railiance-infra/ansible/roles/goss/tasks/main.yml

---
# Role: goss
# Installs the Goss binary, deploys test files, runs assertions, fetches results.

- name: Set Goss version and paths
  ansible.builtin.set_fact:
    goss_version: "0.4.9"
    goss_bin: /usr/local/bin/goss
    goss_dir: /etc/goss

- name: Create Goss config directory
  ansible.builtin.file:
    path: "{{ goss_dir }}"
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: Download Goss binary
  ansible.builtin.get_url:
    url: "https://github.com/goss-org/goss/releases/download/v{{ goss_version }}/goss-linux-amd64"
    dest: "{{ goss_bin }}"
    mode: "0755"
    checksum: "sha256:https://github.com/goss-org/goss/releases/download/v{{ goss_version }}/goss-linux-amd64.sha256"
  register: goss_download

- name: Copy baseline test file
  ansible.builtin.copy:
    src: "{{ playbook_dir }}/../../goss/baseline.yaml"
    dest: "{{ goss_dir }}/baseline.yaml"
    owner: root
    group: root
    mode: "0644"

- name: Run Goss assertions (TAP output)
  ansible.builtin.command:
    cmd: "{{ goss_bin }} -g {{ goss_dir }}/baseline.yaml validate --format tap"
  register: goss_result
  failed_when: goss_result.rc != 0
  changed_when: false

- name: Ensure local reports directory exists
  ansible.builtin.file:
    path: "{{ playbook_dir }}/../../reports"
    state: directory
    mode: "0755"
  delegate_to: localhost
  become: false

- name: Write TAP report locally
  ansible.builtin.copy:
    content: "{{ goss_result.stdout }}"
    dest: "{{ playbook_dir }}/../../reports/goss-{{ inventory_hostname }}-{{ ansible_date_time.date }}T{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}Z.tap"
    mode: "0644"
  delegate_to: localhost
  become: false
  changed_when: false