Update actions/setup-python digest to 0b93645 #507
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "devsec.nginx_hardening" | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
push: | |
branches: [master] | |
paths: | |
- 'roles/nginx_hardening/**' | |
- 'molecule/nginx_hardening/**' | |
- '.github/workflows/nginx_hardening.yml' | |
- 'requirements.txt' | |
pull_request: | |
branches: [master] | |
paths: | |
- 'roles/nginx_hardening/**' | |
- 'molecule/nginx_hardening/**' | |
- '.github/workflows/nginx_hardening.yml' | |
- 'requirements.txt' | |
schedule: | |
- cron: '0 6 * * 1' | |
concurrency: | |
group: >- | |
${{ github.workflow }}-${{ | |
github.event.pull_request.number || github.sha | |
}} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
PY_COLORS: 1 | |
ANSIBLE_FORCE_COLOR: 1 | |
strategy: | |
fail-fast: false | |
matrix: | |
molecule_distro: | |
- centosstream9 | |
- rocky8 | |
- rocky9 | |
- ubuntu2004 | |
- ubuntu2204 | |
- ubuntu2404 | |
- debian11 | |
- debian12 | |
- amazon2023 | |
# - arch # needs to be fixed | |
# - opensuse_tumbleweed # needs to be fixed | |
# - fedora # no support from geerlingguy role | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 | |
with: | |
path: ansible_collections/devsec/hardening | |
submodules: true | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
with: | |
python-version: 3.12 | |
cache: 'pip' | |
- name: Install dependencies | |
run: pip install -r requirements.txt | |
working-directory: ansible_collections/devsec/hardening | |
- name: Downgrade Ansible for Rocky 8 tests | |
run: pip install "ansible-core<2.17" | |
working-directory: ansible_collections/devsec/hardening | |
if: matrix.molecule_distro == 'rocky8' | |
# Molecule has problems detecting the proper location for installing roles | |
# https://github.com/ansible/molecule/issues/3806 | |
# we do not set a custom role path, but the automatically determined install path used is not compatible with the location molecule expects the role | |
# see CI logs of this action "INFO Set ANSIBLE_ROLES_PATH" should not be present, since we do not set a custom path | |
# we have to find a proper way to configure this | |
- name: Temporary fix for roles | |
run: | | |
mkdir -p /home/runner/.ansible | |
ln -s /home/runner/work/ansible-collection-hardening/ansible-collection-hardening/ansible_collections/devsec/hardening/roles \ | |
/home/runner/.ansible/roles | |
- name: Test with molecule | |
run: molecule test -s nginx_hardening | |
env: | |
MOLECULE_DISTRO: ${{ matrix.molecule_distro }} | |
working-directory: ansible_collections/devsec/hardening |