Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2889.0 #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: default-bare | |
on: | |
push: | |
pull_request: | |
permissions: {} | |
jobs: | |
build: | |
permissions: | |
contents: read | |
runs-on: ${{ matrix.distribution }}-${{ matrix.version }} | |
continue-on-error: ${{ matrix.experimental }} | |
strategy: | |
fail-fast: false | |
max-parallel: 4 | |
matrix: | |
include: | |
- distribution: ubuntu | |
version: '22.04' | |
experimental: false | |
- distribution: ubuntu | |
version: '20.04' | |
experimental: true | |
env: | |
ANSIBLE_CALLBACKS_ENABLED: profile_tasks | |
ANSIBLE_EXTRA_VARS: "" | |
ANSIBLE_ROLE: r_pufky.pihole | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ${{ env.ANSIBLE_ROLE }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
pip3 install ansible-lint flake8 yamllint netaddr | |
which ansible | |
pip3 install ansible | |
pip3 show ansible | |
ls -l $HOME/.local/bin || true | |
ansible --version | |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE | |
[ -f molecule/default/requirements.yml ] && ansible-galaxy install -r molecule/default/requirements.yml | |
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../:/home/runner/.ansible/roles'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg | |
- name: Environment | |
run: | | |
set -x | |
pwd | |
env | |
find . -ls | |
- name: run test | |
run: | | |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/default/converge.yml ${ANSIBLE_EXTRA_VARS} | |
env: | |
PY_COLORS: '1' | |
ANSIBLE_FORCE_COLOR: '1' | |
- name: idempotency run | |
run: | | |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/default/converge.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0) | |
- name: On failure | |
run: | | |
systemctl -l --no-pager status | |
systemctl -l --no-pager --failed | |
ls -l /usr/bin/ | egrep '(python|pip|ansible)' | |
pip freeze | |
pip3 freeze | |
ip addr | |
cat /etc/resolv.conf | |
host www.google.com | |
ping -c 1 www.google.com || true | |
ping -c 1 8.8.8.8 || true | |
if: ${{ failure() }} | |
continue-on-error: true | |
- name: After script - ansible setup | |
run: | | |
ansible -i inventory --connection=local -m setup localhost | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - systemd | |
run: | | |
systemctl -l --no-pager status pihole-FTL || true | |
systemd-analyze --no-pager security || true | |
systemd-analyze --no-pager security pihole-FTL || true | |
systemd-analyze --no-pager verify pihole-FTL || true | |
rsyslogd -v | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - etc | |
run: | | |
set -x | |
cat /etc/pihole/pihole-FTL.conf | |
cat /etc/resolv.conf | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - cli | |
run: | | |
set -x | |
pihole version | |
pihole status | |
nslookup pi.hole | |
resolvectl status | |
ss -tunap | grep LISTEN | |
if: ${{ always() }} | |
continue-on-error: true | |
- name: After script - dig | |
run: | | |
set -x | |
dig @localhost pi.hole | |
dig @localhost cnn.com | |
dig @localhost wy.adyboh.com | |
dig @localhost carniferou.club | |
if: ${{ always() }} | |
continue-on-error: true |