From 984ca0de3753f937a10c65350ea260111bc14438 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 17:29:14 +0100 Subject: [PATCH 01/11] try to stop pipeline when the PR is draft --- .github/workflows/test_roles_pr.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index f0d0245e..96fc2990 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -13,6 +13,11 @@ on: - warning - debug pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review merge_group: jobs: From e63674ea25b4bb2b20b37f3d88e98fd9a0d163ec Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 17:35:00 +0100 Subject: [PATCH 02/11] Test --- .github/workflows/test_roles_pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 96fc2990..30e1f4a5 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -22,6 +22,7 @@ on: jobs: lint_full: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: '' From 3c3e1bc85c90fec16e82643e6e20752cc569a6df Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 17:38:27 +0100 Subject: [PATCH 03/11] Test2 --- .github/workflows/test_roles_pr.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 30e1f4a5..96fc2990 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -22,7 +22,6 @@ on: jobs: lint_full: - if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: '' From 25661ca92b4396040f44f2729a088d3facf94e49 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 17:43:04 +0100 Subject: [PATCH 04/11] Test3 --- .github/workflows/test_roles_pr.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 96fc2990..29fdf117 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -13,15 +13,11 @@ on: - warning - debug pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review merge_group: jobs: lint_full: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: '' From 7a0aed629c7cddecbef8b40ffe20e02300d9d84f Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 17:49:05 +0100 Subject: [PATCH 05/11] Stop pipelines to run while the PR is draft --- .github/workflows/kics.yml | 1 + .github/workflows/test_full_stack.yml | 1 + .github/workflows/test_plugins.yml | 1 + .github/workflows/test_role_beats.yml | 1 + .github/workflows/test_role_elasticsearch.yml | 1 + .github/workflows/test_role_kibana.yml | 1 + .github/workflows/test_role_logstash.yml | 1 + .github/workflows/test_role_repos.yml | 1 + 8 files changed, 8 insertions(+) diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 076d6dc6..4abe9e7e 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -21,6 +21,7 @@ on: - cron: '15 6 * * 4' jobs: kics: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest steps: diff --git a/.github/workflows/test_full_stack.yml b/.github/workflows/test_full_stack.yml index c065a334..e1aafd9f 100644 --- a/.github/workflows/test_full_stack.yml +++ b/.github/workflows/test_full_stack.yml @@ -17,6 +17,7 @@ on: jobs: lint_full: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: '' diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 0045ca84..f3588839 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -23,6 +23,7 @@ on: jobs: sanity_ansible_18_19: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest env: COLLECTION_NAMESPACE: netways diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index 13cd7dc4..1d93cd43 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -24,6 +24,7 @@ on: jobs: lint_beats: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: beats diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 2ab6adf4..bc1ff29c 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -24,6 +24,7 @@ on: jobs: lint_elasticsearch: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: elasticsearch diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index c36322c0..097fd48f 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -24,6 +24,7 @@ on: jobs: lint_kibana: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: kibana diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index 4eb2cbe4..a8b1a355 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -24,6 +24,7 @@ on: jobs: lint_logstash: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: logstash diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index 979a709f..c9bbf49d 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -23,6 +23,7 @@ on: jobs: lint_repos: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: repos From 077c5e0b657275088df2f903526c1595499d8821 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 18:04:11 +0100 Subject: [PATCH 06/11] Test if pipelines start when ready to review --- .github/workflows/test_roles_pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index 29fdf117..df56ec45 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -17,6 +17,7 @@ on: jobs: lint_full: + # test if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: From 1b41d11c7263b9bec9e6c7a679bc9b7549b209a3 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Wed, 25 Mar 2026 18:35:50 +0100 Subject: [PATCH 07/11] Install collection dependency in lint job --- .github/workflows/test_linting.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test_linting.yml b/.github/workflows/test_linting.yml index 91b56e40..b13fb8fb 100644 --- a/.github/workflows/test_linting.yml +++ b/.github/workflows/test_linting.yml @@ -38,6 +38,10 @@ jobs: python3 -m pip install --upgrade pip python3 -m pip install -r requirements-test.txt + - name: Install Ansible collections + run: | + ansible-galaxy collection install community.crypto community.general + - name: Lint code (yamllint). run: | yamllint . From 71397ded1dade6e0d771e5cc2f501302be01ec83 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Thu, 26 Mar 2026 11:31:27 +0100 Subject: [PATCH 08/11] Add elasticsearch group --- molecule/beats_default/molecule.yml | 2 ++ molecule/beats_peculiar/molecule.yml | 2 ++ molecule/kibana_default/molecule.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/molecule/beats_default/molecule.yml b/molecule/beats_default/molecule.yml index 0ed92435..a0c455a7 100644 --- a/molecule/beats_default/molecule.yml +++ b/molecule/beats_default/molecule.yml @@ -5,6 +5,8 @@ driver: name: docker platforms: - name: beats_default_${MOLECULE_DISTRO:-debian13} + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: diff --git a/molecule/beats_peculiar/molecule.yml b/molecule/beats_peculiar/molecule.yml index d3562ba4..fee71096 100644 --- a/molecule/beats_peculiar/molecule.yml +++ b/molecule/beats_peculiar/molecule.yml @@ -5,6 +5,8 @@ driver: name: docker platforms: - name: beats_peculiar_${MOLECULE_DISTRO:-debian13} + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: diff --git a/molecule/kibana_default/molecule.yml b/molecule/kibana_default/molecule.yml index 26455953..06044bca 100644 --- a/molecule/kibana_default/molecule.yml +++ b/molecule/kibana_default/molecule.yml @@ -5,6 +5,8 @@ driver: name: docker platforms: - name: "kibana_default-${MOLECULE_DISTRO:-debian13}" + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: From f0415864dde230f416652789c34fe327317588c8 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Thu, 26 Mar 2026 11:48:55 +0100 Subject: [PATCH 09/11] * Seperate the oss variant from the normal on in elasticsearch and logstash full stack workflows * fix the building of elasticsearch backage name. It didn't include oss variant There is no package elasticsearch-oss in 8 variant --- .github/workflows/test_role_elasticsearch.yml | 53 ++++++++++++++++++- .github/workflows/test_role_logstash.yml | 51 +++++++++++++++++- roles/elasticsearch/tasks/main.yml | 2 +- 3 files changed, 102 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index bc1ff29c..bfbd2406 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -45,8 +45,6 @@ jobs: scenario: - elasticsearch_default - elasticsearch_roles_calculation - - elasticsearch_cluster-oss - - elasticsearch_no-security release: - 7 - 8 @@ -84,3 +82,54 @@ jobs: ELASTIC_RELEASE: ${{ matrix.release }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + + molecule_elasticsearch_release7: + needs: lint_elasticsearch + runs-on: ubuntu-latest + + env: + COLLECTION_NAMESPACE: netways + COLLECTION_NAME: elasticstack + + strategy: + fail-fast: false + matrix: + distro: + - ubuntu2204 + scenario: + - elasticsearch_cluster-oss # OSS variant discontinued in ES 8 + - elasticsearch_no-security # security mandatory in ES 8 + ansible_version: + - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 + python_version: + - "3.11" + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up Python ${{ matrix.python_version }} + uses: actions/setup-python@v6 + with: + python-version: ${{ matrix.python_version }} + + - name: Install dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install "${{ matrix.ansible_version }}" + python3 -m pip install -r requirements-test.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + ELASTIC_RELEASE: "7" + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index a8b1a355..ac10c62d 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -43,7 +43,6 @@ jobs: matrix: distro: [ubuntu2204] scenario: - - logstash_full_stack-oss - logstash_specific_version - logstash_pipelines release: @@ -84,3 +83,53 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' ELASTIC_RELEASE: ${{ matrix.release }} + + molecule_logstash_oss: + runs-on: ubuntu-latest + needs: lint_logstash + + env: + COLLECTION_NAMESPACE: netways + COLLECTION_NAME: elasticstack + + strategy: + fail-fast: false + matrix: + distro: [ubuntu2204] + ansible_version: + - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 + python_version: + - "3.11" + scenario: + - logstash_full_stack-oss + + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up Python ${{ matrix.python_version }} + uses: actions/setup-python@v6 + with: + python-version: ${{ matrix.python_version }} + + - name: Install dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install "${{ matrix.ansible_version }}" + python3 -m pip install -r requirements-test.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: "7" # OSS variant discontinued in ES 8 diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index f1e3f71b..e92085cd 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -121,7 +121,7 @@ ansible.builtin.set_fact: elasticsearch_package: > {{ - 'elasticsearch' + + ('elasticsearch-oss' if elasticstack_variant == 'oss' else 'elasticsearch') + ((elasticstack_versionseparator + elasticstack_version | string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | From f17eeeb5607d789cb0835b314d289a482ef37a94 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Thu, 26 Mar 2026 11:57:53 +0100 Subject: [PATCH 10/11] Use the correct variable name --- molecule/elasticsearch_roles_calculation/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/elasticsearch_roles_calculation/converge.yml b/molecule/elasticsearch_roles_calculation/converge.yml index e64a9e0f..dd206828 100644 --- a/molecule/elasticsearch_roles_calculation/converge.yml +++ b/molecule/elasticsearch_roles_calculation/converge.yml @@ -8,7 +8,7 @@ vars: elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true - elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" + elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" elasticsearch_node_types: - master - data From d131920071209585eb91e58e6fedb757b82097b4 Mon Sep 17 00:00:00 2001 From: Afeef Ghannam Date: Thu, 26 Mar 2026 12:08:43 +0100 Subject: [PATCH 11/11] install community.crypto in for logstash pipeline --- molecule/logstash_full_stack-oss/requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/logstash_full_stack-oss/requirements.yml b/molecule/logstash_full_stack-oss/requirements.yml index 1c0204d5..6e4ec603 100644 --- a/molecule/logstash_full_stack-oss/requirements.yml +++ b/molecule/logstash_full_stack-oss/requirements.yml @@ -6,3 +6,4 @@ roles: collections: - community.general + - community.crypto