From 984de079455208da361683d092735036ca09f0a4 Mon Sep 17 00:00:00 2001 From: Sam James Date: Wed, 10 Jul 2024 20:20:52 +0100 Subject: [PATCH] feat: Molecule --- .github/workflows/ci.yml | 61 +++++++++++++++++++++++++++++++ .github/workflows/test.yml | 16 -------- _local_test.sh | 18 +++++++++ meta/main.yml | 29 +++++++++++++++ molecule/default/converge.yml | 29 +++++++++++++++ molecule/default/molecule.yml | 12 ++++++ molecule/default/requirements.txt | 3 ++ requirements.txt | 7 +++- tasks/main.yml | 4 +- 9 files changed, 159 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/test.yml create mode 100755 _local_test.sh create mode 100644 meta/main.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/requirements.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c8364f8 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,61 @@ +--- +name: CI +on: + pull_request: + push: + branches: + - master + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip install -r requirements.txt + + - name: Lint code. + run: ansible-lint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - image: ubuntu + version: 22.04 + - image: debian + version: 12.6 + - image: rockylinux + version: 9.3 + - image: fedora + version: 39 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip install -r requirements.txt + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro.image }} + MOLECULE_DISTRO_VER: ${{ matrix.distro.version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index cf8b9c9..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Test - -on: - push: - -jobs: - lint: - runs-on: ubuntu-latest - container: python:3.11.5 - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - run: pip install -r requirements.txt - - run: ansible-lint defaults tasks diff --git a/_local_test.sh b/_local_test.sh new file mode 100755 index 0000000..2ed3df0 --- /dev/null +++ b/_local_test.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +set -e + +VERSIONS=( + "ubuntu:22.04" + "debian:12.6" + "rockylinux:9.3" + "fedora:39" +) + +for VER in "${VERSIONS[@]}"; do + MOLECULE_DISTRO=$(echo "$VER" | awk -F: '{print $1}') \ + MOLECULE_DISTRO_VER=$(echo "$VER" | awk -F: '{print $2}') \ + molecule test +done + + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..be92cda --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,29 @@ +--- +dependencies: [] + +galaxy_info: + role_name: ecomscan + author: samjuk + description: Run Ecomscan against multiple hosts and optionally assert the results. + company: "SamJUK" + license: "license (BSD, MIT)" + min_ansible_version: "2.10" + platforms: + - name: Fedora + versions: + - all + - name: Debian + versions: + - buster + - bullseye + - bookworm + - name: Ubuntu + versions: + - bionic + - focal + - jammy + galaxy_tags: + - ecomscan + - web + - magento2 + - malware diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..49ed09c --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,29 @@ +- name: Test + hosts: all + pre_tasks: + - name: Create Simulated ENV + ansible.builtin.file: + path: /var/www/vhosts/magento2/htdocs/ + mode: '0755' + state: directory + + - name: Create sample Malware within parent directory + ansible.builtin.copy: + content: 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' + dest: /var/www/vhosts/magento2/htdocs/eicar.php + mode: '0644' + when: "'infected' in inventory_hostname" + + post_tasks: + - name: Assert Malware is detected + assert: + that: "'MALWARE' in ecomscan_scan.stdout" + when: "'infected' in inventory_hostname" + + - name: Assert Malware is Not Detected + assert: + that: "'MALWARE' not in ecomscan_scan.stdout" + when: "'infected' not in inventory_hostname" + + roles: + - { role: samjuk.ecomscan, ecomscan_project_root: /var/www/vhosts/magento2/htdocs } diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..57f2fa2 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,12 @@ +dependency: + name: galaxy + options: + requirements-file: requirements.yml +driver: + name: docker +platforms: + - name: clean + image: "${MOLECULE_DISTRO:-ubuntu}:${MOLECULE_DISTRO_VER:-latest}" + + - name: infected + image: "${MOLECULE_DISTRO:-ubuntu}:${MOLECULE_DISTRO_VER:-latest}" diff --git a/molecule/default/requirements.txt b/molecule/default/requirements.txt new file mode 100644 index 0000000..dd9657c --- /dev/null +++ b/molecule/default/requirements.txt @@ -0,0 +1,3 @@ +collections: + - name: community.docker + version: ">=3.10.2" diff --git a/requirements.txt b/requirements.txt index e298e86..bc1f5d6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,5 @@ -ansible>=2.15.0 -ansible-lint==6.18.0 \ No newline at end of file +ansible==10.1.0 +ansible-lint==24.6.1 +docker==7.1.0 +molecule==24.6.1 +molecule-plugins==23.5.3 diff --git a/tasks/main.yml b/tasks/main.yml index 9bbf2fe..08fb54f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,11 +24,11 @@ {{ ecomscan_deep | ternary('--deep', '') }} {{ ecomscan_project_root }} register: ecomscan_scan - changed_when: true + changed_when: false - name: Summary ansible.builtin.debug: - msg: "{{ ecomscan_scan.stdout_lines | select('match', '^>> Found:.*') | first }}" + msg: "{{ ecomscan_scan.stdout_lines | select('match', '^>> Found.*') | first }}" - name: Assert No Malware ansible.builtin.assert: