chore(deps): update dependency molecule to v25 #803
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "devsec.mysql_hardening" | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
push: | |
branches: [master] | |
paths: | |
- 'roles/mysql_hardening/**' | |
- 'molecule/mysql_hardening/**' | |
- '.github/workflows/mysql_hardening.yml' | |
- 'requirements.txt' | |
pull_request: | |
branches: [master] | |
paths: | |
- 'roles/mysql_hardening/**' | |
- 'molecule/mysql_hardening/**' | |
- '.github/workflows/mysql_hardening.yml' | |
- 'requirements.txt' | |
schedule: | |
- cron: '0 6 * * 0' | |
concurrency: | |
group: >- | |
${{ github.workflow }}-${{ | |
github.event.pull_request.number || github.sha | |
}} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
PY_COLORS: 1 | |
ANSIBLE_FORCE_COLOR: 1 | |
strategy: | |
fail-fast: false | |
matrix: | |
molecule_distro: | |
- centosstream9 | |
- rocky8 | |
- rocky9 | |
- ubuntu2004 | |
- ubuntu2204 | |
- ubuntu2404 | |
- debian11 | |
- debian12 | |
# - amazon # geerlingguy.mysql does not support fedora | |
# - arch # geerlingguy.mysql does not support arch | |
- opensuse_tumbleweed | |
# - fedora # geerlingguy.mysql does not support fedora | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
path: ansible_collections/devsec/hardening | |
submodules: true | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
with: | |
python-version: 3.12 | |
cache: 'pip' | |
- name: Install dependencies | |
run: pip install -r requirements.txt | |
working-directory: ansible_collections/devsec/hardening | |
- name: Downgrade Ansible for Rocky 8 tests | |
run: pip install "ansible-core<2.17" | |
working-directory: ansible_collections/devsec/hardening | |
if: matrix.molecule_distro == 'rocky8' | |
# that was a hard one to fix. robert did it thankfully | |
# https://github.com/robertdebock/ansible-role-mysql/commit/7562e99099b06282391ab7ed102b393a0406d212 | |
- name: disable apparmor on debian systems | |
run: | | |
set -x | |
sudo apt-get install apparmor-profiles | |
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ | |
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld | |
if: ${{ startsWith(matrix.molecule_distro, 'Debian') }} | |
# Molecule has problems detecting the proper location for installing roles | |
# https://github.com/ansible/molecule/issues/3806 | |
# we do not set a custom role path, but the automatically determined install path used is not compatible with the location molecule expects the role | |
# see CI logs of this action "INFO Set ANSIBLE_ROLES_PATH" should not be present, since we do not set a custom path | |
# we have to find a proper way to configure this | |
- name: Temporary fix for roles | |
run: | | |
mkdir -p /home/runner/.ansible | |
ln -s /home/runner/work/ansible-collection-hardening/ansible-collection-hardening/ansible_collections/devsec/hardening/roles \ | |
/home/runner/.ansible/roles | |
- name: Test with molecule | |
run: molecule test -s mysql_hardening | |
env: | |
MOLECULE_DISTRO: ${{ matrix.molecule_distro }} | |
working-directory: ansible_collections/devsec/hardening |