-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathTaskfile.yml
107 lines (98 loc) · 3.13 KB
/
Taskfile.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3"
includes:
git-hooks: ./scripts/git-hooks.taskfile.yml
lint: ./scripts/lint.taskfile.yml
setup: ./scripts/setup.taskfile.yml
vars:
BECOME_PASSWORD_FILE: become-password.secret
PIPENV_COMMAND: python3 -m pipenv
VAULT_PASSWORD_FILE: vault-password.txt
SYNC_PYTHON_VERSIONS_SHOULD_COMMIT: "true"
tasks:
help:
desc: List all tasks
aliases:
- default
cmds:
- task --list-all
clean:
desc: Remove artifacts.
deps:
- git-hooks:clean
- clean.pipenv
cmds:
- rm -v "{{.VAULT_PASSWORD_FILE}}" "{{.BECOME_PASSWORD_FILE}}" || true
clean:pipenv:
desc: Remove pipenv virtualenv.
cmds:
- "{{.PIPENV_COMMAND}} --rm"
install:
desc: Install dependencies.
deps:
- git-hooks:build
cmds:
# Install Xcode for Homebrew.
- xcode-select --install || true
# Install Homebrew.
- >-
command -v brew > /dev/null || { /bin/bash -c "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"; }
# Install pyenv.
- command -v pyenv > /dev/null || { brew install readline xz pyenv; }
# Install target Python version.
- pyenv install "$(cat .python-version)" --skip-existing
# Install pipenv.
- pip3 install --break-system-packages --upgrade --user pipenv
# Install Python dependencies from Pipfile.
- "{{.PIPENV_COMMAND}} sync --dev"
# Install Ansible collections and modules.
- >-
{{.PIPENV_COMMAND}} run ansible-galaxy install
--role-file requirements.yml
--force
update:
desc: Update pipenv dependencies.
cmds:
# Run these dependencies sequentially.
- task: sync-python-versions
vars:
SYNC_PYTHON_VERSIONS_SHOULD_COMMIT: false
- task: install
- >-
{{.PIPENV_COMMAND}} update --dev
# Commit sync-python-versions changes only on the last run.
- task: sync-python-versions
vars:
SYNC_PYTHON_VERSIONS_SHOULD_COMMIT: true
run:
desc: Run Ansible playbook.
deps:
- setup:become-password
- setup:vault-password
vars:
PLAYBOOK: main.yml
EXTRA_ANSIBLE_ARGS: -vv
cmds:
- >-
{{.PIPENV_COMMAND}} run ansible-playbook {{.PLAYBOOK}}
--extra-vars="ansible_python_interpreter=$(which python)"
--inventory inventory
--vault-password-file {{.VAULT_PASSWORD_FILE}}
{{.EXTRA_ANSIBLE_ARGS}}
# Renovate only updates the Python version in .python-version, not the
# version constraints in the Pipfiles.
sync-python-versions:
desc: Synchronize all places where the Python version is set.
vars:
PYTHON_VERSION:
sh: cat .python-version
cmds:
- sed -i '' -E 's/^(python_version = ).*/\1"{{.PYTHON_VERSION}}"/' Pipfile
- >-
sed -i '' -E 's/("python_version": ").*(")/\1{{.PYTHON_VERSION}}\2/' Pipfile.lock
- |-
if [ "{{.SYNC_PYTHON_VERSIONS_SHOULD_COMMIT}}" = "true" ]; then
git add Pipfile*
git commit -m "chore: sync python version to Pipfiles" || true
fi