Bump version to 18.3.49 by Chef Expeditor #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: kitchen-fips | |
| "on": | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| windows: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-2022, windows-2019] | |
| ruby: ['3.1'] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: 'Install Chef/Ohai from Omnitruck' | |
| id: install_chef | |
| run: | | |
| . { Invoke-WebRequest -useb https://omnitruck.chef.io/install.ps1 } | Invoke-Expression; Install-Project -project chef -channel current | |
| $env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH | |
| chef-client -v | |
| ohai -v | |
| rake --version | |
| bundle -v | |
| - name: 'Upgrade Chef/Ohai via Appbundler' | |
| id: upgrade | |
| run: | | |
| $env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH | |
| $env:OHAI_VERSION = ( Select-String -Path .\Gemfile.lock -Pattern '(?<=ohai \()\d.*(?=\))' | ForEach-Object { $_.Matches[0].Value } ) | |
| # The chef-client installer does not put the file 'ansidecl.h' down in the correct location | |
| # This leads to failures during testing. Moving that file to its correct position here. | |
| # Another example of 'bad' that needs to be corrected | |
| $output = gci -path C:\opscode\ -file ansidecl.h -Recurse | |
| # As of Ruby 3.1, there are 3 ansidecl.h files found in the opscode path | |
| # Grabbing the first (and shortest) path found is a bit of a :fingers-crossed: but | |
| # making the leap that ansidecl.h isn't going to vary in a way that will fail | |
| # subtly. | |
| if ($output -is [Array]) { $output = $output[0] } | |
| $target_path = $($output.Directory.Parent.FullName + "\x86_64-w64-mingw32\include") | |
| Move-Item -Path $output.FullName -Destination $target_path | |
| # if a different version of ffi-yajl is installed, then libyajl2 needs to be reinstalled | |
| # so that libyajldll.a is present in the intermediate build step. bundler seems to skip | |
| # libyajl2 build if already present. gem install seems to build anyway. | |
| gem uninstall -I libyajl2 | |
| gem install appbundler appbundle-updater --no-doc | |
| If ($lastexitcode -ne 0) { Exit $lastexitcode } | |
| appbundle-updater chef chef $env:GITHUB_SHA --tarball --github $env:GITHUB_REPOSITORY | |
| If ($lastexitcode -ne 0) { Exit $lastexitcode } | |
| Write-Output "Installed Chef / Ohai release:" | |
| ohai -v | |
| If ($lastexitcode -ne 0) { Exit $lastexitcode } | |
| chef-client -v | |
| If ($lastexitcode -ne 0) { Exit $lastexitcode } | |
| - name: 'Enable FIPS via windows registry' #FIPS needs to be enabled after installation of Chef, otherwise it fails due to Cryptography error | |
| run: | | |
| $OldErrorActionPreference = $ErrorActionPreference | |
| $ErrorActionPreference = "stop" | |
| $KeyPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy" | |
| $ValueName = "Enabled" | |
| $ValueData = "1" | |
| try{ | |
| Get-ItemProperty -Path $KeyPath -Name $valueName -ErrorAction Stop | |
| New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force | |
| } | |
| catch [System.Management.Automation.PSArgumentException] { | |
| New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force | |
| } | |
| catch [System.Management.Automation.ItemNotFoundException] | |
| { | |
| New-Item -Path $KeyPath -Force | |
| New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -PropertyType DWord -Force | |
| } | |
| Finally | |
| { | |
| $ErrorActionPreference = $OldErrorActionPreference | |
| } | |
| if (-not $?) { throw "Failed to enable FIPS mode." } | |
| - name: 'Run chef-client' | |
| run: | | |
| $env:PATH = "C:\opscode\chef\bin;C:\opscode\chef\embedded\bin;" + $env:PATH | |
| chef-client -v | |
| If ($lastexitcode -ne 0) { Exit $lastexitcode } |