Automate AWX EE builds

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: tpaulus

.github/workflows/build-awx-ee.yml

@@ -0,0 +1,59 @@
+---
+name: Build AWX Execution Environment
+on:
+  workflow_dispatch: {}
+  push:
+    branches: [main]
+    paths:
+      - awx/ee/**
+      - .github/workflows/build-awx-ee.yml
+  pull_request:
+    branches: [main]
+    paths:
+      - awx/ee/**
+      - .github/workflows/build-awx-ee.yml
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ansible-ee
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+
+      - name: Log in to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=sha,prefix=sha-
+
+      - name: Build and push image
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
+        with:
+          context: awx/ee
+          platforms: linux/amd64
+          pull: true
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

awx/bootstrap.yaml

@@ -24,6 +24,8 @@ data:
     ORGANIZATION_NAME = os.environ.get("AWX_ORGANIZATION_NAME", "Whitestar Systems")
     PROJECT_NAME = os.environ.get("AWX_PROJECT_NAME", "tpaulus/ansible")
     PROJECT_URL = os.environ.get("AWX_PROJECT_URL", "https://github.com/tpaulus/ansible.git")
+    EXECUTION_ENVIRONMENT_NAME = os.environ.get("AWX_EXECUTION_ENVIRONMENT_NAME", "tpaulus/ansible-ee")
+    EXECUTION_ENVIRONMENT_IMAGE = os.environ.get("AWX_EXECUTION_ENVIRONMENT_IMAGE", "ghcr.io/tpaulus/ansible-ee:latest")
     INVENTORY_NAME = os.environ.get("AWX_INVENTORY_NAME", "NetBox")
     INVENTORY_SOURCE_NAME = os.environ.get("AWX_INVENTORY_SOURCE_NAME", "NetBox inventory")
     JOB_TEMPLATE_NAME = os.environ.get("AWX_JOB_TEMPLATE_NAME", "Provision all")
@@ -249,6 +251,17 @@ data:
 
         wait_for_project_update(project["id"], "provision/all.yaml")
 
+        execution_environment = upsert(
+            "execution_environments/",
+            EXECUTION_ENVIRONMENT_NAME,
+            {
+                "name": EXECUTION_ENVIRONMENT_NAME,
+                "description": "Custom EE for tpaulus/ansible and NetBox inventory.",
+                "image": EXECUTION_ENVIRONMENT_IMAGE,
+                "pull": "always",
+            },
+        )
+
         inventory = upsert(
             "inventories/",
             INVENTORY_NAME,
@@ -275,6 +288,7 @@ data:
                 "overwrite_vars": True,
                 "update_on_project_update": True,
                 "update_cache_timeout": 0,
+                "execution_environment": execution_environment["id"],
             },
             matcher=lambda item: item.get("name") == INVENTORY_SOURCE_NAME and item.get("inventory") == inventory["id"],
         )
@@ -290,6 +304,7 @@ data:
                 "playbook": "provision/all.yaml",
                 "job_type": "run",
                 "limit": LIMIT,
+                "execution_environment": execution_environment["id"],
                 "ask_limit_on_launch": True,
                 "ask_inventory_on_launch": False,
                 "ask_credential_on_launch": True,
@@ -341,6 +356,10 @@ spec:
               value: tpaulus/ansible
             - name: AWX_PROJECT_URL
               value: https://github.com/tpaulus/ansible.git
+            - name: AWX_EXECUTION_ENVIRONMENT_NAME
+              value: tpaulus/ansible-ee
+            - name: AWX_EXECUTION_ENVIRONMENT_IMAGE
+              value: ghcr.io/tpaulus/ansible-ee:latest
             - name: AWX_INVENTORY_NAME
               value: NetBox
             - name: AWX_INVENTORY_SOURCE_NAME

awx/ee/Dockerfile

@@ -0,0 +1,11 @@
+FROM quay.io/ansible/awx-ee:24.6.1
+
+USER root
+
+COPY requirements.yml /tmp/requirements.yml
+COPY requirements.txt /tmp/requirements.txt
+
+RUN python3 -m pip install --no-cache-dir -r /tmp/requirements.txt && \
+    ansible-galaxy collection install -r /tmp/requirements.yml && \
+    ansible-galaxy role install -r /tmp/requirements.yml && \
+    rm -f /tmp/requirements.yml /tmp/requirements.txt

awx/ee/requirements.txt

@@ -0,0 +1 @@
+pynetbox

awx/ee/requirements.yml

@@ -0,0 +1,18 @@
+---
+collections:
+  - name: community.general
+    version: 12.4.0
+  - name: ansible.posix
+    version: 2.1.0
+  - name: ansible.utils
+    version: 6.0.1
+  - name: arensb.truenas
+    version: 1.14.4
+  - name: netbox.netbox
+    version: 3.22.0
+  - name: prometheus.prometheus
+    version: 0.28.0
+
+roles:
+  - name: xanmanning.k3s
+    version: v3.6.2

renovate.json

@@ -16,14 +16,27 @@
       "/argocd/applications/.+\\.yaml$/"
     ]
   },
+  "ansible-galaxy": {
+    "managerFilePatterns": [
+      "/awx/ee/requirements\\.yml$/"
+    ]
+  },
+  "pip_requirements": {
+    "managerFilePatterns": [
+      "/awx/ee/requirements\\.txt$/"
+    ]
+  },
   "platformAutomerge": true,
   "automergeType": "branch",
   "ignoreTests": true,
   "packageRules": [
     {
       "matchManagers": [
         "kubernetes",
-        "argocd"
+        "argocd",
+        "ansible-galaxy",
+        "pip_requirements",
+        "dockerfile"
       ],
       "major": {
         "automerge": false