From 6166c3f3ea3f85ac244a9572007b92af2380e046 Mon Sep 17 00:00:00 2001
From: = <=>
Date: Sat, 14 Jun 2025 20:18:31 +0200
Subject: [PATCH] add CI

---
 .forgejo/workflows/ansible-ci.yml | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .forgejo/workflows/ansible-ci.yml

diff --git a/.forgejo/workflows/ansible-ci.yml b/.forgejo/workflows/ansible-ci.yml
new file mode 100644
index 0000000..423c38c
--- /dev/null
+++ b/.forgejo/workflows/ansible-ci.yml
@@ -0,0 +1,39 @@
+name: Ansible CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint_and_vault_check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install ansible and ansible-lint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: ansible-lint
+
+      - name: Check if all inventory files are ansible-vault encrypted
+        run: |
+          set -e
+          INVENTORY_DIR="./inventory"
+          for file in $(find "$INVENTORY_DIR" -type f); do
+            if ! head -1 "$file" | grep -q '$ANSIBLE_VAULT'; then
+              echo "ERROR: Inventory file $file is NOT ansible-vault encrypted!"
+              exit 1
+            fi
+          done
\ No newline at end of file