Redirect stderr to /dev/null when regenerating the CRL from cron #223
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| check-syntax: | |
| runs-on: ubuntu-latest | |
| name: check-syntax | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run ansible-lint | |
| uses: ansible/ansible-lint@main | |
| build-rhel-like: | |
| runs-on: ubuntu-latest | |
| name: rhel-like-${{ matrix.version }} | |
| needs: | |
| - check-syntax | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| - "centos:stream9" | |
| - "fedora:38" | |
| - "fedora:39" | |
| - "almalinux:9" | |
| - "rockylinux:9" | |
| container: | |
| image: diodonfrost/ansible-${{ matrix.version }} | |
| env: | |
| container: docker | |
| volumes: | |
| - /sys/fs/cgroup:/sys/fs/cgroup | |
| - ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
| options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install required dependencies from Ansible Galaxy | |
| run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml | |
| - name: Make sure ansible connection is sane | |
| run: ansible -m setup -c local -i 127.0.0.1, all | |
| - name: Run ansible playbook | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Check idempotency | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Container state debug output | |
| continue-on-error: true | |
| run: | | |
| ls -lR /etc/openvpn | |
| echo "cat openvpn_udp_1194.conf" | |
| find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
| echo "cat alpha-*.ovpn" | |
| find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
| build-rhel-legacy: | |
| runs-on: ubuntu-latest | |
| name: rhel-legacy-${{ matrix.version }} | |
| needs: | |
| - check-syntax | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| - "almalinux:8" | |
| - "rockylinux:8" | |
| container: | |
| image: diodonfrost/ansible-${{ matrix.version }} | |
| env: | |
| container: docker | |
| volumes: | |
| - /sys/fs/cgroup:/sys/fs/cgroup | |
| - ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
| options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Update ansible | |
| run: dnf install -y python39 && pip3.9 install -U ansible | |
| - name: Install required dependencies from Ansible Galaxy | |
| run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml | |
| - name: Make sure ansible connection is sane | |
| run: ansible -m setup -c local -i 127.0.0.1, all | |
| - name: Run ansible playbook | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Check idempotency | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Container state debug output | |
| continue-on-error: true | |
| run: | | |
| ls -lR /etc/openvpn | |
| echo "cat openvpn_udp_1194.conf" | |
| find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
| echo "cat alpha-*.ovpn" | |
| find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
| # diodonfrost's images are broken for fedora 40 (thinks it's rawhide) and fedora 41 doesn't exist, so I built my own | |
| build-broken-fedora: | |
| runs-on: ubuntu-latest | |
| name: fedora-${{ matrix.version }} | |
| needs: | |
| - check-syntax | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| # ubi9-init is https://catalog.redhat.com/software/containers/ubi9-init/6183297540a2d8e95c82e8bd | |
| # plus ansible | |
| - "ubi9-init" | |
| container: | |
| image: ghcr.io/kyl191/ansible-${{ matrix.version }} | |
| env: | |
| container: docker | |
| volumes: | |
| - /sys/fs/cgroup:/sys/fs/cgroup | |
| - ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
| options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install required dependencies from Ansible Galaxy | |
| run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml | |
| - name: Make sure ansible connection is sane | |
| run: ansible -m setup -c local -i 127.0.0.1, all | |
| - name: Run ansible playbook | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Check idempotency | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Container state debug output | |
| continue-on-error: true | |
| run: | | |
| ls -lR /etc/openvpn | |
| echo "cat openvpn_udp_1194.conf" | |
| find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
| echo "cat alpha-*.ovpn" | |
| find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
| build-debian-like: | |
| runs-on: ubuntu-latest | |
| name: debian-like-${{ matrix.version }} | |
| needs: | |
| - check-syntax | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| - "ubuntu:22.04" | |
| - "debian:12" | |
| - "debian:testing" | |
| container: | |
| image: diodonfrost/ansible-${{ matrix.version }} | |
| env: | |
| container: docker | |
| volumes: | |
| - /sys/fs/cgroup:/sys/fs/cgroup | |
| - ${{ github.workspace }}:/etc/ansible/roles/ansible-role-openvpn | |
| options: "--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/net/tun" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Upgrade ansible | |
| run: apt update && apt-get install --only-upgrade ansible -y | |
| - name: Install required dependencies from Ansible Galaxy | |
| run: ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml | |
| - name: Make sure ansible connection is sane | |
| run: ansible -m setup -c local -i 127.0.0.1, all | |
| - name: Run ansible playbook | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Check idempotency | |
| run: ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Container state debug output | |
| continue-on-error: true | |
| run: | | |
| ls -lR /etc/openvpn | |
| echo "cat openvpn_udp_1194.conf" | |
| find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
| echo "cat alpha-*.ovpn" | |
| find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
| build-systemd: | |
| runs-on: ubuntu-latest | |
| name: systemd-${{ matrix.version }} | |
| needs: | |
| - check-syntax | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| - "40" | |
| - "41" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Login to GHCR | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Create container | |
| run: sudo podman create --name ${{ matrix.version }} --privileged --device /dev/net/tun --cgroupns=host --network=host --systemd=always --volume=${GITHUB_WORKSPACE}:/etc/ansible/roles/ansible-role-openvpn --user=root ghcr.io/kyl191/ansible-fedora:${{ matrix.version }} | |
| - name: Start container | |
| run: sudo podman start ${{ matrix.version }} | |
| # https://www.jeffgeerling.com/blog/2020/resolving-fedora-dnf-error-no-such-file-or-directory-varlibdnfrpmdblockpid | |
| - name: Wait for container to start | |
| run: while [ "$(sudo podman exec ${{ matrix.version }} systemctl is-system-running)" != "running" ]; do sleep 5; done | |
| - name: Install firewalld | |
| run: sudo podman exec ${{ matrix.version }} dnf -y install firewalld python3-firewall procps-ng | |
| - name: Install required dependencies from Ansible Galaxy | |
| run: sudo podman exec ${{ matrix.version }} ansible-galaxy install -r /etc/ansible/roles/ansible-role-openvpn/requirements.yml | |
| - name: Make sure ansible connection is sane | |
| run: sudo podman exec ${{ matrix.version }} ansible -m setup -c local -i 127.0.0.1, all | |
| - name: Run ansible playbook | |
| run: sudo podman exec ${{ matrix.version }} ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv -e ci_build=False | |
| - name: Check idempotency | |
| run: sudo podman exec ${{ matrix.version }} ansible-playbook /etc/ansible/roles/ansible-role-openvpn/tests/test.yml -vv | |
| - name: Move generated client config file | |
| run: sudo podman exec ${{ matrix.version }} cp /etc/openvpn/server/alpha-localhost.ovpn /etc/openvpn/client/alpha-localhost.conf | |
| - name: Attempt openvpn connection | |
| run: sudo podman exec ${{ matrix.version }} systemctl start [email protected] | |
| - name: Wait for a bit | |
| run: sleep 5 | |
| - name: Stop openvpn connection | |
| run: sudo podman exec ${{ matrix.version }} systemctl stop [email protected] | |
| - name: Container state debug output | |
| continue-on-error: true | |
| run: | | |
| sudo podman exec ${{ matrix.version }} ls -lR /etc/openvpn | |
| echo "cat openvpn_udp_1194.conf" | |
| sudo podman exec ${{ matrix.version }} find /etc/openvpn/ -maxdepth 3 -name openvpn_udp_1194.conf -type f -exec cat {} \; | |
| echo "cat alpha-*.ovpn" | |
| sudo podman exec ${{ matrix.version }} find /etc/openvpn/ -maxdepth 3 -name "alpha-*.ovpn" -type f -exec cat {} \; | |
| echo cat /var/log/openvpn.log | |
| sudo podman exec ${{ matrix.version }} cat /var/log/openvpn.log | |
| echo journalctl -u [email protected] | |
| sudo podman exec ${{ matrix.version }} journalctl -u [email protected] |