-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #30 from dev-sec/debian12
add debian 12
- Loading branch information
Showing
4 changed files
with
127 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| name: debian12-ansible-latest | ||
| on: | ||
| # yamllint disable-line rule:truthy | ||
| workflow_dispatch: | ||
| push: | ||
| paths: | ||
| - 'debian12-ansible-latest/**' | ||
| pull_request: | ||
| paths: | ||
| - 'debian12-ansible-latest/**' | ||
| jobs: | ||
| docker: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| dockerimage: | ||
| - debian12-ansible | ||
| platforms: | ||
| - linux/amd64 | ||
| #- linux/arm64 | ||
| steps: | ||
| - | ||
| name: Checkout | ||
| uses: actions/checkout@v3 | ||
| - | ||
| name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
| - | ||
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| - | ||
| name: Build and export to Docker | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| tags: docker-${{ matrix.dockerimage }}:test | ||
| platforms: ${{ matrix.platforms }} | ||
| load: true | ||
| - | ||
| name: Test | ||
| run: | | ||
| docker run --rm docker-${{ matrix.dockerimage }}:test | ||
| - | ||
| name: Login to ghcr.io | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Build and push to ghcr.io | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| push: true | ||
| tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest | ||
| platforms: ${{ matrix.platforms }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Login to DockerHub | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| if: github.ref == 'refs/heads/master' | ||
| - | ||
| name: Build and push | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ matrix.dockerimage }}-latest | ||
| push: true | ||
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest | ||
| platforms: ${{ matrix.platforms }} | ||
| if: github.ref == 'refs/heads/master' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| FROM debian:bookworm | ||
| LABEL maintainer="Sebastian Gumprich" | ||
|
|
||
| RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missing && \ | ||
| DEBIAN_FRONTEND=noninteractive \ | ||
| apt-get install -y --no-install-recommends \ | ||
| python3 python3-yaml sudo \ | ||
| curl gcc python3-pip python3-dev libffi-dev libssl-dev systemd | ||
|
|
||
| # Allow installing stuff to system Python. | ||
| RUN rm -f /usr/lib/python3.11/EXTERNALLY-MANAGED | ||
|
|
||
| RUN pip install --no-cache-dir --upgrade cffi && \ | ||
| pip install --no-cache-dir ansible | ||
|
|
||
| RUN apt-get -f -y --auto-remove remove \ | ||
| gcc python3-pip python3-dev libffi-dev libssl-dev && \ | ||
| apt-get clean && \ | ||
| rm -rf /var/lib/apt/lists/* /tmp/* /usr/share/doc /usr/share/man | ||
|
|
||
| # Install Ansible inventory file | ||
| RUN mkdir -p /etc/ansible \ | ||
| && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts | ||
|
|
||
| # https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user | ||
| # Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` | ||
| # This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so | ||
| # each `item` is an element of platforms list from the molecule.yml file for this scenario. | ||
| ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=sudo | ||
| RUN set -xe \ | ||
| && groupadd -r ${ANSIBLE_USER} \ | ||
| && groupadd -r ${DEPLOY_GROUP} \ | ||
| && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ | ||
| && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ | ||
| && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers | ||
|
|
||
| CMD [ "ansible-playbook", "--version" ] |