Skip to content
kitchen-fips

Allow the suppression of other values in a key for the "before" report #2603

Sign in to view logs

Allow the suppression of other values in a key for the "before" report

Allow the suppression of other values in a key for the "before" report #2603

Workflow file for this run

.github/workflows/kitchen-fips.yml at 0d43916
---
name: kitchen-fips
"on":
pull_request:
push:
branches:
- main
concurrency:
group: kitchen-fips-${{ github.ref }}
cancel-in-progress: true
jobs:
windows:
strategy:
fail-fast: false
matrix:
os: [windows-2022, windows-2019]
ruby: ['3.1']
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: 'Install Chef/Ohai from Omnitruck'
id: install_chef
run: |
. { Invoke-WebRequest -useb https://omnitruck.chef.io/install.ps1 } | Invoke-Expression; Install-Project -project chef -channel current
$env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH
chef-client -v
ohai -v
rake --version
bundle -v
- name: 'Upgrade Chef/Ohai via Appbundler'
id: upgrade
run: |
$env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH
$env:OHAI_VERSION = ( Select-String -Path .\Gemfile.lock -Pattern '(?<=ohai \()\d.*(?=\))' | ForEach-Object { $_.Matches[0].Value } )
# The chef-client installer does not put the file 'ansidecl.h' down in the correct location
# This leads to failures during testing. Moving that file to its correct position here.
# Another example of 'bad' that needs to be corrected
$output = gci -path C:\opscode\ -file ansidecl.h -Recurse
# As of Ruby 3.1, there are 3 ansidecl.h files found in the opscode path
# Grabbing the first (and shortest) path found is a bit of a :fingers-crossed: but
# making the leap that ansidecl.h isn't going to vary in a way that will fail
# subtly.
if ($output -is [Array]) { $output = $output[0] }
$target_path = $($output.Directory.Parent.FullName + "\x86_64-w64-mingw32\include")
Move-Item -Path $output.FullName -Destination $target_path
# if a different version of ffi-yajl is installed, then libyajl2 needs to be reinstalled
# so that libyajldll.a is present in the intermediate build step. bundler seems to skip
# libyajl2 build if already present. gem install seems to build anyway.
gem uninstall -I libyajl2
gem install appbundler appbundle-updater --no-doc
If ($lastexitcode -ne 0) { Exit $lastexitcode }
appbundle-updater chef chef $env:GITHUB_SHA --tarball --github $env:GITHUB_REPOSITORY
If ($lastexitcode -ne 0) { Exit $lastexitcode }
Write-Output "Installed Chef / Ohai release:"
ohai -v
If ($lastexitcode -ne 0) { Exit $lastexitcode }
chef-client -v
If ($lastexitcode -ne 0) { Exit $lastexitcode }
- name: 'Enable FIPS via windows registry' #FIPS needs to be enabled after installation of Chef, otherwise it fails due to Cryptography error
run: |
$OldErrorActionPreference = $ErrorActionPreference
$ErrorActionPreference = "stop"
$KeyPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy"
$ValueName = "Enabled"
$ValueData = "1"
try{
Get-ItemProperty -Path $KeyPath -Name $valueName -ErrorAction Stop
New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force
}
catch [System.Management.Automation.PSArgumentException] {
New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force
}
catch [System.Management.Automation.ItemNotFoundException]
{
New-Item -Path $KeyPath -Force
New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force
}
Finally
{
$ErrorActionPreference = $OldErrorActionPreference
}
if (-not $?) { throw "Failed to enable FIPS mode." }
- name: 'Run chef-client'
run: |
$env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH
chef-client -v
If ($lastexitcode -ne 0) { Exit $lastexitcode }