Remove insecure pe_installer_source parameter #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Convert compiler to legacy | |
on: | |
pull_request: | |
paths: | |
- .github/workflows/**/* | |
- spec/**/* | |
- lib/**/* | |
- tasks/**/* | |
- functions/**/* | |
- types/**/* | |
- plans/**/* | |
- hiera/**/* | |
- manifests/**/* | |
- templates/**/* | |
- files/**/* | |
- metadata.json | |
- Rakefile | |
- Gemfile | |
- provision.yaml | |
- .rspec | |
- .rubocop.yml | |
- .puppet-lint.rc | |
- .fixtures.yml | |
branches: [main] | |
workflow_dispatch: | |
inputs: | |
ssh-debugging: | |
description: Boolean; whether or not to pause for ssh debugging | |
required: true | |
default: 'false' | |
jobs: | |
convert_compiler: | |
name: Convert compilers to legacy | |
runs-on: ubuntu-20.04 | |
env: | |
BOLT_GEM: true | |
BOLT_DISABLE_ANALYTICS: true | |
LANG: en_US.UTF-8 | |
steps: | |
- name: Start SSH session | |
if: ${{ github.event.inputs.ssh-debugging == 'true' }} | |
uses: luchihoratiu/debug-via-ssh@main | |
with: | |
NGROK_AUTH_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }} | |
SSH_PASS: ${{ secrets.SSH_PASS }} | |
- name: Checkout Source | |
uses: actions/checkout@v4 | |
- name: Activate Ruby 2.7 | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '2.7' | |
bundler-cache: true | |
- name: Print bundle environment | |
if: ${{ github.repository_owner == 'puppetlabs' }} | |
run: | | |
echo ::group::info:bundler | |
bundle env | |
echo ::endgroup:: | |
- name: Provision test cluster | |
timeout-minutes: 15 | |
run: | | |
echo ::group::prepare | |
mkdir -p $HOME/.ssh | |
echo 'Host *' > $HOME/.ssh/config | |
echo ' ServerAliveInterval 150' >> $HOME/.ssh/config | |
echo ' ServerAliveCountMax 2' >> $HOME/.ssh/config | |
bundle exec rake spec_prep | |
echo ::endgroup:: | |
echo ::group::provision | |
bundle exec bolt plan run peadm_spec::provision_test_cluster \ | |
--modulepath spec/fixtures/modules \ | |
provider=provision_service \ | |
image=almalinux-cloud/almalinux-8 \ | |
architecture=large-with-dr | |
echo ::endgroup:: | |
echo ::group::certnames | |
bundle exec bolt plan run peadm_spec::add_inventory_hostnames \ | |
--inventory spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
--no-host-key-check \ | |
inventory_file=spec/fixtures/litmus_inventory.yaml | |
echo ::endgroup:: | |
echo ::group::info:request | |
cat request.json || true; echo | |
echo ::endgroup:: | |
echo ::group::info:inventory | |
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
echo ::endgroup:: | |
- name: Set up yq | |
uses: frenck/action-setup-yq@v1 | |
with: | |
version: v4.30.5 | |
- name: Install PE on test cluster | |
timeout-minutes: 120 | |
run: | | |
bundle exec bolt plan run peadm_spec::install_test_cluster \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
architecture=large-with-dr \ | |
console_password=${{ secrets.CONSOLE_PASSWORD }} \ | |
version=2023.7.0 | |
- name: Wait as long as the file ${HOME}/pause file is present | |
if: ${{ always() && github.event.inputs.ssh-debugging == 'true' }} | |
run: | | |
while [ -f "${HOME}/pause" ] ; do | |
echo "${HOME}/pause present, sleeping for 60 seconds..." | |
sleep 60 | |
done | |
echo "${HOME}/pause absent, continuing workflow." | |
- name: Convert one compiler to legacy | |
timeout-minutes: 120 | |
run: | | |
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
echo "primary: $primary" | |
echo "compiler: $compiler" | |
echo ::group::convert_compiler_to_legacy | |
bundle exec bolt plan run peadm::convert_compiler_to_legacy \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
--no-host-key-check \ | |
primary_host=$primary \ | |
legacy_hosts=$compiler | |
echo ::endgroup:: | |
- name: Check if compiler is converted | |
timeout-minutes: 120 | |
run: | | |
echo ::group::inventory | |
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
echo ::endgroup:: | |
echo ::group::get_peadm_config | |
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml) | |
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1) | |
bundle exec bolt task run peadm::get_peadm_config \ | |
--targets $primary \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
--no-host-key-check \ | |
--format json > peadm_config.json | |
cat peadm_config.json | |
echo ::endgroup:: | |
echo ::group::smoke_test | |
legacy_compiler=$(yq '.items[0].value.params.legacy_compilers[0]' peadm_config.json) | |
if [ "$compiler" != "$legacy_compiler" ]; then | |
echo "Compiler conversion failed, expected $compiler, got $legacy_compiler" | |
exit 1 | |
fi | |
echo ::endgroup:: | |
- name: Tear down test cluster | |
if: ${{ always() }} | |
continue-on-error: true | |
run: |- | |
if [ -f spec/fixtures/litmus_inventory.yaml ]; then | |
echo ::group::tear_down | |
bundle exec rake 'litmus:tear_down' | |
echo ::endgroup:: | |
echo ::group::info:request | |
cat request.json || true; echo | |
echo ::endgroup:: | |
fi |