Salt/openssh-formula
0
0
Fork 0
mirror of https://github.com/saltstack-formulas/openssh-formula.git synced 2025-07-21 15:44:32 +02:00
Code Issues Activity

chore: apply template copier-ssf-ci at v1.6.3

Browse Source
This commit is contained in:
Dafydd Jones 2025-06-08 15:34:49 +01:00
parent 83962eb3b4
commit c9199b90e4
14 changed files with 922 additions and 681 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.copier-answers.ssf-ci.yml Normal file
View File

@ -0,0 +1,19 @@
# Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
_commit: v1.6.3
_src_path: https://github.com/dafyddj/copier-ssf-ci
failure_permitted_pattern: (?x)(-master$|^fedora-41-|^amazonlinux-2-)
formula_name: openssh
renovate_extend_presets:
- github>saltstack-formulas/.github
- github>saltstack-formulas/.github:copier
renovate_ignore_presets: []
supported_oses:
- AlmaLinux OS
- Amazon Linux
- CentOS
- Debian
- Fedora Linux
- openSUSE
- Oracle Linux
- Rocky Linux
- Ubuntu

11
.github/renovate.json5 vendored Normal file
View File

@ -0,0 +1,11 @@
{
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [
"github>saltstack-formulas/.github",
"github>saltstack-formulas/.github:copier"
],
/**********************************************************
* This file is managed as part of a Copier template. *
* Please make your own changes below this comment. *
*********************************************************/
}

8
.github/settings.yml vendored Normal file
View File

@ -0,0 +1,8 @@
---
# These settings are synced to GitHub by https://probot.github.io/apps/settings/
repository:
# See https://docs.github.com/en/rest/reference/repos#update-a-repository
# for all available settings
allow_squash_merge: false

60
.github/workflows/main.yml vendored Normal file
View File

@ -0,0 +1,60 @@
---
# yamllint disable rule:comments
name: Test & release
'on':
- pull_request
- push
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != format('refs/heads/{0}',
github.event.repository.default_branch) }}
jobs:
should-run:
name: Prep / Should run
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
should-run: ${{ steps.action.outputs.should-run }}
steps:
- id: action
uses:
# yamllint disable-line rule:line-length
techneg-it/should-workflow-run@dcbb88600d59ec2842778ef1e2d41f680f876329 # v1.0.0
pre-commit:
name: Lint / `pre-commit`
needs: should-run
if: fromJSON(needs.should-run.outputs.should-run)
container: techneg/ci-pre-commit:v2.3.3
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Export `CI_CACHE_ID` from container
run: echo "CI_CACHE_ID=$(cat /.ci_cache_id)" >> $GITHUB_ENV
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.cache/pre-commit
key: "${{ env.CI_CACHE_ID }}|\
${{ hashFiles('.pre-commit-config.yaml') }}"
- name: Run `pre-commit`
run: |
git config --global --add safe.directory $(pwd)
pre-commit run --all-files --color always --verbose
pre-commit run --color always --hook-stage manual commitlint-ci
results:
name: Release / Collect results
permissions:
checks: read
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
# yamllint disable-line rule:line-length
- uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0
with:
ignore: Release / Collect results
ignore_pattern: ^GitLab CI
token: ${{ secrets.GITHUB_TOKEN }}
- run: echo "::notice ::Workflow success!"

213
.gitlab-ci.yml
View File

@ -9,47 +9,82 @@
only_branch_master_parent_repo: &only_branch_master_parent_repo
- 'master@saltstack-formulas/openssh-formula'
# `stage`
stage_cache: &stage_cache 'cache'
stage_lint: &stage_lint 'lint'
stage_release: &stage_release 'release'
stage_test: &stage_test 'test'
# `image`
image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
image_precommit: &image_precommit
name: 'myii/ssf-pre-commit:2.9.2'
entrypoint: ['/bin/bash', '-c']
image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14'
# yamllint disable rule:line-length
image_commitlint: &image_commitlint 'techneg/ci-commitlint:v1.1.90@sha256:8334132f86e7241ed7eb5ac6469aa1a44c68f2b0923349209e7a7f403de18c97'
image_dindruby: &image_dindruby 'techneg/ci-docker-python-ruby:v2.2.59@sha256:df2308e9c162f73c2094a913dcd29baccb07e3fd677418a74437e7780a7bcd1b'
image_dindrubybionic: &image_dindrubybionic 'techneg/ci-docker-python-ruby:v2.2.59@sha256:df2308e9c162f73c2094a913dcd29baccb07e3fd677418a74437e7780a7bcd1b'
image_precommit: &image_precommit 'techneg/ci-pre-commit:v2.4.24@sha256:0508ba9bb36bbfe9c12da5745cfb85159cdfbf8453c64fb63c9ca4d6e6cca679'
image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest@sha256:fe69f9642c7edde46bbd78326d2c42c6e13fc73694efb142e92e206725479328'
image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14@sha256:374f588420087517a3cc0235e11293bffd72d7a59da3d98d5e69f014ff2a7761'
# `services`
services_docker_dind: &services_docker_dind
- 'docker:dind'
- 'docker:28.2.2-dind@sha256:bbc590727c1e4fe707877314ff4f0f977bdda2985c485f2b044db0e18979efb3'
# yamllint enable rule:line-length
# `variables`
# https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
# https://bundler.io/v1.16/bundle_config.html
# https://bundler.io/v2.3/man/bundle-config.1.html
variables_bundler: &variables_bundler
BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
BUNDLE_WITHOUT: 'production'
# `cache`
BUNDLE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
BUNDLE_DEPLOYMENT: 'true'
bundle_install: &bundle_install
- 'bundle version'
- 'bundle config list'
# `--no-cache` means don't bother caching the downloaded .gem files
- 'time bundle install --no-cache'
cache_bundler: &cache_bundler
key: '${CI_JOB_STAGE}'
key:
files:
- 'Gemfile.lock'
prefix: 'bundler'
paths:
- '${BUNDLE_CACHE_PATH}'
- '${BUNDLE_PATH}'
# https://pre-commit.com/#gitlab-ci-example
variables_pre-commit: &variables_pre-commit
PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
cache_pre-commit: &cache_pre-commit
key:
files:
- '.pre-commit-config.yaml'
prefix: 'pre-commit'
paths:
- '${PRE_COMMIT_HOME}'
###############################################################################
# Define stages and global variables
###############################################################################
stages:
- *stage_cache
- *stage_lint
- *stage_test
- *stage_release
variables:
DOCKER_DRIVER: 'overlay2'
###############################################################################
# `cache` stage: build up the bundler cache required before the `test` stage
###############################################################################
build-cache:
stage: *stage_cache
image: *image_dindruby
variables: *variables_bundler
cache: *cache_bundler
script: *bundle_install
###############################################################################
# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
###############################################################################
commitlint:
.lint_job:
stage: *stage_lint
needs: []
commitlint:
extends: '.lint_job'
image: *image_commitlint
script:
# Add `upstream` remote to get access to `upstream/master`
@ -74,17 +109,14 @@ commitlint:
--verbose'
pre-commit:
stage: *stage_lint
extends: '.lint_job'
image: *image_precommit
# https://pre-commit.com/#gitlab-ci-example
variables:
PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
cache:
key: '${CI_JOB_NAME}'
paths:
- '${PRE_COMMIT_HOME}'
variables: *variables_pre-commit
cache: *cache_pre-commit
script:
- 'pre-commit run --all-files --color always --verbose'
- 'pre-commit run --color always --hook-stage manual commitlint-ci'
# Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
# - The `pre-commit` check will only be available for formulas that pass the default
@ -93,8 +125,8 @@ pre-commit:
# - Furthermore, this job uses all of the latest `rubocop` features & cops,
# which will help when upgrading the `rubocop` linter used in `pre-commit`
rubocop:
extends: '.lint_job'
allow_failure: true
stage: *stage_lint
image: *image_rubocop
script:
- 'rubocop -d -P -S --enable-pending-cops'
@ -107,12 +139,10 @@ rubocop:
image: *image_dindruby
services: *services_docker_dind
variables: *variables_bundler
cache: *cache_bundler
before_script:
# TODO: This should work from the env vars above automatically
- 'bundle config set path "${BUNDLE_CACHE_PATH}"'
- 'bundle config set without "${BUNDLE_WITHOUT}"'
- 'bundle install'
cache:
<<: *cache_bundler
policy: 'pull'
before_script: *bundle_install
script:
# Alternative value to consider: `${CI_JOB_NAME}`
- 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
@ -131,69 +161,68 @@ rubocop:
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
# yamllint disable rule:line-length
# default-debian-11-tiamat-py3: {extends: '.test_instance'}
# default-debian-10-tiamat-py3: {extends: '.test_instance'}
# default-debian-9-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-tiamat-py3: {extends: '.test_instance'}
# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
default-debian-11-master-py3: {extends: '.test_instance'}
default-debian-10-master-py3: {extends: '.test_instance'}
default-debian-9-master-py3: {extends: '.test_instance'}
default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
default-ubuntu-2004-master-py3: {extends: '.test_instance'}
default-ubuntu-1804-master-py3: {extends: '.test_instance'}
default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
default-centos-7-master-py3: {extends: '.test_instance'}
default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
default-fedora-35-master-py3: {extends: '.test_instance'}
default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
default-amazonlinux-2-master-py3: {extends: '.test_instance'}
default-oraclelinux-8-master-py3: {extends: '.test_instance'}
default-oraclelinux-7-master-py3: {extends: '.test_instance'}
default-arch-base-latest-master-py3: {extends: '.test_instance'}
default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
default-almalinux-8-master-py3: {extends: '.test_instance'}
default-rockylinux-8-master-py3: {extends: '.test_instance'}
# default-debian-11-3004-1-py3: {extends: '.test_instance'}
# default-debian-10-3004-1-py3: {extends: '.test_instance'}
# default-debian-9-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3004-1-py3: {extends: '.test_instance'}
# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
# default-debian-10-3003-4-py3: {extends: '.test_instance'}
# default-debian-9-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3003-4-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
# Fedora 41+ will permit failure until this PR is merged into kitchen-docker
# https://github.com/test-kitchen/kitchen-docker/pull/427 is merged
# OpenSUSE master branch will fail until zypperpkg module is back in salt core
# https://github.com/saltstack/great-module-migration/issues/14
#
almalinux-9-master: {extends: '.test_instance_failure_permitted'}
almalinux-8-master: {extends: '.test_instance_failure_permitted'}
amazonlinux-2023-master: {extends: '.test_instance_failure_permitted'}
amazonlinux-2-master: {extends: '.test_instance_failure_permitted'}
centos-stream9-master: {extends: '.test_instance_failure_permitted'}
debian-12-master: {extends: '.test_instance_failure_permitted'}
debian-11-master: {extends: '.test_instance_failure_permitted'}
fedora-41-master: {extends: '.test_instance_failure_permitted'}
fedora-40-master: {extends: '.test_instance_failure_permitted'}
opensuse-leap-156-master: {extends: '.test_instance_failure_permitted'}
opensuse-leap-155-master: {extends: '.test_instance_failure_permitted'}
opensuse-tmbl-latest-master: {extends: '.test_instance_failure_permitted'}
oraclelinux-9-master: {extends: '.test_instance_failure_permitted'}
oraclelinux-8-master: {extends: '.test_instance_failure_permitted'}
rockylinux-9-master: {extends: '.test_instance_failure_permitted'}
rockylinux-8-master: {extends: '.test_instance_failure_permitted'}
ubuntu-2404-master: {extends: '.test_instance_failure_permitted'}
ubuntu-2204-master: {extends: '.test_instance_failure_permitted'}
ubuntu-2004-master: {extends: '.test_instance_failure_permitted'}
almalinux-9-3007-3: {extends: '.test_instance'}
almalinux-8-3007-3: {extends: '.test_instance'}
amazonlinux-2023-3007-3: {extends: '.test_instance'}
amazonlinux-2-3007-3: {extends: '.test_instance_failure_permitted'}
centos-stream9-3007-3: {extends: '.test_instance'}
debian-12-3007-3: {extends: '.test_instance'}
debian-11-3007-3: {extends: '.test_instance'}
fedora-41-3007-3: {extends: '.test_instance_failure_permitted'}
fedora-40-3007-3: {extends: '.test_instance'}
opensuse-leap-156-3007-3: {extends: '.test_instance'}
opensuse-leap-155-3007-3: {extends: '.test_instance'}
opensuse-tmbl-latest-3007-3: {extends: '.test_instance'}
oraclelinux-9-3007-3: {extends: '.test_instance'}
oraclelinux-8-3007-3: {extends: '.test_instance'}
rockylinux-9-3007-3: {extends: '.test_instance'}
rockylinux-8-3007-3: {extends: '.test_instance'}
ubuntu-2404-3007-3: {extends: '.test_instance'}
ubuntu-2204-3007-3: {extends: '.test_instance'}
ubuntu-2004-3007-3: {extends: '.test_instance'}
almalinux-9-3006-11: {extends: '.test_instance'}
almalinux-8-3006-11: {extends: '.test_instance'}
amazonlinux-2023-3006-11: {extends: '.test_instance'}
amazonlinux-2-3006-11: {extends: '.test_instance_failure_permitted'}
centos-stream9-3006-11: {extends: '.test_instance'}
debian-12-3006-11: {extends: '.test_instance'}
debian-11-3006-11: {extends: '.test_instance'}
fedora-41-3006-11: {extends: '.test_instance_failure_permitted'}
fedora-40-3006-11: {extends: '.test_instance'}
opensuse-leap-156-3006-11: {extends: '.test_instance'}
opensuse-leap-155-3006-11: {extends: '.test_instance'}
opensuse-tmbl-latest-3006-11: {extends: '.test_instance'}
oraclelinux-9-3006-11: {extends: '.test_instance'}
oraclelinux-8-3006-11: {extends: '.test_instance'}
rockylinux-9-3006-11: {extends: '.test_instance'}
rockylinux-8-3006-11: {extends: '.test_instance'}
ubuntu-2404-3006-11: {extends: '.test_instance'}
ubuntu-2204-3006-11: {extends: '.test_instance'}
ubuntu-2004-3006-11: {extends: '.test_instance'}
# yamllint enable rule:line-length
###############################################################################

71
.pre-commit-config.yaml
View File

@ -15,28 +15,19 @@ ci:
autoupdate_schedule: quarterly
skip: []
submodules: false
default_stages: [commit]
default_stages: [pre-commit]
repos:
- repo: https://github.com/dafyddj/commitlint-pre-commit-hook
rev: v2.3.0
- repo: https://github.com/dafyddj/mirrors-commitlint
rev: v19.8.1
hooks:
- id: commitlint
name: Check commit message using commitlint
description: Lint commit message against @commitlint/config-conventional rules
stages: [commit-msg]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
- id: commitlint-travis
stages: [manual]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
always_run: true
- id: commitlint-ci
- repo: https://github.com/rubocop-hq/rubocop
rev: v1.59.0
rev: v1.75.8
hooks:
- id: rubocop
name: Check Ruby files with rubocop
args: [--debug]
always_run: true
pass_filenames: false
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.9.0.6
hooks:
@ -45,13 +36,36 @@ repos:
files: ^.*\.(sh|bash|ksh)$
types: []
- repo: https://github.com/adrienverge/yamllint
rev: v1.33.0
rev: v1.37.1
hooks:
- id: yamllint
name: Check YAML syntax with yamllint
args: [--strict, '.']
always_run: true
pass_filenames: false
args: [--strict]
types: [file]
# Files to include
# 1. Obvious YAML files
# 2. `pillar.example` and similar files
# 3. SLS files under directory `test/` which are pillar files
# Files to exclude
# 1. SLS files under directory `test/` which are state files
# 2. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
# 3. YAML files heavily reliant on Jinja
# 4. `.copier-answers.yml` and its variants which are auto-generated
files: |
(?x)^(
.*\.yaml|
.*\.yml|
\.salt-lint|
\.yamllint|
.*\.example|
test/.*\.sls
)$
exclude: |
(?x)^(
\.copier-answers(\..+)?\.ya?ml|
kitchen.vagrant.yml|
test/.*/states/.*\.sls
)$
- repo: https://github.com/warpnet/salt-lint
rev: v0.9.2
hooks:
@ -59,11 +73,12 @@ repos:
name: Check Salt files using salt-lint
files: ^.*\.(sls|jinja|j2|tmpl|tst)$
- repo: https://github.com/rstcheck/rstcheck
rev: v6.2.0
rev: v6.2.5
hooks:
- id: rstcheck
name: Check reST files using rstcheck
exclude: 'docs/CHANGELOG.rst'
additional_dependencies: [sphinx==7.2.6]
- repo: https://github.com/saltstack-formulas/mirrors-rst-lint
rev: v1.4.0
hooks:
@ -73,5 +88,21 @@ repos:
(?x)^(
docs/CHANGELOG.rst|
docs/TOFS_pattern.rst|
docs/CONTRIBUTING_DOCS.rst|
docs/index.rst|
)$
additional_dependencies: [pygments==2.9.0]
additional_dependencies: [pygments==2.16.1]
- repo: https://github.com/renovatebot/pre-commit-hooks
rev: 40.36.8
hooks:
- id: renovate-config-validator
name: Check Renovate config with renovate-config-validator
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.33.0
hooks:
- id: check-github-workflows
name: Check GitHub workflows with check-jsonschema
args: [--verbose]
- id: check-gitlab-ci
name: Check GitLab CI config with check-jsonschema
args: [--verbose]

4
.rstcheck.cfg
View File

@ -1,4 +1,6 @@
[rstcheck]
report=info
ignore_language=rst
ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)
# salt['config.get']('roles') is misidentified as a Markdown link.
# Ignore for now, but perhaps try to submit a fix upstream in rstcheck
ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$|\(rst\) Link is formatted in Markdown style\.)

2
.rubocop.yml
View File

@ -7,7 +7,7 @@ Layout/LineLength:
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
Max: 88
Metrics/BlockLength:
IgnoredMethods:
AllowedMethods:
- control
- describe
# Increase from default of `25`

28
.yamllint
View File

@ -4,34 +4,6 @@
# Extend the `default` configuration provided by `yamllint`
extends: 'default'
# Files to ignore completely
# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
# 2. All YAML files under directory `.cache/`, introduced during the CI run
# 3. All YAML files under directory `.git/`
# 4. All YAML files under directory `node_modules/`, introduced during the CI run
# 5. Any SLS files under directory `test/`, which are actually state files
# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
ignore: |
.bundle/
.cache/
.git/
node_modules/
test/**/states/**/*.sls
.kitchen/
kitchen.vagrant.yml
test/salt/pillar/default.sls
yaml-files:
# Default settings
- '*.yaml'
- '*.yml'
- .salt-lint
- .yamllint
# SaltStack Formulas additional settings
- '*.example'
- test/**/*.sls
rules:
empty-values:
forbid-in-block-mappings: true

11
Gemfile
View File

@ -15,9 +15,10 @@ gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec'
gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
# rubocop:enable Layout/LineLength
gem 'kitchen-inspec', '>= 2.5.0'
gem 'kitchen-salt', '>= 0.7.2'
gem 'kitchen-inspec', '2.6.2'
gem 'kitchen-salt', '0.7.2'
group :vagrant do
gem 'kitchen-vagrant'
end
# Avoid the error 'pkeys are immutable on OpenSSL 3.0'
gem 'net-ssh', '>= 7.0.0'
gem 'test-kitchen', '3.6.0'

816
Gemfile.lock
View File

File diff suppressed because it is too large Load Diff

4
commitlint.config.js
View File

@ -5,4 +5,8 @@ module.exports = {
'footer-max-line-length': [2, 'always', 120],
'header-max-length': [2, 'always', 72],
},
ignores: [
(commit) => commit.startsWith("chore(deps):"),
(commit) => commit.startsWith("[CI merge]")
],
};

339
kitchen.yml
View File

@ -17,246 +17,243 @@ provisioner:
salt_copy_filter:
- .kitchen
- .git
pillars_from_directories:
- test/salt/pillar
transport:
# Avoid lengthy waits when a container does not launch correctly
max_wait_until_ready: 60
platforms:
## SALT `tiamat`
- name: debian-11-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:debian-11
run_command: /lib/systemd/systemd
- name: debian-10-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:debian-10
run_command: /lib/systemd/systemd
- name: debian-9-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:debian-9
run_command: /lib/systemd/systemd
- name: ubuntu-2204-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:ubuntu-22.04
run_command: /lib/systemd/systemd
- name: ubuntu-2004-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:ubuntu-20.04
run_command: /lib/systemd/systemd
- name: ubuntu-1804-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:ubuntu-18.04
run_command: /lib/systemd/systemd
- name: centos-stream8-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:centos-stream8
- name: centos-7-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:centos-7
- name: amazonlinux-2-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:amazonlinux-2
- name: oraclelinux-8-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:oraclelinux-8
- name: oraclelinux-7-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:oraclelinux-7
- name: almalinux-8-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:almalinux-8
- name: rockylinux-8-tiamat-py3
driver:
image: saltimages/salt-tiamat-py3:rockylinux-8
## SALT `master`
- name: debian-11-master-py3
- name: debian-12-master
driver:
image: saltimages/salt-master-py3:debian-12
run_command: /lib/systemd/systemd
- name: debian-11-master
driver:
image: saltimages/salt-master-py3:debian-11
run_command: /lib/systemd/systemd
- name: debian-10-master-py3
- name: ubuntu-2404-master
driver:
image: saltimages/salt-master-py3:debian-10
image: saltimages/salt-master-py3:ubuntu-24.04
run_command: /lib/systemd/systemd
- name: debian-9-master-py3
driver:
image: saltimages/salt-master-py3:debian-9
run_command: /lib/systemd/systemd
- name: ubuntu-2204-master-py3
- name: ubuntu-2204-master
driver:
image: saltimages/salt-master-py3:ubuntu-22.04
run_command: /lib/systemd/systemd
- name: ubuntu-2004-master-py3
- name: ubuntu-2004-master
driver:
image: saltimages/salt-master-py3:ubuntu-20.04
run_command: /lib/systemd/systemd
- name: ubuntu-1804-master-py3
- name: centos-stream9-master
driver:
image: saltimages/salt-master-py3:ubuntu-18.04
run_command: /lib/systemd/systemd
- name: centos-stream8-master-py3
image: saltimages/salt-master-py3:centos-stream9
- name: opensuse-leap-156-master
driver:
image: saltimages/salt-master-py3:centos-stream8
- name: centos-7-master-py3
driver:
image: saltimages/salt-master-py3:centos-7
- name: fedora-36-master-py3
driver:
image: saltimages/salt-master-py3:fedora-36
- name: fedora-35-master-py3
driver:
image: saltimages/salt-master-py3:fedora-35
- name: opensuse-leap-153-master-py3
driver:
image: saltimages/salt-master-py3:opensuse-leap-15.3
# Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
image: saltimages/salt-master-py3:opensuse-leap-15.6
# Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-tmbl-latest-master-py3
- name: opensuse-leap-155-master
driver:
image: saltimages/salt-master-py3:opensuse-leap-15.5
# Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-tmbl-latest-master
driver:
image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
# Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: amazonlinux-2-master-py3
- name: fedora-41-master
driver:
image: saltimages/salt-master-py3:amazonlinux-2
- name: oraclelinux-8-master-py3
image: saltimages/salt-master-py3:fedora-41
- name: fedora-40-master
driver:
image: saltimages/salt-master-py3:fedora-40
- name: amazonlinux-2023-master
driver:
image: saltimages/salt-master-py3:amazonlinux-2023
- name: oraclelinux-9-master
driver:
image: saltimages/salt-master-py3:oraclelinux-9
- name: oraclelinux-8-master
driver:
image: saltimages/salt-master-py3:oraclelinux-8
- name: oraclelinux-7-master-py3
- name: almalinux-9-master
driver:
image: saltimages/salt-master-py3:oraclelinux-7
- name: arch-base-latest-master-py3
driver:
image: saltimages/salt-master-py3:arch-base-latest
- name: gentoo-stage3-latest-master-py3
driver:
image: saltimages/salt-master-py3:gentoo-stage3-latest
run_command: /sbin/init
- name: gentoo-stage3-systemd-master-py3
driver:
image: saltimages/salt-master-py3:gentoo-stage3-systemd
- name: almalinux-8-master-py3
image: saltimages/salt-master-py3:almalinux-9
- name: almalinux-8-master
driver:
image: saltimages/salt-master-py3:almalinux-8
- name: rockylinux-8-master-py3
- name: rockylinux-9-master
driver:
image: saltimages/salt-master-py3:rockylinux-9
- name: rockylinux-8-master
driver:
image: saltimages/salt-master-py3:rockylinux-8
## SALT `3004.1`
- name: debian-11-3004-1-py3
## SALT `3007.3`
- name: debian-12-3007-3
driver:
image: saltimages/salt-3004.1-py3:debian-11
image: saltimages/salt-3007.3-py3:debian-12
run_command: /lib/systemd/systemd
- name: debian-10-3004-1-py3
- name: debian-11-3007-3
driver:
image: saltimages/salt-3004.1-py3:debian-10
image: saltimages/salt-3007.3-py3:debian-11
run_command: /lib/systemd/systemd
- name: debian-9-3004-1-py3
- name: ubuntu-2404-3007-3
driver:
image: saltimages/salt-3004.1-py3:debian-9
image: saltimages/salt-3007.3-py3:ubuntu-24.04
run_command: /lib/systemd/systemd
- name: ubuntu-2204-3004-1-py3
- name: ubuntu-2204-3007-3
driver:
image: saltimages/salt-3004.1-py3:ubuntu-22.04
image: saltimages/salt-3007.3-py3:ubuntu-22.04
run_command: /lib/systemd/systemd
- name: ubuntu-2004-3004-1-py3
- name: ubuntu-2004-3007-3
driver:
image: saltimages/salt-3004.1-py3:ubuntu-20.04
image: saltimages/salt-3007.3-py3:ubuntu-20.04
run_command: /lib/systemd/systemd
- name: ubuntu-1804-3004-1-py3
- name: centos-stream9-3007-3
driver:
image: saltimages/salt-3004.1-py3:ubuntu-18.04
run_command: /lib/systemd/systemd
- name: centos-stream8-3004-1-py3
image: saltimages/salt-3007.3-py3:centos-stream9
- name: opensuse-leap-155-3007-3
driver:
image: saltimages/salt-3004.1-py3:centos-stream8
- name: centos-7-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:centos-7
- name: fedora-36-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:fedora-36
- name: fedora-35-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:fedora-35
- name: amazonlinux-2-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:amazonlinux-2
- name: oraclelinux-8-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:oraclelinux-8
- name: oraclelinux-7-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:oraclelinux-7
- name: arch-base-latest-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:arch-base-latest
- name: gentoo-stage3-latest-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:gentoo-stage3-latest
run_command: /sbin/init
- name: gentoo-stage3-systemd-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd
- name: almalinux-8-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:almalinux-8
- name: rockylinux-8-3004-1-py3
driver:
image: saltimages/salt-3004.1-py3:rockylinux-8
## SALT `3004.0`
- name: opensuse-leap-153-3004-0-py3
driver:
image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
# Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
image: saltimages/salt-3007.3-py3:opensuse-leap-15.5
# Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-tmbl-latest-3004-0-py3
- name: opensuse-leap-156-3007-3
driver:
image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
image: saltimages/salt-3007.3-py3:opensuse-leap-15.6
# Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-tmbl-latest-3007-3
driver:
image: saltimages/salt-3007.3-py3:opensuse-tumbleweed-latest
# Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: fedora-41-3007-3
driver:
image: saltimages/salt-3007.3-py3:fedora-41
- name: fedora-40-3007-3
driver:
image: saltimages/salt-3007.3-py3:fedora-40
- name: amazonlinux-2023-3007-3
driver:
image: saltimages/salt-3007.3-py3:amazonlinux-2023
- name: amazonlinux-2-3007-3
driver:
image: saltimages/salt-3007.3-py3:amazonlinux-2
- name: oraclelinux-9-3007-3
driver:
image: saltimages/salt-3007.3-py3:oraclelinux-9
- name: oraclelinux-8-3007-3
driver:
image: saltimages/salt-3007.3-py3:oraclelinux-8
- name: almalinux-9-3007-3
driver:
image: saltimages/salt-3007.3-py3:almalinux-9
- name: almalinux-8-3007-3
driver:
image: saltimages/salt-3007.3-py3:almalinux-8
- name: rockylinux-9-3007-3
driver:
image: saltimages/salt-3007.3-py3:rockylinux-9
- name: rockylinux-8-3007-3
driver:
image: saltimages/salt-3007.3-py3:rockylinux-8
## SALT `3003.4`
- name: debian-10-3003-4-py3
## SALT `3006.11`
- name: debian-12-3006-11
driver:
image: saltimages/salt-3003.4-py3:debian-10
image: saltimages/salt-3006.11-py3:debian-12
run_command: /lib/systemd/systemd
- name: debian-9-3003-4-py3
- name: debian-11-3006-11
driver:
image: saltimages/salt-3003.4-py3:debian-9
image: saltimages/salt-3006.11-py3:debian-11
run_command: /lib/systemd/systemd
- name: ubuntu-2004-3003-4-py3
- name: ubuntu-2404-3006-11
driver:
image: saltimages/salt-3003.4-py3:ubuntu-20.04
image: saltimages/salt-3006.11-py3:ubuntu-24.04
run_command: /lib/systemd/systemd
- name: ubuntu-1804-3003-4-py3
- name: ubuntu-2204-3006-11
driver:
image: saltimages/salt-3003.4-py3:ubuntu-18.04
image: saltimages/salt-3006.11-py3:ubuntu-22.04
run_command: /lib/systemd/systemd
- name: centos-stream8-3003-4-py3
- name: ubuntu-2004-3006-11
driver:
image: saltimages/salt-3003.4-py3:centos-stream8
- name: centos-7-3003-4-py3
image: saltimages/salt-3006.11-py3:ubuntu-20.04
run_command: /lib/systemd/systemd
- name: centos-stream9-3006-11
driver:
image: saltimages/salt-3003.4-py3:centos-7
- name: amazonlinux-2-3003-4-py3
image: saltimages/salt-3006.11-py3:centos-stream9
- name: opensuse-tmbl-latest-3006-11
driver:
image: saltimages/salt-3003.4-py3:amazonlinux-2
- name: oraclelinux-8-3003-4-py3
image: saltimages/salt-3006.11-py3:opensuse-tumbleweed-latest
# Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-leap-156-3006-11
driver:
image: saltimages/salt-3003.4-py3:oraclelinux-8
- name: oraclelinux-7-3003-4-py3
image: saltimages/salt-3006.11-py3:opensuse-leap-15.6
# Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: opensuse-leap-155-3006-11
driver:
image: saltimages/salt-3003.4-py3:oraclelinux-7
- name: almalinux-8-3003-4-py3
image: saltimages/salt-3006.11-py3:opensuse-leap-15.5
# Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: fedora-41-3006-11
driver:
image: saltimages/salt-3003.4-py3:almalinux-8
image: saltimages/salt-3006.11-py3:fedora-41
- name: fedora-40-3006-11
driver:
image: saltimages/salt-3006.11-py3:fedora-40
- name: amazonlinux-2023-3006-11
driver:
image: saltimages/salt-3006.11-py3:amazonlinux-2023
- name: amazonlinux-2-3006-11
driver:
image: saltimages/salt-3006.11-py3:amazonlinux-2
- name: oraclelinux-9-3006-11
driver:
image: saltimages/salt-3006.11-py3:oraclelinux-9
- name: oraclelinux-8-3006-11
driver:
image: saltimages/salt-3006.11-py3:oraclelinux-8
- name: almalinux-9-3006-11
driver:
image: saltimages/salt-3006.11-py3:almalinux-9
- name: almalinux-8-3006-11
driver:
image: saltimages/salt-3006.11-py3:almalinux-8
- name: rockylinux-9-3006-11
driver:
image: saltimages/salt-3006.11-py3:rockylinux-9
- name: rockylinux-8-3006-11
driver:
image: saltimages/salt-3006.11-py3:rockylinux-8
##########################################################
# This file is managed as part of a Copier template. #
# Please make your own changes below this comment. #
##########################################################
verifier:
# https://www.inspec.io/

17
test/salt/pillar/default.sls
View File

@ -22,16 +22,17 @@ sshd_config:
PrintMotd: 'no'
AcceptEnv: "LANG LC_*"
Subsystem: "sftp /usr/lib/openssh/sftp-server"
{%- if grains.os != "OpenBSD" %}
# {%- if grains.os != "OpenBSD" %}
UsePAM: 'yes'
{%- endif %}
{#- Need this on various platforms to avoid the `kitchen verify` failure as mentioned above; see: #}
{#- * https://gitlab.com/saltstack-formulas/infrastructure/salt-image-builder/-/commit/cb6781a2bba9 #}
{%- if grains.os in ["Arch", "OpenBSD", "Gentoo"]
or grains.get("oscodename", "") in ["openSUSE Tumbleweed"]
or grains.get("osfinger", "") in ["Fedora Linux-36", "Ubuntu-22.04"] %}
# {%- endif %}
# Need this on various platforms to avoid the `kitchen verify` failure as
# mentioned above; see:
# yamllint disable rule:line-length
# * https://gitlab.com/saltstack-formulas/infrastructure/salt-image-builder/-/commit/cb6781a2bba9 #}
# {%- if grains.get("oscodename", "") in ["openSUSE Tumbleweed"] or grains.get("osfinger", "") in ["Fedora Linux-36", "Ubuntu-22.04"] %}
# yamllint enable rule:line-length
PubkeyAcceptedAlgorithms: "+ssh-rsa"
{%- endif %}
# {%- endif %}
ssh_config:
Hosts: