-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>
- Loading branch information
Showing
2 changed files
with
116 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| name: fedora40-ansible-latest | ||
| on: | ||
| # yamllint disable-line rule:truthy | ||
| workflow_dispatch: | ||
| push: | ||
| paths: | ||
| - 'fedora40-ansible-latest/**' | ||
| pull_request: | ||
| paths: | ||
| - 'fedora40-ansible-latest/**' | ||
| jobs: | ||
| docker: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| dockerimage: | ||
| - fedora40-ansible | ||
| platforms: | ||
| - linux/amd64 | ||
| #- linux/arm64 | ||
| steps: | ||
| - | ||
| name: Checkout | ||
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 | ||
| - | ||
| name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - | ||
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - | ||
| name: Build and export to Docker | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| tags: docker-${{ matrix.dockerimage }}:test | ||
| platforms: ${{ matrix.platforms }} | ||
| load: true | ||
| - | ||
| name: Test | ||
| run: | | ||
| docker run --rm docker-${{ matrix.dockerimage }}:test | ||
| - | ||
| name: Login to ghcr.io | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Build and push to ghcr.io | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| push: true | ||
| tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest | ||
| platforms: ${{ matrix.platforms }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Login to DockerHub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Build and push | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| push: true | ||
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest | ||
| platforms: ${{ matrix.platforms }} | ||
| if: github.ref == 'refs/heads/master' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| FROM fedora:40 | ||
| LABEL maintainer="Sebastian Gumprich, Nejc Habjan, Diego Louzan, Max Wittig" | ||
|
|
||
| # Enable systemd. | ||
| RUN dnf -y install systemd && dnf clean all && \ | ||
| for i in /lib/systemd/system/sysinit.target.wants/*; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done; \ | ||
| rm -f /lib/systemd/system/multi-user.target.wants/*;\ | ||
| rm -f /etc/systemd/system/*.wants/*;\ | ||
| rm -f /lib/systemd/system/local-fs.target.wants/*; \ | ||
| rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ | ||
| rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ | ||
| rm -f /lib/systemd/system/basic.target.wants/*;\ | ||
| rm -f /lib/systemd/system/anaconda.target.wants/*; | ||
|
|
||
| RUN dnf -y update \ | ||
| && dnf -y install ansible python python3-libselinux \ | ||
| && dnf clean all | ||
|
|
||
| RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts | ||
|
|
||
| # https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user | ||
| # Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` | ||
| # This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so | ||
| # each `item` is an element of platforms list from the molecule.yml file for this scenario. | ||
| ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel | ||
| RUN set -xe \ | ||
| && groupadd -r ${ANSIBLE_USER} \ | ||
| && groupadd -r ${DEPLOY_GROUP} \ | ||
| && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ | ||
| && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers | ||
|
|
||
| # delete file created by systemd that prevents login via ssh | ||
| RUN rm -f /{var/run,etc,run}/nologin | ||
|
|
||
| CMD [ "ansible-playbook", "--version" ] |