[integration] Enable integration tests via Github actions

.github/workflows/changelog.yml

@@ -1,6 +1,6 @@
-name: changelog
+name: CI
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 on:
@@ -18,5 +18,5 @@ on:
       - '*'
 
 jobs:
-  test:
+  changelog:
     uses: ansible-network/github_actions/.github/workflows/changelog.yml@main

.github/workflows/integration.yml

@@ -0,0 +1,59 @@
+name: CI
+on:
+  pull_request_target:
+
+jobs:
+  integration:
+    runs-on: ubuntu-latest
+    env:
+      source: "./source"
+      aws_dir: "./amazon_aws"
+      ansible_version: "stable-2.14"
+      python_version: "3.9"
+    steps:
+      - name: Checkout collection
+        uses: actions/checkout@v3
+        with:
+          path: ${{ env.source }}
+
+      - name: Build and install collection
+        id: install-collection
+        uses: ansible-network/github_actions/.github/actions/build_install_collection@main
+        with:
+          install_python_dependencies: false
+          source_path: ${{ env.source }}
+
+      - name: checkout ansible-collections/amazon.aws
+        uses: ansible-network/github_actions/.github/actions/checkout_dependency@main
+        with:
+          repository: ansible-collections/amazon.aws
+          path: ${{ env.amazon_aws }}
+          ref: main
+
+      - name: install amazon.aws collection
+        uses: ansible-network/github_actions/.github/actions/build_install_collection@main
+        with:
+          install_python_dependencies: true
+          source_path: ${{ env.amazon_aws }}
+
+      - name: Create AWS/sts session credentials
+        uses: ansible-network/github_actions/.github/actions/ansible_aws_test_provider@main
+        with:
+          collection_path: ${{ steps.install-collection.outputs.collection_path }}
+          ansible_core_ci_key: ${{ secrets.ANSIBLE_CORE_CI_KEY }}
+
+      # we use raw git to create a repository in the tests
+      # this fails if the committer doesn't have a name and an email set
+      - name: Set up git
+        run: |
+          git config --global user.email gha@localhost
+          git config --global user.name "Github Actions"
+        shell: bash
+
+      - name: Run integration tests
+        uses: ansible-network/github_actions/.github/actions/ansible_test_integration@main
+        with:
+          collection_path: ${{ steps.install-collection.outputs.collection_path }}
+          python_version: ${{ env.python_version }}
+          ansible_version: ${{ env.ansible_version }}
+          ansible_test_requirement_files: ''

.github/workflows/linters.yml

@@ -1,35 +1,21 @@
 ---
-name: Linters
+name: CI
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 'on':
   push:
     branches:
       - main
+      - stable-*
   pull_request:
     branches:
       - main
+      - stable-*
 
 jobs:
-
   linters:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python_version: ['3.8']
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Set up Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v2
-        with:
-          python-version: ${{ matrix.python_version }}
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install tox
-      - name: Test with tox
-        run: tox -e linters -vv
-
+    uses: ansible-network/github_actions/.github/workflows/tox-linters.yml@main
   ansible-lint:
     uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main

.github/workflows/sanity.yml

@@ -1,17 +1,10 @@
-name: sanity
+name: CI
 concurrency:
-  group: ${{ github.head_ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 on:
   pull_request:
-    types:
-      - opened
-      - reopened
-      - labeled
-      - unlabeled
-      - synchronize
-      - closed
     branches:
       - main
       - stable-*

roles/aws_setup_credentials/README.md

@@ -1,71 +1,66 @@
-aws_setup_credentials
-==================
+# aws_setup_credentials
 
-A role to define credentials for aws modules. The role defines a variable named **aws_role_credentials** which contains AWS credentials for Amazon modules based on user input.
+A role to define credentials for aws modules. The role defines a variable named **aws_setup_credentials\_\_output** which contains AWS credentials for Amazon modules based on user input.
 
-Requirements
-------------
+## Requirements
 
 N/A
 
-Role Variables
---------------
-
-* **aws_endpoint_url**:
-    - URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used.
-    - Environment variable:
-        - EC2_URL
-        - AWS_URL
-* **aws_access_key**:
-    - The AWS access key to use.
-    - Mutually exclusive with option aws_profile.
-    - Environment variable:
-        - AWS_ACCESS_KEY_ID
-        - AWS_ACCESS_KEY
-        - EC2_ACCESS_KEY.
-* **aws_secret_key**:
-    - The AWS secret key that corresponds to the access key.
-    - Mutually exclusive with option aws_profile.
-    - Environment variable:
-        - AWS_SECRET_ACCESS_KEY
-        - AWS_SECRET_KEY
-        - EC2_SECRET_KEY.
-* **aws_security_token**:
-    - The AWS security token if using temporary access and secret keys.
-    - Mutually exclusive with option aws_profile.
-    - Environment variable:
-        - AWS_SECURITY_TOKEN
-        - EC2_SECURITY_TOKEN
-* **aws_ca_bundle**:
-    - The location of a CA Bundle to use when validating SSL certificates.
-    - Environment variable:
-        - AWS_CA_BUNDLE
-* **aws_validate_certs**:
-    - When set to "false", SSL certificates will not be validated for communication with the AWS APIs.
-    - Environment variable:
-        - AWS_VALIDATE_CERTS
-* **aws_profile**:
-    - The AWS profile to use.
-    - Mutually exclusive with the aws_access_key, aws_secret_key and aws_security_token options.
-    - Environment variable:
-        - AWS_PROFILE
-        - AWS_DEFAULT_PROFILE.
-* **aws_config**:
-    - A dictionary to modify the botocore configuration.
-    - Parameters can be found at [botocore config](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
-* **aws_region**:
-    - The AWS region to use.
-    - Environment variable:
-        - AWS_REGION
-        - EC2_REGION.
-
-Dependencies
-------------
+## Role Variables
+
+- **aws_endpoint_url**:
+  - URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used.
+  - Environment variable:
+    - EC2_URL
+    - AWS_URL
+- **aws_access_key**:
+  - The AWS access key to use.
+  - Mutually exclusive with option aws_profile.
+  - Environment variable:
+    - AWS_ACCESS_KEY_ID
+    - AWS_ACCESS_KEY
+    - EC2_ACCESS_KEY.
+- **aws_secret_key**:
+  - The AWS secret key that corresponds to the access key.
+  - Mutually exclusive with option aws_profile.
+  - Environment variable:
+    - AWS_SECRET_ACCESS_KEY
+    - AWS_SECRET_KEY
+    - EC2_SECRET_KEY.
+- **aws_security_token**:
+  - The AWS security token if using temporary access and secret keys.
+  - Mutually exclusive with option aws_profile.
+  - Environment variable:
+    - AWS_SECURITY_TOKEN
+    - EC2_SECURITY_TOKEN
+- **aws_ca_bundle**:
+  - The location of a CA Bundle to use when validating SSL certificates.
+  - Environment variable:
+    - AWS_CA_BUNDLE
+- **aws_validate_certs**:
+  - When set to "false", SSL certificates will not be validated for communication with the AWS APIs.
+  - Environment variable:
+    - AWS_VALIDATE_CERTS
+- **aws_profile**:
+  - The AWS profile to use.
+  - Mutually exclusive with the aws_access_key, aws_secret_key and aws_security_token options.
+  - Environment variable:
+    - AWS_PROFILE
+    - AWS_DEFAULT_PROFILE.
+- **aws_config**:
+  - A dictionary to modify the botocore configuration.
+  - Parameters can be found at [botocore config](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
+- **aws_region**:
+  - The AWS region to use.
+  - Environment variable:
+    - AWS_REGION
+    - EC2_REGION.
+
+## Dependencies
 
 - NA
 
-Example Playbook
-----------------
+## Example Playbook
 
     - hosts: localhost
 
@@ -82,16 +77,14 @@ Example Playbook
                 zone-name: eu-east-1
         module_defaults:
           group/aws:
-            '{{ aws_role_credentials }}'
+            '{{ aws_setup_credentials__output }}'
 
-License
--------
+## License
 
 GNU General Public License v3.0 or later
 
 See [LICENCE](https://github.com/ansible-collections/cloud.aws_troubleshooting/blob/main/LICENSE) to see the full text.
 
-Author Information
-------------------
+## Author Information
 
 - Ansible Cloud Content Team

roles/aws_setup_credentials/tasks/main.yml

@@ -1,7 +1,8 @@
 ---
 - name: Define intial value for credentials
   ansible.builtin.set_fact:
-    aws_role_credentials: {}
+    aws_setup_credentials__output: {}
+
 - name: Create auth credentials
   ansible.builtin.include_tasks: read_option.yml
   with_dict: "{{ aws_connection_env }}"

roles/aws_setup_credentials/tasks/read_option.yml

@@ -1,31 +1,30 @@
 ---
-- name: Set 'option_key' and 'option_value' from Environment
+- name: Define key and value variables to search into environment
   ansible.builtin.set_fact:
-    option_key: "{{ ('dest' in item.value) | ternary(item.value.dest, item.key) }}"
-    option_value: "{{ lookup('vars', item.key, default='') }}"
+    aws_setup_credentials__item_key: "{{ ('dest' in item.value) | ternary(item.value.dest, item.key) }}"
+    aws_setup_credentials__item_value: "{{ lookup('vars', item.key, default='') }}"
 
 - name: Combine user-defined variable
   ansible.builtin.set_fact:
-    aws_role_credentials: "{{ aws_role_credentials | combine({option_key: option_value}) }}"
-  when: option_value | length > 0
+    aws_setup_credentials__output: "{{ aws_setup_credentials__output | combine({aws_setup_credentials__item_key: aws_setup_credentials__item_value}) }}"
+  when: aws_setup_credentials__item_value | length > 0
 
 - name: Read value from Environment
-  when: option_value | length == 0
+  when: aws_setup_credentials__item_value | length == 0
   block:
-    - name: Set 'env_values' variable
+    - name: Initialize environment variable list
       ansible.builtin.set_fact:
-        env_values: []
-    - name: Set 'env_values' from Environment
+        aws_setup_credentials__env_values: []
+
+    - name: Append single environment variable into variables list
       ansible.builtin.set_fact:
-        env_values: "{{ env_values + [current_value] }}"
+        aws_setup_credentials__env_values: "{{ aws_setup_credentials__env_values + [lookup('env', aws_setup_credentials__env_key)] }}"
       with_items: "{{ ('env' in item.value) | ternary(item.value.env, []) }}"
-      when: current_value | length > 0
+      when: lookup('env', aws_setup_credentials__env_key) | length > 0
       loop_control:
-        loop_var: env_var
-      vars:
-        current_value: "{{ lookup('env', env_var) }}"
+        loop_var: aws_setup_credentials__env_key
 
     - name: Combine with environment-defined variable
       ansible.builtin.set_fact:
-        aws_role_credentials: "{{ aws_role_credentials | combine({option_key: env_values[0]}) }}"
-      when: env_values | length > 0
+        aws_setup_credentials__output: "{{ aws_setup_credentials__output | combine({aws_setup_credentials__item_key: aws_setup_credentials__env_values[0]}) }}"
+      when: aws_setup_credentials__env_values | length > 0