Steampunk Spotter
How to Use Steampunk Spotter with GitHub Actions
July 6, 2023 - Words by The Spotter team - 3 min read
Steampunk Spotter is a versatile tool that can be integrated with various tools to enhance your workflow. This blog post will explore using Spotter in CI/CD pipelines with GitHub Actions. By leveraging the Spotter action available on GitHub Marketplace we will demonstrate how to scan Ansible content within your GitHub repositories.
Create a new Git repository on GitHub
To begin, open GitHub and create a new Git repository.
Give it a name like “spotter-github-ci” and ensure it is set as private. You can initialize the repository with a README file.
Create a new YAML file with the test playbook
Now, let’s create a new Ansible playbook that we want to scan with Spotter. Click the “Add file” icon and select “Create new file.” We will name the YAML file “playbook.yaml.”
You can use the sample playbook provided or replace it with your own content. Here’s an example:
- name: Sample playbook
hosts: localhost
tasks:
- name: Create a new Sensu Go user
sensu.sensu_go.user:
password: "{{ lookup('env', 'SENSU_USER_PASSWORD') }}"
- name: Get the payload from the API
ansible.builtin.uri:
url: "/some-url"
method: GET
user: "username1"
Once you’ve added the playbook content, commit the changes.
Configure the API token authentication
To enable Spotter usage in CI/CD pipelines, you need to authenticate via an API token or with your username and password. Open the Spotter app and navigate to user settings. Click on “API tokens” and generate a new token named “github.” Copy the generated token and return to your GitHub repository.
Click on “Settings,” search for “Secrets and variables” in the repository settings, expand it, and select action. Select “Add a new repository secret.”
Name it “SPOTTER_API_TOKEN,” then paste the copied API token.
Configure and Run CI/CD
With the GitHub repository and playbook set up, it’s time to configure CI/CD to scan Ansible content with Spotter.
Create a new GitHub Actions workflow by creating a YAML file called “.spotter-ci.yml” in the “.github/workflows” directory. The file must be located there for GitHub to detect it automatically.
Paste the following CI configuration into the YAML file:
name: Steampunk Spotter
on: push
jobs:
spotter-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@master
- name: Scan Ansible content
uses: xlab-steampunk/spotter-action@master
with:
paths: .
include_values: true
include_metadata: true
ansible_version: 2.14
env:
SPOTTER_API_TOKEN: ${{ secrets.SPOTTER_API_TOKEN }}
The “spotter-scan” job will scan your playbook. In the first step, the repository is checked. In the second step, the latest Steampunk Spotter GitHub Action is used, and you can authenticate with the API token generated in the Spotter App.
You scan the entire repository, including Ansible module parameter values and metadata, targeting Ansible version 2.14.
Commit the changes and observe if the CI/CD pipeline starts running.
Scan Result
You can monitor the progress of the CI/CD pipeline, which will run the Spotter scan. If the pipeline fails, it indicates errors in your playbook. Click on “Details” to access the scan results.
The results will display errors, warnings, and hints found during the scan.
Steampunk Spotter: empowering your automation journey
Steampunk Spotter is a powerful tool that can assist you in automating your workflows. With its seamless integration into GitHub Actions, you can easily incorporate Ansible content scanning within your CI/CD pipelines. Spotter helps you identify errors, warnings, and hints, enabling you to enhance the quality and reliability of your automation.
Explore Spotter and embark on your automation journey with confidence.
Interested in Spotter, but don’t know how to start? Explore our Getting started guide.
