Skip to content


Molecule is a testing tool for ansible roles.


pip install molecule

CI configuration

Since gitea supports github actions you can use the setup-molecule and setup-lint actions. For example:

name: Molecule


  PY_COLORS: "1"
    name: Lint
    runs-on: ubuntu-latest
      - name: Checkout the codebase
        uses: actions/checkout@v3

      - name: Setup Lint
        uses: bec-galaxy/setup-lint@{Version}

      - name: Run Lint tests
        run: ansible-lint

    name: Molecule
    runs-on: ubuntu-latest
    needs: lint
      - name: Checkout the codebase
        uses: actions/checkout@v3

      - name: Setup Molecule
        uses: bec-galaxy/setup-molecule@{Version}

      - name: Run Molecule tests
        run: molecule test

That action installs the latest version of the packages, if you need to check a specific version of the packages you may want to create your own step or your own action.


To v5.0.0

They've removed the lint command, the reason behind is that there are two different testing methods which are expected to be run in very different ways. Linting should be run per entire repository. Molecule executions are per scenario and one project can have even >100 scenarios. Running lint on each of them would not only slowdown but also increase the maintenance burden on linter configuration and the way is called.

They recommend users to run ansible-lint using pre-commit with or without tox. That gives much better control over how/when it is updated.

You can see an example on how to do this in the CI configuration section.

To v4.0.0

This version is seen as a clean-up or refactoring release, not expected to require users to change their existing scenarios in order to make use of the new version.


Get variables from the environment

You can configure your molecule.yaml file to read variables from the environment with:

  name: ansible
        my_secret: ${MY_SECRET}

It's useful to have a task that checks if this secret exists:

- name: Verify that the secret is set
    msg: 'Please export my_secret: export MY_SECRET=$(pass show my_secret)'
  run_once: true
  when: my_secret == None

In the CI you can set it as a secret in the repository.


Molecule doesn't find the molecule.yaml file

This is expected default behavior since Molecule searches for scenarios using the molecule/*/molecule.yml glob. But if you would like to change the suffix to yaml, you can do that if you set the MOLECULE_GLOB environment variable like this:

export MOLECULE_GLOB='molecule/*/molecule.yaml'