Skip to content

Commit 2d7b319

Browse files
uk-bollyuk-bolly
authored
Merge pull request #91 from ansible-lockdown/devel
CIS Version: 2.1.0 - March 24 updates
2 parents 20bb0ec + 39f6166 commit 2d7b319

12 files changed

+287
-513
lines changed

.github/workflows/OS.tfvars

-9
This file was deleted.

.github/workflows/devel_pipeline_validation.yml

+136-135
Original file line numberDiff line numberDiff line change
@@ -1,138 +1,139 @@
11
---
22

3-
name: Devel pipeline
4-
5-
on: # yamllint disable-line rule:truthy
6-
pull_request_target:
7-
types: [opened, reopened, synchronize]
8-
branches:
9-
- devel
10-
paths:
11-
- '**.yml'
12-
- '**.sh'
13-
- '**.j2'
14-
- '**.ps1'
15-
- '**.cfg'
16-
17-
# A workflow run is made up of one or more jobs
18-
# that can run sequentially or in parallel
19-
jobs:
20-
# This will create messages for first time contributers and direct them to the Discord server
21-
welcome:
22-
runs-on: ubuntu-latest
23-
24-
steps:
25-
- uses: actions/first-interaction@main
26-
with:
27-
repo-token: ${{ secrets.GITHUB_TOKEN }}
28-
pr-message: |-
29-
Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
30-
Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.
31-
32-
# This workflow contains a single job which tests the playbook
33-
playbook-test:
34-
# The type of runner that the job will run on
35-
runs-on: ubuntu-latest
36-
env:
37-
ENABLE_DEBUG: ${{ vars.ENABLE_DEBUG }}
38-
# Imported as a variable by terraform
39-
TF_VAR_repository: ${{ github.event.repository.name }}
40-
defaults:
41-
run:
42-
shell: bash
43-
working-directory: .github/workflows/github_linux_IaC
44-
45-
steps:
46-
- name: Clone ${{ github.event.repository.name }}
47-
uses: actions/checkout@v3
3+
name: Devel pipeline
4+
5+
on: # yamllint disable-line rule:truthy
6+
pull_request_target:
7+
types: [opened, reopened, synchronize]
8+
branches:
9+
- devel
10+
paths:
11+
- '**.yml'
12+
- '**.sh'
13+
- '**.j2'
14+
- '**.ps1'
15+
- '**.cfg'
16+
17+
# A workflow run is made up of one or more jobs
18+
# that can run sequentially or in parallel
19+
jobs:
20+
# This will create messages for first time contributers and direct them to the Discord server
21+
welcome:
22+
runs-on: ubuntu-latest
23+
24+
steps:
25+
- uses: actions/first-interaction@main
4826
with:
49-
ref: ${{ github.event.pull_request.head.sha }}
50-
51-
# Pull in terraform code for linux servers
52-
- name: Clone github IaC plan
53-
uses: actions/checkout@v3
54-
with:
55-
repository: ansible-lockdown/github_linux_IaC
56-
path: .github/workflows/github_linux_IaC
57-
58-
- name: Add_ssh_key
59-
working-directory: .github/workflows
60-
env:
61-
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
62-
PRIVATE_KEY: "${{ secrets.SSH_PRV_KEY }}"
63-
run: |
64-
mkdir .ssh
65-
chmod 700 .ssh
66-
echo $PRIVATE_KEY > .ssh/github_actions.pem
67-
chmod 600 .ssh/github_actions.pem
68-
69-
- name: DEBUG - Show IaC files
70-
if: env.ENABLE_DEBUG == 'true'
71-
run: |
72-
echo "OSVAR = $OSVAR"
73-
echo "benchmark_type = $benchmark_type"
74-
pwd
75-
ls
76-
env:
77-
# Imported from github variables this is used to load the relvent OS.tfvars file
78-
OSVAR: ${{ vars.OSVAR }}
79-
benchmark_type: ${{ vars.BENCHMARK_TYPE }}
80-
81-
- name: Terraform_Init
82-
id: init
83-
run: terraform init
84-
env:
85-
# Imported from github variables this is used to load the relvent OS.tfvars file
86-
OSVAR: ${{ vars.OSVAR }}
87-
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
88-
89-
- name: Terraform_Validate
90-
id: validate
91-
run: terraform validate
92-
env:
93-
# Imported from github variables this is used to load the relvent OS.tfvars file
94-
OSVAR: ${{ vars.OSVAR }}
95-
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
96-
97-
- name: Terraform_Apply
98-
id: apply
99-
env:
100-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
101-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
102-
OSVAR: ${{ vars.OSVAR }}
103-
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
104-
run: terraform apply -var-file "github_vars.tfvars" -var-file "${OSVAR}.tfvars" --auto-approve -input=false
105-
106-
## Debug Section
107-
- name: DEBUG - Show Ansible hostfile
108-
if: env.ENABLE_DEBUG == 'true'
109-
run: cat hosts.yml
110-
111-
# Aws deployments taking a while to come up insert sleep or playbook fails
112-
113-
- name: Sleep for 60 seconds
114-
run: sleep 60s
115-
116-
# Run the ansible playbook
117-
- name: Run_Ansible_Playbook
118-
uses: arillso/action.playbook@master
119-
with:
120-
playbook: site.yml
121-
inventory: .github/workflows/github_linux_IaC/hosts.yml
122-
galaxy_file: collections/requirements.yml
123-
private_key: ${{ secrets.SSH_PRV_KEY }}
124-
# verbose: 3
125-
env:
126-
ANSIBLE_HOST_KEY_CHECKING: "false"
127-
ANSIBLE_DEPRECATION_WARNINGS: "false"
128-
129-
# Remove test system - User secrets to keep if necessary
130-
131-
- name: Terraform_Destroy
132-
if: always() && env.ENABLE_DEBUG == 'false'
133-
env:
134-
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
135-
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
136-
OSVAR: ${{ vars.OSVAR }}
137-
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
138-
run: terraform destroy -var-file "github_vars.tfvars" -var-file "${OSVAR}.tfvars" --auto-approve -input=false
27+
repo-token: ${{ secrets.GITHUB_TOKEN }}
28+
pr-message: |-
29+
Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
30+
Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.
31+
32+
# This workflow contains a single job that tests the playbook
33+
playbook-test:
34+
# The type of runner that the job will run on
35+
runs-on: ubuntu-latest
36+
env:
37+
ENABLE_DEBUG: ${{ vars.ENABLE_DEBUG }}
38+
# Imported as a variable by terraform
39+
TF_VAR_repository: ${{ github.event.repository.name }}
40+
defaults:
41+
run:
42+
shell: bash
43+
working-directory: .github/workflows/github_linux_IaC
44+
45+
steps:
46+
- name: Clone ${{ github.event.repository.name }}
47+
uses: actions/checkout@v4
48+
with:
49+
ref: ${{ github.event.pull_request.head.sha }}
50+
51+
# Pull in terraform code for linux servers
52+
- name: Clone GitHub IaC plan
53+
uses: actions/checkout@v4
54+
with:
55+
repository: ansible-lockdown/github_linux_IaC
56+
path: .github/workflows/github_linux_IaC
57+
58+
- name: Add_ssh_key
59+
working-directory: .github/workflows
60+
env:
61+
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
62+
PRIVATE_KEY: "${{ secrets.SSH_PRV_KEY }}"
63+
run: |
64+
mkdir .ssh
65+
chmod 700 .ssh
66+
echo $PRIVATE_KEY > .ssh/github_actions.pem
67+
chmod 600 .ssh/github_actions.pem
68+
69+
- name: DEBUG - Show IaC files
70+
if: env.ENABLE_DEBUG == 'true'
71+
run: |
72+
echo "OSVAR = $OSVAR"
73+
echo "benchmark_type = $benchmark_type"
74+
pwd
75+
ls
76+
env:
77+
# Imported from GitHub variables this is used to load the relevant OS.tfvars file
78+
OSVAR: ${{ vars.OSVAR }}
79+
benchmark_type: ${{ vars.BENCHMARK_TYPE }}
80+
81+
- name: Terraform_Init
82+
id: init
83+
run: terraform init
84+
env:
85+
# Imported from GitHub variables this is used to load the relevant OS.tfvars file
86+
OSVAR: ${{ vars.OSVAR }}
87+
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
88+
89+
- name: Terraform_Validate
90+
id: validate
91+
run: terraform validate
92+
env:
93+
# Imported from GitHub variables this is used to load the relevant OS.tfvars file
94+
OSVAR: ${{ vars.OSVAR }}
95+
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
96+
97+
- name: Terraform_Apply
98+
id: apply
99+
env:
100+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
101+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
102+
OSVAR: ${{ vars.OSVAR }}
103+
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
104+
run: terraform apply -var-file "github_vars.tfvars" -var-file "${OSVAR}.tfvars" --auto-approve -input=false
105+
106+
## Debug Section
107+
- name: DEBUG - Show Ansible hostfile
108+
if: env.ENABLE_DEBUG == 'true'
109+
run: cat hosts.yml
110+
111+
# Aws deployments taking a while to come up insert sleep or playbook fails
112+
113+
- name: Sleep for 60 seconds
114+
run: sleep ${{ vars.BUILD_SLEEPTIME }}
115+
116+
# Run the Ansible playbook
117+
- name: Run_Ansible_Playbook
118+
uses: arillso/action.playbook@master
119+
with:
120+
playbook: site.yml
121+
inventory: .github/workflows/github_linux_IaC/hosts.yml
122+
galaxy_file: collections/requirements.yml
123+
private_key: ${{ secrets.SSH_PRV_KEY }}
124+
# verbose: 3
125+
env:
126+
ANSIBLE_HOST_KEY_CHECKING: "false"
127+
ANSIBLE_DEPRECATION_WARNINGS: "false"
128+
ANSIBLE_INJECT_FACT_VARS: "false"
129+
130+
# Remove test system - User secrets to keep if necessary
131+
132+
- name: Terraform_Destroy
133+
if: always() && env.ENABLE_DEBUG == 'false'
134+
env:
135+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
136+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
137+
OSVAR: ${{ vars.OSVAR }}
138+
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
139+
run: terraform destroy -var-file "github_vars.tfvars" -var-file "${OSVAR}.tfvars" --auto-approve -input=false

.github/workflows/github_networks.tf

-53
This file was deleted.

.github/workflows/github_vars.tfvars

-13
This file was deleted.

0 commit comments

Comments
 (0)