From 496273bd6b5f30046337d8560f18b93cfea6202c Mon Sep 17 00:00:00 2001 From: Niall Byrne Date: Wed, 19 May 2021 16:41:47 -0400 Subject: [PATCH] build(COOKIECUTTER): update templated workflows to latest --- .cookiecutter/cookiecutter.json | 12 +++ .github/workflows/push.yml | 177 ++++++++++++++++++++------------ .github/workflows/release.yml | 13 +-- .yamllint | 13 ++- meta/main.yml | 4 +- 5 files changed, 140 insertions(+), 79 deletions(-) create mode 100644 .cookiecutter/cookiecutter.json diff --git a/.cookiecutter/cookiecutter.json b/.cookiecutter/cookiecutter.json new file mode 100644 index 0000000..e9a41dd --- /dev/null +++ b/.cookiecutter/cookiecutter.json @@ -0,0 +1,12 @@ +{ + "_template": "https://github.com/shared-vision-solutions/ansible-workbench.git", + "author": "Niall Byrne", + "company": "Shared Vision Solutions", + "description": "Ansible role that installs ClamAV antivirus on OSX machines.", + "email": "niall@niallbyrne.ca", + "galaxy_namespace_slug": "osx_provisioner", + "galaxy_role_slug": "clamav", + "github_handle": "osx-provisioner", + "project_name": "role-clamav", + "project_slug": "role-clamav" +} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index e62321a..a14514c 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -10,56 +10,21 @@ on: jobs: - - build: + documentation_test: runs-on: ubuntu-latest - strategy: - max-parallel: 4 - matrix: - python-version: [3.7] steps: - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v1 - with: - python-version: ${{ matrix.python-version }} - - name: Build -- Checkout Repository + - name: Documentation Test -- Checkout Repository uses: actions/checkout@v1 - - name: Build -- Setup Environment + - name: Documentation Test -- Setup Environment run: | source ./.github/scripts/setup.sh env: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - - name: Create Results File - run: | - touch /tmp/results.yml - - - name: Build -- Install Requirements - run: | - pip install poetry - poetry install - - name: Build -- Run Linter - run: | - poetry run molecule lint - - - name: Build -- Report Job Status (Success) - run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "build was successful!" - - name: Build -- Report Job Status (Failure) - if: failure() - run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "build has failed!" - - documentation_test: - - runs-on: ubuntu-latest - steps: - - name: Documentation Test -- Checkout Repository - uses: actions/checkout@v1 - name: Documentation Test -- Documentation Validation uses: gaurav-nelson/github-action-markdown-link-check@1.0.11 with: @@ -70,10 +35,11 @@ jobs: run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" "documentation test has passed!" - name: Documentation Test -- Report Failure + if: failure() run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" "documentation test has failed!" - security_test: + molecule_lint: runs-on: ubuntu-latest strategy: @@ -82,55 +48,57 @@ jobs: python-version: [3.7] steps: - - name: Security Test -- Set up Python ${{ matrix.python-version }} + + - name: Molecule Lint -- Checkout Repository + uses: actions/checkout@v1 + - name: Molecule Lint -- Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v1 with: python-version: ${{ matrix.python-version }} - - name: Security Test -- Checkout Repository - uses: actions/checkout@v1 - - - name: Security Test -- Check Dependencies + - name: Molecule Lint -- Setup Environment run: | - pip install safety poetry - pip install --upgrade pip + source ./.github/scripts/setup.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + - name: Molecule Lint -- Install Requirements + run: | + pip install poetry poetry install - safety check - - # There is no substitute for the feedback from another human. - - name: Security Test -- Run Gitleaks - uses: zricethezav/gitleaks-action@master + - name: Molecule Lint -- Run Linter + run: | + poetry run molecule lint - - name: Shellcheck -- Report Job Status on Success + - name: Molecule Lint -- Report Job Status (Success) run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!" - - name: Shellcheck -- Report Job Status on Failure + ./.github/scripts/notifications.sh "${NOTIFICATION}" "molecule linting was successful!" + - name: Molecule Lint -- Report Job Status (Failure) if: failure() run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!" + ./.github/scripts/notifications.sh "${NOTIFICATION}" "molecule linting has failed!" release: - needs: [documentation_test, security_test] + needs: [molecule_lint, documentation_test, security_test] runs-on: ubuntu-latest steps: - - name: Release -- Checkout + + - name: Release -- Checkout Repository + if: contains(github.ref, '/tags/v') uses: actions/checkout@v1 - name: Release -- Setup Environment - run: | - source ./.github/scripts/setup.sh - env: - WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - - - name: Release -- Prepare Content if: contains(github.ref, '/tags/v') run: | + source ./.github/scripts/setup.sh NEWTAG=${BRANCH_OR_TAG} echo "NEWTAG=${NEWTAG}" >> $GITHUB_ENV echo "{}" > package.json + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + - name: Release -- Generate Changelog if: contains(github.ref, '/tags/v') uses: scottbrenner/generate-changelog-action@1.0.3 @@ -153,10 +121,87 @@ jobs: - name: Release -- Report Job Status (Success) if: contains(github.ref, '/tags/v') run: | - ./.github/scripts/notifications.sh \ - "${NOTIFICATION}" \ - "automated release has been created: https://github.com/${USERNAME}/${PROJECT_NAME}/releases" + ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases" - name: Release -- Report Job Status (Failure) if: failure() && contains(github.ref, '/tags/v') run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated release generation failed!" + + security_test: + + runs-on: ubuntu-latest + strategy: + max-parallel: 4 + matrix: + python-version: [3.7] + + steps: + + - name: Security Test -- Checkout Repository + uses: actions/checkout@v1 + - name: Security Test -- Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + + - name: Security Test -- Setup Environment + run: | + source ./.github/scripts/setup.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + + - name: Security Test -- Run Gitleaks + uses: zricethezav/gitleaks-action@master + + - name: Security Test -- Check Dependencies + run: | + pip install safety poetry + pip install --upgrade pip + poetry install + safety check + + - name: Security Test -- Report Job Status on Success + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!" + - name: Security Test -- Report Job Status on Failure + if: failure() + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!" + + workflow_lint: + + runs-on: ubuntu-latest + strategy: + max-parallel: 4 + matrix: + python-version: [3.7] + + steps: + + - name: Workflow Lint -- Checkout Repository + uses: actions/checkout@v1 + - name: Workflow Lint -- Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + + - name: Workflow Lint -- Setup Environment + run: | + source ./.github/scripts/setup.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + - name: Workflow Lint -- Install Requirements + run: | + pip install yamllint + + - name: Workflow Lint -- Run Linter + run: | + yamllint .github/workflows + + - name: Workflow Lint -- Report Job Status (Success) + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" "workflow linting was successful!" + - name: Workflow Lint -- Report Job Status (Failure) + if: failure() + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" "workflow linting has failed!" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9903fbf..cac8afd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,10 +25,6 @@ jobs: python-version: [3.7] steps: - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v1 - with: - python-version: ${{ matrix.python-version }} - name: Publish to Galaxy -- Code Checkout (workflow dispatch) if: github.event_name == 'workflow_dispatch' @@ -42,6 +38,11 @@ jobs: with: fetch-depth: 0 + - name: Publish to Galaxy -- Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + - name: Publish to Galaxy -- Setup Environment run: | source .github/scripts/setup.sh @@ -60,8 +61,8 @@ jobs: - name: Publish to Galaxy -- Report Job Status (Success) run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated galaxy import has been completed!" + ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated ansible galaxy import has been completed!" - name: Publish to Galaxy -- Report Job Status (Failure) if: failure() run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated galaxy import has failed!" + ./.github/scripts/notifications.sh "${NOTIFICATION}" "automated ansible galaxy import has failed!" diff --git a/.yamllint b/.yamllint index c8f71e4..536f9c6 100644 --- a/.yamllint +++ b/.yamllint @@ -21,18 +21,23 @@ rules: indentation: spaces: consistent indent-sequences: true + level: error comments: disable comments-indentation: disable - document-start: enable + document-start: + level: error empty-lines: max: 3 level: error hyphens: level: error - key-duplicates: enable + key-duplicates: + level: error line-length: disable - new-line-at-end-of-file: enable + new-line-at-end-of-file: + level: error new-lines: type: unix - trailing-spaces: enable + trailing-spaces: + level: error truthy: disable diff --git a/meta/main.yml b/meta/main.yml index 16956ae..ec5c538 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,19 +3,17 @@ galaxy_info: role_name: clamav namespace: osx_provisioner author: Niall Byrne - description: Installs and configures ClamAV, with a simple realtime scan daemon. + description: Ansible role that installs ClamAV antivirus on OSX machines. company: Shared Vision Solutions license: MPL-2 platforms: - name: MacOSX versions: - - '11.3' - '10.15' - '10.14' min_ansible_version: 3.3.0 galaxy_tags: - osx - - mac - antivirus - clamav