From 4defb131949909685f7569100e1c968f498976b9 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 31 Oct 2023 14:51:58 +0000 Subject: [PATCH 1/5] update wording and typos Signed-off-by: Mark Bolwell --- .github/workflows/devel_pipeline_validation.yml | 12 ++++++------ .github/workflows/main_pipeline_validation.yml | 12 ++++++------ .github/workflows/update_galaxy.yml | 6 +----- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml index 94b64933..9fbe7aa8 100644 --- a/.github/workflows/devel_pipeline_validation.yml +++ b/.github/workflows/devel_pipeline_validation.yml @@ -29,7 +29,7 @@ Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown! Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well. - # This workflow contains a single job which tests the playbook + # This workflow contains a single job that tests the playbook playbook-test: # The type of runner that the job will run on runs-on: ubuntu-latest @@ -49,7 +49,7 @@ ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - - name: Clone github IaC plan + - name: Clone GitHub IaC plan uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC @@ -74,7 +74,7 @@ pwd ls env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -82,7 +82,7 @@ id: init run: terraform init env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -90,7 +90,7 @@ id: validate run: terraform validate env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -113,7 +113,7 @@ - name: Sleep for 60 seconds run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the ansible playbook + # Run the Ansibleplaybook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml index a098f640..67ee9d90 100644 --- a/.github/workflows/main_pipeline_validation.yml +++ b/.github/workflows/main_pipeline_validation.yml @@ -18,7 +18,7 @@ # that can run sequentially or in parallel jobs: - # This workflow contains a single job which tests the playbook + # This workflow contains a single job that tests the playbook playbook-test: # The type of runner that the job will run on runs-on: ubuntu-latest @@ -38,7 +38,7 @@ ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - - name: Clone github IaC plan + - name: Clone GitHub IaC plan uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC @@ -63,7 +63,7 @@ pwd ls env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -71,7 +71,7 @@ id: init run: terraform init env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -79,7 +79,7 @@ id: validate run: terraform validate env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -102,7 +102,7 @@ - name: Sleep for 60 seconds run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the ansible playbook + # Run the Ansibleplaybook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: diff --git a/.github/workflows/update_galaxy.yml b/.github/workflows/update_galaxy.yml index 55ec5666..f9352800 100644 --- a/.github/workflows/update_galaxy.yml +++ b/.github/workflows/update_galaxy.yml @@ -1,12 +1,8 @@ --- -# This is a basic workflow to help you get started with Actions - name: update galaxy -# Controls when the action will run. -# Triggers the workflow on merge request events to the main branch -on: # yamllint disable-line rule:truthy +on: push: branches: - main From 08f40e2a61a0fcb97d94e6fc6db4d5793245ba64 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Thu, 2 Nov 2023 08:52:35 +0000 Subject: [PATCH 2/5] updated typo Signed-off-by: Mark Bolwell --- .github/workflows/devel_pipeline_validation.yml | 2 +- .github/workflows/main_pipeline_validation.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml index 9fbe7aa8..39af625a 100644 --- a/.github/workflows/devel_pipeline_validation.yml +++ b/.github/workflows/devel_pipeline_validation.yml @@ -113,7 +113,7 @@ - name: Sleep for 60 seconds run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the Ansibleplaybook + # Run the Ansible playbook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml index 67ee9d90..8ded7018 100644 --- a/.github/workflows/main_pipeline_validation.yml +++ b/.github/workflows/main_pipeline_validation.yml @@ -102,7 +102,7 @@ - name: Sleep for 60 seconds run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the Ansibleplaybook + # Run the Ansible playbook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: From 5d018fc3ed332ed50e923ce4a9061b089123bb22 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Thu, 2 Nov 2023 08:53:43 +0000 Subject: [PATCH 3/5] tidy up precommit Signed-off-by: Mark Bolwell --- .config/.gitleaks-report.json | 1 - .pre-commit-config.yaml | 1 - 2 files changed, 2 deletions(-) delete mode 100644 .config/.gitleaks-report.json diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json deleted file mode 100644 index fe51488c..00000000 --- a/.config/.gitleaks-report.json +++ /dev/null @@ -1 +0,0 @@ -[] diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ed8fc85f..f2f732af 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,7 +34,6 @@ repos: hooks: - id: detect-secrets args: [ '--baseline', '.config/.secrets.baseline' ] - exclude: .config/.gitleaks-report.json - repo: https://github.com/gitleaks/gitleaks rev: v8.18.0 From 7fe13181feea897c4f745e409885dd8130ee2945 Mon Sep 17 00:00:00 2001 From: Jason Hendry Date: Mon, 6 Nov 2023 16:22:31 +1100 Subject: [PATCH 4/5] fix: #161 NTP should be a space-separated list of NTP server host names or IP addresses, instead of a json encoded list or objects. Also added the section label [Time] to fix the log message "/etc/systemd/timesyncd.conf.d/50-timesyncd.conf:8: Assignment outside of section. Ignoring." Signed-off-by: Jason Hendry --- templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 b/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 index b9f31fa0..593fa856 100644 --- a/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 +++ b/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 @@ -2,7 +2,8 @@ # Added as part of ansible-lockdown CIS baseline # provided by MindPointGroup LLC -NTP={{ ubtu22cis_time_pool }} +[Time] +NTP={% for pool in ubtu22cis_time_pool %}{{ pool.name }} {% endfor %} FallbackNTP={% for servers in ubtu22cis_time_servers %}{{ servers.name }} {% endfor %} From 05b4a9ed473b3596e2e7974b12f5cd99235cdb53 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:37:09 +0000 Subject: [PATCH 5/5] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/ansible-community/ansible-lint: v6.21.1 → v6.22.0](https://github.com/ansible-community/ansible-lint/compare/v6.21.1...v6.22.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ed8fc85f..7f46fadc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,7 +43,7 @@ repos: args: ['--baseline-path', '.config/.gitleaks-report.json'] - repo: https://github.com/ansible-community/ansible-lint - rev: v6.21.1 + rev: v6.22.0 hooks: - id: ansible-lint name: Ansible-lint