CI #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- 'master' | |
tags: | |
- '*' | |
paths-ignore: | |
- '**/README.md' | |
- '.github/RELEASE.md' | |
- 'docs' | |
pull_request: | |
paths-ignore: | |
- '**/README.md' | |
- '.github/RELEASE.md' | |
- 'docs' | |
schedule: | |
- cron: 0 0 * * * | |
env: | |
image_name: intellabs/kafl | |
jobs: | |
ansible-lint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: Setup ansible venv | |
working-directory: deploy | |
run: | | |
make venv | |
- name: Install ansible-lint | |
working-directory: deploy | |
run: | | |
./venv/bin/pip install wheel | |
./venv/bin/pip install ansible-lint==6.16.0 | |
# ignore 'meta-no-info', since we don't need to publish our roles to Ansible Galaxy | |
- name: Run ansible-lint | |
working-directory: deploy | |
run: | | |
./venv/bin/ansible-lint -x 'meta-no-info' -x galaxy -x 'yaml[octal-values]' -x no-changed-when -x risky-file-permissions --exclude venv | |
check-mode: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: clone gatsby-blog | |
uses: actions/checkout@master | |
with: | |
path: 'static-site-generator' | |
- name: git config | |
env: | |
USER_NAME: ${{ github.event.pusher.name }} | |
USER_EMAIL: ${{ github.event.pusher.email }} | |
run: | | |
git config --global user.email "$USER_EMAIL" | |
git config --global user.name "$USER_NAME" | |
- name: make deploy keys | |
env: | |
GH_ACTION_DEPLOY_KEY: ${{ secrets.GH_ACTION_DEPLOY_KEY }} | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$GH_ACTION_DEPLOY_KEY" > ~/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
ssh-keyscan github.com >> ~/.ssh/known_hosts | |
- name: clone static_site_repo | |
run: | | |
cd .. | |
git clone [email protected]:0dayResearchLab/kAFL.git static_site_repo | |
ls -al | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: Run deployment in check mode (dry-run) | |
run: make deploy -- --check | |
local: | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
# shallow clone for CI speed | |
- name: Setup ansible extra vars in JSON file | |
run: | | |
echo '{"git_clone_depth": 1}' >> parameters.json | |
working-directory: deploy | |
# - name: clone gatsby-blog | |
# uses: actions/checkout@master | |
# with: | |
# path: 'static-site-generator' | |
- name: git config | |
env: | |
USER_NAME: ${{ github.event.pusher.name }} | |
USER_EMAIL: ${{ github.event.pusher.email }} | |
run: | | |
git config --global user.email "$USER_EMAIL" | |
git config --global user.name "$USER_NAME" | |
- name: make deploy keys | |
env: | |
GH_ACTION_DEPLOY_KEY: ${{ secrets.GH_ACTION_DEPLOY_KEY }} | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$GH_ACTION_DEPLOY_KEY" > ~/.ssh/id_rsa | |
chmod 600 ~/.ssh/id_rsa | |
ssh-keyscan github.com >> ~/.ssh/known_hosts | |
# - name: clone static_site_repo | |
# run: | | |
# cd .. | |
# git clone [email protected]:0dayResearchLab/kAFL.git static_site_repo | |
# ls -al | |
# skip tags related to non-existent hardware/configuration in the CI runner environment | |
- name: Test userspace deployment | |
run: > | |
make deploy -- | |
--skip-tags "hardware_check,kvm_device" | |
--extra-vars "@parameters.json" |