Skip to content

Commit

Permalink
Merge branch 'main' into add-2nd-ldap
Browse files Browse the repository at this point in the history 
# Conflicts:
#	.github/workflows/main.yml
#	roles/sbs/templates/config.yml.j2
  • Loading branch information
@baszoetekouw
baszoetekouw committed Apr 9, 2024
2 parents 4cae776 + de27cbc commit 7eaaa04
Show file tree
Hide file tree
Showing 10 changed files with 268 additions and 225 deletions.
209 changes: 209 additions & 0 deletions .github/workflows/deploy-docker.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
---
# This is a basic workflow to help you get started with Actions

name: "deploy-docker"

# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events
push:
pull_request:

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
deploy_docker:
# The type of runner that the job will run on
runs-on: "ubuntu-20.04"

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout $GITHUB_WORKSPACE
uses: actions/checkout@v4

# Run errands
- name: Run errands
run: |
sudo rm -f /opt/pipx_bin/ansible*
sudo rm -rf /etc/apt/sources.list.d/*
sudo add-apt-repository --yes --no-update ppa:ansible/ansible-5
sudo apt -q update
sudo apt -y purge ansible
sudo apt -y install ansible bridge-utils apparmor-utils
sudo pip3 install --upgrade wheel yamllint jinja2 pyyaml selenium \
zabbix-api requests bs4
git clone https://github.com/dw/mitogen.git ~/mitogen
cat docker/hosts | sudo tee -a /etc/hosts
sudo docker system prune -f
sudo systemctl stop docker
time sudo mv /var/lib/docker /mnt
sudo ln -s /mnt/docker /var/lib
sudo systemctl start docker
# Create date output to seconds
- name: Get Date
id: get-date
run: echo "date=$(/bin/date -u '+%Y%m%d%k%M%S')" >> $GITHUB_OUTPUT

# Restore cache based no fake time key (always miss)
- name: Setup cache
id: cache-docker
uses: actions/cache@v4
with:
path: ~/docker-save
key: docker-save-${{ steps.get-date.outputs.date }}
restore-keys: docker-save-

# Useful for debugging
- name: Show versions
run: |
python3 --version
ansible --version
# apparmor is by default enabled for binaries _in_ the containers and is restricting
# mysql from reading tls keys
- name: Disable apparmor
run: >
sudo aa-status --json | jq '
.profiles
| to_entries
| map( select( (.key | startswith("/") ) and .value=="enforce") | .key )
| .[]
' | xargs sudo aa-complain
# Install Ansible modules
- name: Install Ansible modules
run: |
ansible-galaxy role install -r requirements.yml
ansible-galaxy collection install -r requirements.yml
# Run Syntax check
- name: Run Syntax check
run: ./scripts/check-syntax

# Restore docker cache
- name: Restore docker cache
run: docker load -i ~/docker-save/scz-base-cache.tar || true

# Clean up old docker cruft
- name: Clean up old docker cruft
run: |
docker system prune -f --all
docker image prune -f --all
docker volume prune -f
docker buildx prune -f
# Get scz-base-cache ImageID
- name: Get scz-base-cache ImageID
id: scz-base-cache-id
run: >
ID=$(docker image list scz-base-cache -q)
echo "ID=$ID" >> $GITHUB_OUTPUT
# Start containers without deploy
- name: Start containers
shell: bash
env:
SKIP_ANSIBLE: 1
run: "./start-vm --container"

# Get scz-base ImageID
- name: Get scz-base ImageID
id: scz-base-id
run: >
ID=$(docker image list scz-base -q) &&
echo "ID=$ID" >> $GITHUB_OUTPUT
# Save docker cache
- name: Save docker cache
run: >
mkdir -p ~/docker-save &&
docker tag scz-base scz-base-cache &&
docker save scz-base-cache -o ~/docker-save/scz-base-cache.tar &&
ls -lh ~/docker-save || true
if: steps.scz-base-cache-id.outputs.ID != steps.scz-base-id.outputs.ID

# Deploy components
- name: Run start-vm
shell: bash
run: "./start-vm --container"

# Deploy components again for idempotency
- name: Run start-vm
env:
REEANTRANT: 1
run: "./start-vm --container --diff"

- name: Run idempotency check...
run: /usr/bin/python3 ./scripts/check-idempotency-status

# Run SBS logintest
- name: Run SBS logintest
run: /usr/bin/python3 ./scripts/sbs-login.py

- name: Save screenshot of error
uses: actions/upload-artifact@v4
with:
name: "sbs-logintest"
path: |
screenshot.png
page.html
console.txt
if: failure()

- name: Show journal output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ====journal===;
journalctl -n200;
'"
if: failure()

- name: Show apache output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
if [ -e /var/log/apache2/error.log ]; then
echo ===apache errorlog===;
cat /var/log/apache2/error.log;
fi;
'"
if: failure()

- name: Show sbs output
run: >
ansible -v -i environments/vm/inventory --become "sbs" -m command -a "/bin/sh -c '
if [ -e /opt/sbs/sbs/log/sbs.log ]; then
echo ===sbs log===;
cat /opt/sbs/log/sbs_debug.log
fi;
echo ===apt log===; cat /var/log/apt/term.log
echo ===netstat===; netstat -lnp
'"
if: failure()

- name: Show apt output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ===apt log===; cat /var/log/apt/term.log
'"
if: failure()

- name: Show netstat output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ===netstat===; netstat -lnp
'"
if: failure()

# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60
Loading

0 comments on commit 7eaaa04

Please sign in to comment.