-
Notifications
You must be signed in to change notification settings - Fork 21
172 lines (168 loc) · 6.04 KB
/
default-bare.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
name: default-bare
on:
push:
pull_request:
workflow_dispatch:
schedule: # run weekly, every Monday 01:00
- cron: '0 1 * * 1'
permissions: {}
jobs:
build:
permissions:
contents: read
runs-on: ${{ matrix.distribution }}-${{ matrix.version }}
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
max-parallel: 4
matrix:
include:
- distribution: ubuntu
version: '24.04'
suite: default
experimental: false
- distribution: ubuntu
version: '22.04'
suite: default
experimental: false
env:
ANSIBLE_CALLBACKS_ENABLED: profile_tasks
ANSIBLE_EXTRA_VARS: "-e misp_mysql_user=root -e misp_mysql_pass=root"
ANSIBLE_ROLE: juju4.misp
ANSIBLE_SUITE: ${{ matrix.suite }}
steps:
- uses: actions/checkout@v4
with:
path: ${{ env.ANSIBLE_ROLE }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
pip3 install ansible-lint flake8 yamllint
which ansible
pip3 install ansible
pip3 show ansible
ls -l $HOME/.local/bin || true
ansible --version
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
[ -f molecule/$ANSIBLE_SUITE/requirements.yml ] && ansible-galaxy install -r molecule/$ANSIBLE_SUITE/requirements.yml
{ echo '[defaults]'; echo 'callback_enabled = profile_tasks, timer'; echo 'roles_path = ../:/home/runner/.ansible/roles'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
- name: Environment
run: |
set -x
pwd
env
find -ls
dpkg -l | grep php
update-alternatives --config php
- name: Cleaning
run: |
set -x
sudo rm -Rf /opt/hostedtoolcache/node/*
sudo rm -Rf /usr/lib/jvm/temurin-*-jdk-amd64
sudo rm -Rf /usr/local/lib/android
df -h
- name: run test
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/converge.yml ${ANSIBLE_EXTRA_VARS}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: idempotency run
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/converge.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)
- name: verify
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/$ANSIBLE_SUITE/verify.yml ${ANSIBLE_EXTRA_VARS}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: On failure
run: |
systemctl -l --no-pager status
systemctl -l --no-pager --failed
ls -l /usr/bin/ | egrep '(python|pip|ansible)'
pip freeze
pip3 freeze
ip addr
cat /etc/resolv.conf
host www.google.com
ping -c 1 www.google.com || true
ping -c 1 8.8.8.8 || true
if: ${{ failure() }}
continue-on-error: true
- name: After script - ansible setup
run: |
ansible -i inventory --connection=local -m setup localhost
if: ${{ always() }}
continue-on-error: true
- name: After script - systemd
run: |
systemctl -l --no-pager status misp-modules || true
systemctl -l --no-pager status supervisor || true
systemctl -l --no-pager status apache2 || true
systemctl -l --no-pager status mysql || true
systemd-analyze --no-pager security || true
systemd-analyze --no-pager security misp-modules || true
systemd-analyze --no-pager security apache2 || true
if: ${{ always() }}
continue-on-error: true
- name: After script - php
run: |
set -x
dpkg -l | grep php
update-alternatives --config php
if: ${{ always() }}
continue-on-error: true
- name: After script - python
run: |
set -x
/var/www/_MISP/venv/bin/pip freeze
/var/www/_MISP/venv/bin/python3 -c 'import pymisp'
if: ${{ always() }}
continue-on-error: true
- name: After script - mysql
run: |
set -x
ls -l /etc/mysql/
ls -l /var/lib/mysql/
sudo ls -l ~/.my.cnf /root/.my.cnf || true
mysql -e 'show tables' misp || true
mysql -e 'show schemas' misp || true
mysql -u root -p root -e 'show tables' misp || true
mysql -u root -p root -e 'show schemas' misp || true
if: ${{ always() }}
continue-on-error: true
- name: After script - mysql logs
run: |
set -x
ls -l /var/log/mysql/*.log || true
sudo tail -n50 /var/log/mysql/*.log || true
sudo tail -n50 /var/lib/mysql/*.log || true
if: ${{ always() }}
continue-on-error: true
- name: After script - curl
run: |
set -x
curl -vk http://localhost
curl -s http://127.0.0.1:6666/modules | jq '.[] | select(.name=="clamav")'
if: ${{ always() }}
continue-on-error: true
- name: After script - misp logs
run: |
set -x
grep "Error:" /var/www/_MISP/MISP/app/tmp/logs/error.log
cat /var/www/_MISP/MISP/app/tmp/logs/debug.log
if: ${{ always() }}
continue-on-error: true
- name: After script - apache logs
run: |
set -x
tail -50 /var/log/apache2/misp.local_access.log
tail -50 /var/log/apache2/misp.local_error.log
if: ${{ always() }}
continue-on-error: true