Merging 2.x.

Author: gregharvey

.ansible-lint

@@ -13,5 +13,6 @@ skip_list:
   - fqcn-builtins
   - template-instead-of-copy # to skip over roles/ssl/tasks/copy.yml errors, temporarily.
   - name[template] # it doesn't like Jinja templates being in the middle of a task name, which seems silly to me.
+  - name[casing] # sometimes included Galaxy roles break linting rules and cause failures
 exclude_paths:
-  - roles/debian/wazuh/ # imported role uses yes/no instead of true/false so always fails
+  - roles/contrib/ # we don't control these roles

.github/workflows/ce-provision-build-docs.yml

@@ -1,60 +1,108 @@
-name: Build docs
+name: Publish docs
 
-# Run this workflow when a PR to 1.x gets merged
+# Run this workflow on demand or every time a PR is accepted to a main branch
 on:
   pull_request:
     types: [closed]
     branches:
       - 1.x
+      - 2.x
+  workflow_dispatch:
+# Set target docs branch name
+env:
+  docs_branch: docs-${{ github.event.pull_request.base.ref }}
 
 jobs:
-  # Set the job key. The key is displayed as the job name
-  # when a job name is not provided
-  build-docs:
-    # Name the Job
-    name: Build the documentation
-    # Set the type of machine to run on
-    runs-on: ubuntu-20.04
+  # See https://stackoverflow.com/a/74378072
+  set-docs-branch:
+    name: Make docs branch name available to publish-docs job
+    runs-on: ubuntu-latest
+    outputs:
+      docs_branch: ${{ steps.init.outputs.docs_branch }}
 
     steps:
-      # Checks out a copy of your repository on the ubuntu-latest machine
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Make environment variables global
+        id: init
+        run: |
+          echo "docs_branch=${{ env.docs_branch }}" >> $GITHUB_OUTPUT
+
+  publish-docs:
+    name: Publish the ce-provision docs to GitHub
+    # Only run the job if it is not coming from a documentation branch
+    needs: set-docs-branch
+    if: ${{ github.event.pull_request.head.ref != needs.set-docs-branch.outputs.docs_branch }}
+    runs-on: ubuntu-latest
+
+    # Use our ce-dev Debian base container
+    container:
+      image: codeenigma/ce-dev-controller:2.x
+      volumes:
+        - ${{ github.workspace }}:/home/controller
+
+    steps:
+      - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-
-      # Configures global Git variables for committing
-      - name: Configure Git
-        run: |
-          git config --global user.email "sysadm@codeenigma.com"
-          git config --global user.name "Code Enigma CI"
-          git config --global pull.rebase false
-
-      # Installs the ce-dev stack
-      - name: Install ce-dev
-        run: |
-          cd /tmp
-          wget https://golang.org/dl/go1.15.8.linux-amd64.tar.gz
-          sudo tar -C /usr/local -xzf go1.15.8.linux-amd64.tar.gz
-          export PATH=$PATH:/usr/local/go/bin
-          git clone https://github.com/FiloSottile/mkcert && cd mkcert
-          go build -ldflags "-X main.Version=$(git describe --tags)"
-          sudo mv ./mkcert /usr/local/bin && cd ../
-          sudo chmod +x /usr/local/bin/mkcert
-          rm -Rf mkcert
-          curl -sL https://raw.githubusercontent.com/codeenigma/ce-dev/1.x/install.sh | /bin/sh -s -- linux
-
-      # Uses the ce-dev stack to run Hugo to format and deploy the docs
+          ref: docs-${{ github.event.pull_request.base.ref }}
+
+      # Configure environment
+      - name: Prepare Git, GitHub CLI and installed CE tools
+        run: |
+          /usr/bin/git config --global user.email "sysadm@codeenigma.com"
+          /usr/bin/git config --global user.name "Code Enigma CI"
+          /usr/bin/git config --global pull.rebase false
+          /usr/bin/git config --global --add safe.directory /__w/ce-provision/ce-provision
+          (type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) && sudo mkdir -p -m 755 /etc/apt/keyrings && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null && sudo apt update && sudo apt install gh -y
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x"
+
+      # First build and publish the markdown docs
+      - name: Build and commit table of contents and README files back to the repo
+        run: |
+          /usr/bin/git fetch origin 2.x
+          /usr/bin/git merge origin/${{ github.event.pull_request.base.ref }} --allow-unrelated-histories
+          /bin/sh contribute/toc.sh
+          /usr/bin/find . -name "*.md" | xargs git add
+          /usr/bin/git diff --staged --quiet || /usr/bin/git commit -am "GitHub Actions - updating markdown docs - ${{ github.event.repository.updated_at }}"
+          /usr/bin/git push origin docs-${{ github.event.pull_request.base.ref }}
+
+      # Create docs pull request
+      - name: Create documentation pull requests
+        run: |
+          gh pr create --base ${{ github.event.pull_request.base.ref }} --head docs-${{ github.event.pull_request.base.ref }} --title "Documentation update - ${{ github.event.pull_request.base.ref }}" --body "**Automated pull request** created by GitHub Actions because of a documentation update." || echo "No commits between ${{ github.event.pull_request.base.ref }} and docs-${{ github.event.pull_request.base.ref }} - no PR created!"
+          gh pr create --base devel-${{ github.event.pull_request.base.ref }} --head docs-${{ github.event.pull_request.base.ref }} --title "Documentation update - devel-${{ github.event.pull_request.base.ref }}" --body "**Automated pull request** created by GitHub Actions because of a documentation update." || echo "No commits between devel-${{ github.event.pull_request.base.ref }} and docs-${{ github.event.pull_request.base.ref }} - no PR created!"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Now build and publish the version of the docs
+      - name: Install wiki2pages
+        run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages"
+
+      - name: Set up Ansible and SSH
+        run: |
+          mkdir -p /home/ce-dev/ansible/bin/hosts
+          echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts
+          echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config
+          cat /home/ce-dev/.ssh/id_rsa.pub > /home/ce-dev/.ssh/authorized_keys
+          chown ce-dev:ce-dev /home/ce-dev/.ssh/config
+          chmod 700 /home/ce-dev/.ssh/config
+          chown ce-dev:ce-dev /home/ce-dev/.ssh/authorized_keys
+          chmod 700 /home/ce-dev/.ssh/authorized_keys
+          /usr/sbin/sshd&
+
+      - name: Initialise wiki2pages for ce-provision ${{ github.event.pull_request.base.ref }}
+        run: |
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch ${{ github.event.pull_request.base.ref }} --no-ce-dev"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-${{ github.event.pull_request.base.ref }} --no-ce-dev"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-${{ github.event.pull_request.base.ref }} && /bin/sh contribute/toc_hugo.sh"
+
+      - name: Run Hugo
+        run: |
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo"
+
       - name: Publish documentation
         run: |
-          cd
-          git clone https://github.com/codeenigma/wikis2pages.git
-          cd wikis2pages
-          /bin/bash init.sh https://${{ secrets.GITHUB_TOKEN }}@github.com/codeenigma/ce-provision.git 1.x
-          /bin/sh set-current.sh ce-provision-1.x
-          docker exec --user ce-dev --workdir /home/ce-dev/deploy/live.local wikis2pages-hugo hugo
-          /bin/sh .github-actions-push.sh
-          cd /home/runner/wikis2pages/public/ce-provision-1.x
-          git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git
-          git push ci master
-        shell: bash
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git push ci master"

.github/workflows/ce-provision-publish-docs.yml

@@ -0,0 +1,40 @@
+name: Run GitLab server test build
+
+# Run this workflow every time a new commit is pushed to your repository
+on:
+  pull_request:
+
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  test-gitlab:
+    if: ${{ github.event.pull_request.head.ref != 'documentation' }}
+    # Name the Job
+    name: Build a GitLab server with ce-provision
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+
+    # Use our ce-dev Debian base container
+    container:
+      image: codeenigma/ce-dev:2.x
+      volumes:
+        - ${{ github.workspace }}:/home/controller
+
+    steps:
+      - name: Install ce-provision
+        run: |
+          /usr/bin/curl -LO https://raw.githubusercontent.com/codeenigma/ce-provision/${{ github.event.pull_request.head.ref }}/install.sh
+          /usr/bin/chmod +x ./install.sh
+          /usr/bin/sudo ./install.sh --version ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }} --docker --no-firewall
+
+      # Run a GitLab server provision
+      - name: Prepare Git repos on disk
+        run: |
+          /usr/bin/git config --global --add safe.directory /home/controller/ce-provision
+          /usr/bin/git config --global --add safe.directory /home/controller/ce-provision/config
+
+      - name: Start SSHD
+        run: /usr/sbin/sshd&
+
+      - name: Provision a test GitLab server
+        run: /usr/bin/su - controller -c "cd /home/controller/ce-provision && /bin/sh /home/controller/ce-provision/scripts/provision.sh --python-interpreter /home/controller/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/controller/ce-provision/ce-dev/ansible --playbook plays/gitlab/ci.yml --own-branch ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }} --force"

.github/workflows/ce-provision-test-gitlab.yml

@@ -0,0 +1,43 @@
+name: Run night test builds
+
+# Run this workflow nightly
+on:
+  schedule:
+    - cron: '30 4 * * *'
+
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  test-nightly:
+    # Name the Job
+    name: Build server with ce-provision
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+
+    # Use our ce-dev Debian base container
+    container:
+      image: codeenigma/ce-dev:2.x
+      volumes:
+        - ${{ github.workspace }}:/home/controller
+
+    steps:
+      - name: Install ce-provision
+        run: |
+          /usr/bin/curl -LO https://raw.githubusercontent.com/codeenigma/ce-provision/2.x/install.sh
+          /usr/bin/chmod +x ./install.sh
+          /usr/bin/sudo ./install.sh --docker --no-firewall
+
+      # Run a web server provision
+      - name: Prepare Git repos on disk
+        run: |
+          /usr/bin/git config --global --add safe.directory /home/controller/ce-provision
+          /usr/bin/git config --global --add safe.directory /home/controller/ce-provision/config
+
+      - name: Start SSHD
+        run: /usr/sbin/sshd&
+
+      - name: Provision a test web server
+        run: /usr/bin/su - controller -c "cd /home/controller/ce-provision && /bin/sh /home/controller/ce-provision/scripts/provision.sh --python-interpreter /home/controller/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/controller/ce-provision/ce-dev/ansible --playbook plays/web/ci.yml --own-branch 2.x --config-branch 2.x --force"
+
+      - name: Provision a test GitLab server
+        run: /usr/bin/su - controller -c "cd /home/controller/ce-provision && /bin/sh /home/controller/ce-provision/scripts/provision.sh --python-interpreter /home/controller/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/controller/ce-provision/ce-dev/ansible --playbook plays/gitlab/ci.yml --own-branch 2.x --config-branch 2.x --force"