Merge pull request #44 from dev-sec/new_fedora

add fedora39
dev-sec · Nov 12, 2023 · 2cc83ae · 2cc83ae
2 parents fe635d5 + 6c24000
commit 2cc83ae
Show file tree

Hide file tree

Showing 4 changed files with 121 additions and 0 deletions.
diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml
@@ -31,6 +31,7 @@ jobs:
           - debian12-ansible
           - fedora37-ansible
           - fedora38-ansible
+          - fedora39-ansible
           - opensuse_tumbleweed-ansible
           - openwrt-ansible
           - oracle7-ansible

diff --git a/.github/workflows/fedora39-ansible-latest.yml b/.github/workflows/fedora39-ansible-latest.yml
@@ -0,0 +1,79 @@
+name: fedora39-ansible-latest
+on:
+  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  push:
+    paths:
+      - 'fedora39-ansible-latest/**'
+  pull_request:
+    paths:
+      - 'fedora39-ansible-latest/**'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        dockerimage:
+          - fedora39-ansible
+        platforms:
+          - linux/amd64
+          #- linux/arm64
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build and export to Docker
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          tags: docker-${{ matrix.dockerimage }}:test
+          platforms: ${{ matrix.platforms }}
+          load: true
+      -
+        name: Test
+        run: |
+          docker run --rm docker-${{ matrix.dockerimage }}:test
+      -
+        name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push to ghcr.io
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ They are meant for testing purposes and are mainly used for [dev-sec](https://gi
 | [Amazon Linux 2023][amazon]       | [docker-amazon2023-ansible-latest][]          | [ghcr.io/dev-sec/docker-amazon2023-ansible-latest][]          | [rndmh3ro/docker-amazon2023-ansible-latest][]          |
 | [Fedora 37][fedora]               | [docker-fedora37-ansible-latest][]            | [ghcr.io/dev-sec/docker-fedora37-ansible-latest][]            | [rndmh3ro/docker-fedora37-ansible-latest][]            |
 | [Fedora 38][fedora]               | [docker-fedora38-ansible-latest][]            | [ghcr.io/dev-sec/docker-fedora38-ansible-latest][]            | [rndmh3ro/docker-fedora38-ansible-latest][]            |
+| [Fedora 39][fedora]               | [docker-fedora39-ansible-latest][]            | [ghcr.io/dev-sec/docker-fedora39-ansible-latest][]            | [rndmh3ro/docker-fedora39-ansible-latest][]            |
 | [OpenSuse Tumbleweed][tumbleweed] | [docker-opensuse_tumbleweed-ansible-latest][] | [ghcr.io/dev-sec/docker-opensuse_tumbleweed-ansible-latest][] | [rndmh3ro/docker-opensuse_tumbleweed-ansible-latest][] |
 | [Arch Linux][arch]                | [docker-arch-ansible-latest][]                | [ghcr.io/dev-sec/docker-arch-ansible-latest][]                | [rndmh3ro/docker-arch-ansible-latest][]                |
 | [OpenWRT][openwrt]                | [docker-openwrt-ansible-latest][]             | [ghcr.io/dev-sec/docker-openwrt-ansible-latest][]             | [rndmh3ro/docker-openwrt-ansible-latest][]             |
@@ -62,6 +63,7 @@ Sebastian Gumprich <[email protected]>
 [docker-amazon2023-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/amazon2023-ansible-latest/Dockerfile
 [docker-fedora37-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/fedora37-ansible-latest/Dockerfile
 [docker-fedora38-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/fedora38-ansible-latest/Dockerfile
+[docker-fedora39-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/fedora39-ansible-latest/Dockerfile
 [docker-opensuse_tumbleweed-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/opensuse_tumbleweed-ansible-latest/Dockerfile
 [docker-arch-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/arch-ansible-latest/Dockerfile
 [docker-openwrt-ansible-latest]: https://github.com/rndmh3ro/docker-ansible/blob/master/openwrt-ansible-latest/Dockerfile
@@ -83,6 +85,7 @@ Sebastian Gumprich <[email protected]>
 [ghcr.io/dev-sec/docker-amazon2023-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-amazon2023-ansible
 [ghcr.io/dev-sec/docker-fedora37-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-fedora37-ansible
 [ghcr.io/dev-sec/docker-fedora38-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-fedora38-ansible
+[ghcr.io/dev-sec/docker-fedora39-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-fedora39-ansible
 [ghcr.io/dev-sec/docker-opensuse_tumbleweed-ansible-latest]: https://hub.docker.com/repository/docker/rndmh3ro/docker-opensuse_tumbleweed-ansible
 [ghcr.io/dev-sec/docker-arch-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-arch-ansible
 [ghcr.io/dev-sec/docker-openwrt-ansible-latest]: https://github.com/dev-sec/docker-ansible/pkgs/container/docker-openwrt-ansible
@@ -104,6 +107,7 @@ Sebastian Gumprich <[email protected]>
 [rndmh3ro/docker-amazon2023-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-amazon2023-ansible
 [rndmh3ro/docker-fedora37-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-fedora37-ansible
 [rndmh3ro/docker-fedora38-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-fedora38-ansible
+[rndmh3ro/docker-fedora39-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-fedora39-ansible
 [rndmh3ro/docker-opensuse_tumbleweed-ansible-latest]: https://hub.docker.com/repository/docker/rndmh3ro/docker-opensuse_tumbleweed-ansible
 [rndmh3ro/docker-arch-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-arch-ansible
 [rndmh3ro/docker-openwrt-ansible-latest]: https://hub.docker.com/r/rndmh3ro/docker-openwrt-ansible
diff --git a/fedora39-ansible-latest/Dockerfile b/fedora39-ansible-latest/Dockerfile
@@ -0,0 +1,37 @@
+FROM fedora:39
+LABEL maintainer="Sebastian Gumprich, Nejc Habjan, Diego Louzan, Max Wittig"
+
+# Enable systemd.
+RUN dnf -y install systemd && dnf clean all && \
+    for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \
+    rm -f /lib/systemd/system/multi-user.target.wants/*;\
+    rm -f /etc/systemd/system/*.wants/*;\
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*;\
+    rm -f /lib/systemd/system/anaconda.target.wants/*;
+
+RUN dnf -y update \
+    && dnf -y install ansible python python3-libselinux \
+    && dnf clean all
+
+RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
+
+# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so
+# each `item` is an element of platforms list from the molecule.yml file for this scenario.
+ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
+
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
+CMD [ "ansible-playbook", "--version" ]