Skip to content

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2889.0 #40

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2889.0

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2889.0 #40

Workflow file for this run

---
name: default-bare
on:
push:
pull_request:
permissions: {}
jobs:
build:
permissions:
contents: read
runs-on: ${{ matrix.distribution }}-${{ matrix.version }}
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
max-parallel: 4
matrix:
include:
- distribution: ubuntu
version: '22.04'
experimental: false
- distribution: ubuntu
version: '20.04'
experimental: true
env:
ANSIBLE_CALLBACKS_ENABLED: profile_tasks
ANSIBLE_EXTRA_VARS: ""
ANSIBLE_ROLE: r_pufky.pihole
steps:
- uses: actions/checkout@v4
with:
path: ${{ env.ANSIBLE_ROLE }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
pip3 install ansible-lint flake8 yamllint netaddr
which ansible
pip3 install ansible
pip3 show ansible
ls -l $HOME/.local/bin || true
ansible --version
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
[ -f molecule/default/requirements.yml ] && ansible-galaxy install -r molecule/default/requirements.yml
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'roles_path = ../:/home/runner/.ansible/roles'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
- name: Environment
run: |
set -x
pwd
env
find . -ls
- name: run test
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/default/converge.yml ${ANSIBLE_EXTRA_VARS}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: idempotency run
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i localhost, --connection=local --become -vvv molecule/default/converge.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)
- name: On failure
run: |
systemctl -l --no-pager status
systemctl -l --no-pager --failed
ls -l /usr/bin/ | egrep '(python|pip|ansible)'
pip freeze
pip3 freeze
ip addr
cat /etc/resolv.conf
host www.google.com
ping -c 1 www.google.com || true
ping -c 1 8.8.8.8 || true
if: ${{ failure() }}
continue-on-error: true
- name: After script - ansible setup
run: |
ansible -i inventory --connection=local -m setup localhost
if: ${{ always() }}
continue-on-error: true
- name: After script - systemd
run: |
systemctl -l --no-pager status pihole-FTL || true
systemd-analyze --no-pager security || true
systemd-analyze --no-pager security pihole-FTL || true
systemd-analyze --no-pager verify pihole-FTL || true
rsyslogd -v
if: ${{ always() }}
continue-on-error: true
- name: After script - etc
run: |
set -x
cat /etc/pihole/pihole-FTL.conf
cat /etc/resolv.conf
if: ${{ always() }}
continue-on-error: true
- name: After script - cli
run: |
set -x
pihole version
pihole status
nslookup pi.hole
resolvectl status
ss -tunap | grep LISTEN
if: ${{ always() }}
continue-on-error: true
- name: After script - dig
run: |
set -x
dig @localhost pi.hole
dig @localhost cnn.com
dig @localhost wy.adyboh.com
dig @localhost carniferou.club
if: ${{ always() }}
continue-on-error: true