Skip to content

win_falcon_configure #857

win_falcon_configure

win_falcon_configure #857

name: "win_falcon_configure"
on:
schedule:
- cron: '0 6 * * *'
push:
paths:
- 'roles/falcon_configure/**'
- 'molecule/win_falcon_configure/**'
- '.github/workflows/win_falcon_configure.yml'
pull_request_target:
types: [ labeled ]
paths:
- 'roles/falcon_configure/**'
- 'molecule/win_falcon_configure/**'
- '.github/workflows/win_falcon_configure.yml'
jobs:
molecule:
if: |
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' &&
github.event.label.name == 'ok-to-test')
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }}
FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }}
FALCON_CID: ${{ secrets.FALCON_CID }}
FALCON_PROV_TOKEN: ${{ secrets.FALCON_PROV_TOKEN }}
AWS_REGION: "us-west-2"
MOLECULE_VPC_SUBNET_ID: ${{ secrets.MOLECULE_VPC_SUBNET_ID }}
permissions:
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
molecule:
- distro: WindowsServer2022
image_owner: 801119661308
image_arch: x86_64
image_name: Windows_Server-2022-English-Full-Base-*
instance_type: t3a.medium
collection_role:
- win_falcon_configure
steps:
- name: Check out code
uses: actions/checkout@v4
if: github.event_name != 'pull_request_target'
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.sha}}
if: github.event_name == 'pull_request_target'
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE }}
role-session-name: github-actions-molecule-ansible
aws-region: ${{ env.AWS_REGION }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'
cache-dependency-path: '.github/workflows/win_falcon_configure.yml'
- name: Install dependencies
run: |
sudo apt install apt-transport-https ca-certificates curl software-properties-common libssl-dev
python -m pip install --upgrade pip
pip install -r .devcontainer/requirements.txt pywinrm
- name: Build/Install the collection
uses: nick-fields/retry@v2
with:
timeout_minutes: 2
max_attempts: 3
retry_on: error
command: |
collection_file=$( basename $(ansible-galaxy collection build -f | awk -F" " '{print $NF}'))
ansible-galaxy collection install $collection_file
- name: Run role tests
id: molecule-role-test
uses: nick-fields/retry@v2
env:
MOLECULE_INSTANCE_NAME: ${{ matrix.molecule.distro }}-${{ matrix.collection_role }}
MOLECULE_IMAGE_OWNER: ${{ matrix.molecule.image_owner }}
MOLECULE_IMAGE_ARCH: ${{ matrix.molecule.image_arch }}
MOLECULE_IMAGE_NAME: '${{ matrix.molecule.image_name }}'
MOLECULE_INSTANCE_TYPE: ${{ matrix.molecule.instance_type }}
MOLECULE_REGION: ${{ env.AWS_REGION}}
with:
timeout_minutes: 20
max_attempts: 3
retry_on: error
command: >-
molecule --version &&
ansible --version &&
molecule test --destroy never -s ${{ matrix.collection_role }} -- -v
continue-on-error: true
- name: Ensure instances are destroyed
uses: nick-fields/retry@v2
env:
MOLECULE_INSTANCE_NAME: ${{ matrix.molecule.distro }}-${{ matrix.collection_role }}
MOLECULE_IMAGE_OWNER: ${{ matrix.molecule.image_owner }}
MOLECULE_IMAGE_ARCH: ${{ matrix.molecule.image_arch }}
MOLECULE_IMAGE_NAME: '${{ matrix.molecule.image_name }}'
MOLECULE_INSTANCE_TYPE: ${{ matrix.molecule.instance_type }}
MOLECULE_REGION: ${{ env.AWS_REGION}}
with:
timeout_minutes: 10
max_attempts: 3
retry_on: error
command: >-
molecule --version &&
ansible --version &&
molecule destroy -s ${{ matrix.collection_role }}
- name: Assert molecule tests passed
uses: nick-fields/assert-action@v1
with:
expected: success
actual: ${{ steps.molecule-role-test.outcome }}