Skip to content

(ITHELP-98367) - Fix AiTM attacks vulnerability #422

(ITHELP-98367) - Fix AiTM attacks vulnerability

(ITHELP-98367) - Fix AiTM attacks vulnerability #422

---
name: Upgrade test matrix
on:
pull_request:
paths:
- .github/workflows/**/*
- spec/**/*
- lib/**/*
- tasks/**/*
- functions/**/*
- types/**/*
- plans/**/*
- hiera/**/*
- manifests/**/*
- templates/**/*
- files/**/*
- metadata.json
- Rakefile
- Gemfile
- provision.yaml
- .rspec
- .rubocop.yml
- .puppet-lint.rc
- .fixtures.yml
branches: [main]
workflow_dispatch: {}
jobs:
test-upgrade:
name: PE ${{ matrix.version }} to ${{ matrix.version_to_upgrade }} ${{ matrix.architecture }}
on ${{ matrix.image }}
runs-on: ubuntu-20.04
env:
BOLT_GEM: true
BOLT_DISABLE_ANALYTICS: true
LANG: en_US.UTF-8
strategy:
fail-fast: false
matrix:
architecture: [standard, extra-large-with-dr]
version: [2019.8.12, 2021.7.9]
version_to_upgrade: [2021.7.9, 2023.8.0]
image: [almalinux-cloud/almalinux-8]
download_mode: [direct]
exclude:
- version: 2019.8.12
version_to_upgrade: 2023.8.0
- version: 2021.7.9
version_to_upgrade: 2021.7.9
steps:
- name: Start SSH session
if: ${{ github.event.inputs.ssh-debugging == 'true' }}
uses: luchihoratiu/debug-via-ssh@main
with:
NGROK_AUTH_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
SSH_PASS: ${{ secrets.SSH_PASS }}
- name: Checkout Source
uses: actions/checkout@v4
- name: Activate Ruby 2.7
uses: ruby/setup-ruby@v1
with:
ruby-version: '2.7'
bundler-cache: true
- name: Print bundle environment
if: ${{ github.repository_owner == 'puppetlabs' }}
run: |
echo ::group::info:bundler
bundle env
echo ::endgroup::
- name: Provision test cluster
timeout-minutes: 15
run: |
echo ::group::prepare
mkdir -p $HOME/.ssh
echo 'Host *' > $HOME/.ssh/config
echo ' ServerAliveInterval 150' >> $HOME/.ssh/config
echo ' ServerAliveCountMax 2' >> $HOME/.ssh/config
bundle exec rake spec_prep
echo ::endgroup::
echo ::group::provision
bundle exec bolt plan run peadm_spec::provision_test_cluster \
--modulepath spec/fixtures/modules \
provider=provision_service \
image=${{ matrix.image }} \
architecture=${{ matrix.architecture }}
echo ::endgroup::
echo ::group::info:request
cat request.json || true; echo
echo ::endgroup::
echo ::group::info:inventory
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true
echo ::endgroup::
- name: Install PE on test cluster
timeout-minutes: 120
run: |
bundle exec bolt plan run peadm_spec::install_test_cluster \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
architecture=${{ matrix.architecture }} \
version=${{ matrix.version }} \
console_password=${{ secrets.CONSOLE_PASSWORD }}
- name: Wait as long as the file ${HOME}/pause file is present
if: ${{ always() && github.event.inputs.ssh-debugging == 'true' }}
run: |
while [ -f "${HOME}/pause" ] ; do
echo "${HOME}/pause present, sleeping for 60 seconds..."
sleep 60
done
echo "${HOME}/pause absent, continuing workflow."
- name: Upgrade PE on test cluster
timeout-minutes: 120
run: |
bundle exec bolt plan run peadm_spec::upgrade_test_cluster \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
architecture=${{ matrix.architecture }} \
download_mode=${{ matrix.download_mode }} \
version=${{ matrix.version_to_upgrade }}
- name: Tear down test cluster
if: ${{ always() }}
continue-on-error: true
run: |-
if [ -f spec/fixtures/litmus_inventory.yaml ]; then
echo ::group::tear_down
bundle exec rake 'litmus:tear_down'
echo ::endgroup::
echo ::group::info:request
cat request.json || true; echo
echo ::endgroup::
fi