ci(default-kitchen): switch to inspec verifier 0.26.0 to match test-k… #240
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: default-kitchen | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
schedule: # run weekly, every Thursday 06:00 | |
- cron: '0 6 * * 4' | |
permissions: {} | |
jobs: | |
build: | |
permissions: | |
contents: read | |
runs-on: ubuntu-20.04 | |
continue-on-error: ${{ matrix.experimental }} | |
strategy: | |
fail-fast: false | |
max-parallel: 4 | |
matrix: | |
include: | |
- distribution: centos | |
version: 9-Stream | |
version2: 9-Stream | |
suite: default | |
experimental: true | |
- distribution: centos | |
version: 8-Stream | |
version2: 8-Stream | |
suite: default | |
experimental: true | |
- distribution: debian | |
version: bullseye | |
version2: bullseye | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '22.04' | |
version2: 2204 | |
suite: default | |
experimental: true | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default | |
experimental: false | |
- distribution: ubuntu | |
version: '20.04' | |
version2: 2004 | |
suite: default-nosnuffle | |
experimental: false | |
env: | |
ANSIBLE_CALLBACKS_ENABLED: profile_tasks | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
path: juju4.misp | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
pip3 install ansible-lint flake8 yamllint | |
which ansible | |
pip3 install ansible | |
pip3 show ansible | |
ls -l $HOME/.local/bin || true | |
ls -l /opt/hostedtoolcache/Python/3.9.1/x64/bin || true | |
echo "/opt/hostedtoolcache/Python/3.9.1/x64/bin" >> $GITHUB_PATH | |
ansible --version | |
cd $GITHUB_WORKSPACE/juju4.misp | |
[ -f get-dependencies.sh ] && sh -x get-dependencies.sh | |
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg | |
- name: Environment | |
run: | | |
pwd | |
env | |
find -ls | |
- name: Install lxd requirements | |
run: | | |
set -x | |
sudo apt-get update -qq | |
sudo apt-get -y install acl dnsmasq-base zfsutils-linux -q | |
sudo snap install lxd | |
whoami | |
grep lxd /etc/group | |
echo "# remote list" | |
lxc remote list | |
echo "# image list" | |
sudo lxc image list | |
echo "# download image" | |
[ ${{ matrix.distribution }} == ubuntu ] || sudo lxc image copy images:${{ matrix.distribution }}/${{ matrix.version }}/amd64 local: --alias=${{ matrix.distribution }}-${{ matrix.version }}-nossh || true | |
[ ${{ matrix.distribution }} == ubuntu ] && sudo lxc image copy ubuntu:${{ matrix.version }} local: --alias=${{ matrix.distribution }}-${{ matrix.version }} || true | |
echo "# image list" | |
sudo lxc image list | |
## configure network | |
ifconfig -a || true | |
ip addr || true | |
sudo lxc info | |
sudo lxc network list | |
sudo lxc network create lxdbr0 | |
sudo lxc network show lxdbr0 | |
sudo lxc network attach-profile lxdbr0 default ens4 | |
sudo lxc profile device get default ens4 nictype || true | |
sudo service lxd restart || true | |
ps ax | grep dnsmasq | |
systemctl status -l --no-pager lxd || true | |
cat /etc/network/interfaces.d/50-cloud-init.cfg || true | |
sudo lxc network list | |
# configure storage pool | |
sudo lxc storage list | |
sudo lxc storage create pool1 zfs | |
sudo lxc storage list | |
sudo zpool list | |
sudo lxc profile device add default root disk path=/ pool=pool1 | |
sudo lxc profile show default | |
[ "X${{ matrix.distribution }}" == "Xcentos" ] && cd $GITHUB_WORKSPACE/juju4.misp && sudo sh -x ./test/lxd/centos-ssh-image.sh ${{ matrix.version }} || true | |
[ "X${{ matrix.distribution }}" == "Xdebian" ] && cd $GITHUB_WORKSPACE/juju4.misp && sudo sh -x ./test/lxd/debian-ssh-image.sh ${{ matrix.version }} || true | |
- name: Install kitchen requirements | |
run: | | |
sudo gem install test-kitchen --version "=1.25.0" | |
sudo gem install kitchen-ansible | |
sudo gem install kitchen-sync | |
sudo gem install kitchen-lxd_cli | |
sudo gem install kitchen-inspec --version "=0.26.0" | |
sudo apt-get install -y libsodium23 | |
sudo gem install rbnacl --version 4.0.2 | |
sudo gem install bcrypt_pbkdf rbnacl-libsodium | |
sudo -H ssh-keygen -t ed25519 -f /root/.ssh/id_rsa -P "" | |
sudo ls -lA /root/.ssh/ | |
cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen diagnose --all | |
# https://github.com/actionshub/test-kitchen | |
- name: Install Chef | |
uses: actionshub/chef-install@main | |
- name: Kitchen Converge | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen converge ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -l debug | |
env: | |
CHEF_LICENSE: accept-no-persist | |
KITCHEN_LOCAL_YAML: $GITHUB_WORKSPACE/juju4.misp/.kitchen.yml | |
TERM: xterm-256color | |
- name: Kitchen Verify | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen verify ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} | |
env: | |
CHEF_LICENSE: accept-no-persist | |
KITCHEN_LOCAL_YAML: $GITHUB_WORKSPACE/juju4.misp/.kitchen.yml | |
TERM: xterm-256color | |
if: env.version != '20.04' | |
- name: On failure | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ansible -i inventory --connection=local -m setup localhost' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager --failed' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /usr/bin/ | egrep "(python|pip|ansible)"' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip freeze' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 freeze' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ip addr' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /etc/resolv.conf' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'host www.google.com' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ping -c 1 www.google.com' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ping -c 1 8.8.8.8' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /usr/bin/php* /usr/local/bin/php*' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'php --version' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls /etc/apache2/mods-enabled/' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /var/www/_MISP/MISP/tests/' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lA /etc/yum.repos.d/' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /etc/yum.repos.d/CentOS-PowerTools.repo' || true | |
if: ${{ failure() }} | |
continue-on-error: true | |
- name: After script - python | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
set -x | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which pip' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip freeze' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which pip3' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 install pipdeptree' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 freeze' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pipdeptree -r' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/python --version' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/pip install pipdeptree' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/pipdeptree -r' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP files | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /var/www/_MISP/venv/ -type f | tail -500' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /opt/misp-modules/REQUIREMENTS' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/misp-modules -t' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/_MISP/MISP/' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/.cache/pip/http/' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/Config/bootstrap.php' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/_MISP/MISP/app/tmp/cache/models/' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'getfacl /var/www/_MISP/MISP/app/tmp/cache/models' | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /usr -iname "*libyara*.so"' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - MISP error logs | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
set -x | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_access.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_error.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/httpd/misp.local_access.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/httpd/misp.local_error.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/debug.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redis logs | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
set -x | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lA /var/log/redis/' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/redis/redis.log' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/redis/redis-server.log' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - curl | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'curl -vk http://localhost:6666' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - PyMISP | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cd /var/www/_MISP/MISP/PyMISP/examples && /var/www/_MISP/venv/bin/python /var/www/_MISP/MISP/PyMISP/examples/users_list.py' | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - system | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'netstat -anp' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ss -nlp' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status apache2' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status redis' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status httpd' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status httpd-init' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - journalctl | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'journalctl -xe --no-pager' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - redhat | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo dnf repolist' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /etc/yum.repos.d/ -exec cat {} \;' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - mysql | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'mysql -e "SHOW TABLES" misp' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'mysql -e "SELECT * from users;" misp' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - php | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which php' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '`which php` --version' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which php7.4' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lF /usr/bin/php* /usr/local/bin/php*' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'dpkg -L php' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'dpkg -L php7.4' || true | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - misp | |
run: | | |
cd $GITHUB_WORKSPACE/juju4.misp | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin securityAudit' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin configLint' || true | |
sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin live' || true | |
if: ${{ always() }} | |
continue-on-error: true |