Remove insecure pe_installer_source parameter #47
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Upgrade PE with legacy compilers | |
| on: | |
| pull_request: | |
| paths: | |
| - .github/workflows/**/* | |
| - spec/**/* | |
| - lib/**/* | |
| - tasks/**/* | |
| - functions/**/* | |
| - types/**/* | |
| - plans/**/* | |
| - hiera/**/* | |
| - manifests/**/* | |
| - templates/**/* | |
| - files/**/* | |
| - metadata.json | |
| - Rakefile | |
| - Gemfile | |
| - provision.yaml | |
| - .rspec | |
| - .rubocop.yml | |
| - .puppet-lint.rc | |
| - .fixtures.yml | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| ssh-debugging: | |
| description: Boolean; whether or not to pause for ssh debugging | |
| required: true | |
| default: 'false' | |
| jobs: | |
| upgrade_with_legacy_compilers: | |
| name: Upgrade PE with legacy compilers | |
| runs-on: ubuntu-20.04 | |
| env: | |
| BOLT_GEM: true | |
| BOLT_DISABLE_ANALYTICS: true | |
| LANG: en_US.UTF-8 | |
| steps: | |
| - name: Start SSH session | |
| if: ${{ github.event.inputs.ssh-debugging == 'true' }} | |
| uses: luchihoratiu/debug-via-ssh@main | |
| with: | |
| NGROK_AUTH_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }} | |
| SSH_PASS: ${{ secrets.SSH_PASS }} | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Activate Ruby 2.7 | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '2.7' | |
| bundler-cache: true | |
| - name: Print bundle environment | |
| if: ${{ github.repository_owner == 'puppetlabs' }} | |
| run: | | |
| echo ::group::info:bundler | |
| bundle env | |
| echo ::endgroup:: | |
| - name: Provision test cluster | |
| timeout-minutes: 15 | |
| run: | | |
| echo ::group::prepare | |
| mkdir -p $HOME/.ssh | |
| echo 'Host *' > $HOME/.ssh/config | |
| echo ' ServerAliveInterval 150' >> $HOME/.ssh/config | |
| echo ' ServerAliveCountMax 2' >> $HOME/.ssh/config | |
| bundle exec rake spec_prep | |
| echo ::endgroup:: | |
| echo ::group::provision | |
| bundle exec bolt plan run peadm_spec::provision_test_cluster \ | |
| --modulepath spec/fixtures/modules \ | |
| provider=provision_service \ | |
| image=almalinux-cloud/almalinux-8 \ | |
| architecture=large-with-dr | |
| echo ::endgroup:: | |
| echo ::group::certnames | |
| bundle exec bolt plan run peadm_spec::add_inventory_hostnames \ | |
| --inventory spec/fixtures/litmus_inventory.yaml \ | |
| --modulepath spec/fixtures/modules \ | |
| --no-host-key-check \ | |
| inventory_file=spec/fixtures/litmus_inventory.yaml | |
| echo ::endgroup:: | |
| echo ::group::info:request | |
| cat request.json || true; echo | |
| echo ::endgroup:: | |
| echo ::group::info:inventory | |
| sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
| echo ::endgroup:: | |
| - name: Set up yq | |
| uses: frenck/action-setup-yq@v1 | |
| with: | |
| version: v4.30.5 | |
| - name: Create the params.json file | |
| run: | | |
| primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
| compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
| legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p) | |
| replica=$(yq '.groups[].targets[] | select(.vars.role == "replica") | .name' spec/fixtures/litmus_inventory.yaml) | |
| hash_random=$(LC_ALL=C tr -dc 'A-Za-z0-9!#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 30; echo) | |
| echo -n '{ "download_mode": "direct", "primary_host": "'$primary'", "replica_host": "'$replica'", "legacy_compilers": ["'$legacy_compiler'"], "compiler_hosts": ["'$compiler'"], "version": "2023.7.0", "console_password": "'$hash_random'" }' > params.json | |
| - name: Install PE with legacy compilers | |
| timeout-minutes: 120 | |
| run: | | |
| echo ::group::params.json | |
| jq '.console_password = "[redacted]"' params.json || true | |
| echo ::endgroup:: | |
| echo ::group::install | |
| bundle exec bolt plan run peadm::install \ | |
| --inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
| --modulepath spec/fixtures/modules \ | |
| --no-host-key-check \ | |
| --params @params.json | |
| echo ::endgroup:: | |
| - name: Wait as long as the file ${HOME}/pause file is present | |
| if: ${{ always() && github.event.inputs.ssh-debugging == 'true' }} | |
| run: | | |
| while [ -f "${HOME}/pause" ] ; do | |
| echo "${HOME}/pause present, sleeping for 60 seconds..." | |
| sleep 60 | |
| done | |
| echo "${HOME}/pause absent, continuing workflow." | |
| - name: Check if compilers are configured | |
| timeout-minutes: 120 | |
| run: | | |
| echo ::group::inventory | |
| sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
| echo ::endgroup:: | |
| echo ::group::get_peadm_config | |
| primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
| compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
| legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p) | |
| bundle exec bolt task run peadm::get_peadm_config \ | |
| --targets $primary \ | |
| --inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
| --modulepath spec/fixtures/modules \ | |
| --no-host-key-check \ | |
| --format json > peadm_config.json | |
| cat peadm_config.json | |
| echo ::endgroup:: | |
| echo ::group::smoke_test | |
| configured_legacy_compiler=$(yq '.items[0].value.params.legacy_compilers[0]' peadm_config.json) | |
| configured_compiler=$(yq '.items[0].value.params.compiler_hosts[0]' peadm_config.json) | |
| if [ "$configured_legacy_compiler" != "$legacy_compiler" ] && [ "$configured_compiler" != "$compiler" ]; then | |
| echo "Compilers are not configured, expected $legacy_compiler and $compiler, got $configured_legacy_compiler and $configured_compiler" | |
| exit 1 | |
| fi | |
| echo ::endgroup:: | |
| - name: Create the upgrade params.json file | |
| run: | | |
| primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
| compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
| legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p) | |
| replica=$(yq '.groups[].targets[] | select(.vars.role == "replica") | .name' spec/fixtures/litmus_inventory.yaml) | |
| echo -n '{ "primary_host": "'$primary'", "replica_host": "'$replica'", "compiler_hosts": ["'$compiler'", "'$legacy_compiler'"], "version": "2023.8.0"}' > upgrade_params.json | |
| - name: Upgrade PE with legacy compilers | |
| run: | | |
| echo ::group::upgrade_params.json | |
| cat upgrade_params.json | |
| echo ::endgroup:: | |
| echo ::group::upgrade | |
| bundle exec bolt plan run peadm::upgrade \ | |
| --inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
| --modulepath spec/fixtures/modules \ | |
| --no-host-key-check \ | |
| --params @upgrade_params.json | |
| echo ::endgroup:: | |
| - name: Check if we still have legacy compilers configured | |
| timeout-minutes: 120 | |
| run: | | |
| echo ::group::inventory | |
| sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
| echo ::endgroup:: | |
| echo ::group::get_peadm_config | |
| primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
| compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
| legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p) | |
| bundle exec bolt task run peadm::get_peadm_config \ | |
| --targets $primary \ | |
| --inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
| --modulepath spec/fixtures/modules \ | |
| --no-host-key-check \ | |
| --format json > peadm_config.json | |
| cat peadm_config.json | |
| echo ::endgroup:: | |
| echo ::group::smoke_test | |
| configured_legacy_compiler=$(yq '.items[0].value.params.legacy_compilers[0]' peadm_config.json) | |
| configured_compiler=$(yq '.items[0].value.params.compiler_hosts[0]' peadm_config.json) | |
| if [ "$configured_legacy_compiler" != "$legacy_compiler" ] && [ "$configured_compiler" != "$compiler" ]; then | |
| echo "Compilers are not configured, expected $legacy_compiler and $compiler, got $configured_legacy_compiler and $configured_compiler" | |
| exit 1 | |
| fi | |
| echo ::endgroup:: | |
| - name: Tear down test cluster | |
| if: ${{ always() }} | |
| continue-on-error: true | |
| run: |- | |
| if [ -f spec/fixtures/litmus_inventory.yaml ]; then | |
| echo ::group::tear_down | |
| bundle exec rake 'litmus:tear_down' | |
| echo ::endgroup:: | |
| echo ::group::info:request | |
| cat request.json || true; echo | |
| echo ::endgroup:: | |
| fi |