Specify the user to authenticate with.
     type: str
     required: true
+    env:
+      - name: PROXMOX_USER
   api_password:
     description:
       - Specify the password to authenticate with.
-      - You can use C(PROXMOX_PASSWORD) environment variable.
     type: str
+    env:
+      - name: PROXMOX_PASSWORD
   api_token_id:
     description:
       - Specify the token ID.
     type: str
+    env:
+      - name: PROXMOX_TOKEN_ID
   api_token_secret:
     description:
       - Specify the token secret.
     type: str
+    env:
+      - name: PROXMOX_TOKEN_SECRET
   verify_ssl:
     description:
       - If C(false), SSL certificates will not be validated.
@@ -90,26 +99,29 @@ import json
 import re
 import socket
 from collections import defaultdict
-from distutils.version import LooseVersion
 
 from ansible.errors import AnsibleError
 from ansible.module_utils._text import to_native
 from ansible.module_utils.parsing.convert_bool import boolean
 from ansible.module_utils.six import iteritems
 from ansible.plugins.inventory import BaseInventoryPlugin
+from ansible_collections.xoxys.general.plugins.module_utils.version import LooseVersion
 
 try:
     from proxmoxer import ProxmoxAPI
+
     HAS_PROXMOXER = True
 except ImportError:
     HAS_PROXMOXER = False
 
 try:
     from requests.packages import urllib3
+
     HAS_URLLIB3 = True
 except ImportError:
     try:
         import urllib3
+
         HAS_URLLIB3 = True
     except ImportError:
         HAS_URLLIB3 = False
@@ -120,7 +132,7 @@ class InventoryModule(BaseInventoryPlugin):
 
     NAME = "xoxys.general.proxmox"
 
-    def _auth(self):
+    def _proxmox_auth(self):
         auth_args = {"user": self.get_option("api_user")}
         if not (self.get_option("api_token_id") and self.get_option("api_token_secret")):
             auth_args["password"] = self.get_option("api_password")
@@ -132,11 +144,11 @@ class InventoryModule(BaseInventoryPlugin):
         if not verify_ssl and HAS_URLLIB3:
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
-        return ProxmoxAPI(
+        self.client = ProxmoxAPI(
             self.get_option("api_host"),
             verify_ssl=verify_ssl,
             timeout=self.get_option("auth_timeout"),
-            **auth_args
+            **auth_args,
         )
 
     def _get_version(self):
@@ -166,7 +178,6 @@ class InventoryModule(BaseInventoryPlugin):
         return variables
 
     def _get_ip_address(self, pve_type, pve_node, vmid):
-
         def validate(address):
             try:
                 # IP address validation
@@ -189,7 +200,7 @@ class InventoryModule(BaseInventoryPlugin):
 
             if networks and isinstance(networks, list):
                 for network in networks:
-                    for ip_address in network["ip-addresses"]:
+                    for ip_address in network.get("ip-addresses", []):
                         address = validate(ip_address["ip-address"])
         else:
             try:
@@ -237,8 +248,9 @@ class InventoryModule(BaseInventoryPlugin):
                     pve_type = "qemu"
 
                 try:
-                    description = self.client.nodes(node).get(pve_type, vmid,
-                                                              "config")["description"]
+                    description = self.client.nodes(node).get(pve_type, vmid, "config")[
+                        "description"
+                    ]
                 except KeyError:
                     description = None
                 except Exception as e:  # noqa
@@ -307,5 +319,5 @@ class InventoryModule(BaseInventoryPlugin):
         super().parse(inventory, loader, path)
 
         self._read_config_data(path)
-        self.client = self._auth()
+        self._proxmox_auth()
         self._propagate()

plugins/module_utils/hashivault.py

@@ -0,0 +1,402 @@
+"""Provide helper functions for Hashivault module."""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import os
+import traceback
+
+from ansible.module_utils.basic import missing_required_lib
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import env_fallback
+
+HVAC_IMP_ERR = None
+try:
+    import hvac
+    from hvac.exceptions import InvalidPath
+
+    HAS_HVAC = True
+except ImportError:
+    HAS_HVAC = False
+    HVAC_IMP_ERR = traceback.format_exc()
+
+
+def hashivault_argspec():
+    return dict(
+        url=dict(required=False, default=os.environ.get("VAULT_ADDR", ""), type="str"),
+        ca_cert=dict(required=False, default=os.environ.get("VAULT_CACERT", ""), type="str"),
+        ca_path=dict(required=False, default=os.environ.get("VAULT_CAPATH", ""), type="str"),
+        client_cert=dict(
+            required=False, default=os.environ.get("VAULT_CLIENT_CERT", ""), type="str"
+        ),
+        client_key=dict(
+            required=False, default=os.environ.get("VAULT_CLIENT_KEY", ""), type="str", no_log=True
+        ),
+        verify=dict(
+            required=False, default=(not os.environ.get("VAULT_SKIP_VERIFY", "False")), type="bool"
+        ),
+        authtype=dict(
+            required=False,
+            default=os.environ.get("VAULT_AUTHTYPE", "token"),
+            type="str",
+            choices=["token", "userpass", "github", "ldap", "approle"],
+        ),
+        login_mount_point=dict(
+            required=False, default=os.environ.get("VAULT_LOGIN_MOUNT_POINT", None), type="str"
+        ),
+        token=dict(
+            required=False,
+            fallback=(hashivault_default_token, ["VAULT_TOKEN"]),
+            type="str",
+            no_log=True,
+        ),
+        username=dict(required=False, default=os.environ.get("VAULT_USER", ""), type="str"),
+        password=dict(
+            required=False, fallback=(env_fallback, ["VAULT_PASSWORD"]), type="str", no_log=True
+        ),
+        role_id=dict(
+            required=False, fallback=(env_fallback, ["VAULT_ROLE_ID"]), type="str", no_log=True
+        ),
+        secret_id=dict(
+            required=False, fallback=(env_fallback, ["VAULT_SECRET_ID"]), type="str", no_log=True
+        ),
+        aws_header=dict(
+            required=False, fallback=(env_fallback, ["VAULT_AWS_HEADER"]), type="str", no_log=True
+        ),
+        namespace=dict(
+            required=False, default=os.environ.get("VAULT_NAMESPACE", None), type="str"
+        ),
+    )
+
+
+def hashivault_init(
+    argument_spec,
+    supports_check_mode=False,
+    required_if=None,
+    required_together=None,
+    required_one_of=None,
+    mutually_exclusive=None,
+):
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        supports_check_mode=supports_check_mode,
+        required_if=required_if,
+        required_together=required_together,
+        required_one_of=required_one_of,
+        mutually_exclusive=mutually_exclusive,
+    )
+
+    if not HAS_HVAC:
+        module.fail_json(msg=missing_required_lib("hvac"), exception=HVAC_IMP_ERR)
+
+    module.no_log_values.discard("0")
+    module.no_log_values.discard(0)
+    module.no_log_values.discard("1")
+    module.no_log_values.discard(1)
+    module.no_log_values.discard(True)
+    module.no_log_values.discard(False)
+    module.no_log_values.discard("ttl")
+
+    return module
+
+
+def hashivault_client(params):
+    url = params.get("url")
+    ca_cert = params.get("ca_cert")
+    ca_path = params.get("ca_path")
+    client_cert = params.get("client_cert")
+    client_key = params.get("client_key")
+    cert = (client_cert, client_key)
+    check_verify = params.get("verify")
+    namespace = params.get("namespace", None)
+
+    if check_verify == "" or check_verify:
+        if ca_cert:
+            verify = ca_cert
+        elif ca_path:
+            verify = ca_path
+        else:
+            verify = check_verify
+    else:
+        verify = check_verify
+
+    return hvac.Client(url=url, cert=cert, verify=verify, namespace=namespace)
+
+
+def hashivault_auth(client, params):
+    token = params.get("token")
+    authtype = params.get("authtype")
+    login_mount_point = params.get("login_mount_point", authtype)
+    if not login_mount_point:
+        login_mount_point = authtype
+    username = params.get("username")
+    password = params.get("password")
+    secret_id = params.get("secret_id")
+    role_id = params.get("role_id")
+
+    if authtype == "github":
+        client.auth.github.login(token, mount_point=login_mount_point)
+    elif authtype == "userpass":
+        client.auth_userpass(username, password, mount_point=login_mount_point)
+    elif authtype == "ldap":
+        client.auth.ldap.login(username, password, mount_point=login_mount_point)
+    elif authtype == "approle":
+        client = AppRoleClient(client, role_id, secret_id, mount_point=login_mount_point)
+    elif authtype == "tls":
+        client.auth_tls()
+    else:
+        client.token = token
+    return client
+
+
+def hashivault_auth_client(params):
+    client = hashivault_client(params)
+    return hashivault_auth(client, params)
+
+
+def hashiwrapper(function):
+    def wrapper(*args, **kwargs):
+        result = {"changed": False, "rc": 0}
+        result.update(function(*args, **kwargs))
+        return result
+
+    return wrapper
+
+
+def hashivault_default_token(env):
+    """Get a default Vault token from an environment variable or a file."""
+    envvar = env[0]
+    if envvar in os.environ:
+        return os.environ[envvar]
+    token_file = os.path.expanduser("~/.vault-token")
+    if os.path.exists(token_file):
+        with open(token_file) as f:
+            return f.read().strip()
+    return ""
+
+
+@hashiwrapper
+def hashivault_read(params):
+    result = {"changed": False, "rc": 0}
+    client = hashivault_auth_client(params)
+    version = params.get("version")
+    mount_point = params.get("mount_point")
+    secret = params.get("secret")
+    secret_version = params.get("secret_version")
+
+    key = params.get("key")
+    default = params.get("default")
+
+    if secret.startswith("/"):
+        secret = secret.lstrip("/")
+        mount_point = ""
+
+    secret_path = f"{mount_point}/{secret}" if mount_point else secret
+
+    try:
+        if version == 2:
+            response = client.secrets.kv.v2.read_secret_version(
+                secret, mount_point=mount_point, version=secret_version
+            )
+        else:
+            response = client.secrets.kv.v1.read_secret(secret, mount_point=mount_point)
+    except InvalidPath:
+        response = None
+    except Exception as e:  # noqa: BLE001
+        result["rc"] = 1
+        result["failed"] = True
+        error_string = f"{e.__class__.__name__}({e})"
+        result["msg"] = f"Error {error_string} reading {secret_path}"
+        return result
+    if not response:
+        if default is not None:
+            result["value"] = default
+            return result
+        result["rc"] = 1
+        result["failed"] = True
+        result["msg"] = f"Secret {secret_path} is not in vault"
+        return result
+    if version == 2:
+        try:
+            data = response.get("data", {})
+            data = data.get("data", {})
+        except Exception:  # noqa: BLE001
+            data = str(response)
+    else:
+        data = response["data"]
+    lease_duration = response.get("lease_duration", None)
+    if lease_duration is not None:
+        result["lease_duration"] = lease_duration
+    lease_id = response.get("lease_id", None)
+    if lease_id is not None:
+        result["lease_id"] = lease_id
+    renewable = response.get("renewable", None)
+    if renewable is not None:
+        result["renewable"] = renewable
+    wrap_info = response.get("wrap_info", None)
+    if wrap_info is not None:
+        result["wrap_info"] = wrap_info
+    if key and key not in data:
+        if default is not None:
+            result["value"] = default
+            return result
+        result["rc"] = 1
+        result["failed"] = True
+        result["msg"] = f"Key {key} is not in secret {secret_path}"
+        return result
+    value = data[key] if key else data
+    result["value"] = value
+    return result
+
+
+class AppRoleClient:
+    """
+    hvac.Client decorator generate and set a new approle token.
+
+    This allows multiple calls to Vault without having to manually
+    generate and set a token on every Vault call.
+    """
+
+    def __init__(self, client, role_id, secret_id, mount_point):
+        object.__setattr__(self, "client", client)
+        object.__setattr__(self, "role_id", role_id)
+        object.__setattr__(self, "secret_id", secret_id)
+        object.__setattr__(self, "login_mount_point", mount_point)
+
+    def __setattr__(self, name, val):
+        client = object.__getattribute__(self, "client")
+        client.__setattr__(name, val)
+
+    def __getattribute__(self, name):
+        client = object.__getattribute__(self, "client")
+        attr = client.__getattribute__(name)
+
+        role_id = object.__getattribute__(self, "role_id")
+        secret_id = object.__getattribute__(self, "secret_id")
+        login_mount_point = object.__getattribute__(self, "login_mount_point")
+        resp = client.auth_approle(role_id, secret_id=secret_id, mount_point=login_mount_point)
+        client.token = str(resp["auth"]["client_token"])
+        return attr
+
+
+def _compare_state(desired_state, current_state, ignore=None):
+    """
+    Compare desired state to current state.
+
+    Returns true if objects are equal.
+
+    Recursively walks dict object to compare all keys.
+
+    :param desired_state: The state user desires.
+    :param current_state: The state that currently exists.
+    :param ignore: Ignore these keys.
+    :type ignore: list
+
+    :return: True if the states are the same.
+    :rtype: bool
+    """
+
+    if ignore is None:
+        ignore = []
+    if isinstance(desired_state, list):
+        if not isinstance(current_state, list) or (len(desired_state) != len(current_state)):
+            return False
+        return set(desired_state) == set(current_state)
+
+    if isinstance(desired_state, dict):
+        if not isinstance(current_state, dict):
+            return False
+
+        # iterate over dictionary keys
+        for key in desired_state:
+            if key in ignore:
+                continue
+            v = desired_state[key]
+            if (key not in current_state) or (not _compare_state(v, current_state.get(key))):
+                return False
+        return True
+
+    # Lots of things get handled as strings in ansible that aren"t necessarily strings,
+    # can extend this list later.
+    if isinstance(desired_state, str) and isinstance(current_state, int):
+        current_state = str(current_state)
+
+    return desired_state == current_state
+
+
+def _convert_to_seconds(original_value):
+    try:
+        value = str(original_value)
+        seconds = 0
+        if "h" in value:
+            ray = value.split("h")
+            seconds = int(ray.pop(0)) * 3600
+            value = "".join(ray)
+        if "m" in value:
+            ray = value.split("m")
+            seconds += int(ray.pop(0)) * 60
+            value = "".join(ray)
+        if value:
+            ray = value.split("s")
+            seconds += int(ray.pop(0))
+        return seconds
+    except Exception:  # noqa: BLE001,S110
+        pass
+    return original_value
+
+
+def get_keys_updated(desired_state, current_state, ignore=None):
+    """
+
+    Return list of keys that have different values.
+
+    Recursively walks dict object to compare all keys.
+
+    :param desired_state: The state user desires.
+    :type desired_state: dict
+    :param current_state: The state that currently exists.
+    :type current_state: dict
+    :param ignore: Ignore these keys.
+    :type ignore: list
+
+    :return: Different items
+    :rtype: list
+    """
+
+    if ignore is None:
+        ignore = []
+
+    differences = []
+    for key in desired_state:
+        if key in ignore:
+            continue
+        if key not in current_state:
+            differences.append(key)
+            continue
+        new_value = desired_state[key]
+        old_value = current_state[key]
+        if (
+            "ttl" in key and (_convert_to_seconds(old_value) != _convert_to_seconds(new_value))
+        ) or not _compare_state(new_value, old_value):
+            differences.append(key)
+    return differences
+
+
+def is_state_changed(desired_state, current_state, ignore=None):  # noqa: ARG001
+    """
+    Return list of keys that have different values.
+
+    Recursively walks dict object to compare all keys.
+
+    :param desired_state: The state user desires.
+    :type desired_state: dict
+    :param current_state: The state that currently exists.
+    :type current_state: dict
+    :param ignore: Ignore these keys.
+    :type ignore: list
+
+    :return: Different
+    :rtype: bool
+    """
+    return len(get_keys_updated(desired_state, current_state)) > 0

plugins/module_utils/version.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2021, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+"""Provide version object to compare version numbers."""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible.module_utils.six import raise_from
+
+try:
+    from ansible.module_utils.compat.version import LooseVersion  # noqa: F401,E501 pylint: disable=unused-import
+except ImportError:
+    try:
+        from distutils.version import LooseVersion  # noqa: F401, pylint: disable=unused-import
+    except ImportError as exc:
+        msg = (
+            "To use this plugin or module with ansible-core 2.11, you need to use Python < 3.12 "
+            "with distutils.version present"
+        )
+        raise_from(ImportError(msg), exc)

plugins/modules/hashivault_unseal.py

@@ -0,0 +1,72 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+"""Unseal Hashicorp Vault servers."""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {"status": ["stableinterface"], "supported_by": "community", "version": "1.1"}
+
+DOCUMENTATION = """
+---
+module: hashivault_unseal
+short_description: Hashicorp Vault unseal module.
+version_added: 1.2.0
+description:
+  - "Module to unseal Hashicorp Vault."
+options:
+  keys:
+    description:
+      - Vault key shard(s).
+    type: list
+    elements: str
+    required: true
+author:
+  - Robert Kaussow (@xoxys)
+extends_documentation_fragment:
+  - xoxys.general.hashivault
+"""
+
+EXAMPLES = """
+---
+- name: Unseal vault
+  hashivault_unseal:
+    keys:
+      - 26479cc0-54bc-4252-9c34-baca54aa5de7
+      - 47f942e3-8525-4b44-ba2f-84a4ae81db7d
+      - 2ee9c868-4275-4836-8747-4f8fb7611aa0
+    url: https://vault.example.com
+"""
+
+from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_argspec
+from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_client
+from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashivault_init
+from ansible_collections.xoxys.general.plugins.module_utils.hashivault import hashiwrapper
+
+
+def main():
+    argspec = hashivault_argspec()
+    argspec["keys"] = dict(required=True, type="list", elements="str", no_log=True)
+    module = hashivault_init(argspec)
+    result = hashivault_unseal(module.params)
+    if result.get("failed"):
+        module.fail_json(**result)
+    else:
+        module.exit_json(**result)
+
+
+@hashiwrapper
+def hashivault_unseal(params):
+    keys = params.get("keys")
+    client = hashivault_client(params)
+    if client.sys.is_sealed():
+        return {"status": client.sys.submit_unseal_keys(keys), "changed": True}
+
+    return {"changed": False}
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/iptables_raw.py

@@ -216,6 +216,7 @@ from collections import defaultdict
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.basic import json
+from ansible_collections.xoxys.general.plugins.module_utils.version import LooseVersion
 
 
 # Genereates a diff dictionary from an old and new table dump.
@@ -357,7 +358,6 @@ class Iptables:
 
     # Checks if iptables is installed and if we have a correct version.
     def _check_compatibility(self):
-        from distutils.version import StrictVersion
         cmd = [self.bins['iptables'], '--version']
         rc, stdout, stderr = Iptables.module.run_command(cmd, check_rc=False)
         if rc == 0:
@@ -366,7 +366,7 @@ class Iptables:
                 version = result.group(1)
                 # CentOS 5 ip6tables (v1.3.x) doesn't support comments,
                 # which means it cannot be used with this module.
-                if StrictVersion(version) < StrictVersion('1.4'):
+                if LooseVersion(version) < LooseVersion('1.4'):
                     Iptables.module.fail_json(
                         msg="This module isn't compatible with ip6tables versions older than 1.4.x"
                     )

plugins/modules/openssl_pkcs12.py

@@ -4,7 +4,7 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 """OpenSSL PKCS12 module."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -176,7 +176,6 @@ class PkcsError(Exception):  # noqa
 
 
 class Pkcs(object):  # noqa
-
     def __init__(self, module):
         self.path = module.params["path"]
         self.force = module.params["force"]
@@ -201,16 +200,18 @@ class Pkcs(object):  # noqa
     def load_privatekey(self, path, passphrase=None):
         """Load the specified OpenSSL private key."""
         try:
-            privatekey = crypto.load_privatekey(
-                crypto.FILETYPE_PEM,
-                open(path, "rb").read(),  # noqa
-                passphrase
-            ) if passphrase else crypto.load_privatekey(
-                crypto.FILETYPE_PEM,
-                open(path, "rb").read()  # noqa
+            return (
+                crypto.load_privatekey(
+                    crypto.FILETYPE_PEM,
+                    open(path, "rb").read(),  # noqa
+                    passphrase,
+                )
+                if passphrase
+                else crypto.load_privatekey(
+                    crypto.FILETYPE_PEM,
+                    open(path, "rb").read(),  # noqa
+                )
             )
-
-            return privatekey
         except OSError as exc:
             raise PkcsError(exc) from exc
 
@@ -218,8 +219,7 @@ class Pkcs(object):  # noqa
         """Load the specified certificate."""
         try:
             cert_content = open(path, "rb").read()  # noqa
-            cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_content)
-            return cert
+            return crypto.load_certificate(crypto.FILETYPE_PEM, cert_content)
         except OSError as exc:
             raise PkcsError(exc) from exc
 
@@ -237,8 +237,7 @@ class Pkcs(object):  # noqa
         """Dump the specified OpenSSL private key."""
         try:
             return crypto.dump_privatekey(
-                crypto.FILETYPE_PEM,
-                self.load_pkcs12(path).get_privatekey()
+                crypto.FILETYPE_PEM, self.load_pkcs12(path).get_privatekey()
             )
         except OSError as exc:
             raise PkcsError(exc) from exc
@@ -247,8 +246,7 @@ class Pkcs(object):  # noqa
         """Dump the specified certificate."""
         try:
             return crypto.dump_certificate(
-                crypto.FILETYPE_PEM,
-                self.load_pkcs12(path).get_certificate()
+                crypto.FILETYPE_PEM, self.load_pkcs12(path).get_certificate()
             )
         except OSError as exc:
             raise PkcsError(exc) from exc
@@ -326,7 +324,6 @@ class Pkcs(object):  # noqa
             pass
 
     def check(self, module, perms_required=True):  # noqa
-
         def _check_pkey_passphrase():
             if self.privatekey_passphrase:
                 try:
@@ -369,7 +366,7 @@ def main():
         privatekey_passphrase=dict(type="str", no_log=True),
         state=dict(default="present", choices=["present", "absent"], type="str"),
         src=dict(type="path"),
-        mode=dict(default="0400", type="str", required=False)
+        mode=dict(default="0400", type="str", required=False),
     )
 
     required_if = [
@@ -396,7 +393,7 @@ def main():
     if not os.path.isdir(base_dir):
         module.fail_json(
             name=base_dir,
-            msg=f"The directory {base_dir} does not exist or the file is not a directory"
+            msg=f"The directory {base_dir} does not exist or the file is not a directory",
         )
 
     pkcs12 = Pkcs(module)

plugins/modules/proxmox_kvm.py

@@ -5,7 +5,7 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 """Control Proxmox KVM machines."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -36,11 +36,13 @@ options:
   api_host:
     description:
       - Specify the target host of the Proxmox VE cluster.
+      - You can use C(PROXMOX_SERVER) environment variable.
     type: str
     required: true
   api_user:
     description:
       - Specify the user to authenticate with.
+      - You can use C(PROXMOX_USER) environment variable.
     type: str
     required: true
   api_password:
@@ -51,11 +53,13 @@ options:
   api_token_id:
     description:
       - Specify the token ID.
+      - You can use C(PROXMOX_TOKEN_ID) environment variable.
     type: str
     version_added: 1.3.0
   api_token_secret:
     description:
       - Specify the token secret.
+      - You can use C(PROXMOX_TOKEN_SECRET) environment variable.
     type: str
     version_added: 1.3.0
   verify_ssl:
@@ -809,22 +813,25 @@ import string
 import time
 import traceback
 from collections import defaultdict
-from distutils.version import LooseVersion
 
 from ansible.module_utils.six.moves.urllib.parse import quote
+from ansible_collections.xoxys.general.plugins.module_utils.version import LooseVersion
 
 try:
     from proxmoxer import ProxmoxAPI
+
     HAS_PROXMOXER = True
 except ImportError:
     HAS_PROXMOXER = False
 
 try:
     from requests.packages import urllib3
+
     HAS_URLLIB3 = True
 except ImportError:
     try:
         import urllib3
+
         HAS_URLLIB3 = True
     except ImportError:
         HAS_URLLIB3 = False
@@ -835,12 +842,11 @@ from ansible.module_utils.basic import AnsibleModule, env_fallback
 
 def get_nextvmid(module, proxmox):
     try:
-        vmid = proxmox.cluster.nextid.get()
-        return vmid
+        return proxmox.cluster.nextid.get()
     except Exception as e:  # noqa
         module.fail_json(
             msg=f"Unable to get next vmid. Failed with exception: {to_native(e)}",
-            exception=traceback.format_exc()
+            exception=traceback.format_exc(),
         )
 
 
@@ -889,7 +895,7 @@ def settings(module, proxmox, vmid, node, name, **kwargs):  # noqa
     # Sanitize kwargs. Remove not defined args and ensure True and False converted to int.
     kwargs = dict((k, v) for k, v in kwargs.items() if v is not None)
 
-    return (proxmox_node.qemu(vmid).config.set(**kwargs) is None)
+    return proxmox_node.qemu(vmid).config.set(**kwargs) is None
 
 
 def wait_for_task(module, proxmox, node, taskid):
@@ -999,7 +1005,9 @@ def create_vm(
 
     # -args and skiplock require root@pam user - but can not use api tokens
     if (
-        module.params["api_user"] == "root@pam" and module.params["args"] is None and not update
+        module.params["api_user"] == "root@pam"
+        and module.params["args"] is None
+        and not update
         and module.params["proxmox_default_behavior"] == "compatibility"
     ):
         kwargs["args"] = vm_args
@@ -1013,8 +1021,10 @@ def create_vm(
 
     if update:
         return (
-            proxmox_node.qemu(vmid).config.
-            set(name=name, memory=memory, cpu=cpu, cores=cores, sockets=sockets, **kwargs) is None
+            proxmox_node.qemu(vmid).config.set(
+                name=name, memory=memory, cpu=cpu, cores=cores, sockets=sockets, **kwargs
+            )
+            is None
         )
 
     if module.params["clone"] is not None:
@@ -1076,11 +1086,17 @@ def main():
             acpi=dict(type="bool"),
             agent=dict(type="bool"),
             args=dict(type="str"),
-            api_host=dict(required=True, type="str"),
-            api_password=dict(no_log=True, fallback=(env_fallback, ["PROXMOX_PASSWORD"])),
-            api_token_id=dict(no_log=True),
-            api_token_secret=dict(no_log=True),
-            api_user=dict(required=True),
+            api_host=dict(required=True, type="str", fallback=(env_fallback, ["PROXMOX_SERVER"])),
+            api_user=dict(required=True, type="str", fallback=(env_fallback, ["PROXMOX_USER"])),
+            api_password=dict(
+                no_log=True, type="str", fallback=(env_fallback, ["PROXMOX_PASSWORD"])
+            ),
+            api_token_id=dict(
+                no_log=True, type="str", fallback=(env_fallback, ["PROXMOX_TOKEN_ID"])
+            ),
+            api_token_secret=dict(
+                no_log=True, type="str", fallback=(env_fallback, ["PROXMOX_TOKEN_SECRET"])
+            ),
             autostart=dict(type="bool"),
             balloon=dict(type="int"),
             bios=dict(choices=["seabios", "ovmf"]),
@@ -1101,7 +1117,7 @@ def main():
             force=dict(type="bool"),
             format=dict(
                 type="str",
-                choices=["cloop", "cow", "qcow", "qcow2", "qed", "raw", "vmdk", "unspecified"]
+                choices=["cloop", "cow", "qcow", "qcow2", "qed", "raw", "vmdk", "unspecified"],
             ),
             freeze=dict(type="bool"),
             full=dict(type="bool", default=True),
@@ -1128,8 +1144,18 @@ def main():
             onboot=dict(type="bool"),
             ostype=dict(
                 choices=[
-                    "other", "wxp", "w2k", "w2k3", "w2k8", "wvista", "win7", "win8", "win10",
-                    "l24", "l26", "solaris"
+                    "other",
+                    "wxp",
+                    "w2k",
+                    "w2k3",
+                    "w2k8",
+                    "wvista",
+                    "win7",
+                    "win8",
+                    "win10",
+                    "l24",
+                    "l26",
+                    "solaris",
                 ]
             ),
             parallel=dict(type="dict"),
@@ -1141,8 +1167,12 @@ def main():
             scsi=dict(type="dict"),
             scsihw=dict(
                 choices=[
-                    "lsi", "lsi53c810", "virtio-scsi-pci", "virtio-scsi-single", "megasas",
-                    "pvscsi"
+                    "lsi",
+                    "lsi53c810",
+                    "virtio-scsi-pci",
+                    "virtio-scsi-single",
+                    "megasas",
+                    "pvscsi",
                 ]
             ),
             serial=dict(type="dict"),
@@ -1157,7 +1187,7 @@ def main():
             startup=dict(type="str"),
             state=dict(
                 default="present",
-                choices=["present", "absent", "stopped", "started", "restarted", "current"]
+                choices=["present", "absent", "stopped", "started", "restarted", "current"],
             ),
             storage=dict(type="str"),
             tablet=dict(type="bool"),
@@ -1171,8 +1201,17 @@ def main():
             vcpus=dict(type="int"),
             vga=dict(
                 choices=[
-                    "std", "cirrus", "vmware", "qxl", "serial0", "serial1", "serial2", "serial3",
-                    "qxl2", "qxl3", "qxl4"
+                    "std",
+                    "cirrus",
+                    "vmware",
+                    "qxl",
+                    "serial0",
+                    "serial1",
+                    "serial2",
+                    "serial3",
+                    "qxl2",
+                    "qxl3",
+                    "qxl4",
                 ]
             ),
             virtio=dict(type="dict"),
@@ -1180,8 +1219,14 @@ def main():
             watchdog=dict(type="str"),
             proxmox_default_behavior=dict(type="str", choices=["compatibility", "no_defaults"]),
         ),
-        mutually_exclusive=[("delete", "revert"), ("delete", "update"), ("revert", "update"),
-                            ("clone", "update"), ("clone", "delete"), ("clone", "revert")],
+        mutually_exclusive=[
+            ("delete", "revert"),
+            ("delete", "update"),
+            ("revert", "update"),
+            ("clone", "update"),
+            ("clone", "delete"),
+            ("clone", "revert"),
+        ],
         required_together=[("api_token_id", "api_token_secret")],
         required_one_of=[("name", "vmid"), ("api_password", "api_token_id")],
         required_if=[("state", "present", ["node"])],
@@ -1285,7 +1330,7 @@ def main():
                 )
 
         # Ensure source VM name exists when cloning
-        if -1 == vmid:
+        if vmid == -1:
             module.fail_json(msg=f"VM with name = {clone} does not exist in cluster")
 
         # Ensure source VM id exists when cloning
@@ -1310,23 +1355,20 @@ def main():
             )
         except Exception as e:  # noqa
             module.fail_json(
-                vmid=vmid,
-                msg=f"Unable to delete settings on VM {name} with vmid {vmid}: {str(e)}"
+                vmid=vmid, msg=f"Unable to delete settings on VM {name} with vmid {vmid}: {e!s}"
             )
 
     if revert is not None:
         try:
             settings(module, proxmox, vmid, node, name, revert=revert)
             module.exit_json(
-                changed=True,
-                vmid=vmid,
-                msg=f"Settings has reverted on VM {name} with vmid {vmid}"
+                changed=True, vmid=vmid, msg=f"Settings has reverted on VM {name} with vmid {vmid}"
             )
         except Exception as e:  # noqa
             module.fail_json(
                 vmid=vmid,
                 msg=f"Unable to revert settings on VM {name} with vmid {vmid}:"
-                f"Maybe is not a pending task...{str(e)}"
+                f"Maybe is not a pending task...{e!s}",
             )
 
     if state == "present":
@@ -1354,7 +1396,7 @@ def main():
                     net=module.params["net"],
                     sata=module.params["sata"],
                     scsi=module.params["scsi"],
-                    virtio=module.params["virtio"]
+                    virtio=module.params["virtio"],
                 )
 
             create_vm(
@@ -1426,7 +1468,7 @@ def main():
                 vcpus=module.params["vcpus"],
                 vga=module.params["vga"],
                 virtio=module.params["virtio"],
-                watchdog=module.params["watchdog"]
+                watchdog=module.params["watchdog"],
             )
 
             if update:
@@ -1437,7 +1479,7 @@ def main():
                 module.exit_json(
                     changed=True,
                     vmid=vmid,
-                    msg=f"VM {name} with newid {newid} cloned from vm with vmid {vmid}"
+                    msg=f"VM {name} with newid {newid} cloned from vm with vmid {vmid}",
                 )
             else:
                 module.exit_json(
@@ -1455,13 +1497,13 @@ def main():
             else:
                 module.fail_json(
                     vmid=vmid,
-                    msg=f"creation of qemu VM {name} with vmid {vmid} failed with exception={e}"
+                    msg=f"creation of qemu VM {name} with vmid {vmid} failed with exception={e}",
                 )
 
     elif state == "started":
         status = {}
         try:
-            if -1 == vmid:
+            if vmid == -1:
                 module.fail_json(msg=f"VM with name = {name} does not exist in cluster")
             vm = get_vm(proxmox, vmid)
             if not vm:
@@ -1482,7 +1524,7 @@ def main():
     elif state == "stopped":
         status = {}
         try:
-            if -1 == vmid:
+            if vmid == -1:
                 module.fail_json(msg=f"VM with name = {name} does not exist in cluster")
 
             vm = get_vm(proxmox, vmid)
@@ -1507,7 +1549,7 @@ def main():
     elif state == "restarted":
         status = {}
         try:
-            if -1 == vmid:
+            if vmid == -1:
                 module.fail_json(msg=f"VM with name = {name} does not exist in cluster")
 
             vm = get_vm(proxmox, vmid)
@@ -1519,8 +1561,9 @@ def main():
                     changed=False, vmid=vmid, msg=f"VM {vmid} is not running", **status
                 )
 
-            if stop_vm(module, proxmox, vm,
-                       force=module.params["force"]) and start_vm(module, proxmox, vm):
+            if stop_vm(module, proxmox, vm, force=module.params["force"]) and start_vm(
+                module, proxmox, vm
+            ):
                 module.exit_json(changed=True, vmid=vmid, msg=f"VM {vmid} is restarted", **status)
         except Exception as e:  # noqa
             module.fail_json(
@@ -1543,7 +1586,7 @@ def main():
                     module.exit_json(
                         changed=False,
                         vmid=vmid,
-                        msg=f"VM {vmid} is running. Stop it before deletion or use force=yes."
+                        msg=f"VM {vmid} is running. Stop it before deletion or use force=yes.",
                     )
             taskid = proxmox_node.qemu.delete(vmid)
             if not wait_for_task(module, proxmox, vm[0]["node"], taskid):
@@ -1558,7 +1601,7 @@ def main():
 
     elif state == "current":
         status = {}
-        if -1 == vmid:
+        if vmid == -1:
             module.fail_json(msg=f"VM with name = {name} does not exist in cluster")
         vm = get_vm(proxmox, vmid)
         if not vm:
@@ -1572,7 +1615,7 @@ def main():
                 changed=False,
                 vmid=vmid,
                 msg=f"VM {name} with vmid = {vmid} is {current}",
-                **status
+                **status,
             )
 
 

plugins/modules/ucr.py

@@ -4,7 +4,7 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 """Control Univention Corporate Registry."""
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
@@ -73,6 +73,7 @@ from ansible.module_utils.basic import AnsibleModule
 try:
     from univention.config_registry import ConfigRegistry
     from univention.config_registry.frontend import ucr_update
+
     HAS_UNIVENTION = True
 except ImportError:
     HAS_UNIVENTION = False
@@ -99,7 +100,7 @@ def main():
     module_args = dict(
         path=dict(type="str", required=True, aliases=["name"]),
         value=dict(type="str", required=False, default=""),
-        state=dict(default="present", choices=["present", "absent"], type="str")
+        state=dict(default="present", choices=["present", "absent"], type="str"),
     )
 
     required_if = [["state", "present", ["value"]]]

pyproject.toml

@@ -10,10 +10,10 @@ classifiers = [
   "Natural Language :: English",
   "Operating System :: POSIX",
   "Programming Language :: Python :: 3",
-  "Programming Language :: Python :: 3.8",
   "Programming Language :: Python :: 3.9",
   "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
   "Topic :: Utilities",
   "Topic :: Software Development",
   "Topic :: Software Development :: Documentation",
@@ -26,7 +26,7 @@ repository = "https://gitea.rknet.org/ansible/xoxys.general"
 version = "0.0.0"
 
 [tool.poetry.dependencies]
-python = "^3.8.0"
+python = "^3.9.0"
 ansible-core = { version = "<=2.14.0", optional = true }
 pyopenssl = "23.0.0"
 proxmoxer = "2.0.1"
@@ -36,16 +36,18 @@ hcloud = "1.18.2"
 ansible = ["ansible-core"]
 
 [tool.poetry.group.dev.dependencies]
-ruff = "0.0.230"
+ruff = "0.1.7"
 pytest = "7.2.1"
 pytest-mock = "3.10.0"
 pytest-cov = "4.0.0"
 toml = "0.10.2"
-yapf = "0.32.0"
 pycodestyle = "2.10.0"
 yamllint = "1.29.0"
 pylint = "2.15.0"
 voluptuous = "0.13.1"
+pytest-ansible = "3.1.5"
+pytest-forked = "1.6.0"
+pytest-xdist = "3.3.1"
 
 [tool.pytest.ini_options]
 addopts = "--cov --cov-report=xml:coverage.xml --cov-report=term --cov-append --no-cov-on-fail"
@@ -59,13 +61,14 @@ filterwarnings = [
   "ignore::FutureWarning",
   "ignore::DeprecationWarning",
   "ignore:.*pep8.*:FutureWarning",
+  "ignore:AnsibleCollectionFinder.*:UserWarning"
 ]
 
 [tool.coverage.run]
 omit = ["**/tests/*"]
 
 [build-system]
-build-backend = "poetry.core.masonry.api"
+build-backend = "poetry_dynamic_versioning.backend"
 requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning"]
 
 [tool.ruff]
@@ -80,8 +83,13 @@ exclude = [
     ".cache",
     ".eggs",
     "env*",
+    ".venv",
     "iptables_raw.py",
 ]
+
+line-length = 99
+indent-width = 4
+
 # Explanation of errors
 #
 # D102: Missing docstring in public method
@@ -114,8 +122,8 @@ ignore = [
     "UP001",
     "UP009",
     "UP010",
+    "RUF100",
 ]
-line-length = 99
 select = [
     "D",
     "E",
@@ -138,12 +146,7 @@ select = [
     "RUF",
 ]
 
-[tool.ruff.flake8-quotes]
-inline-quotes = "double"
-
-[tool.yapf]
-based_on_style = "google"
-column_limit = 99
-dedent_closing_brackets = true
-coalesce_brackets = true
-split_before_logical_operator = true
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+line-ending = "lf"

tests/config.yml

@@ -1,2 +1,2 @@
 modules:
-  python_requires: ">=3.8"
+  python_requires: ">=3.9"

tests/unit/plugins/inventory/test_proxmox.py

@@ -10,8 +10,7 @@ import pytest
 
 proxmox = pytest.importorskip("proxmoxer")
 
-from ansible.errors import AnsibleError, AnsibleParserError  # noqa
-from plugins.inventory.proxmox import InventoryModule
+from ansible_collections.xoxys.general.plugins.inventory.proxmox import InventoryModule
 
 
 @pytest.fixture