DEV Community

Ari Kalfus
Ari Kalfus

Posted on

Test a Million Supported Systems with Molecule + GitHub Actions Matrix

From a comment on the announcement article:

For this contest, you'll only be able to submit projects that you started after this announcement post was published.

Well, I guess I am disqualified. But, leaving this post up as a resource for anyone that may like it.

My Workflow

I am a big fan of Tailscale for a Wireguard VPN mesh. Some months ago, someone requested that Tailscale support an Ansible Galaxy role to set up a Tailscale node. I saw the help wanted tag and knew what I must do.

However, Tailscale supports a large number of operating systems, and I wanted my Tailscale Ansible role to support everything that Tailscale supports. I needed a CI workflow that would test all those systems in parallel whenever I created a new PR.

I still have a few operating systems to add support for (dreading Windows and OSX for the CI difficulties they present), but I currently run tests against 10 operating systems in parallel using a GitHub Action workflow to spawn dynamic Action jobs that each run Molecule against a single system. This leverages a GitHub Action matrix.

Submission Category:

Maintainer Must-Haves

Yaml File or Link to Code

GitHub logo artis3n / ansible-role-tailscale

Ansible role to install and enable a Tailscale node.


GitHub Workflow Status (branch) GitHub release (latest SemVer including pre-releases) GitHub last commit GitHub GitHub followers Twitter Follow

This role initializes a Tailscale node.

Find supported operating systems on this role's Ansible Galaxy page.


You must supply a tailscale_auth_key variable, which can be generated under your Tailscale account at

Role Variables



An ansible-vault encrypted variable containing a Tailscale Node Authorization auth key.

A Node Authorization auth key can be generated under your Tailscale account at

Encrypt this variable with the following command:

ansible-vault encrypt_string --vault-id '[AUTH KEY VALUE HERE]' --name 'tailscale_auth_key'
Enter fullscreen mode Exit fullscreen mode

See Ansible's documentation for an explanation of the ansible-vault encrypt_string command syntax.


Default: stable

Whether to use the Tailscale stable or unstable track.


Stable releases. If you're not sure which track to use, pick this one.


The bleeding edge. Pushed early and often. Expect rough edges!


Pass any additional command-line arguments to tailscale up.


The Ansible role can be found on Ansible Galaxy here.

The key for this GitHub Action matrix workflow to work is the following setup in my molecule.yml file:

  - name: instance
    image: ${MOLECULE_DISTRO:-geerlingguy/docker-centos7-ansible:latest}
Enter fullscreen mode Exit fullscreen mode

From there, I can set up which systems to run Molecule against with a matrix:

    runs-on: ubuntu-latest

          - geerlingguy/docker-centos7-ansible:latest
          - geerlingguy/docker-centos8-ansible:latest
          - geerlingguy/docker-amazonlinux2-ansible:latest
          - geerlingguy/docker-ubuntu2004-ansible:latest
          - geerlingguy/docker-ubuntu1804-ansible:latest
          - geerlingguy/docker-ubuntu1604-ansible:latest
          - geerlingguy/docker-debian10-ansible:latest
          - geerlingguy/docker-debian9-ansible:latest
          - geerlingguy/docker-fedora31-ansible:latest
          - artis3n/docker-arch-ansible:latest
      fail-fast: false

Enter fullscreen mode Exit fullscreen mode

Important! - You don't want to forget fail-fast: false.
This stops the action workflow from stopping whenever a single job fails. We want each spawned job to run in isolation from the others, so we can independently see which systems are good and which have issues.

Then, we just need a single job definition that uses the distro matrix variable. GitHub Actions will automatically spawn a job for each item in the matrix.

- name: Molecule
        run: echo "${{ secrets.VAULT_PASS }}" > /home/runner/work/_temp/.vault-ci-pass && ANSIBLE_VAULT_PASSWORD_FILE=/home/runner/work/_temp/.vault-ci-pass pipenv run molecule test
          MOLECULE_DISTRO: "${{ matrix.distros }}"
Enter fullscreen mode Exit fullscreen mode

This spawns a job for each matrix distribution:

Actions workflow 10 spawned jobs

Additional Resources / Info

Top comments (0)