Skip to content

feat: add optional Galaxy server auth inputs to sanity, unit, and integration workflows#103

Open
djdanielsson wants to merge 1 commit intoansible:mainfrom
djdanielsson:feat/galaxy-server-auth
Open

feat: add optional Galaxy server auth inputs to sanity, unit, and integration workflows#103
djdanielsson wants to merge 1 commit intoansible:mainfrom
djdanielsson:feat/galaxy-server-auth

Conversation

@djdanielsson
Copy link
Copy Markdown

@djdanielsson djdanielsson commented Apr 15, 2026
edited
Loading

Summary

  • Adds three optional parameters (galaxy_server_url, galaxy_server_auth_url inputs and galaxy_server_token secret) to the sanity, unit, and integration reusable workflows.
  • When galaxy_server_url is provided, ANSIBLE_GALAXY_SERVER_LIST is set to certified,galaxy and the corresponding ANSIBLE_GALAXY_SERVER_CERTIFIED_URL, _TOKEN, and _AUTH_URL env vars are populated on the tox run step. No temporary files are created.
  • All parameters are optional and fully backward-compatible — callers that don't pass them see no change in behavior.

Motivation

Collections that depend on certified content hosted on Automation Hub (or other private Galaxy servers) currently cannot use these reusable workflows because ansible-galaxy / ade install fails to resolve dependencies that require authentication. This forces downstream repos to inline the entire sanity/unit/integration workflow just to inject authentication.

With this change, callers can simply pass the server URL and token:

jobs:
  sanity:
    uses: ansible/ansible-content-actions/.github/workflows/sanity.yaml@main
    with:
      galaxy_server_url: https://console.redhat.com/api/automation-hub/content/published/
      galaxy_server_auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
    secrets:
      galaxy_server_token: ${{ secrets.AH_TOKEN }}

Test plan

  • Verify existing callers that don't pass the new inputs continue to work unchanged (empty env vars are harmless)
  • Confirm no temporary files are created or left behind

Made-with: Cursor

@djdanielsson djdanielsson requested review from a team, KB-perByte and NilashishC as code owners April 15, 2026 16:15
@github-actions github-actions Bot added the feat label Apr 15, 2026
@djdanielsson
feat: add optional Galaxy server auth inputs to sanity, unit, and int…
bed8e0d 
…egration workflows

Collections that depend on certified content hosted on Automation Hub
(or other private Galaxy servers) cannot install their dependencies
without authentication.  This adds three optional parameters to the
sanity, unit, and integration reusable workflows:

  - `galaxy_server_url` (input) – URL of the additional Galaxy server
  - `galaxy_server_auth_url` (input) – SSO/token endpoint for the server
  - `galaxy_server_token` (secret) – authentication token

When `galaxy_server_url` is provided, the ANSIBLE_GALAXY_SERVER_LIST
env var is set to "certified,galaxy", and the corresponding
ANSIBLE_GALAXY_SERVER_CERTIFIED_URL, _TOKEN, and _AUTH_URL env vars
are populated from the inputs/secret.  No temporary files are created.

All three parameters are optional and fully backward-compatible; callers
that do not pass them see no change in behavior.

Made-with: Cursor
@djdanielsson djdanielsson force-pushed the feat/galaxy-server-auth branch from 64924ef to bed8e0d Compare April 15, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KB-perByte KB-perByte Awaiting requested review from KB-perByte KB-perByte is a code owner

@NilashishC NilashishC Awaiting requested review from NilashishC NilashishC is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

feat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@djdanielsson