From 0c20b832f969d088ca5940f42dc871bb44c777cf Mon Sep 17 00:00:00 2001 From: uk-bolly Date: Thu, 14 Mar 2024 17:14:09 +0000 Subject: [PATCH] updated ansible fact naming and checkout action (#64) * updated ansible fact naming for ansible_facts.virtualization_type Signed-off-by: Mark Bolwell * updated checkout version Signed-off-by: Mark Bolwell * ansible fact update Signed-off-by: Mark Bolwell * updated ansible facts and timeout now inherited Signed-off-by: Mark Bolwell --------- Signed-off-by: Mark Bolwell --- .github/workflows/devel_pipeline_validation.yml | 4 ++-- .github/workflows/main_pipeline_validation.yml | 4 ++-- tasks/LE_audit_setup.yml | 4 ++-- tasks/main.yml | 2 +- templates/ansible_vars_goss.yml.j2 | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml index 77121fd..fc55cbb 100644 --- a/.github/workflows/devel_pipeline_validation.yml +++ b/.github/workflows/devel_pipeline_validation.yml @@ -44,13 +44,13 @@ steps: - name: Clone ${{ github.event.repository.name }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - name: Clone github IaC plan - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC path: .github/workflows/github_linux_IaC diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml index 605b32e..6228ac7 100644 --- a/.github/workflows/main_pipeline_validation.yml +++ b/.github/workflows/main_pipeline_validation.yml @@ -33,13 +33,13 @@ steps: - name: Clone ${{ github.event.repository.name }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - name: Clone github IaC plan - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC path: .github/workflows/github_linux_IaC diff --git a/tasks/LE_audit_setup.yml b/tasks/LE_audit_setup.yml index 56ffbd6..7ef94b4 100644 --- a/tasks/LE_audit_setup.yml +++ b/tasks/LE_audit_setup.yml @@ -5,12 +5,12 @@ - name: Pre Audit Setup | Set audit package name | 64bit ansible.builtin.set_fact: audit_pkg_arch_name: AMD64 - when: ansible_machine == "x86_64" + when: ansible_facts.machine == "x86_64" - name: Pre Audit Setup | Set audit package name | ARM64 ansible.builtin.set_fact: audit_pkg_arch_name: ARM64 - when: ansible_machine == "arm64" + when: ansible_facts.machine == "arm64" - name: Pre Audit Setup | Download audit binary ansible.builtin.get_url: diff --git a/tasks/main.yml b/tasks/main.yml index 80d1d9c..10a3907 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -43,7 +43,7 @@ - name: Setup rules if container when: - ansible_connection == 'docker' or - ansible_virtualization_type in ["docker", "lxc", "openvz", "podman", "container"] + ansible_facts.virtualization_type in ["docker", "lxc", "openvz", "podman", "container"] block: - name: Discover and set container variable if required ansible.builtin.set_fact: diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2 index 89426b5..39dadbd 100644 --- a/templates/ansible_vars_goss.yml.j2 +++ b/templates/ansible_vars_goss.yml.j2 @@ -6,10 +6,10 @@ benchmark_version: '1.0.0' # If run via script this is discovered and set -host_os_distribution: {{ ansible_distribution | lower }} +host_os_distribution: {{ ansible_facts.distribution | lower }} # timeout for each command to run where set - default = 10seconds/10000ms -timeout_ms: 60000 +timeout_ms: {{ audit_cmd_timeout }} amzn2023cis_run_heavy_tests: {{ audit_run_heavy_tests }} amzn2023cis_section1: {{ amzn2023cis_section1 }}