From 07795e86e8aab348f157c348b673771d34f1d746 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Mon, 11 Aug 2025 15:44:27 +0200
Subject: [PATCH] feat(rockylinux-9): add support

---
 .gitea/workflows/build.yaml   | 56 +++++++++++++--------
 .gitea/workflows/release.yaml | 92 ++++++++++++++++++++++-------------
 Dockerfile.rockylinux9        | 30 ++++++++++++
 Makefile                      | 33 +++++++++++++
 4 files changed, 157 insertions(+), 54 deletions(-)
 create mode 100644 Dockerfile.rockylinux9

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 2d0de9b..6af324f 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -15,31 +15,47 @@ jobs:
   build-arch-linux:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.3.0
-      - uses: docker/setup-qemu-action@v3.6.0
-      - uses: docker/setup-buildx-action@v3.11.1
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
 
-      - name: Build image
-        run: |
-          TAG=latest
+    - name: Build image
+      run: |
+        TAG=latest
 
-          docker buildx build \
-            --file Dockerfile.archlinux \
-            --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-archlinux \
-            .
+        docker buildx build \
+          --file Dockerfile.archlinux \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-archlinux \
+          .
 
   build-rocky-linux-8:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.3.0
-      - uses: docker/setup-qemu-action@v3.6.0
-      - uses: docker/setup-buildx-action@v3.11.1
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
 
-      - name: Build image
-        run: |
-          TAG=latest
+    - name: Build image
+      run: |
+        TAG=latest
 
-          docker buildx build \
-            --file Dockerfile.rockylinux8 \
-            --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-8 \
-            .
+        docker buildx build \
+          --file Dockerfile.rockylinux8 \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-8 \
+          .
+
+  build-rocky-linux-9:
+    runs-on: ubuntu-latest-amd64
+    steps:
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
+
+    - name: Build image
+      run: |
+        TAG=latest
+
+        docker buildx build \
+          --file Dockerfile.rockylinux9 \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-9 \
+          .
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 7a49a2b..50fb800 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -9,53 +9,77 @@ jobs:
   push-arch-linux:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.3.0
-      - uses: docker/setup-qemu-action@v3.6.0
-      - uses: docker/setup-buildx-action@v3.11.1
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
 
-      - uses: docker/login-action@v3.5.0
-        with:
-          registry: git.cryptic.systems
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+    - uses: docker/login-action@v3.5.0
+      with:
+        registry: git.cryptic.systems
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
 
-      - name: Build and push image
-        run: |
-          TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
+    - name: Build and push image
+      run: |
+        TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
 
-          docker buildx build \
-            --file Dockerfile.archlinux \
-            --push \
-            --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-archlinux \
-            .
+        docker buildx build \
+          --file Dockerfile.archlinux \
+          --push \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-archlinux \
+          .
 
   push-rocky-linux-8:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.3.0
-      - uses: docker/setup-qemu-action@v3.6.0
-      - uses: docker/setup-buildx-action@v3.11.1
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
 
-      - uses: docker/login-action@v3.5.0
-        with:
-          registry: git.cryptic.systems
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+    - uses: docker/login-action@v3.5.0
+      with:
+        registry: git.cryptic.systems
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
 
-      - name: Build and push image
-        run: |
-          TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
+    - name: Build and push image
+      run: |
+        TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
 
-          docker buildx build \
-            --file Dockerfile.rockylinux8 \
-            --push \
-            --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-8 \
-            .
+        docker buildx build \
+          --file Dockerfile.rockylinux8 \
+          --push \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-8 \
+          .
+
+  push-rocky-linux-9:
+    runs-on: ubuntu-latest-amd64
+    steps:
+    - uses: actions/checkout@v4.3.0
+    - uses: docker/setup-qemu-action@v3.6.0
+    - uses: docker/setup-buildx-action@v3.11.1
+
+    - uses: docker/login-action@v3.5.0
+      with:
+        registry: git.cryptic.systems
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+
+    - name: Build and push image
+      run: |
+        TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
+
+        docker buildx build \
+          --file Dockerfile.rockylinux9 \
+          --push \
+          --tag git.cryptic.systems/volker.raschek/ansible:${TAG}-rockylinux-9 \
+          .
 
   sync-to-hub-docker-io:
     needs:
     - push-arch-linux
     - push-rocky-linux-8
+    - push-rocky-linux-9
     runs-on: ubuntu-latest
     steps:
     - name: Copy images to docker.io
@@ -65,7 +89,7 @@ jobs:
         apt-get update --yes
         apt-get install --yes skopeo
 
-        for suffix in archlinux rockylinux-8; do
+        for suffix in archlinux rockylinux-8 rockylinux-9; do
           skopeo copy \
             --all \
             --dest-password ${{ secrets.DOCKER_IO_PASSWORD }} \
@@ -74,4 +98,4 @@ jobs:
             --src-username volker.raschek \
               docker://git.cryptic.systems/volker.raschek/ansible:${TAG}-${suffix} \
               docker://docker.io/volkerraschek/ansible:${TAG}-${suffix}
-        done
\ No newline at end of file
+        done
diff --git a/Dockerfile.rockylinux9 b/Dockerfile.rockylinux9
new file mode 100644
index 0000000..50370ae
--- /dev/null
+++ b/Dockerfile.rockylinux9
@@ -0,0 +1,30 @@
+FROM docker.io/library/rockylinux:9
+
+RUN dnf update --assumeyes && \
+    dnf install --assumeyes bash-completion sudo && \
+    dnf install --assumeyes epel-release && \
+    dnf install --assumeyes ansible-core && \
+    dnf install --assumeyes python3.12 python3-boto3 python3-botocore && \
+    dnf remove --assumeyes epel-release && \
+    dnf clean all
+
+# We must change python to 3.12 (default 3.9), to be compliant with ansible-core. Furthermore, we must upgrade pip to
+# latest version. Otherwise is still used pip for python 3.9. At least, we install boto3, which is required for the aws
+# dynamic inventory manually, because the official python-boto3 package is for python 3.9. At least, we install
+# ansible-lint via pip to be able to lint ansible roles.
+RUN ln --symbolic --force /usr/bin/python3.12 /usr/bin/python3 && \
+    curl --fail --silent --location https://bootstrap.pypa.io/get-pip.py --output get-pip.py && \
+    python3 get-pip.py && \
+    pip install ansible-lint boto3
+
+# Create default ansible inventory file
+RUN mkdir --parents /etc/ansible
+RUN echo -e "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
+
+# Remove unnecessary getty and udev targets that result in high CPU usage when
+# using multiple containers with molecule
+# (https://github.com/ansible/molecule/issues/1104)
+RUN rm --recursive --force /lib/systemd/system/systemd*udev* && \
+    rm --recursive --force /lib/systemd/system/getty.target
+
+VOLUME [ "/sys/fs/cgroup", "/tmp", "/run"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
index ddfbafc..4008bb5 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,15 @@ ANSIBLE_RL8_IMAGE_VERSION?=latest
 ANSIBLE_RL8_IMAGE_VERSION_SUFFIX=rockylinux-8
 ANSIBLE_RL8_IMAGE_FULLY_QUALIFIED=${ANSIBLE_RL8_IMAGE_REGISTRY_HOST}/${ANSIBLE_RL8_IMAGE_NAMESPACE}/${ANSIBLE_RL8_IMAGE_REPOSITORY}:${ANSIBLE_RL8_IMAGE_VERSION}-${ANSIBLE_RL8_IMAGE_VERSION_SUFFIX}
 
+# RockyLinux9
+ANSIBLE_RL9_IMAGE_REGISTRY_HOST?=git.cryptic.systems
+ANSIBLE_RL9_IMAGE_REGISTRY_USER?=volker.raschek
+ANSIBLE_RL9_IMAGE_NAMESPACE?=${ANSIBLE_RL8_IMAGE_REGISTRY_USER}
+ANSIBLE_RL9_IMAGE_REPOSITORY:=ansible
+ANSIBLE_RL9_IMAGE_VERSION?=latest
+ANSIBLE_RL9_IMAGE_VERSION_SUFFIX=rockylinux-9
+ANSIBLE_RL9_IMAGE_FULLY_QUALIFIED=${ANSIBLE_RL9_IMAGE_REGISTRY_HOST}/${ANSIBLE_RL9_IMAGE_NAMESPACE}/${ANSIBLE_RL9_IMAGE_REPOSITORY}:${ANSIBLE_RL9_IMAGE_VERSION}-${ANSIBLE_RL9_IMAGE_VERSION_SUFFIX}
+
 # BUILD ANSIBLE ARCHLINUX CONTAINER IMAGE
 # ==============================================================================
 PHONY:=container-image/build/arch-linux
@@ -69,6 +78,30 @@ container-image/push/rocky-linux-8:
 	echo ${ANSIBLE_ARCH_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${ANSIBLE_ARCH_IMAGE_REGISTRY_HOST} --username ${ANSIBLE_ARCH_IMAGE_REGISTRY_USER} --password-stdin
 	${CONTAINER_RUNTIME} push ${ANSIBLE_ARCH_IMAGE_FULLY_QUALIFIED}
 
+# BUILD ANSIBLE RL9 CONTAINER IMAGE
+# ==============================================================================
+PHONY:=container-image/build/rocky-linux-9
+container-image/build/rocky-linux-9:
+	${CONTAINER_RUNTIME} build \
+		--file Dockerfile.rockylinux9 \
+		--no-cache \
+		--pull \
+		--tag ${ANSIBLE_RL9_IMAGE_FULLY_QUALIFIED} \
+		.
+
+# DELETE ANSIBLE RL9 CONTAINER IMAGE
+# ==============================================================================
+PHONY:=container-image/delete/rocky-linux-9
+container-image/delete/rocky-linux-9:
+	- ${CONTAINER_RUNTIME} image rm ${ANSIBLE_RL9_IMAGE_FULLY_QUALIFIED}
+
+# PUSH ANSIBLE RL9 CONTAINER IMAGE
+# ==============================================================================
+PHONY+=container-image/push/rocky-linux-9
+container-image/push/rocky-linux-9:
+	echo ${ANSIBLE_ARCH_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${ANSIBLE_ARCH_IMAGE_REGISTRY_HOST} --username ${ANSIBLE_ARCH_IMAGE_REGISTRY_USER} --password-stdin
+	${CONTAINER_RUNTIME} push ${ANSIBLE_ARCH_IMAGE_FULLY_QUALIFIED}
+
 # PHONY
 # ==============================================================================
 # Declare the contents of the PHONY variable as phony.  We keep that information