A simple web application, to mimic the v3 API endpoints for Ansible Galaxy Collections, with no database, just a directory with artifacts
-
go install github.com/sivel/amanda@latest(You can use theGOBINenv variable to install to a custom location). Binary artifacts can also be found for a variety of OSes and architectures at https://github.com/sivel/amanda/actions/workflows/build.yml -
Create a directory to hold the artifacts, which by default is named
artifactsand lives in the current working directory -
Drop
ansible-galaxy collection build/downloadartifacts in theartifactsdirectory -
Run the app:
./amanda -artifacts=/path/to/artifacts -
Install collections:
ansible-galaxy collection install -s http://hostname:5000/api namespace.collection
docker run --rm -d -p 5000:5000 -v /path/to/artifacts:/artifacts ghcr.io/sivel/amanda:latestamanda now includes a basic HTML UI, disabled by default, that can be enabled using the -ui flag, accessible by default at http://hostname:5000/
./amanda -uiIf you want to be able to use ansible-galaxy collection publish you can enable the functionality in amanda with -publish.
./amanda -publishThis application does not and will not handle any form of authentication or role based access controls; If you enable publishing it is highly recommended to use a reverse proxy that has authentication functionality that you can place in front of amanda to prevent unauthorized uploads.
Publishing does not support the ability to upload a signature.
Alongside the .tar.gz artifact for a collection, create a file with the same base name and a .asc extension.
A quick example on creating and verifying the signature:
cd collections/ansible_collections/namespace/name
ansible-galaxy collection build
tar -Oxzf namespace-name-1.0.0.tar.gz MANIFEST.json | gpg \
--output namespace-name-1.0.0.asc --detach-sign --armor \
--local-user [email protected] -
tar -Oxzf namespace-name-1.0.0.tar.gz MANIFEST.json | gpg \
--verify namespace-name-1.0.0.asc -