I have a project that utilizes Molecule for testing, and I've configured my molecule.yml file to use an unprivileged user (already created on the image pushed to a registry) named molecule during provisioning:
provisioner:
name: ansible
connection_options:
ansible_ssh_user: molecule
I added a small playbook that reproduces the error on Github Actions https://github.com/staticdev/nix-playbook/tree/feature/enable-flakes, it basically install nix package manager with [Ableton/nix role].
When I run molecule test locally, everything works as expected and the provisioning process executes with the molecule user. However, when I push my code to GitHub and trigger the same command in a GitHub Actions workflow, it runs the test with a user named runner, causing issues in my tests.
Why does this override occur specifically in the GA environment and is there a way to bypass or override this behavior? I tried to find something in GA documentation and searching on internet but found nothing relevant.
UPDATE: the initial config I was previously trying an is old way to configure it (below) but new way it the one I am trying now (above). They both work locally but not on GitHub Actions.
provisioner:
name: ansible
config_options:
defaults:
remote_user: molecule
The reason for the error is that the provisioner user (molecule) path was not the default path for the ansible role that I was using but a fallback path. In my test machine I do not have a XDG_CONFIG_HOME set, so it works. But GitHub Actions sets it to use runner user path to do the configs instead of the user I create for molecule images.
The way to bypass it is by forcing GitHub Actions to clean the value of XDG_CONFIG_HOME when running molecule, then everything works:
- name: Run Molecule tests
run: molecule test
env:
PY_COLORS: "1"
ANSIBLE_FORCE_COLOR: "1"
MOLECULE_DISTRO: ${{ matrix.distro }}
XDG_CONFIG_HOME: ""