.github/workflows/default-kitchen.yml

---
name: default-kitchen

on:
  push:
  pull_request:
  workflow_dispatch:
  schedule:  # run weekly, every Thursday 06:00
    - cron: '0 6 * * 4'

permissions: {}

jobs:
  build:
    permissions:
      contents: read
    runs-on: ubuntu-20.04
    continue-on-error: ${{ matrix.experimental }}
    strategy:
      fail-fast: false
      max-parallel: 4
      matrix:
        include:
          - distribution: centos
            version: 9-Stream
            version2: 9-Stream
            suite: default
            experimental: true
          - distribution: centos
            version: 8-Stream
            version2: 8-Stream
            suite: default
            experimental: true
          - distribution: debian
            version: bullseye
            version2: bullseye
            suite: default
            experimental: true
          - distribution: ubuntu
            version: '22.04'
            version2: 2204
            suite: default
            experimental: true
          - distribution: ubuntu
            version: '20.04'
            version2: 2004
            suite: default
            experimental: false
          - distribution: ubuntu
            version: '20.04'
            version2: 2004
            suite: default-nosnuffle
            experimental: false
    env:
      ANSIBLE_CALLBACKS_ENABLED: profile_tasks

    steps:
      - uses: actions/checkout@v3
        with:
          path: juju4.misp
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.x'
      - name: Install dependencies
        run: |
          python3 -m pip install --upgrade pip
          pip3 install ansible-lint flake8 yamllint
          which ansible
          pip3 install ansible
          pip3 show ansible
          ls -l $HOME/.local/bin || true
          ls -l /opt/hostedtoolcache/Python/3.9.1/x64/bin || true
          echo "/opt/hostedtoolcache/Python/3.9.1/x64/bin" >> $GITHUB_PATH
          ansible --version
          cd $GITHUB_WORKSPACE/juju4.misp
          [ -f get-dependencies.sh ] && sh -x get-dependencies.sh
          { echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
      - name: Environment
        run: |
          pwd
          env
          find -ls
      - name: Install lxd requirements
        run: |
          set -x
          sudo apt-get update -qq
          sudo apt-get -y install acl dnsmasq-base zfsutils-linux -q
          sudo snap install lxd
          whoami
          grep lxd /etc/group
          echo "# remote list"
          lxc remote list
          echo "# image list"
          sudo lxc image list
          echo "# download image"
          [ ${{ matrix.distribution }} == ubuntu ] || sudo lxc image copy images:${{ matrix.distribution }}/${{ matrix.version }}/amd64 local: --alias=${{ matrix.distribution }}-${{ matrix.version }}-nossh || true
          [ ${{ matrix.distribution }} == ubuntu ] && sudo lxc image copy ubuntu:${{ matrix.version }} local: --alias=${{ matrix.distribution }}-${{ matrix.version }} || true
          echo "# image list"
          sudo lxc image list
          ## configure network
          ifconfig -a || true
          ip addr || true
          sudo lxc info
          sudo lxc network list
          sudo lxc network create lxdbr0
          sudo lxc network show lxdbr0
          sudo lxc network attach-profile lxdbr0 default ens4
          sudo lxc profile device get default ens4 nictype || true
          sudo service lxd restart || true
          ps ax | grep dnsmasq
          systemctl status -l --no-pager lxd || true
          cat /etc/network/interfaces.d/50-cloud-init.cfg || true
          sudo lxc network list
          # configure storage pool
          sudo lxc storage list
          sudo lxc storage create pool1 zfs
          sudo lxc storage list
          sudo zpool list
          sudo lxc profile device add default root disk path=/ pool=pool1
          sudo lxc profile show default
          [ "X${{ matrix.distribution }}" == "Xcentos" ] && cd $GITHUB_WORKSPACE/juju4.misp && sudo sh -x ./test/lxd/centos-ssh-image.sh ${{ matrix.version }} || true
          [ "X${{ matrix.distribution }}" == "Xdebian" ] && cd $GITHUB_WORKSPACE/juju4.misp && sudo sh -x ./test/lxd/debian-ssh-image.sh ${{ matrix.version }} || true
      - name: Install kitchen requirements
        run: |
          sudo gem install test-kitchen --version "=1.25.0"
          sudo gem install kitchen-ansible
          sudo gem install kitchen-sync
          sudo gem install kitchen-lxd_cli
          sudo gem install kitchen-verifier-serverspec
          sudo apt-get install -y libsodium23
          sudo gem install rbnacl --version 4.0.2
          sudo gem install bcrypt_pbkdf rbnacl-libsodium
          sudo -H ssh-keygen -t ed25519 -f /root/.ssh/id_rsa -P ""
          sudo ls -lA /root/.ssh/
          cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen diagnose --all
      # https://github.com/actionshub/test-kitchen
      - name: Install Chef
        uses: actionshub/chef-install@main
      - name: Kitchen Converge
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen converge ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -l debug
        env:
          CHEF_LICENSE: accept-no-persist
          KITCHEN_LOCAL_YAML: $GITHUB_WORKSPACE/juju4.misp/.kitchen.yml
          TERM: xterm-256color
      - name: Kitchen Verify
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp && sudo kitchen verify ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }}
        env:
          CHEF_LICENSE: accept-no-persist
          KITCHEN_LOCAL_YAML: $GITHUB_WORKSPACE/juju4.misp/.kitchen.yml
          TERM: xterm-256color
        if: env.version != '20.04'

      - name: On failure
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ansible -i inventory --connection=local -m setup localhost' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager --failed' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /usr/bin/ | egrep "(python|pip|ansible)"' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip freeze' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 freeze' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ip addr' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /etc/resolv.conf' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'host www.google.com' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ping -c 1 www.google.com' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ping -c 1 8.8.8.8' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /usr/bin/php* /usr/local/bin/php*' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'php --version' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls /etc/apache2/mods-enabled/' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -l /var/www/_MISP/MISP/tests/' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_error.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lA /etc/yum.repos.d/' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /etc/yum.repos.d/CentOS-PowerTools.repo' || true
        if: ${{ failure() }}
        continue-on-error: true
      - name: After script - python
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          set -x
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which pip'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip freeze'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which pip3'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 install pipdeptree'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pip3 freeze'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'pipdeptree -r'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/python --version'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/pip install pipdeptree'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/pipdeptree -r'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - MISP files
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /var/www/_MISP/venv/ -type f | tail -500'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /opt/misp-modules/REQUIREMENTS'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '/var/www/_MISP/venv/bin/misp-modules -t'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/_MISP/MISP/'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/.cache/pip/http/'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/Config/bootstrap.php'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -la /var/www/_MISP/MISP/app/tmp/cache/models/'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'getfacl /var/www/_MISP/MISP/app/tmp/cache/models'
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /usr -iname "*libyara*.so"'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - MISP error logs
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          set -x
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_access.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/apache2/misp.local_error.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/httpd/misp.local_access.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/httpd/misp.local_error.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/error.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/www/_MISP/MISP/app/tmp/logs/debug.log' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - redis logs
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          set -x
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lA /var/log/redis/' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/redis/redis.log' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cat /var/log/redis/redis-server.log' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - curl
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'curl -vk http://localhost:6666'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - PyMISP
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'cd /var/www/_MISP/MISP/PyMISP/examples && /var/www/_MISP/venv/bin/python /var/www/_MISP/MISP/PyMISP/examples/users_list.py'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - system
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'netstat -anp' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ss -nlp' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status apache2' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status redis' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status httpd' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status httpd-init' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'systemctl -l --no-pager status' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - journalctl
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'journalctl -xe --no-pager' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - redhat
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo dnf repolist' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'find /etc/yum.repos.d/ -exec cat {} \;' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - mysql
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'mysql -e "SHOW TABLES" misp' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'mysql -e "SELECT * from users;" misp' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - php
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which php' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c '`which php` --version' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'which php7.4' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'ls -lF /usr/bin/php* /usr/local/bin/php*' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'dpkg -L php' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'dpkg -L php7.4' || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - misp
        run: |
          cd $GITHUB_WORKSPACE/juju4.misp
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin securityAudit' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin configLint' || true
          sudo kitchen exec ${{ matrix.suite }}-${{ matrix.distribution }}-${{ matrix.version2 }} -c 'sudo -u www-data /var/www/_MISP/MISP/app/Console/cake Admin live' || true
        if: ${{ always() }}
        continue-on-error: true