ensure /etc isn't writable by group (#168) #353
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
'on': | |
pull_request: | |
push: | |
branches: | |
- master | |
jobs: | |
build: | |
name: Build Rocky9 container image | |
# Upstream rockylinux:9.3 images don't contain systemd, which means /sbin/init fails. | |
# A workaround of using "/bin/bash -c 'dnf -y install systemd && /sbin/init'" | |
# as the container command is flaky. | |
# This job builds an image using the upstream rockylinux:9.3 image which ensures | |
# that the image used for the molecule workflow is always updated. | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: molecule/images | |
steps: | |
- name: Check out the codebase. | |
uses: actions/checkout@v4 | |
- name: Build image | |
run: podman build -t rocky93systemd:latest . | |
- name: Save image | |
run: podman save --output rocky93systemd.docker rocky93systemd:latest | |
- name: Upload rocky9 image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rocky93systemd | |
path: molecule/images/rocky93systemd.docker | |
molecule: | |
name: Molecule | |
runs-on: ubuntu-22.04 | |
needs: build | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- 'rockylinux:8.9' | |
- 'localhost/rocky93systemd' | |
scenario: | |
- test1 | |
- test1b | |
- test1c | |
- test2 | |
- test3 | |
- test4 | |
- test5 | |
- test6 | |
- test7 | |
- test8 | |
- test9 | |
- test10 | |
- test11 | |
- test12 | |
- test13 | |
- test14 | |
exclude: [] | |
steps: | |
- name: Check out the codebase. | |
uses: actions/checkout@v4 | |
- name: Download rocky9 container image | |
uses: actions/download-artifact@v4 | |
with: | |
name: rocky93systemd | |
path: molecule/images/rocky93systemd.docker | |
if: matrix.image == 'localhost/rocky93systemd' | |
- name: Load rocky9 container image | |
run: podman load --input rocky93systemd.docker/rocky93systemd.docker | |
working-directory: molecule/images | |
if: matrix.image == 'localhost/rocky93systemd' | |
- name: Set up Python 3. | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: Install test dependencies. | |
run: | | |
pip3 install -U pip ansible>=2.9.0 molecule-plugins[podman]==23.5.0 yamllint ansible-lint | |
ansible-galaxy collection install containers.podman:>=1.10.1 # otherwise get https://github.com/containers/ansible-podman-collections/issues/428 | |
- name: Display ansible version | |
run: ansible --version | |
- name: Compensate for repo name being different to the role | |
run: ln -s $(pwd) ../stackhpc.openhpc | |
- name: Create ansible.cfg with correct roles_path | |
run: printf '[defaults]\nroles_path=../' >ansible.cfg | |
- name: Run Molecule tests. | |
run: molecule test -s ${{ matrix.scenario }} | |
env: | |
PY_COLORS: '1' | |
ANSIBLE_FORCE_COLOR: '1' | |
MOLECULE_IMAGE: ${{ matrix.image }} | |
checks: | |
name: Checks | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out the codebase. | |
uses: actions/checkout@v3 | |
- name: Set up Python 3. | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.9' | |
- name: Install test dependencies. | |
run: | | |
pip3 install -U ansible ansible-lint | |
ansible-galaxy collection install containers.podman:>=1.10.1 # otherwise get https://github.com/containers/ansible-podman-collections/issues/428 | |
- name: Display ansible version | |
run: ansible --version | |
- name: Compensate for repo name being different to the role | |
run: ln -s $(pwd) ../stackhpc.openhpc | |
- name: Create ansible.cfg with correct roles_path | |
run: printf '[defaults]\nroles_path=../' >ansible.cfg | |
- name: Run Ansible syntax check | |
run: ansible-playbook tests/test.yml -i tests/inventory --syntax-check | |
- name: Run Ansible lint | |
run: ansible-lint . | |
- name: Test custom filters | |
run: ansible-playbook tests/filter.yml -i tests/inventory -i tests/inventory-mock-groups |