(ITHELP-98367) - Fix AiTM attacks vulnerability #49
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Add replica matrix | |
on: | |
pull_request: | |
paths: | |
- .github/workflows/**/* | |
- spec/**/* | |
- lib/**/* | |
- tasks/**/* | |
- functions/**/* | |
- types/**/* | |
- plans/**/* | |
- hiera/**/* | |
- manifests/**/* | |
- templates/**/* | |
- files/**/* | |
- metadata.json | |
- Rakefile | |
- Gemfile | |
- provision.yaml | |
- .rspec | |
- .rubocop.yml | |
- .puppet-lint.rc | |
- .fixtures.yml | |
branches: [main] | |
workflow_dispatch: {} | |
jobs: | |
test-add-replica: | |
name: PE ${{ matrix.version }} ${{ matrix.architecture }} on ${{ matrix.image }} | |
runs-on: ubuntu-20.04 | |
env: | |
BOLT_GEM: true | |
BOLT_DISABLE_ANALYTICS: true | |
LANG: en_US.UTF-8 | |
strategy: | |
fail-fast: false | |
matrix: | |
architecture: [standard, standard-with-dr, large, extra-large] | |
version: [2023.8.0] | |
image: [almalinux-cloud/almalinux-8] | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v4 | |
- name: Activate Ruby 2.7 | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '2.7' | |
bundler-cache: true | |
- name: Print bundle environment | |
if: ${{ github.repository_owner == 'puppetlabs' }} | |
run: | | |
echo ::group::info:bundler | |
bundle env | |
echo ::endgroup:: | |
- name: Provision test cluster (specified architecture and a spare replica) | |
timeout-minutes: 15 | |
run: | | |
echo ::group::prepare | |
mkdir -p $HOME/.ssh | |
echo 'Host *' > $HOME/.ssh/config | |
echo ' ServerAliveInterval 150' >> $HOME/.ssh/config | |
echo ' ServerAliveCountMax 2' >> $HOME/.ssh/config | |
bundle exec rake spec_prep | |
echo ::endgroup:: | |
echo ::group::provision | |
bundle exec bolt plan run peadm_spec::provision_test_cluster \ | |
--modulepath spec/fixtures/modules \ | |
provider=provision_service \ | |
image=${{ matrix.image }} \ | |
architecture=${{ matrix.architecture }}-and-spare-replica | |
echo ::endgroup:: | |
echo ::group::info:request | |
cat request.json || true; echo | |
echo ::endgroup:: | |
echo ::group::info:inventory | |
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true | |
echo ::endgroup:: | |
- name: Install PE on test cluster | |
timeout-minutes: 120 | |
run: | | |
bundle exec bolt plan run peadm_spec::install_test_cluster \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
architecture=${{ matrix.architecture }} \ | |
version=${{ matrix.version }} \ | |
console_password=${{ secrets.CONSOLE_PASSWORD }} \ | |
code_manager_auto_configure=true | |
- name: Run add_replica plan | |
timeout-minutes: 60 | |
run: | | |
bundle exec bolt plan run peadm_spec::add_replica -v \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules \ | |
--stream | |
- name: Verify that replica was added | |
timeout-minutes: 10 | |
run: | | |
bundle exec bolt plan run peadm_spec::verify_replica -v \ | |
--inventoryfile spec/fixtures/litmus_inventory.yaml \ | |
--modulepath spec/fixtures/modules | |
- name: Tear down test cluster | |
if: ${{ always() }} | |
continue-on-error: true | |
run: |- | |
if [ -f spec/fixtures/litmus_inventory.yaml ]; then | |
echo ::group::tear_down | |
bundle exec rake 'litmus:tear_down' | |
echo ::endgroup:: | |
echo ::group::info:request | |
cat request.json || true; echo | |
echo ::endgroup:: | |
fi |