ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Install Node.js in all Ubuntu containers for checkout action
Some checks failed
CI / lint-and-test (push) Successful in 58s
Details
CI / ansible-validation (push) Successful in 3m13s
Details
CI / secret-scanning (push) Failing after 1m21s
Details
CI / dependency-scan (push) Failing after 1m20s
Details
CI / sast-scan (push) Successful in 2m25s
Details
CI / license-check (push) Successful in 55s
Details
CI / vault-check (push) Failing after 2m44s
Details
CI / playbook-test (push) Successful in 2m28s
Details
CI / container-scan (push) Failing after 1m24s
Details

Browse Source
This commit is contained in:
ilia 2025-12-13 23:30:42 -05:00
parent 1a565cc30e
commit a9ed19c9d2
1 changed files with 94 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
.gitea/workflows/ci.yml
View File

@ -27,14 +27,23 @@ jobs:
ansible-validation: ansible-validation:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: python:3.11-slim image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Ansible and linting tools - name: Install Python and dependencies
run: | run: |
pip install --no-cache-dir ansible ansible-lint yamllint apt-get update && apt-get install -y python3 python3-pip
- name: Install Ansible and linting tools
run: pip3 install --no-cache-dir ansible ansible-lint yamllint
- name: Validate YAML syntax - name: Validate YAML syntax
run: | run: |
@ -50,13 +59,28 @@ jobs:
secret-scanning: secret-scanning:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: gitleaks/gitleaks:latest image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install Gitleaks
run: |
apt-get update && apt-get install -y wget curl
GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
wget -q "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" -O /tmp/gitleaks.tar.gz
tar -xzf /tmp/gitleaks.tar.gz -C /usr/local/bin/ gitleaks
chmod +x /usr/local/bin/gitleaks
gitleaks version
- name: Run Gitleaks secret scan - name: Run Gitleaks secret scan
run: | run: |
gitleaks detect --source . --verbose --no-banner --exit-code 1 gitleaks detect --source . --verbose --no-banner --exit-code 1
@ -64,11 +88,25 @@ jobs:
dependency-scan: dependency-scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: aquasec/trivy:latest image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Trivy
run: |
apt-get update && apt-get install -y wget curl
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
apt-get update && apt-get install -y trivy || \
(wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
- name: Scan npm dependencies - name: Scan npm dependencies
run: | run: |
if [ -f "package.json" ]; then if [ -f "package.json" ]; then
@ -105,11 +143,22 @@ jobs:
sast-scan: sast-scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: returntocorp/semgrep:latest image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Semgrep
run: |
apt-get update && apt-get install -y python3 python3-pip
pip3 install semgrep
- name: Run Semgrep scan - name: Run Semgrep scan
run: semgrep --config=auto --error run: semgrep --config=auto --error
continue-on-error: true continue-on-error: true
@ -137,13 +186,23 @@ jobs:
vault-check: vault-check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: python:3.11-slim image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Python and dependencies
run: |
apt-get update && apt-get install -y python3 python3-pip
- name: Install Ansible - name: Install Ansible
run: pip install --no-cache-dir ansible run: pip3 install --no-cache-dir ansible
- name: Validate vault files are encrypted - name: Validate vault files are encrypted
run: | run: |
@ -166,13 +225,23 @@ jobs:
playbook-test: playbook-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: python:3.11-slim image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Python and dependencies
run: |
apt-get update && apt-get install -y python3 python3-pip
- name: Install Ansible - name: Install Ansible
run: pip install --no-cache-dir ansible run: pip3 install --no-cache-dir ansible
- name: Dry-run playbooks - name: Dry-run playbooks
run: | run: |
@ -198,11 +267,25 @@ jobs:
container-scan: container-scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: aquasec/trivy:latest image: ubuntu:22.04
steps: steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Trivy
run: |
apt-get update && apt-get install -y wget curl
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
apt-get update && apt-get install -y trivy || \
(wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
- name: Scan for Dockerfiles and container configs - name: Scan for Dockerfiles and container configs
run: | run: |
if [ -f "Dockerfile" ] || [ -f "docker-compose.yml" ] || find . -name "Dockerfile*" -o -name "*.dockerfile" 2>/dev/null | grep -v ".git" | head -1 > /dev/null; then if [ -f "Dockerfile" ] || [ -f "docker-compose.yml" ] || find . -name "Dockerfile*" -o -name "*.dockerfile" 2>/dev/null | grep -v ".git" | head -1 > /dev/null; then