I maintain a large number of Ansible Galaxy roles, and publish hundreds of new releases every year. If the process weren't fully automated, there would be no way I could keep up with it. For Galaxy roles, the process of tagging and publishing a new release is very simple, because Ansible Galaxy ties the role strongly to GitHub's release system. All that's needed is a webhook in your
.travis.yml file (if using Travis CI):
For collections, Ansible Galaxy actually hosts an artifact—a .tar.gz file containing the collection contents. This offers some benefits that I won't get into here, but also a challenge: someone has to build and upload that artifact... and that takes more than one or two lines added to a
Until recently, I had been publishing collection releases manually. The process went something like:
galaxy.ymlmanually, making sure the "version" key has the tag I'm planning on pushing.
- Push all changes, make sure tests are passing.
- Tag a new release (e.g.
1.2.3), and push it to GitHub.
ansible-galaxy collection buildto build the release artifact (a
.tar.gzfile) in the collection directory.
- Make sure the file
~/.ansible/galaxy_tokenhas my Ansible Galaxy token (for authentication).
ansible-galaxy collection publish ./geerlingguy-php_roles-1.2.3.tar.gzin the collection directory.
After all that, a new release is ready. Compare that to what I'm used to doing for roles:
git tag 1.2.3 git push --tags
The collections process is a lot more involved, to be sure!
Automating the collection release process
I wanted the workflow to be the same for collections, so I've built a small Ansible deploy.yml playbook that handles the process for me, and is run only on
tag builds in Travis CI (other CI systems like GitHub Actions are similar—you would just need to call this playbook in a different place, and only on
The playbook does the following:
- Writes the value of
~/.ansible/galaxy_token(the entire pre_tasks section could be dropped if this Ansible issue is fixed.
- Writes the
galaxy.ymlfile with the new git tag.
- Builds the collection artifact.
- Publishes the collection artifact.
.travis.yml file, I added the following to ensure this
deploy.yml playbook is only run on tag builds:
script: ansible-playbook -i 'localhost,' scripts/deploy.yml -e "tag=$TRAVIS_TAG"
$TRAVIS_TAG contains the current tag being built (e.g.
You could use this playbook in CI, or if you're going to manually push up a new collection artifact version, it could be used to make that process a little less prone to error.