From da519177cb8a502fd4f9f3b78be7812b687a58eb Mon Sep 17 00:00:00 2001 From: Artem Sidorenko Date: Fri, 10 Nov 2023 10:46:09 +0100 Subject: [PATCH 1/6] Minor: making codespell happy Signed-off-by: Artem Sidorenko --- templates/default/login.defs.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/default/login.defs.erb b/templates/default/login.defs.erb index e294cf5..e51dd63 100644 --- a/templates/default/login.defs.erb +++ b/templates/default/login.defs.erb @@ -181,7 +181,7 @@ ENCRYPT_METHOD SHA512 # Obsoleted by PAM # ================ -# These options are now handled by PAM. Please edit the appropriate file in `/etc/pam.d/` to enable the equivelants of them. +# These options are now handled by PAM. Please edit the appropriate file in `/etc/pam.d/` to enable the equivalents of them. #MOTD_FILE #DIALUPS_CHECK_ENAB #LASTLOG_ENAB From 8273d4e6e0629b1619adcddcf293b9678fdc828e Mon Sep 17 00:00:00 2001 From: Artem Sidorenko Date: Fri, 10 Nov 2023 11:03:37 +0100 Subject: [PATCH 2/6] Deprecation of Ubuntu 18.04 because it's EOL Signed-off-by: Artem Sidorenko --- .github/workflows/test.yml | 2 -- .kitchen.do.yml | 6 ------ .kitchen.dokken.yml | 6 ------ .kitchen.yml | 3 --- 4 files changed, 17 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index afa95ea..44d55d2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -56,7 +56,6 @@ jobs: - fedora-37 - fedora-38 # - opensuse-42 # something is broken here - - ubuntu-18-04 - ubuntu-20-04 steps: - uses: actions/checkout@v3 @@ -93,7 +92,6 @@ jobs: - default-almalinux-9 - default-rockylinux-8 - default-rockylinux-9 - - default-ubuntu-18-04 - default-ubuntu-20-04 - default-debian-10 - default-debian-11 diff --git a/.kitchen.do.yml b/.kitchen.do.yml index 7c3939f..a5b84a7 100644 --- a/.kitchen.do.yml +++ b/.kitchen.do.yml @@ -47,12 +47,6 @@ platforms: lifecycle: post_create: - remote: sleep 10; while pgrep apt-get >/dev/null; do echo "Waiting for apt-get..."; sleep 5; done # let the installation of DO droplet-agent to finish and unlock dpkg -- name: ubuntu-18-04 - driver_config: - image: ubuntu-18-04-x64 - lifecycle: - post_create: - - remote: sleep 10; while pgrep apt-get >/dev/null; do echo "Waiting for apt-get..."; sleep 5; done # let the installation of DO droplet-agent to finish and unlock dpkg - name: ubuntu-20-04 driver_config: image: ubuntu-20-04-x64 diff --git a/.kitchen.dokken.yml b/.kitchen.dokken.yml index 70ca854..5d5428b 100644 --- a/.kitchen.dokken.yml +++ b/.kitchen.dokken.yml @@ -92,12 +92,6 @@ platforms: driver: image: dokken/opensuse-leap pid_one_command: /bin/systemd -- name: ubuntu-18-04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - name: ubuntu-20-04 driver: image: dokken/ubuntu-20.04 diff --git a/.kitchen.yml b/.kitchen.yml index 178ee30..89b8149 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -3,9 +3,6 @@ driver: name: vagrant platforms: -- name: ubuntu-18-04 - driver_config: - box: bento/ubuntu-18.04 - name: ubuntu-20-04 driver_config: box: bento/ubuntu-20.04 From 76796b08f5cae3b2284d196efb04e1b9b0c1e102 Mon Sep 17 00:00:00 2001 From: Artem Sidorenko Date: Fri, 10 Nov 2023 13:35:07 +0100 Subject: [PATCH 3/6] CI: run for all PRs most likely the dokken tests are blocked because of this limitation Signed-off-by: Artem Sidorenko --- .github/workflows/test.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 44d55d2..29d77b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,8 +9,6 @@ on: branches: - '*' pull_request: - types: - - opened branches: - master From d3754809bb5fb302a5edec7a66d10a45bafb0a23 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 12:47:58 +0000 Subject: [PATCH 4/6] Update actions/checkout action to v4 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 6 +++--- .github/workflows/test.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0dcdc83..3bd76ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,7 @@ jobs: - name: get the new tag id: new_tag run: echo "tag=v${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: get last tag information @@ -90,7 +90,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.BOT_PAT }} steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: actions/download-artifact@v3 with: name: CHANGELOG.md @@ -153,7 +153,7 @@ jobs: ${{ secrets.SUPERMARKET_KEY }} EOF - name: checkout cookbook - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: cookbooks/${{ env.cookbook_name }} ref: ${{ needs.version-info.outputs.new_tag }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 29d77b9..b6008bc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ jobs: cookstyle: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/cache@v3 with: path: | @@ -56,7 +56,7 @@ jobs: # - opensuse-42 # something is broken here - ubuntu-20-04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/cache@v3 with: path: | @@ -95,7 +95,7 @@ jobs: - default-debian-11 - default-fedora-38 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/cache@v3 with: path: | From 3bbfe6cedb2fb7c8460191a3724dcc830e738e75 Mon Sep 17 00:00:00 2001 From: Artem Sidorenko Date: Fri, 9 Jun 2023 12:07:46 +0200 Subject: [PATCH 5/6] Removal of Gemfile and Rakefile they are not used anymore, we are using Cinc WS builds Signed-off-by: Artem Sidorenko --- .github/workflows/test.yml | 2 +- Gemfile | 7 ---- Rakefile | 82 -------------------------------------- 3 files changed, 1 insertion(+), 90 deletions(-) delete mode 100644 Gemfile delete mode 100644 Rakefile diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b6008bc..4d30476 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }} - name: cookstyle run: | - cinc exec rake cookstyle + cinc exec cookstyle --fail-level r kitchen-dokken: runs-on: ubuntu-latest diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 13d58ef..0000000 --- a/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -# frozen_string_literal: true - -source 'https://rubygems.org' - -group :tools do - gem 'github_changelog_generator', '~> 1.14' -end diff --git a/Rakefile b/Rakefile deleted file mode 100644 index 8919d54..0000000 --- a/Rakefile +++ /dev/null @@ -1,82 +0,0 @@ -# frozen_string_literal: true - -# rubocop:disable Style/SymbolArray - -require 'rspec/core/rake_task' -require 'base64' -require 'chef/cookbook/metadata' - -# General tasks - -# Rubocop before rspec so we don't lint vendored cookbooks -desc 'Run all tests except Kitchen (default task)' -task default: [:lint, :spec] - -# Lint the cookbook -desc 'Run all linters: rubocop and foodcritic' -task lint: [:cookstyle] - -# Run the whole shebang -desc 'Run all tests' -task test: [:lint, :kitchen, :spec] - -# RSpec -desc 'Run chefspec tests' -task :spec do - puts 'Running Chefspec tests' - RSpec::Core::RakeTask.new(:spec) -end - -desc 'Run cookstyle on cookbooks in this repository' -task :cookstyle do - sh 'cookstyle --fail-level r' -end - -# Automatically generate a changelog for this project. Only loaded if -# the necessary gem is installed. -begin - # read version from metadata - metadata = Chef::Cookbook::Metadata.new - metadata.instance_eval(File.read('metadata.rb')) - - # build changelog - require 'github_changelog_generator/task' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - config.future_release = "v#{metadata.version}" - config.user = 'dev-sec' - config.project = 'chef-os-hardening' - end -rescue LoadError - puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks' -end - -desc 'Run kitchen integration tests' -task :kitchen do - SSH_KEY_FILE = '~/.ssh/ci_id_rsa' - SSH_KEY_ENV_VAR_NAME = 'CI_SSH_KEY' - concurrency = ENV['CONCURRENCY'] || 1 - instance = ENV['INSTANCE'] || '' - args = ENV['CI'] ? '--destroy=always' : '' - - if ENV['CI'] && ENV['KITCHEN_LOCAL_YAML'] == '.kitchen.do.yml' - puts 'Preparing CI environment for DigitalOcean...' - - ['DIGITALOCEAN_ACCESS_TOKEN', 'DIGITALOCEAN_SSH_KEY_IDS', SSH_KEY_ENV_VAR_NAME].each do |var| - unless ENV[var] # rubocop:disable Style/Next - puts "#{var} isn't defined. Skipping the task" - # We are not raising exit 1 as we want our CI tests in the forks to succeed. - # Our forks usually do not have the DO environment variables and are tested via dokken - exit - end - end - - ssh_file = File.expand_path(SSH_KEY_FILE) - dir = File.dirname(ssh_file) - Dir.mkdir(dir, 0o700) unless Dir.exist?(dir) - File.open(ssh_file, 'w') { |f| f.puts Base64.decode64(ENV[SSH_KEY_ENV_VAR_NAME]) } - File.chmod(0o600, ssh_file) - end - - sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{args} #{instance}") -end -# rubocop:enable Style/SymbolArray From 5e176a4298d80550de6b830e6a551d5ba60144a5 Mon Sep 17 00:00:00 2001 From: Artem Sidorenko Date: Mon, 20 Nov 2023 13:59:55 +0100 Subject: [PATCH 6/6] CI: excluding DO Fedora 38 tests as something is broken here Signed-off-by: Artem Sidorenko --- .github/workflows/test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4d30476..6f86a4e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -93,7 +93,6 @@ jobs: - default-ubuntu-20-04 - default-debian-10 - default-debian-11 - - default-fedora-38 steps: - uses: actions/checkout@v4 - uses: actions/cache@v3