forked from ansible-lockdown/RHEL7-STIG
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
46 lines (35 loc) · 1.87 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
sudo: required
services: docker
env:
- distro=rhel7
init=/usr/lib/systemd/systemd
run_opts="--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
ansible_opts="--extra-vars @/etc/ansible/roles/${distro}stig/tests/extra_vars.yml --skip-tags RHEL-07-020151,RHEL-07-020152,RHEL-07-030010,RHEL-07-010460,selinux,antivirus"
before_install:
# Pull container.
- 'docker pull samdoran/${distro}-ansible:latest'
script:
- container_id=$(mktemp)
# Run container in detached state.
- 'docker run --detach --volume="${PWD}":/etc/ansible/roles/${distro}stig:ro ${run_opts} samdoran/${distro}-ansible:latest "${init}" > "${container_id}"'
# Install dependencies
#- 'docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/${distro}stig/tests/requirements.yml'
# Register with Red Hat
# FIXME Only enable needed repos: rhel-7-server-htb-rpms, rhel-7-server-aus-rpms
- 'docker exec "$(cat ${container_id})" subscription-manager register --username=$RHN_USERNAME --password=$RHN_PASSWORD --autosubscribe'
# Ansible syntax check.
- 'docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook $ansible_opts /etc/ansible/roles/${distro}stig/tests/travis.yml --syntax-check'
# Test role.
- 'docker exec "$(cat ${container_id})" ansible-playbook $ansible_opts /etc/ansible/roles/${distro}stig/tests/travis.yml'
# Test role idempotence.
- idempotence=$(mktemp)
- docker exec "$(cat ${container_id})" ansible-playbook $ansible_opts /etc/ansible/roles/${distro}stig/tests/travis.yml | tee -a ${idempotence}
- >
tail ${idempotence}
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Deregister
- 'docker exec "$(cat ${container_id})" subscription-manager unregister'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/