Steampunk Spotter

How to Use Steampunk Spotter with GitHub Actions

July 6, 2023 - Words by  The Spotter team - 3 min read

Card image caption

Steampunk Spotter is a versatile tool that can be integrated with various tools to enhance your workflow. This blog post will explore using Spotter in CI/CD pipelines with GitHub Actions. By leveraging the Spotter action available on GitHub Marketplace we will demonstrate how to scan Ansible content within your GitHub repositories.

Create a new Git repository on GitHub

To begin, open GitHub and create a new Git repository.

Give it a name like “spotter-github-ci” and ensure it is set as private. You can initialize the repository with a README file.

Create a new YAML file with the test playbook

Now, let’s create a new Ansible playbook that we want to scan with Spotter. Click the “Add file” icon and select “Create new file.” We will name the YAML file “playbook.yaml.”

You can use the sample playbook provided or replace it with your own content. Here’s an example:

- name: Sample playbook 
  hosts: localhost 
  tasks: 
    - name: Create a new Sensu Go user 
      sensu.sensu_go.user: 
        password: "{{ lookup('env', 'SENSU_USER_PASSWORD') }}" 

    - name: Get the payload from the API 
      ansible.builtin.uri: 
        url: "/some-url" 
        method: GET 
        user: "username1" 

Once you’ve added the playbook content, commit the changes.

Configure the API token authentication

To enable Spotter usage in CI/CD pipelines, you need to authenticate via an API token or with your username and password. Open the Spotter app and navigate to user settings. Click on “API tokens” and generate a new token named “github.” Copy the generated token and return to your GitHub repository.

Click on “Settings,” search for “Secrets and variables” in the repository settings, expand it, and select action. Select “Add a new repository secret.”

Name it “SPOTTER_API_TOKEN,” then paste the copied API token.

Configure and Run CI/CD

With the GitHub repository and playbook set up, it’s time to configure CI/CD to scan Ansible content with Spotter.

Create a new GitHub Actions workflow by creating a YAML file called “.spotter-ci.yml” in the “.github/workflows” directory. The file must be located there for GitHub to detect it automatically.

Paste the following CI configuration into the YAML file:


name: Steampunk Spotter 
on: push 
jobs: 
  spotter-scan: 
    runs-on: ubuntu-latest 
    steps: 
      - name: Checkout repository 
        uses: actions/checkout@master 
 
      - name: Scan Ansible content 
        uses: xlab-steampunk/spotter-action@master 
        with: 
          paths: . 
          include_values: true 
          include_metadata: true 
          ansible_version: 2.14 
        env: 
          SPOTTER_API_TOKEN: ${{ secrets.SPOTTER_API_TOKEN }} 

The “spotter-scan” job will scan your playbook. In the first step, the repository is checked. In the second step, the latest Steampunk Spotter GitHub Action is used, and you can authenticate with the API token generated in the Spotter App.

You scan the entire repository, including Ansible module parameter values and metadata, targeting Ansible version 2.14.

Commit the changes and observe if the CI/CD pipeline starts running.

Scan Result

You can monitor the progress of the CI/CD pipeline, which will run the Spotter scan. If the pipeline fails, it indicates errors in your playbook. Click on “Details” to access the scan results.

The results will display errors, warnings, and hints found during the scan.

Steampunk Spotter: empowering your automation journey

Steampunk Spotter is a powerful tool that can assist you in automating your workflows. With its seamless integration into GitHub Actions, you can easily incorporate Ansible content scanning within your CI/CD pipelines. Spotter helps you identify errors, warnings, and hints, enabling you to enhance the quality and reliability of your automation.

Explore Spotter and embark on your automation journey with confidence.

Interested in Spotter, but don’t know how to start? Explore our Getting started guide.

Found this post useful?

Get our monthly newsletter.

Thank you for subscribing!

Please wait

Processing, please wait...

Keep up with what we do on our social media.