diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml new file mode 100644 index 0000000..ff995ef --- /dev/null +++ b/.gitea/workflows/test.yml @@ -0,0 +1,52 @@ +--- +name: test +on: [push] + +jobs: + lint: + name: Linting + runs-on: ubuntu-latest + container: + image: git.ednz.fr/container-factory/ansible-runner:act-latest + credentials: + username: ${{ secrets.ACTIONS_USER }} + password: ${{ secrets.ACTIONS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: "Ansible lint" + run: ansible-lint --force-color + working-directory: ${{ gitea.workspace }} + + - name: "YAML lint" + run: yamllint . -f colored -c .yamllint + working-directory: ${{ gitea.workspace }} + + molecule-test: + name: Molecule tests + runs-on: ubuntu-latest + needs: lint + container: + image: git.ednz.fr/container-factory/ansible-runner:act-latest + credentials: + username: ${{ secrets.ACTIONS_USER }} + password: ${{ secrets.ACTIONS_TOKEN }} + strategy: + matrix: + test_os: [debian11, debian12, ubuntu2004, ubuntu2204] + scenario: [default, with_custom_repo] + env: + ANSIBLE_HOST_KEY_CHECKING: 'false' + ANSIBLE_FORCE_COLOR: 'true' + ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: "Molecule test" + run: molecule test -s ${{ matrix.scenario }} + shell: bash + working-directory: ${{ gitea.workspace }} + env: + MOLECULE_TEST_OS: ${{ matrix.test_os }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index d9e96e2..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -stages: - - verify - - test-default - - test-with-custom-repo - -image: - name: registry.ednz.fr/forge/ansible-runner - -variables: - ANSIBLE_HOST_KEY_CHECKING: 'false' - ANSIBLE_FORCE_COLOR: 'true' - ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3 - DOCKER_AUTH_CONFIG: $CI_DOCKER_AUTH_CONFIG - -.stage-test-default: - stage: test-default - -.stage-test-with-custom-repo: - stage: test-with-custom-repo - -.variables-ubuntu-2004: - variables: - MOLECULE_TEST_OS: "ubuntu2004" - -.variables-ubuntu-2204: - variables: - MOLECULE_TEST_OS: "ubuntu2204" - -.variables-debian-11: - variables: - MOLECULE_TEST_OS: "debian11" - -.script-molecule-test-default: - script: - - molecule test - -.script-molecule-test-with-custom-repo: - script: - - molecule test -s with_custom_repo - -ansible-verify: - stage: verify - script: - - yamllint . -c .yamllint - - ansible-lint - -ansible-test-ubuntu-2004-default: - extends: - - .stage-test-default - - .variables-ubuntu-2004 - - .script-molecule-test-default - -ansible-test-ubuntu-2204-default: - extends: - - .stage-test-default - - .variables-ubuntu-2204 - - .script-molecule-test-default - -ansible-test-debian-11-default: - extends: - - .stage-test-default - - .variables-debian-11 - - .script-molecule-test-default - -ansible-test-ubuntu-2004-with-custom-repo: - extends: - - .stage-test-with-custom-repo - - .variables-ubuntu-2004 - - .script-molecule-test-with-custom-repo - -ansible-test-ubuntu-2204-with-custom-repo: - extends: - - .stage-test-with-custom-repo - - .variables-ubuntu-2204 - - .script-molecule-test-with-custom-repo - -ansible-test-debian-11-with-custom-repo: - extends: - - .stage-test-with-custom-repo - - .variables-debian-11 - - .script-molecule-test-with-custom-repo diff --git a/LICENSE b/LICENSE index 9ef042d..c9a37e5 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2017 Jeff Geerling +Copyright (c) 2017 Bertrand Lanson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in diff --git a/README.md b/README.md index e55dc85..2d00f9a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -Manage repositories +manage_repositories ========= -> This repository is only a mirror. Development and testing is done on a private gitlab server. +> This repository is only a mirror. Development and testing is done on a private gitea server. This role enables you to manage repositories on **debian-based** distributions. It can be used on its own , or be called by other roles the configure repositories on demand. @@ -86,4 +86,4 @@ MIT / BSD Author Information ------------------ -This role was created by Bertrand Lanson in 2023. \ No newline at end of file +This role was created by Bertrand Lanson in 2023. diff --git a/meta/main.yml b/meta/main.yml index 9a35c02..9312771 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -15,6 +15,7 @@ galaxy_info: - name: Debian versions: - bullseye + - bookworm galaxy_tags: - 'ubuntu' - 'debian' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7a62eb2..49efc7f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -20,7 +20,7 @@ provisioner: defaults: remote_tmp: /tmp/.ansible verifier: - name: testinfra + name: ansible scenario: name: default test_sequence: diff --git a/molecule/default/tests/conftest.py b/molecule/default/tests/conftest.py deleted file mode 100644 index f7ddb3f..0000000 --- a/molecule/default/tests/conftest.py +++ /dev/null @@ -1,22 +0,0 @@ -"""PyTest Fixtures.""" -from __future__ import absolute_import - -import os - -import pytest - - -def pytest_runtest_setup(item): - """Run tests only when under molecule with testinfra installed.""" - try: - import testinfra - except ImportError: - pytest.skip("Test requires testinfra", allow_module_level=True) - if "MOLECULE_INVENTORY_FILE" in os.environ: - pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ["MOLECULE_INVENTORY_FILE"] - ).get_hosts("all") - else: - pytest.skip( - "Test should run only from inside molecule.", allow_module_level=True - ) diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py deleted file mode 100644 index 2f48c0d..0000000 --- a/molecule/default/tests/test_default.py +++ /dev/null @@ -1,34 +0,0 @@ -"""Role testing files using testinfra.""" - - -def test_hosts_file(host): - """Validate /etc/hosts file.""" - etc_hosts = host.file("/etc/hosts") - assert etc_hosts.exists - assert etc_hosts.user == "root" - assert etc_hosts.group == "root" - -def test_source_list_default(host): - """Validate /etc/apt/sources.list file.""" - etc_apt_sources_list_default = host.file("/etc/apt/sources.list") - dist_os = host.system_info.distribution - dist_codename = host.system_info.codename - assert etc_apt_sources_list_default.exists - assert etc_apt_sources_list_default.user == "root" - assert etc_apt_sources_list_default.group == "root" - assert etc_apt_sources_list_default.mode == 0o644 - if dist_os == "debian": - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + " main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + "-updates main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian-security " + dist_codename + "-security main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + "-backports main") - elif dist_os == "ubuntu": - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + " main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-updates main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-security main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-backports main restricted universe multiverse") - -def test_source_list_custom(host): - """Validate /etc/apt/sources.list.d/custom.list file does not exist.""" - etc_apt_sources_list_custom = host.file("/etc/apt/sources.list.d/custom.list") - assert not etc_apt_sources_list_custom.exists diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..c5feca6 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,58 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == 'root' + + - name: "Test: file /etc/apt/sources.list" + block: + - name: "Stat file /etc/apt/sources.list" + ansible.builtin.stat: + path: "/etc/apt/sources.list" + register: stat_etc_apt_sources_list + + - name: "Slurp file /etc/apt/sources.list" + ansible.builtin.slurp: + src: "/etc/apt/sources.list" + register: slurp_etc_apt_sources_list + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - stat_etc_apt_sources_list.stat.exists + - stat_etc_apt_sources_list.stat.isreg + - stat_etc_apt_sources_list.stat.pw_name == 'root' + - stat_etc_apt_sources_list.stat.gr_name == 'root' + - stat_etc_apt_sources_list.stat.mode == '0644' + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + when: (ansible_distribution|lower) == 'ubuntu' + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" + when: (ansible_distribution|lower) == 'debian' \ No newline at end of file diff --git a/molecule/with_custom_repo/molecule.yml b/molecule/with_custom_repo/molecule.yml index 39009b6..15f1eae 100644 --- a/molecule/with_custom_repo/molecule.yml +++ b/molecule/with_custom_repo/molecule.yml @@ -20,7 +20,7 @@ provisioner: defaults: remote_tmp: /tmp/.ansible verifier: - name: testinfra + name: ansible scenario: name: with_custom_repo test_sequence: diff --git a/molecule/with_custom_repo/tests/conftest.py b/molecule/with_custom_repo/tests/conftest.py deleted file mode 100644 index f7ddb3f..0000000 --- a/molecule/with_custom_repo/tests/conftest.py +++ /dev/null @@ -1,22 +0,0 @@ -"""PyTest Fixtures.""" -from __future__ import absolute_import - -import os - -import pytest - - -def pytest_runtest_setup(item): - """Run tests only when under molecule with testinfra installed.""" - try: - import testinfra - except ImportError: - pytest.skip("Test requires testinfra", allow_module_level=True) - if "MOLECULE_INVENTORY_FILE" in os.environ: - pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ["MOLECULE_INVENTORY_FILE"] - ).get_hosts("all") - else: - pytest.skip( - "Test should run only from inside molecule.", allow_module_level=True - ) diff --git a/molecule/with_custom_repo/tests/test_default.py b/molecule/with_custom_repo/tests/test_default.py deleted file mode 100644 index fa629ef..0000000 --- a/molecule/with_custom_repo/tests/test_default.py +++ /dev/null @@ -1,46 +0,0 @@ -"""Role testing files using testinfra.""" - - -def test_hosts_file(host): - """Validate /etc/hosts file.""" - etc_hosts = host.file("/etc/hosts") - assert etc_hosts.exists - assert etc_hosts.user == "root" - assert etc_hosts.group == "root" - -def test_source_list_default(host): - """Validate /etc/apt/sources.list file.""" - etc_apt_sources_list_default = host.file("/etc/apt/sources.list") - dist_os = host.system_info.distribution - dist_codename = host.system_info.codename - assert etc_apt_sources_list_default.exists - assert etc_apt_sources_list_default.user == "root" - assert etc_apt_sources_list_default.group == "root" - assert etc_apt_sources_list_default.mode == 0o644 - if dist_os == "debian": - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + " main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + "-updates main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian-security " + dist_codename + "-security main contrib") - assert etc_apt_sources_list_default.contains("deb http://deb.debian.org/debian " + dist_codename + "-backports main") - elif dist_os == "ubuntu": - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + " main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-updates main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-security main restricted universe multiverse") - assert etc_apt_sources_list_default.contains("deb http://fr.archive.ubuntu.com/ubuntu " + dist_codename + "-backports main restricted universe multiverse") - -def test_source_list_custom(host): - """Validate /etc/apt/sources.list.d/custom.list file.""" - etc_apt_sources_list_custom = host.file("/etc/apt/sources.list.d").listdir() - dist_os = host.system_info.distribution - dist_codename = host.system_info.codename - for file in etc_apt_sources_list_custom: - list_file = host.file("/etc/apt/sources.list.d/" + file) - if list_file.is_file: - assert list_file.exists - assert list_file.user == "root" - assert list_file.group == "root" - assert list_file.mode == 0o644 - if file == "docker.list": - assert list_file.contains(r'deb \[signed-by=/usr/share/keyrings/docker-archive-keyring.asc\] https://download.docker.com/linux/' + dist_os + ' ' + dist_codename + ' stable') - elif file == "hashicorp.list": - assert list_file.contains(r'deb \[signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc\] https://apt.releases.hashicorp.com ' + dist_codename + ' main') diff --git a/molecule/with_custom_repo/verify.yml b/molecule/with_custom_repo/verify.yml new file mode 100644 index 0000000..da16de0 --- /dev/null +++ b/molecule/with_custom_repo/verify.yml @@ -0,0 +1,101 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: file /etc/hosts" + block: + - name: "Stat file /etc/hosts" + ansible.builtin.stat: + path: "/etc/hosts" + register: stat_etc_hosts + + - name: "Verify file /etc/hosts" + ansible.builtin.assert: + that: + - stat_etc_hosts.stat.exists + - stat_etc_hosts.stat.isreg + - stat_etc_hosts.stat.pw_name == 'root' + - stat_etc_hosts.stat.gr_name == 'root' + + - name: "Test: file /etc/apt/sources.list" + block: + - name: "Stat file /etc/apt/sources.list" + ansible.builtin.stat: + path: "/etc/apt/sources.list" + register: stat_etc_apt_sources_list + + - name: "Slurp file /etc/apt/sources.list" + ansible.builtin.slurp: + src: "/etc/apt/sources.list" + register: slurp_etc_apt_sources_list + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - stat_etc_apt_sources_list.stat.exists + - stat_etc_apt_sources_list.stat.isreg + - stat_etc_apt_sources_list.stat.pw_name == 'root' + - stat_etc_apt_sources_list.stat.gr_name == 'root' + - stat_etc_apt_sources_list.stat.mode == '0644' + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" + when: (ansible_distribution|lower) == 'ubuntu' + + - name: "Verify file /etc/apt/sources.list" + ansible.builtin.assert: + that: + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" + - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" + when: (ansible_distribution|lower) == 'debian' + + - name: "Test: directory /etc/apt/sources.list.d" + block: + - name: "Find in directory /etc/apt/sources.list.d" + ansible.builtin.find: + paths: /etc/apt/sources.list.d + file_type: file + register: find_etc_apt_sources_list_d + + - name: "Stat in directory /etc/apt/sources.list.d" + ansible.builtin.stat: + path: "{{ item.path }}" + loop: "{{ find_etc_apt_sources_list_d.files }}" + register: stat_etc_apt_sources_list_d + + - name: "Slurp in directory /etc/apt/sources.list.d" + ansible.builtin.slurp: + src: "{{ item.path }}" + loop: "{{ find_etc_apt_sources_list_d.files }}" + register: slurp_etc_apt_sources_list_d + + + - name: "Verify file /etc/apt/sources.list.d/docker.list" + ansible.builtin.assert: + that: + - item.item.isreg + - item.item.pw_name == 'root' + - item.item.gr_name == 'root' + - item.item.mode == '0644' + - "(item.content|b64decode) in ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')" + loop: "{{ slurp_etc_apt_sources_list_d.results }}" + when: (item.item.path | basename | splitext | first) == 'docker' + + - name: "Verify file /etc/apt/sources.list.d/hashicorp.list" + ansible.builtin.assert: + that: + - item.item.isreg + - item.item.pw_name == 'root' + - item.item.gr_name == 'root' + - item.item.mode == '0644' + - "(item.content|b64decode) in ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')" + loop: "{{ slurp_etc_apt_sources_list_d.results }}" + when: (item.item.path | basename | splitext | first) == 'hashicorp'