From 76950b7dde9f6cb031b7e7c4a0586370451ef427 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 23 Jan 2024 20:08:29 +0000 Subject: [PATCH] add podman molecule and github action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .github/workflows/molecule.yml | 25 ++++++++ molecule/podman/molecule.yml | 110 +++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 .github/workflows/molecule.yml create mode 100644 molecule/podman/molecule.yml diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 00000000..2b883ebd --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,25 @@ +--- +name: Molecule testing workflow +on: + workflow_dispatch: + schedule: + - cron: "30 5 * * */3" +jobs: + Molecule: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install system dependencies + run: | + sudo apt-get --assume-yes install podman python3-pip slirp4netns uidmap --no-install-recommends + python3 -m pip install --user -U ansible ansible-lint molecule-plugins[podman] + + - name: Run ansible-lint + run: | + ansible-lint + + - name: Run molecule + run: | + molecule test -s podman diff --git a/molecule/podman/molecule.yml b/molecule/podman/molecule.yml new file mode 100644 index 00000000..dc876ea8 --- /dev/null +++ b/molecule/podman/molecule.yml @@ -0,0 +1,110 @@ +--- +dependency: + name: galaxy + enabled: true +driver: + name: podman +provisioner: + name: ansible + config_options: + defaults: + callback_whitelist: profile_tasks + playbooks: + converge: ../default/converge.yml + verify: ../default/verify.yml + log: true + inventory: + host_vars: + almalinux9: + enable_timesyncd: false + sshd_admin_net: + - "0.0.0.0/0" + sshd_allow_groups: + - vagrant + - sudo + sshd_host_keys_group: ssh_keys + sshd_update_moduli: true + bookworm: + ansible_become_pass: vagrant + ansible_python_interpreter: /usr/bin/python3 + disable_wireless: false + sshd_admin_net: + - "0.0.0.0/0" + sshd_allow_groups: + - vagrant + - sudo + sshd_update_moduli: true + system_upgrade: false + jammy: + disable_ipv6: true + block_blacklisted: true + disable_wireless: true + sshd_admin_net: + - "0.0.0.0/0" + sshd_allow_groups: + - vagrant + - sudo + suid_sgid_permissions: false + sshd_match_users: + - user: testuser01 + rules: + - AllowUsers testuser01 + - AuthenticationMethods password + - PasswordAuthentication yes + - user: testuser02 + rules: + - AllowUsers testuser02 + - Banner none +platforms: + - name: almalinux9 + image: docker.io/almalinux:9 + privileged: true + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - name: bookworm + image: docker.io/debian:bookworm + privileged: true + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - name: jammy + image: docker.io/ubuntu:jammy + privileged: true + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +verifier: + name: ansible +scenario: + name: podman + create_sequence: + - dependency + - create + - prepare + check_sequence: + - dependency + - cleanup + - destroy + - create + - prepare + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - prepare + - converge + destroy_sequence: + - dependency + - cleanup + - destroy + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - verify + - cleanup + - destroy