Skip to content

ensure /etc isn't writable by group (#168) #353

ensure /etc isn't writable by group (#168)

ensure /etc isn't writable by group (#168) #353

Workflow file for this run

---
name: CI
'on':
pull_request:
push:
branches:
- master
jobs:
build:
name: Build Rocky9 container image
# Upstream rockylinux:9.3 images don't contain systemd, which means /sbin/init fails.
# A workaround of using "/bin/bash -c 'dnf -y install systemd && /sbin/init'"
# as the container command is flaky.
# This job builds an image using the upstream rockylinux:9.3 image which ensures
# that the image used for the molecule workflow is always updated.
runs-on: ubuntu-22.04
defaults:
run:
working-directory: molecule/images
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
- name: Build image
run: podman build -t rocky93systemd:latest .
- name: Save image
run: podman save --output rocky93systemd.docker rocky93systemd:latest
- name: Upload rocky9 image
uses: actions/upload-artifact@v4
with:
name: rocky93systemd
path: molecule/images/rocky93systemd.docker
molecule:
name: Molecule
runs-on: ubuntu-22.04
needs: build
strategy:
fail-fast: false
matrix:
image:
- 'rockylinux:8.9'
- 'localhost/rocky93systemd'
scenario:
- test1
- test1b
- test1c
- test2
- test3
- test4
- test5
- test6
- test7
- test8
- test9
- test10
- test11
- test12
- test13
- test14
exclude: []
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
- name: Download rocky9 container image
uses: actions/download-artifact@v4
with:
name: rocky93systemd
path: molecule/images/rocky93systemd.docker
if: matrix.image == 'localhost/rocky93systemd'
- name: Load rocky9 container image
run: podman load --input rocky93systemd.docker/rocky93systemd.docker
working-directory: molecule/images
if: matrix.image == 'localhost/rocky93systemd'
- name: Set up Python 3.
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install test dependencies.
run: |
pip3 install -U pip ansible>=2.9.0 molecule-plugins[podman]==23.5.0 yamllint ansible-lint
ansible-galaxy collection install containers.podman:>=1.10.1 # otherwise get https://github.com/containers/ansible-podman-collections/issues/428
- name: Display ansible version
run: ansible --version
- name: Compensate for repo name being different to the role
run: ln -s $(pwd) ../stackhpc.openhpc
- name: Create ansible.cfg with correct roles_path
run: printf '[defaults]\nroles_path=../' >ansible.cfg
- name: Run Molecule tests.
run: molecule test -s ${{ matrix.scenario }}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_IMAGE: ${{ matrix.image }}
checks:
name: Checks
runs-on: ubuntu-22.04
steps:
- name: Check out the codebase.
uses: actions/checkout@v3
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Install test dependencies.
run: |
pip3 install -U ansible ansible-lint
ansible-galaxy collection install containers.podman:>=1.10.1 # otherwise get https://github.com/containers/ansible-podman-collections/issues/428
- name: Display ansible version
run: ansible --version
- name: Compensate for repo name being different to the role
run: ln -s $(pwd) ../stackhpc.openhpc
- name: Create ansible.cfg with correct roles_path
run: printf '[defaults]\nroles_path=../' >ansible.cfg
- name: Run Ansible syntax check
run: ansible-playbook tests/test.yml -i tests/inventory --syntax-check
- name: Run Ansible lint
run: ansible-lint .
- name: Test custom filters
run: ansible-playbook tests/filter.yml -i tests/inventory -i tests/inventory-mock-groups