This GitHub Action setups all necessary OpenStack resources for a Ansible Playbook to run, executes it and reports about its success/failure in a nice looking summary (within GitHub UI), as well as machine-friendly artifacts for postprocessing.
Takes in user-defined Python and Ansible versions, extra variable inputs and any number of Ansible Roles required.
- Added compatibility with the ewc-community-hub repository to enable upstream test orchestration and by enforcing naming and formatting convention of workflow inputs.
Please refer to the CHANGELOG for more details about the latests release.
- Get OpenStack API credentials (see How to request OpenStack Application Credentials section of the EWC documentation)
- Extract the following attributes from your app credentials and store them within your repository's GitHub secrets (see Creating secrets for a repository section of the GitHub documentation):
OS_AUTH_URLOS_REGION_NAMEOS_APPLICATION_CREDENTIAL_IDOS_APPLICATION_CREDENTIAL_SECRET
- Create an SSH keypair (see Generating a new SSH key section of the GitHub documentation )
- Add you SSH public key to OpenStack (see Import SSH Key section of the EWC documentation).
- Once more, update your repository's GitHub secrets to include the value of the private ssh key as:
ANSIBLE_SSH_PRIVATE_KEY
💡 For live usage examples in EWC Community Hub's context, checkout these ECMWF test workflow and EUMETSAT test workflow definitions.
# .github/workflows/test-eumetsat.yml
---
name: Test Deploy Ansible Playbook
on:
workflow_dispatch:
permissions:
contents: read
actions: write
jobs:
test-deploy-ansible-playbook:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Test deployment
id: test-deployment
uses: ewcloud/ewc-gh-action-test-deploy-ansible-playbook@v2
with:
osAuthUrl: '${{ secrets.OS_AUTH_URL }}'
osRegionName: '${{ secrets.OS_REGION_NAME }}'
osApplicationCredentialId: '${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}'
osApplicationCredentialSecret: '${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}'
osExternalNetworkName: 'external'
osPrivateNetworkName: 'private'
osSecurityGroupName: 'ssh'
osFlavorName: 'eo1.small'
osImageName: 'ubuntu-24.04-20250604102601'
osKeypairName: 'github-keypair'
ansibleUser: 'ubuntu'
ansibleSshPrivateKey: '${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}'
pathToMainFile: 'site.yml'
- name: Upload test deployment result
uses: actions/upload-artifact@v6
with:
name: artifacts_${{ github.run_id }}
path: ${{ steps.test-deployment.outputs.artifactPath }}
retention-days: 90| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ansibleSshPrivateKey | Value of the private ssh keypair for compute instance access | string |
n/a | yes |
| ansibleUser | Operative system user which Ansible impersonates when connecting to the test compute instance | string |
n/a | yes |
| ansibleVersion | Ansible version to be used during testing (must be supported by the specified Python version) | string |
10.7.0 |
yes |
| osApplicationCredentialId | OpenStack application credential ID | string |
n/a | yes |
| osApplicationCredentialSecret | OpenStack application credential secret | string |
n/a | yes |
| osAuthUrl | URL pointing to OpenStack authentication API | string |
n/a | yes |
| osExternalNetworkName | Name of the external OpenStack network for floating IPs | string |
n/a | yes |
| osFlavorName | Name the OpenStack flavor to use for the instance | string |
n/a | yes |
| osImageName | Name of the image to use for the OpenStack compute instance | string |
n/a | yes |
| osKeypairName | Name of the pre-uploaded public ssh keypair in OpenStack | string |
n/a | yes |
| osPrivateNetworkName | Name of the private OpenStack network name to attach the test compute instance to | string |
n/a | yes |
| osRegionName | OpenStack region name. Example: RegionOne |
string |
n/a | yes |
| osSecurityGroupName | Name of the OpenStack security group assigned to the test compute instance | string |
n/a | yes |
| pathToMainFile | Path to main file for the Ansible Playbook execution. Example: playbooks/ssh-bastion-flavour/ssh-bastion-flavour.yml |
string |
n/a | yes |
| pathToRequirementsFile | Path to requirements file needed for the Ansible Playbook. Example: playbooks/ssh-bastion-flavour/requirements.yml |
string |
n/a | no |
| pythonVersion | Python version to be used during testing | string |
3.9.25 |
yes |
| inputSpecJson | Input values for the Ansible Playbook, in JSON format. Example: {"fail2ban_whitelisted_ip_ranges":""} |
string |
n/a | no |
| instanceNamePrefix | Prefix for the OpenStack compute instance (will prepend to the GitHub run id) | string |
github |
yes |
| Name | Description | Type |
|---|---|---|
| artifactPath | Path where artifacts were written in the workflow workspace | string |
| Name | Home URL |
|---|---|
| ewc-tf-module-openstack-compute | https://github.com/ewcloud/ewc-tf-module-openstack-compute |
Copyright © EUMETSAT 2026.
The provided code and instructions are licensed under MIT license. They are intended to automate the setup of an environment that includes third-party software components. The usage and distribution terms of the resulting environment are subject to the individual licenses of those third-party libraries.
Users are responsible for reviewing and complying with the licenses of all third-party components included in the environment.
Contact EUMETSAT for details on the usage and distribution terms.
European Weather Cloud <support@europeanweather.cloud>
Thanks for taking the time to join our community and start contributing! Please make sure to:
- Familiarize yourself with our Code of Conduct before contributing.
- See CONTRIBUTING.md for instructions on how to request or submit changes.
- Add proper SSH status polling (with netcat or similar utility)