Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…keleton

# Conflicts:
#	.github/dependabot.yml
#	meta/main.yml
#	molecule/default/prepare.yml
  • Loading branch information
mcdonnnj committed Jun 2, 2024
2 parents 2fee23f + 9e3015c commit 2eae7ff
Show file tree
Hide file tree
Showing 11 changed files with 253 additions and 25 deletions.
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,15 @@ updates:
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
<<<<<<< HEAD
# Managed by cisagov/skeleton-ansible-role

Check failure on line 23 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

23:7 syntax error: could not find expected ':' (syntax)

Check failure on line 23 in .github/dependabot.yml

View workflow job for this annotation

GitHub Actions / lint

23:7 syntax error: could not find expected ':' (syntax)
- dependency-name: github/codeql-action
=======
# # Managed by cisagov/skeleton-ansible-role
# - dependency-name: docker/setup-buildx-action
# - dependency-name: docker/setup-qemu-action
# - dependency-name: github/codeql-action
>>>>>>> 9e3015cd6965dedb779cafd71c27889a1cc16efc
package-ecosystem: github-actions
schedule:
interval: weekly
Expand Down
27 changes: 26 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -168,12 +168,30 @@ jobs:
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
test:
name: >-
test (${{ matrix.scenario }}) -
${{ matrix.platform }}-${{ matrix.architecture }}
needs:
- diagnostics
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
architecture:
- amd64
- arm64
platform:
- amazonlinux2023-systemd
- debian10-systemd
- debian11-systemd
- debian12-systemd
- debian13-systemd
- fedora39-systemd
- fedora40-systemd
- kali-systemd
- ubuntu-20-systemd
- ubuntu-22-systemd
- ubuntu-24-systemd
scenario:
- default
steps:
Expand Down Expand Up @@ -204,8 +222,15 @@ jobs:
run: |
python -m pip install --upgrade pip
pip install --upgrade --requirement requirements-test.txt
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Run molecule tests
run: molecule test --scenario-name ${{ matrix.scenario }}
run: >-
molecule test
--platform-name ${{ matrix.platform }}-${{ matrix.architecture }}
--scenario-name ${{ matrix.scenario }}
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
5 changes: 3 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -125,8 +125,9 @@ repos:
rev: 1.7.7
hooks:
- id: bandit
# Bandit complains about the use of assert() in tests
exclude: molecule/(default|systemd_enabled)/tests
# Bandit complains about the use of assert() in tests. This should cover
# the tests/ subdirectory for any molecule scenario.
exclude: molecule/[^/]+/tests
args:
- --config=.bandit.yml
- repo: https://github.com/psf/black-pre-commit-mirror
Expand Down
12 changes: 11 additions & 1 deletion meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,13 @@ galaxy_info:
company: CISA Cyber Assessments
description: Install prerequisites and configure grub to handle NVMe drives.
galaxy_tags:
<<<<<<< HEAD
- nvme
license: CC0

Check failure on line 15 in meta/main.yml

View workflow job for this annotation

GitHub Actions / lint

15:10 syntax error: could not find expected ':' (syntax)

Check failure on line 15 in meta/main.yml

View workflow job for this annotation

GitHub Actions / lint

15:10 syntax error: could not find expected ':' (syntax)
=======
- skeleton
license: CC0-1.0
>>>>>>> 9e3015cd6965dedb779cafd71c27889a1cc16efc
# With the release of version 2.10, Ansible finally correctly
# identifies Kali Linux as being the Kali distribution of the Debian
# OS family. This simplifies a lot of things for roles that support
Expand All @@ -31,14 +36,19 @@ galaxy_info:
- trixie
- name: Fedora
versions:
- "38"
- "39"
- "40"
- name: Kali
versions:
- "2023"
- name: Ubuntu
versions:
- focal
- jammy
<<<<<<< HEAD
role_name: nvme
=======
- noble
role_name: skeleton
>>>>>>> 9e3015cd6965dedb779cafd71c27889a1cc16efc
standalone: true
49 changes: 49 additions & 0 deletions molecule/default/externally-managed-python.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
# This is in place to restore a destructive action in geerlingguy's Ansible
# Docker images that we use for testing. The change is fine for the intended
# purpose of the images but not for how we use them.
- name: Ensure Python is marked as externally managed if appropriate
hosts: all
become: true
become_method: ansible.builtin.sudo
tasks:
- name: Ensure Python is marked as externally managed
when:
- ansible_distribution in ["Debian", "Ubuntu"]
- ansible_distribution_release not in ["bullseye", "buster", "focal", "jammy"]
block:
- name: Gather package facts
ansible.builtin.package_facts:
manager: auto

- name: Ensure the EXTERNALLY-MANAGED file is present if Python 3 is installed
when: '"python3" in ansible_facts.packages'
block:
# This gets a unique list of installed Python packages in the form of major.minor
# by taking the list of installed Python packages and:
# 1. Extracting the version from each package's information
# 2. Removing any version information after the major.minor version
# 3. Ensuring there are no duplicates
#
# NOTE:
# Since the value of python_versions is a multiline string, the regex expressions used in
# the regex_replace filter must use single backslashes for special sequences. If the value
# of python_versions were to be changed from a multiline string, the special sequences
# must be modified to use double backslashes instead. This is due to how the YAML is
# processed when Ansible reads the playbook.
- name: Extract version information about installed Python packages
ansible.builtin.set_fact:
python_versions: >-
{{
ansible_facts.packages["python3"]
| map(attribute="version")
| map("regex_replace", "^(\d+\.\d+)\.\d+.*$", "\1")
| unique
}}
- name: Restore EXTERNALLY-MANAGED file for Python
ansible.builtin.template:
dest: /usr/lib/python{{ item }}/EXTERNALLY-MANAGED
mode: 0644
src: EXTERNALLY-MANAGED.j2
loop: "{{ python_versions }}"
130 changes: 119 additions & 11 deletions molecule/default/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,61 +7,115 @@ platforms:
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-amazonlinux2023-ansible:latest
name: amazonlinux2023-systemd
name: amazonlinux2023-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-amazonlinux2023-ansible:latest
name: amazonlinux2023-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian10-ansible:latest
name: debian10-systemd
name: debian10-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian10-ansible:latest
name: debian10-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian11-ansible:latest
name: debian11-systemd
name: debian11-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian11-ansible:latest
name: debian11-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian12-ansible:latest
name: debian12-systemd
name: debian12-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-debian12-ansible:latest
name: debian12-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/cisagov/docker-debian13-ansible:latest
name: debian13-systemd
name: debian13-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/cisagov/docker-debian13-ansible:latest
name: debian13-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/cisagov/docker-kali-ansible:latest
name: kali-systemd
name: kali-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-fedora38-ansible:latest
name: fedora38-systemd
image: docker.io/cisagov/docker-kali-ansible:latest
name: kali-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-fedora39-ansible:latest
name: fedora39-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
Expand All @@ -70,30 +124,84 @@ platforms:
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-fedora39-ansible:latest
name: fedora39-systemd
name: fedora39-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-fedora40-ansible:latest
name: fedora40-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-fedora40-ansible:latest
name: fedora40-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
name: ubuntu-20-systemd
name: ubuntu-20-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
name: ubuntu-20-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest
name: ubuntu-22-systemd
name: ubuntu-22-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest
name: ubuntu-22-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2404-ansible:latest
name: ubuntu-24-systemd-amd64
platform: amd64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- cgroupns_mode: host
command: /lib/systemd/systemd
image: docker.io/geerlingguy/docker-ubuntu2404-ansible:latest
name: ubuntu-24-systemd-arm64
platform: arm64
pre_build_image: true
privileged: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
scenario:
name: default
verifier:
Expand Down
5 changes: 5 additions & 0 deletions molecule/default/prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
- name: Import upgrade playbook
ansible.builtin.import_playbook: upgrade.yml

<<<<<<< HEAD
# The kmod package is installed anywhere we would be applying this

Check failure on line 6 in molecule/default/prepare.yml

View workflow job for this annotation

GitHub Actions / lint

6:1 syntax error: could not find expected ':' (syntax)

Check failure on line 6 in molecule/default/prepare.yml

View workflow job for this annotation

GitHub Actions / lint

6:1 syntax error: could not find expected ':' (syntax)
# Ansible role
- name: Prepare
Expand All @@ -10,3 +11,7 @@
- name: Install kmod
ansible.builtin.package:
name: kmod
=======
- name: Import externally-managed-python playbook
ansible.builtin.import_playbook: externally-managed-python.yml
>>>>>>> 9e3015cd6965dedb779cafd71c27889a1cc16efc
Loading

0 comments on commit 2eae7ff

Please sign in to comment.