Merge pull request #303 from dev-sec/cleanup #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "Tests" | |
env: | |
cinc_workstation_version: 23 | |
on: | |
push: | |
branches: | |
- '*' | |
pull_request: | |
branches: | |
- master | |
jobs: | |
cookstyle: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
.cache | |
key: ${{ runner.os }}-${{ env.cinc_workstation_version }} | |
- name: setup environment | |
run: | | |
mkdir -p .cache | |
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }} | |
- name: cookstyle | |
run: | | |
cinc exec cookstyle --fail-level r | |
kitchen-dokken: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
cinc_version: [ '17', '18' ] | |
kitchen_distro: | |
- amazonlinux-1 | |
- amazonlinux-2 | |
- centos-7 | |
- centos-stream-8 | |
- centos-stream-9 | |
- almalinux-8 | |
- almalinux-9 | |
- rockylinux-8 | |
- rockylinux-9 | |
- oracle-7 | |
- oracle-8 | |
- oracle-9 | |
- debian-10 | |
- debian-11 | |
- fedora-37 | |
- fedora-38 | |
# - opensuse-42 # something is broken here | |
- ubuntu-20-04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
.cache | |
key: ${{ runner.os }}-${{ env.cinc_workstation_version }} | |
- name: setup cinc workstation | |
run: | | |
mkdir -p .cache | |
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }} | |
- name: kitchen | |
env: | |
CINC_VERSION: ${{ matrix.cinc_version }} | |
KITCHEN_LOCAL_YAML: .kitchen.dokken.yml | |
run: | | |
kitchen test --color --destroy=always ${{ matrix.kitchen_distro }} | |
kitchen-digitalocean: | |
if: github.repository == 'dev-sec/chef-os-hardening' && success() | |
needs: # run expensive VM tests only if cheap dokken tests are passing | |
- kitchen-dokken | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
cinc_version: [ '18' ] | |
kitchen_distro: | |
- default-centos-7 | |
- default-centos-stream-8 | |
- default-centos-stream-9 | |
- default-almalinux-8 | |
- default-almalinux-9 | |
- default-rockylinux-8 | |
- default-rockylinux-9 | |
- default-ubuntu-20-04 | |
- default-debian-10 | |
- default-debian-11 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
.cache | |
key: ${{ runner.os }}-${{ env.cinc_workstation_version }} | |
- name: setup cinc workstation | |
run: | | |
mkdir -p .cache | |
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }} | |
- name: setup ssh key | |
env: | |
SSH_KEY: ${{ secrets.DO_SSH_KEY }} | |
run: | | |
mkdir -p ~/.ssh | |
echo "$SSH_KEY" > ~/.ssh/id_rsa | |
chmod 700 ~/.ssh | |
chmod 600 ~/.ssh/id_rsa | |
- name: kitchen | |
env: | |
CINC_VERSION: ${{ matrix.cinc_version }} | |
KITCHEN_LOCAL_YAML: .kitchen.do.yml | |
DIGITALOCEAN_SSH_KEY_IDS: ${{ secrets.DO_SSH_KEY_ID }} | |
DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DO_ACCESS_TOKEN }} | |
run: | | |
kitchen test --color --destroy=always ${{ matrix.kitchen_distro }} | |
pass-all-jobs: | |
if: "!(github.repository == 'dev-sec/chef-os-hardening' && startsWith(github.head_ref, 'release/v')) && always()" | |
needs: | |
- cookstyle | |
- kitchen-dokken | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
pass-all-jobs-with-digitalocean: | |
if: "(github.repository == 'dev-sec/chef-os-hardening' && !(startsWith(github.head_ref, 'release/v'))) && always()" | |
needs: | |
- cookstyle | |
- kitchen-dokken | |
- kitchen-digitalocean | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
pass-all-jobs-release: | |
if: "github.repository == 'dev-sec/chef-os-hardening' && startsWith(github.head_ref, 'release/v') && always()" | |
runs-on: ubuntu-latest | |
steps: | |
- name: happy releasing | |
run: | | |
echo "Happy releasing :-)" | |
# this is just a succeessfull placeholder to make release PR pass |