Update test environments to current Ansible version (#909)

schurzi · web-flow · commit 24d4d04840ed · 2025-10-27T10:32:41.000+01:00
* Update test environments to current Ansible version

Signed-off-by: Martin Schurz &lt;Martin.Schurz@telekom.de&gt;

* Add Workaround for vagrant

Signed-off-by: Martin Schurz &lt;Martin.Schurz@telekom.de&gt;

---------

Signed-off-by: Martin Schurz &lt;Martin.Schurz@telekom.de&gt;
diff --git a/.github/workflows/os_hardening_vm.yml b/.github/workflows/os_hardening_vm.yml
@@ -9,13 +9,15 @@ on:  # yamllint disable-line rule:truthy
       - 'molecule/os_hardening_vm/**'
       - '.github/workflows/os_hardening_vm.yml'
       - 'requirements.txt'
+      - 'requirements-vm.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening_vm/**'
       - '.github/workflows/os_hardening_vm.yml'
       - 'requirements.txt'
+      - 'requirements-vm.txt'
   schedule:
     - cron: '0 6 * * 2'
 
@@ -63,7 +65,7 @@ jobs:
           source ~/.venv/ansible-collection-hardening/bin/activate
           python -m pip install --no-cache-dir --upgrade pip
           pip install -r requirements.txt
-          pip install python-vagrant
+          pip install -r requirements-vm.txt
         working-directory: ansible_collections/devsec/hardening
 
       - name: Downgrade Ansible for Rocky 8 tests
@@ -84,6 +86,8 @@ jobs:
       - name: Test with molecule
         run: |
           source ~/.venv/ansible-collection-hardening/bin/activate
+          # Workaround for https://github.com/ansible-community/molecule-plugins/issues/301
+          export MOLECULE_VAGRANT_PLUGIN_DIR=$(python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')/molecule_plugins/vagrant
           molecule test -s os_hardening_vm
         env:
           MOLECULE_DISTRO: ${{ matrix.molecule_distro }}
diff --git a/.github/workflows/ssh_hardening_bsd.yml b/.github/workflows/ssh_hardening_bsd.yml
@@ -9,13 +9,15 @@ on:  # yamllint disable-line rule:truthy
       - 'molecule/ssh_hardening_bsd/**'
       - '.github/workflows/ssh_hardening_bsd.yml'
       - 'requirements.txt'
+      - 'requirements-vm.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_bsd/**'
       - '.github/workflows/ssh_hardening_bsd.yml'
       - 'requirements.txt'
+      - 'requirements-vm.txt'
   schedule:
     - cron: '0 6 * * 5'
 
@@ -51,7 +53,7 @@ jobs:
           source ~/.venv/ansible-collection-hardening/bin/activate
           python -m pip install --no-cache-dir --upgrade pip
           pip install -r requirements.txt
-          pip install python-vagrant
+          pip install -r requirements-vm.txt
         working-directory: ansible_collections/devsec/hardening
 
       - name: Update Vagrant Box
@@ -61,6 +63,8 @@ jobs:
       - name: Test with molecule
         run: |
           source ~/.venv/ansible-collection-hardening/bin/activate
+          # Workaround for https://github.com/ansible-community/molecule-plugins/issues/301
+          export MOLECULE_VAGRANT_PLUGIN_DIR=$(python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')/molecule_plugins/vagrant
           molecule test -s ssh_hardening_bsd
         env:
           MOLECULE_DISTRO: ${{ matrix.molecule_distro }}
diff --git a/molecule/os_hardening_vm/molecule.yml b/molecule/os_hardening_vm/molecule.yml
@@ -25,6 +25,8 @@ provisioner:
     defaults:
       interpreter_python: auto_silent
       callbacks_enabled: profile_tasks, timer, yaml
+      # Workaround for https://github.com/ansible-community/molecule-plugins/issues/301
+      library: "${MOLECULE_PROJECT_DIRECTORY}/plugins/modules:/usr/share/ansible:${MOLECULE_VAGRANT_PLUGIN_DIR}"
 verifier:
   name: ansible
   env:
diff --git a/molecule/shared/prerequisites.yml b/molecule/shared/prerequisites.yml
@@ -5,5 +5,5 @@
     - name: Make sure environment variable for MOLECULE_DISTRO is set
       ansible.builtin.assert:
         that:
-          - "lookup('env','MOLECULE_DISTRO')"
+          - "lookup('env','MOLECULE_DISTRO') | length > 0"
         fail_msg: "You need to set MOLECULE_DISTRO to a supported image name. See CONTRIBUTING.md"
diff --git a/molecule/ssh_hardening_bsd/molecule.yml b/molecule/ssh_hardening_bsd/molecule.yml
@@ -21,6 +21,8 @@ provisioner:
     defaults:
       interpreter_python: auto_silent
       callbacks_enabled: profile_tasks, timer, yaml
+      # Workaround for https://github.com/ansible-community/molecule-plugins/issues/301
+      library: "${MOLECULE_PROJECT_DIRECTORY}/plugins/modules:/usr/share/ansible:${MOLECULE_VAGRANT_PLUGIN_DIR}"
 verifier:
   name: ansible
   env:
diff --git a/requirements-vm.txt b/requirements-vm.txt
@@ -0,0 +1 @@
+molecule-plugins[vagrant]==25.8.12
diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
-molecule==25.1.0
-molecule-plugins[docker]==23.7.0
-ansible-core==2.18.6
+molecule==25.9.0
+molecule-plugins[docker]==25.8.12
+ansible-core==2.19.3
 docker==7.1.0
 jmespath==1.0.1
 aar-doc==2.3.0
