OPSEXP-2880 Add audit-storage role #2635

Workflow file for this run

.github/workflows/enteprise.yml at 345d961

	name: "enterprise"

	on:
	pull_request:
	branches: [master]
	types: [labeled, opened, synchronize, reopened]
	paths-ignore:
	- "docs/**"
	- "*.md"
	- .github/workflows/docs.yml
	- .pre-commit-config.yaml
	push:
	branches: [master]
	paths-ignore:
	- "docs/**"
	- "*.md"
	- .github/workflows/docs.yml
	- .pre-commit-config.yaml
	workflow_dispatch:

	env:
	DTAS_VERSION: v1.5.5
	BUILD_NUMBER: ${{ github.run_id }}
	PY_COLORS: 1
	PYTHONUNBUFFERED: 1

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref_name }}
	cancel-in-progress: false

	jobs:
	check-nexus-secrets:
	name: Ensure required nexus secrets are available
	runs-on: ubuntu-latest
	outputs:
	secrets-available: ${{ steps.check-secrets.outputs.secrets-available }}
	steps:
	- name: Check secrets
	id: check-secrets
	run: \| # pragma: allowlist secret
	if [ -z "${{ secrets.nexus_username }}" ] \|\| [-z "${{ secrets.nexus_password }}"]; then
	echo "nexus_username or nexus_password is missing"
	echo "secrets-available=false" >> $GITHUB_OUTPUT
	exit 0
	fi
	echo "secrets-available=true" >> $GITHUB_OUTPUT
	docker:
	name: Test ${{ matrix.role.name }} role on ${{ matrix.molecule_distro.image }}
	runs-on: ubuntu-latest
	needs: check-nexus-secrets
	if: needs.check-nexus-secrets.outputs.secrets-available == 'true'
	outputs:
	dtas_version: ${{ steps.jobvars.outputs.dtas_version }}
	strategy:
	fail-fast: false
	matrix:
	molecule_distro:
	- image: ubuntu:22.04
	- image: rockylinux/rockylinux:9.4
	role:
	- name: adf_app
	- name: search_enterprise
	- name: repository
	- name: sfs
	- name: sync
	- name: trouter
	- name: audit_storage
	steps:
	- name: Share var with further reusable workflows
	id: jobvars
	run: echo "dtas_version=$DTAS_VERSION" >> $GITHUB_OUTPUT

	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Setup Python
	uses: ./.github/actions/setup-python
	id: setup-python

	- name: Install python packages
	uses: Alfresco/alfresco-build-tools/.github/actions/pipenv@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
	with:
	python-version: ${{ steps.setup-python.outputs.python-version }}

	- name: Install and cache ansible galaxy dependencies
	uses: ./.github/actions/galaxy
	with:
	cache-name: enterprise

	- name: Setup workspace
	uses: ./.github/actions/setup-workspace

	- name: Cache downloads
	uses: ./.github/actions/cache-downloads

	- name: Run tests
	env:
	MOLECULE_ROLE_IMAGE: ${{ matrix.molecule_distro.image }}
	NEXUS_USERNAME: ${{ secrets.nexus_username }}
	NEXUS_PASSWORD: ${{ secrets.nexus_password }}
	uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
	with:
	timeout_minutes: 60
	max_attempts: 3
	retry_wait_seconds: 10
	command: cd roles/${{ matrix.role.name }} && pipenv run molecule test

	docker_integration:
	name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }}
	needs:
	- docker
	strategy:
	fail-fast: false
	matrix:
	molecule_distro:
	- image: ubuntu:22.04
	- image: rockylinux/rockylinux:9.4
	scenario:
	- name: pki
	- name: elasticsearch
	- name: identity
	- name: prerun_network_checks
	runner:
	- ubuntu-latest
	include:
	- scenario:
	name: docker_enterprise
	molecule_distro:
	image: rockylinux/rockylinux:9.4
	runner: ubuntu-latest-arm64-small
	- scenario:
	name: docker_enterprise
	molecule_distro:
	image: ubuntu:22.04
	runner: ubuntu-latest-arm64-small

	uses: ./.github/workflows/docker.yml
	with:
	scenario: ${{ matrix.scenario.name }}
	os_distribution: ${{ matrix.molecule_distro.image }}
	galaxy_cache: enterprise
	dtas_version: ${{ needs.docker.outputs.dtas_version }}
	dtas_additional_params: ${{ matrix.runner == 'ubuntu-latest-arm64-small' && '-k "not test_transformation"' \|\| '' }}
	runner: ${{ matrix.runner }}
	secrets:
	nexus_username: ${{ secrets.NEXUS_USERNAME }}
	nexus_password: ${{ secrets.NEXUS_PASSWORD }}
	dtas_token: ${{ secrets.BOT_GITHUB_TOKEN \|\| secrets.DEPENDABOT_GITHUB_TOKEN }}

	ec2:
	name: ${{ matrix.molecule_scenario.desc }}
	if: github.actor != 'dependabot[bot]' && (contains(github.event.pull_request.labels.*.name, 'ec2-test') \|\| github.ref_name == 'master')
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	molecule_scenario:
	- name: default
	vars: vars-rocky8.yml
	desc: EC2 ACS 7.4 (Rocky Linux 8.9)
	- name: default
	vars: vars-rhel8.yml
	desc: EC2 ACS 7.4 (RHEL 8.9)
	- name: default
	vars: vars-ubuntu-community.yml
	desc: EC2 ACS 23.x Community (Ubuntu 22.04)
	- name: default
	vars: vars-rocky9.yml
	desc: EC2 ACS 23.x (Rocky Linux 9.4)
	- name: multimachine
	vars: vars.yml
	desc: EC2 ACS 23.x clustered (RHEL 9.4)
	- name: opensearch
	vars: vars.yml
	desc: EC2 ACS 23.x opensearch (RHEL 9.4)
	env:
	AWS_REGION: eu-west-1
	MOLECULE_IT_AWS_VPC_SUBNET_ID: subnet-6bdd4223
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	# avoid auth conflict when cloning DTAS during verify step
	persist-credentials: false

	- name: Run tests on push
	timeout-minutes: 185
	uses: ./.github/actions/molecule_integration_ec2
	with:
	matrix_name: ${{ matrix.molecule_scenario.name }}
	matrix_vars: ${{ matrix.molecule_scenario.vars }}
	matrix_desc: ${{ matrix.molecule_scenario.desc }}
	nexus_username: ${{ secrets.NEXUS_USERNAME }}
	nexus_password: ${{ secrets.NEXUS_PASSWORD }}
	aws_access_key_id: ${{ secrets.aws_access_key_id }}
	aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
	pat: ${{ secrets.BOT_GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OPSEXP-2880 Add audit-storage role #2635

Workflow file

OPSEXP-2880 Add audit-storage role #2635

Jobs

Run details

Workflow file for this run