Fix AWX job status validation to check actual job result

Ryan Williams · claude · Ryan Williams · commit 0fbb4f90c07a · 2025-10-15T20:19:40.000-07:00
The previous fix in PR #402 was checking steps.awx_job.outcome, which only validates that the fitbeard/action-trigger-awx action itself ran successfully. However, the action always exits with success even when the AWX job fails, because it only exits non-zero during its own validation steps, not based on the Ansible playbook execution result. This fix now: 1. Checks if the action step itself succeeded (steps.awx_job.outcome) 2. Retrieves the job_id output from the action 3. Queries the AWX API directly to check the actual job status 4. Fails the workflow if the job status is "failed" or if the failed flag is true 5. Fails if the status is anything other than "successful" This ensures that AWX/Ansible failures (SOPS errors, unreachable hosts, task failures, etc.) properly fail the GitHub Actions workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/actions/ansible/action.yml b/.github/actions/ansible/action.yml
@@ -77,9 +77,42 @@ runs:
       if: always()
       shell: bash
       run: |
-        # Check if the AWX job step succeeded
+        # First check if the AWX action step itself failed
         if [[ "${{ steps.awx_job.outcome }}" != "success" ]]; then
-          echo "::error::AWX job failed or was cancelled"
+          echo "::error::AWX action step failed or was cancelled"
           exit 1
         fi
 
+        # Now check the actual AWX job status using the job ID
+        JOB_ID="${{ steps.awx_job.outputs.job_id }}"
+
+        if [[ -z "$JOB_ID" ]]; then
+          echo "::error::No job ID returned from AWX"
+          exit 1
+        fi
+
+        echo "Checking status of AWX job $JOB_ID"
+
+        # Query AWX API for job status
+        RESPONSE=$(curl -s -k -H "Authorization: Bearer ${{ env.AWX_OAUTH_TOKEN }}" \
+          "${{ env.AWX_HOST }}/api/v2/jobs/$JOB_ID/")
+
+        STATUS=$(echo "$RESPONSE" | grep -o '"status":"[^"]*"' | cut -d'"' -f4)
+        FAILED=$(echo "$RESPONSE" | grep -o '"failed":[^,}]*' | cut -d':' -f2)
+
+        echo "Job status: $STATUS"
+        echo "Failed flag: $FAILED"
+
+        # Check if job failed
+        if [[ "$STATUS" == "failed" ]] || [[ "$FAILED" == "true" ]]; then
+          echo "::error::AWX job $JOB_ID failed"
+          exit 1
+        fi
+
+        if [[ "$STATUS" != "successful" ]]; then
+          echo "::error::AWX job $JOB_ID did not complete successfully (status: $STATUS)"
+          exit 1
+        fi
+
+        echo "AWX job $JOB_ID completed successfully"
+
