diff --git a/.github/workflows/falcon_configure_remove_aid.yml b/.github/workflows/falcon_configure_remove_aid.yml new file mode 100644 index 00000000..e6f4aa31 --- /dev/null +++ b/.github/workflows/falcon_configure_remove_aid.yml @@ -0,0 +1,175 @@ +name: "falcon_configure_remove_aid" +on: + schedule: + - cron: '0 2 * * *' + push: + paths: + - 'roles/falcon_configure/**' + - 'molecule/falcon_configure_remove_aid/**' + - '.github/workflows/falcon_configure_remove_aid.yml' + pull_request_target: + types: [ labeled ] + paths: + - 'roles/falcon_configure/**' + - 'molecule/falcon_configure_remove_aid/**' + - '.github/workflows/falcon_configure_remove_aid.yml' +jobs: + molecule: + if: | + github.event_name == 'push' || + github.event_name == 'schedule' || + (github.event_name == 'pull_request_target' && + github.event.label.name == 'ok-to-test') + name: ${{ matrix.molecule.distro }}-${{ matrix.collection_role }} + runs-on: ubuntu-latest + env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }} + FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }} + FALCON_CID: ${{ secrets.FALCON_CID }} + AWS_REGION: "us-west-2" + MOLECULE_VPC_SUBNET_ID: ${{ secrets.MOLECULE_VPC_SUBNET_ID }} + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: + molecule: + - distro: ubuntu-20.04 + image_owner: '099720109477' + image_arch: x86_64 + image_name: ubuntu/images/hvm-ssd/ubuntu-focal-20.04* + instance_type: t2.micro + - distro: ubuntu-22.04 + image_owner: '099720109477' + image_arch: x86_64 + image_name: ubuntu/images/hvm-ssd/ubuntu-jammy-22.04* + instance_type: t2.micro + - distro: amazon-2023 + image_owner: '137112412989' + image_arch: x86_64 + image_name: al2023-ami-2023* + instance_type: t2.micro + - distro: amazon-2 + image_owner: '137112412989' + image_arch: x86_64 + image_name: amzn2-ami-hvm-2.0*gp2 + instance_type: t2.micro + - distro: sles-15-sp5 + image_owner: '013907871322' + image_arch: x86_64 + image_name: suse-sles-15-sp5-v????????-hvm* + instance_type: t2.micro + - distro: centos-7 + image_owner: '679593333241' + image_arch: x86_64 + image_name: CentOS-7-* + instance_type: t2.micro + - distro: almalinux-8 + image_owner: '679593333241' + image_arch: x86_64 + image_name: AlmaLinux OS 8* + instance_type: t2.micro + - distro: rhel-9 + image_owner: '309956199498' + image_arch: x86_64 + image_name: RHEL-9.?.?_HVM-* + instance_type: t2.micro + - distro: rhel-9-arm + image_owner: '309956199498' + image_arch: arm64 + image_name: RHEL-9.?.?_HVM-* + instance_type: t4g.micro + - distro: debian-11 + image_owner: '136693071363' + image_arch: x86_64 + image_name: debian-11-amd64-* + instance_type: t2.micro + collection_role: + - falcon_configure_remove_aid + steps: + - name: Check out code + uses: actions/checkout@v4 + if: github.event_name != 'pull_request_target' + + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + if: github.event_name == 'pull_request_target' + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_OIDC_ROLE }} + role-session-name: github-actions-molecule-ansible + aws-region: ${{ env.AWS_REGION }} + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + cache: 'pip' + cache-dependency-path: '.github/workflows/falcon_configure_remove_aid.yml' + + - name: Install dependencies + run: | + sudo apt install apt-transport-https ca-certificates curl software-properties-common libssl-dev + python -m pip install --upgrade pip + pip install -r .devcontainer/requirements.txt + + - name: Build/Install the collection + uses: nick-fields/retry@v3 + with: + timeout_minutes: 2 + max_attempts: 3 + retry_on: error + command: | + collection_file=$( basename $(ansible-galaxy collection build -f | awk -F" " '{print $NF}')) + ansible-galaxy collection install $collection_file + + - name: Run role tests + id: molecule-role-test + uses: nick-fields/retry@v3 + env: + MOLECULE_INSTANCE_NAME: ${{ matrix.molecule.distro }}-${{ matrix.collection_role }} + MOLECULE_IMAGE_OWNER: ${{ matrix.molecule.image_owner }} + MOLECULE_IMAGE_ARCH: ${{ matrix.molecule.image_arch }} + MOLECULE_IMAGE_NAME: '${{ matrix.molecule.image_name }}' + MOLECULE_INSTANCE_TYPE: ${{ matrix.molecule.instance_type }} + MOLECULE_REGION: ${{ env.AWS_REGION}} + with: + timeout_minutes: 20 + max_attempts: 3 + retry_on: error + command: >- + molecule --version && + ansible --version && + molecule test --destroy never -s ${{ matrix.collection_role }} -- -v + continue-on-error: true + + - name: Ensure instances are destroyed + uses: nick-fields/retry@v3 + env: + MOLECULE_INSTANCE_NAME: ${{ matrix.molecule.distro }}-${{ matrix.collection_role }} + MOLECULE_IMAGE_OWNER: ${{ matrix.molecule.image_owner }} + MOLECULE_IMAGE_ARCH: ${{ matrix.molecule.image_arch }} + MOLECULE_IMAGE_NAME: '${{ matrix.molecule.image_name }}' + MOLECULE_INSTANCE_TYPE: ${{ matrix.molecule.instance_type }} + MOLECULE_REGION: ${{ env.AWS_REGION}} + with: + timeout_minutes: 10 + max_attempts: 3 + retry_on: error + command: >- + molecule --version && + ansible --version && + molecule destroy -s ${{ matrix.collection_role }} + + - name: Assert molecule tests passed + uses: nick-fields/assert-action@v2 + with: + expected: success + actual: ${{ steps.molecule-role-test.outcome }}