add CI

.forgejo/workflows/ansible-ci.yml

@@ -0,0 +1,39 @@
+name: Ansible CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint_and_vault_check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install ansible and ansible-lint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: ansible-lint
+
+      - name: Check if all inventory files are ansible-vault encrypted
+        run: |
+          set -e
+          INVENTORY_DIR="./inventory"
+          for file in $(find "$INVENTORY_DIR" -type f); do
+            if ! head -1 "$file" | grep -q '$ANSIBLE_VAULT'; then
+              echo "ERROR: Inventory file $file is NOT ansible-vault encrypted!"
+              exit 1
+            fi
+          done