Skip to content

Merge pull request #303 from dev-sec/cleanup #123

Merge pull request #303 from dev-sec/cleanup

Merge pull request #303 from dev-sec/cleanup #123

Workflow file for this run

---
name: "Tests"
env:
cinc_workstation_version: 23
on:
push:
branches:
- '*'
pull_request:
branches:
- master
jobs:
cookstyle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
.cache
key: ${{ runner.os }}-${{ env.cinc_workstation_version }}
- name: setup environment
run: |
mkdir -p .cache
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }}
- name: cookstyle
run: |
cinc exec cookstyle --fail-level r
kitchen-dokken:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cinc_version: [ '17', '18' ]
kitchen_distro:
- amazonlinux-1
- amazonlinux-2
- centos-7
- centos-stream-8
- centos-stream-9
- almalinux-8
- almalinux-9
- rockylinux-8
- rockylinux-9
- oracle-7
- oracle-8
- oracle-9
- debian-10
- debian-11
- fedora-37
- fedora-38
# - opensuse-42 # something is broken here
- ubuntu-20-04
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
.cache
key: ${{ runner.os }}-${{ env.cinc_workstation_version }}
- name: setup cinc workstation
run: |
mkdir -p .cache
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }}
- name: kitchen
env:
CINC_VERSION: ${{ matrix.cinc_version }}
KITCHEN_LOCAL_YAML: .kitchen.dokken.yml
run: |
kitchen test --color --destroy=always ${{ matrix.kitchen_distro }}
kitchen-digitalocean:
if: github.repository == 'dev-sec/chef-os-hardening' && success()
needs: # run expensive VM tests only if cheap dokken tests are passing
- kitchen-dokken
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cinc_version: [ '18' ]
kitchen_distro:
- default-centos-7
- default-centos-stream-8
- default-centos-stream-9
- default-almalinux-8
- default-almalinux-9
- default-rockylinux-8
- default-rockylinux-9
- default-ubuntu-20-04
- default-debian-10
- default-debian-11
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
.cache
key: ${{ runner.os }}-${{ env.cinc_workstation_version }}
- name: setup cinc workstation
run: |
mkdir -p .cache
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }}
- name: setup ssh key
env:
SSH_KEY: ${{ secrets.DO_SSH_KEY }}
run: |
mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_rsa
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
- name: kitchen
env:
CINC_VERSION: ${{ matrix.cinc_version }}
KITCHEN_LOCAL_YAML: .kitchen.do.yml
DIGITALOCEAN_SSH_KEY_IDS: ${{ secrets.DO_SSH_KEY_ID }}
DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DO_ACCESS_TOKEN }}
run: |
kitchen test --color --destroy=always ${{ matrix.kitchen_distro }}
pass-all-jobs:
if: "!(github.repository == 'dev-sec/chef-os-hardening' && startsWith(github.head_ref, 'release/v')) && always()"
needs:
- cookstyle
- kitchen-dokken
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
pass-all-jobs-with-digitalocean:
if: "(github.repository == 'dev-sec/chef-os-hardening' && !(startsWith(github.head_ref, 'release/v'))) && always()"
needs:
- cookstyle
- kitchen-dokken
- kitchen-digitalocean
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
pass-all-jobs-release:
if: "github.repository == 'dev-sec/chef-os-hardening' && startsWith(github.head_ref, 'release/v') && always()"
runs-on: ubuntu-latest
steps:
- name: happy releasing
run: |
echo "Happy releasing :-)"
# this is just a succeessfull placeholder to make release PR pass