-
Notifications
You must be signed in to change notification settings - Fork 24
139 lines (120 loc) · 3.71 KB
/
CI.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: CI
on:
push:
branches:
- 'master'
tags:
- '*'
paths-ignore:
- '**/README.md'
- '.github/RELEASE.md'
- 'docs'
pull_request:
paths-ignore:
- '**/README.md'
- '.github/RELEASE.md'
- 'docs'
schedule:
- cron: 0 0 * * *
env:
image_name: intellabs/kafl
jobs:
ansible-lint:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Setup ansible venv
working-directory: deploy
run: |
make venv
- name: Install ansible-lint
working-directory: deploy
run: |
./venv/bin/pip install wheel
./venv/bin/pip install ansible-lint==6.16.0
# ignore 'meta-no-info', since we don't need to publish our roles to Ansible Galaxy
- name: Run ansible-lint
working-directory: deploy
run: |
./venv/bin/ansible-lint -x 'meta-no-info' -x galaxy -x 'yaml[octal-values]' -x no-changed-when -x risky-file-permissions --exclude venv
check-mode:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: clone gatsby-blog
uses: actions/checkout@master
with:
path: 'static-site-generator'
- name: git config
env:
USER_NAME: ${{ github.event.pusher.name }}
USER_EMAIL: ${{ github.event.pusher.email }}
run: |
git config --global user.email "$USER_EMAIL"
git config --global user.name "$USER_NAME"
- name: make deploy keys
env:
GH_ACTION_DEPLOY_KEY: ${{ secrets.GH_ACTION_DEPLOY_KEY }}
run: |
mkdir -p ~/.ssh/
echo "$GH_ACTION_DEPLOY_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan github.com >> ~/.ssh/known_hosts
- name: clone static_site_repo
run: |
cd ..
git clone git@github.com:0dayResearchLab/kAFL.git static_site_repo
ls -al
- uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Run deployment in check mode (dry-run)
run: make deploy -- --check
local:
strategy:
matrix:
os: [ubuntu-20.04]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.9'
# shallow clone for CI speed
- name: Setup ansible extra vars in JSON file
run: |
echo '{"git_clone_depth": 1}' >> parameters.json
working-directory: deploy
# - name: clone gatsby-blog
# uses: actions/checkout@master
# with:
# path: 'static-site-generator'
- name: git config
env:
USER_NAME: ${{ github.event.pusher.name }}
USER_EMAIL: ${{ github.event.pusher.email }}
run: |
git config --global user.email "$USER_EMAIL"
git config --global user.name "$USER_NAME"
- name: make deploy keys
env:
GH_ACTION_DEPLOY_KEY: ${{ secrets.GH_ACTION_DEPLOY_KEY }}
run: |
mkdir -p ~/.ssh/
echo "$GH_ACTION_DEPLOY_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan github.com >> ~/.ssh/known_hosts
# - name: clone static_site_repo
# run: |
# cd ..
# git clone git@github.com:0dayResearchLab/kAFL.git static_site_repo
# ls -al
# skip tags related to non-existent hardware/configuration in the CI runner environment
- name: Test userspace deployment
run: >
make deploy --
--skip-tags "hardware_check,kvm_device"
--extra-vars "@parameters.json"