.github/workflows/default-bare.yml

---
name: default-bare

on:
  push:
  pull_request:
  workflow_dispatch:
  schedule:  # run weekly, every Monday 01:00
    - cron: '0 1 * * 1'

permissions: {}

jobs:
  build:
    permissions:
      contents: read
    runs-on: ${{ matrix.distribution }}-${{ matrix.version }}
    continue-on-error: ${{ matrix.experimental }}
    strategy:
      fail-fast: false
      max-parallel: 4
      matrix:
        include:
          - distribution: ubuntu
            version: '24.04'
            suite: default
            experimental: false
          - distribution: ubuntu
            version: '22.04'
            suite: default
            experimental: true
    env:
      ANSIBLE_CALLBACKS_ENABLED: profile_tasks
      ANSIBLE_EXTRA_VARS: ""
      ANSIBLE_ROLE: juju4.misp
      ANSIBLE_SUITE: ${{ matrix.suite }}

    steps:
      - uses: actions/checkout@v4
        with:
          path: ${{ env.ANSIBLE_ROLE }}
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.x'
      - name: Install dependencies
        run: |
          python3 -m pip install --upgrade pip
          pip3 install ansible-lint flake8 yamllint
          which ansible
          pip3 install ansible
          pip3 show ansible
          ls -l $HOME/.local/bin || true
          ansible --version
          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
          [ -f molecule/$ANSIBLE_SUITE/requirements.yml ] && ansible-galaxy install -r molecule/$ANSIBLE_SUITE/requirements.yml
          { echo '[defaults]'; echo 'callback_enabled = profile_tasks, timer'; echo 'roles_path = ../:/home/runner/.ansible/roles'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
      - name: Environment
        run: |
          set -x
          pwd
          env
          find -ls
      - name: Cleaning
        run: |
          set -x
          sudo rm -Rf /opt/hostedtoolcache/node/*
          sudo rm -Rf /usr/lib/jvm/temurin-*-jdk-amd64
          sudo rm -Rf /usr/local/lib/android
          df -h
      - name: run test
        run: |
          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/converge.yml ${ANSIBLE_EXTRA_VARS}
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
      - name: idempotency run
        run: |
          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/converge.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0'  && (echo 'Idempotence test: pass' && exit 0)  || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)
      - name: verify
        run: |
          cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/verify.yml ${ANSIBLE_EXTRA_VARS}
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
      - name: On failure
        run: |
          systemctl -l --no-pager status
          systemctl -l --no-pager --failed
          ls -l /usr/bin/ | egrep '(python|pip|ansible)'
          pip freeze
          pip3 freeze
          ip addr
          cat /etc/resolv.conf
          host www.google.com
          ping -c 1 www.google.com || true
          ping -c 1 8.8.8.8 || true
        if: ${{ failure() }}
        continue-on-error: true
      - name: After script - ansible setup
        run: |
          ansible -i inventory --connection=local -m setup localhost
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - systemd
        run: |
          systemctl -l --no-pager status misp-modules || true
          systemctl -l --no-pager status supervisor || true
          systemctl -l --no-pager status apache2 || true
          systemd-analyze --no-pager security || true
          systemd-analyze --no-pager security misp-modules || true
          systemd-analyze --no-pager security apache2 || true
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - python
        run: |
          set -x
          /var/www/_MISP/venv/bin/pip freeze
          /var/www/_MISP/venv/bin/python3 -c 'import pymisp'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - mysql
        run: |
          set -x
          mysql -e 'show tables' misp
          mysql -e 'show schemas' misp
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - curl
        run: |
          set -x
          curl -vk http://localhost
          curl -s http://127.0.0.1:6666/modules | jq '.[] | select(.name=="clamav")'
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - misp logs
        run: |
          set -x
          grep "Error:" /var/www/_MISP/MISP/app/tmp/logs/error.log
          cat /var/www/_MISP/MISP/app/tmp/logs/debug.log
        if: ${{ always() }}
        continue-on-error: true
      - name: After script - apache logs
        run: |
          set -x
          tail -50 /var/log/apache2/misp.local_access.log
          tail -50 /var/log/apache2/misp.local_error.log
        if: ${{ always() }}
        continue-on-error: true