feat: Molecule

.github/workflows/ci.yml

@@ -0,0 +1,61 @@
+---
+name: CI
+on:
+ pull_request:
+ push:
+ branches:
+ - master
+
+jobs:
+ lint:
+ name: Lint
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out the codebase.
+ uses: actions/checkout@v4
+
+ - name: Set up Python 3.
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.x'
+
+ - name: Install test dependencies.
+ run: pip install -r requirements.txt
+
+ - name: Lint code.
+ run: ansible-lint .
+
+ molecule:
+ name: Molecule
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ distro:
+ - image: ubuntu
+ version: 22.04
+ - image: debian
+ version: 12.6
+ - image: rockylinux
+ version: 9.3
+ - image: fedora
+ version: 39
+
+ steps:
+ - name: Check out the codebase.
+ uses: actions/checkout@v4
+
+ - name: Set up Python 3.
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.x'
+
+ - name: Install test dependencies.
+ run: pip install -r requirements.txt
+
+ - name: Run Molecule tests.
+ run: molecule test
+ env:
+ PY_COLORS: '1'
+ ANSIBLE_FORCE_COLOR: '1'
+ MOLECULE_DISTRO: ${{ matrix.distro.image }}
+ MOLECULE_DISTRO_VER: ${{ matrix.distro.version }}

_local_test.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+
+set -e
+
+VERSIONS=(
+ "ubuntu:22.04"
+ "debian:12.6"
+ "rockylinux:9.3"
+ "fedora:39"
+)
+
+for VER in "${VERSIONS[@]}"; do
+ MOLECULE_DISTRO=$(echo "$VER" | awk -F: '{print $1}') \
+ MOLECULE_DISTRO_VER=$(echo "$VER" | awk -F: '{print $2}') \
+ molecule test
+done
+
+

meta/main.yml

@@ -0,0 +1,29 @@
+---
+dependencies: []
+
+galaxy_info:
+ role_name: ecomscan
+ author: samjuk
+ description: Run Ecomscan against multiple hosts and optionally assert the results.
+ company: "SamJUK"
+ license: "license (BSD, MIT)"
+ min_ansible_version: "2.10"
+ platforms:
+ - name: Fedora
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - buster
+ - bullseye
+ - bookworm
+ - name: Ubuntu
+ versions:
+ - bionic
+ - focal
+ - jammy
+ galaxy_tags:
+ - ecomscan
+ - web
+ - magento2
+ - malware

molecule/default/converge.yml

@@ -0,0 +1,29 @@
+- name: Test
+ hosts: all
+ pre_tasks:
+ - name: Create Simulated ENV
+ ansible.builtin.file:
+ path: /var/www/vhosts/magento2/htdocs/
+ mode: '0755'
+ state: directory
+
+ - name: Create sample Malware within parent directory
+ ansible.builtin.copy:
+ content: 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
+ dest: /var/www/vhosts/magento2/htdocs/eicar.php
+ mode: '0644'
+ when: "'infected' in inventory_hostname"
+
+ post_tasks:
+ - name: Assert Malware is detected
+ assert:
+ that: "'MALWARE' in ecomscan_scan.stdout"
+ when: "'infected' in inventory_hostname"
+
+ - name: Assert Malware is Not Detected
+ assert:
+ that: "'MALWARE' not in ecomscan_scan.stdout"
+ when: "'infected' not in inventory_hostname"
+
+ roles:
+ - { role: samjuk.ecomscan, ecomscan_project_root: /var/www/vhosts/magento2/htdocs }

molecule/default/molecule.yml

@@ -0,0 +1,12 @@
+dependency:
+ name: galaxy
+ options:
+ requirements-file: requirements.yml
+driver:
+ name: docker
+platforms:
+ - name: clean
+ image: "${MOLECULE_DISTRO:-ubuntu}:${MOLECULE_DISTRO_VER:-latest}"
+
+ - name: infected
+ image: "${MOLECULE_DISTRO:-ubuntu}:${MOLECULE_DISTRO_VER:-latest}"

molecule/default/requirements.txt

@@ -0,0 +1,3 @@
+collections:
+ - name: community.docker
+ version: ">=3.10.2"

requirements.txt

@@ -1,2 +1,5 @@
-ansible>=2.15.0
-ansible-lint==6.18.0
+ansible==10.1.0
+ansible-lint==24.6.1
+docker==7.1.0
+molecule==24.6.1
+molecule-plugins==23.5.3

tasks/main.yml

@@ -24,11 +24,11 @@
  {{ ecomscan_deep | ternary('--deep', '') }}
  {{ ecomscan_project_root }}
  register: ecomscan_scan
- changed_when: true
+ changed_when: false
 
 - name: Summary
  ansible.builtin.debug:
- msg: "{{ ecomscan_scan.stdout_lines | select('match', '^>> Found:.*') | first }}"
+ msg: "{{ ecomscan_scan.stdout_lines | select('match', '^>> Found.*') | first }}"
 
 - name: Assert No Malware
  ansible.builtin.assert: