Refactor Molecule to support v24 (#14)

* add product codes for new agent versions * remove product codes for eol windows versions <23 * add Get-MSIProperties script to aid in gathering product codes * upgrade molecule to version 24.6 and refactor scenarios * remove deprecated molecule config from roles * refactor workflows for molecule 24.6 * set role-path to be optional * disable linting to test if refactor works * tweak pip install * set ansible version * fix variable * tweak ansible install * specifically install vagrant dependencies of molecule plugins * uninstall molecule-vagrant * force uninstall * revert install method for ansible * disable linting to validate refactor didn't break things * update action versions * comment molecule lint * increase win_async_startup_timeout * fix ansible-lint errors * test ansible-lint github action * manually configure ansible-lint * fixup yamllint to comply with ansible-lint * fix yamllint violations * fix lint errors * ansible-lit --fix * lint files * standardize role files on ansible-lint v24 rules * cleanup truthy and quotes in molecule scenarios * cleanup workspacefile * add runtime file * ansible-lint
Sentinel-One · Jul 29, 2024 · 78272b9 · 78272b9
1 parent 0eded10
commit 78272b9
Show file tree

Hide file tree

Showing 175 changed files with 1,777 additions and 4,357 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,39 @@
+---
+# .ansible-lint
+
+profile: production
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
+exclude_paths:
+  - .cache/ # implicit unless exclude_paths is defined in config
+  - .github
+
+# Mock modules or roles in order to pass ansible-playbook --syntax-check
+# mock_modules:
+#   - zuul_return
+#   # note the foo.bar is invalid as being neither a module or a collection
+#   - fake_namespace.fake_collection.fake_module
+#   - fake_namespace.fake_collection.fake_module.fake_submodule
+mock_roles:
+  - s1_agent_common
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  - var-naming[no-role-prefix]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - galaxy[version-incorrect]
+
+# Also recognize these versions of Ansible as supported:
+supported_ansible_also:
+  - "2.16"
diff --git a/.github/actions/ci-setup/action.yml b/.github/actions/ci-setup/action.yml
@@ -3,17 +3,17 @@ description: Sets up Python and Ansible for jobs during CI workflow
 
 inputs:
   ansible-version:
-    description: 'Ansible Version'
+    description: "Ansible Version"
     required: true
   python-version:
-    description: 'Python Version'
+    description: "Python Version"
     required: true
 
 runs:
   using: composite
   steps:
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ inputs.python-version }}
 
@@ -25,5 +25,6 @@ runs:
     - name: Install requirements for molecule tests
       shell: bash
       run: |
-        pip install molecule-vagrant yamllint ansible-lint flake8 pywinrm --disable-pip-version-check
+        pip uninstall molecule-vagrant --yes
+        pip install ansible-dev-tools pywinrm molecule molecule-plugins ansible-lint flake8 --disable-pip-version-check
         if [ -f requirements.txt ]; then pip install -r requirements.txt --disable-pip-version-check; fi
diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml
@@ -3,13 +3,13 @@ on:
   workflow_call:
     inputs:
       role-path:
-        description: 'Relative path to the role to be linted'
+        description: "Relative path to the role to be linted"
         type: string
         required: true
 
 jobs:
   molecule-lint:
-    name: 'ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})'
+    name: "ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})"
     runs-on: [self-hosted, Linux, X64, ansible-collection]
     env:
       ANSIBLE_FORCE_COLOR: 1 # allows ansible colors to be passed to GitHub Actions
@@ -20,15 +20,17 @@ jobs:
         versions:
           # ansible-core upstream development supports 3 releases at a time
           # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html
-          - ansible: stable-2.12 # EOL 2023-05-23
-            python: '3.10'
-          - ansible: stable-2.13 # EOL 2023-11-06
-            python: '3.10'
-          - ansible: stable-2.14 # EOL 2024-05-20
-            python: '3.10'
+          # - ansible: stable-2.12 # EOL 2023-05-23
+          #   python: '3.10'
+          # - ansible: stable-2.13 # EOL 2023-11-06
+          #   python: '3.10'
+          # - ansible: stable-2.14 # EOL 2024-05-20
+          #   python: '3.10'
+          - ansible: stable-2.16
+            python: "3.12"
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up environment
         uses: ./.github/actions/ci-setup
@@ -42,5 +44,5 @@ jobs:
           echo ${PWD} &&
           molecule --version &&
           ansible --version &&
-          molecule lint
+          ansible-lint --profile production
         working-directory: ${{ inputs.role-path }}
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   push:
     tags:
-      - '*.*.*'
+      - "*.*.*"
 
 permissions:
   contents: write
@@ -19,13 +19,12 @@ jobs:
         versions:
           # ansible-core upstream development supports 3 releases at a time
           # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html
-          - ansible: stable-2.14 # EOL 2024-05-20
-            python: '3.10'
+          - ansible: stable-2.16
+            python: "3.12"
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
-
+        uses: actions/checkout@v4
       - name: Set up environment
         uses: ./.github/actions/ci-setup
         with:

diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
@@ -3,15 +3,15 @@ on:
   workflow_call:
     inputs:
       box-distribution:
-        description: 'Vagrant Box Operating System'
+        description: "Vagrant Box Operating System"
         type: string
         required: true
       box-repository:
-        description: 'Vagrant Box repository'
+        description: "Vagrant Box repository"
         type: string
         required: true
       ansible-connection:
-        description: 'Ansible connection type for connecting to the Box'
+        description: "Ansible connection type for connecting to the Box"
         type: string
         required: false
         default: ssh
@@ -21,35 +21,38 @@ on:
         required: false
         default: Linux
       display-name:
-        description: 'OS Name to display in workflow steps'
+        description: "OS Name to display in workflow steps"
         type: string
         required: true
       scenario-name:
-        description: 'Name of the molecule scenario to execute'
+        description: "Name of the molecule scenario to execute"
         type: string
-        required: false
-        default: default
+        required: true
+        # default: default
       role-path:
-        description: 'Relative path to the role to be linted'
+        description: "Relative path to the role to be linted"
         type: string
-        required: true
+        required: false
+        default: extensions
 
 jobs:
   molecule-test:
-    name: 'ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})'
+    name: "ansible-${{ matrix.versions.ansible }} (Python: ${{ matrix.versions.python }})"
     runs-on: [self-hosted, Linux, X64, ansible-collection]
     strategy:
       fail-fast: false
       matrix:
         versions:
           # ansible-core upstream development supports 3 releases at a time
           # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html
-          - ansible: stable-2.12 # EOL 2023-05-23
-            python: '3.10'
-          - ansible: stable-2.13 # EOL 2023-11-06
-            python: '3.10'
-          - ansible: stable-2.14 # EOL 2024-05-20
-            python: '3.10'
+          # - ansible: stable-2.12 # EOL 2023-05-23
+          #   python: '3.10'
+          # - ansible: stable-2.13 # EOL 2023-11-06
+          #   python: '3.10'
+          # - ansible: stable-2.14 # EOL 2024-05-20
+          #   python: '3.10'
+          - ansible: stable-2.16 # EOL 2025-05 - last version to support Python <3.7
+            python: "3.12"
     env:
       ANSIBLE_FORCE_COLOR: 1 # allows ansible colors to be passed to GitHub Actions
       PY_COLORS: 1 # allows molecule colors to be passed to GitHub Actions
@@ -62,7 +65,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up environment
         uses: ./.github/actions/ci-setup

diff --git a/.github/workflows/s1_agent_common.yml b/.github/workflows/s1_agent_common.yml
@@ -2,33 +2,35 @@ name: S1 Agent Common
 on:
   push:
     branches:
-      - 'release/**'
+      - "release/**"
     paths:
-      - 'roles/s1_agent_common/**'
-      - '!roles/s1_agent_common/README.md'
-      - '!roles/s1_agent_common/makefile'
-      - '.github/workflows/s1_agent_common.yml'
-      - '.github/workflows/ci-*.yml'
-      - '!.github/workflows/ci-release.yml'
-      - '!.github/workflows/ci-release.yml'
-      - '.github/actions/ci-setup/action.yml'
-      - 'requirements.yml'
+      - "roles/s1_agent_common/**"
+      - "!roles/s1_agent_common/README.md"
+      - "!roles/s1_agent_common/makefile"
+      - "extensions/molecule/common"
+      - ".github/workflows/s1_agent_common.yml"
+      - ".github/workflows/ci-*.yml"
+      - "!.github/workflows/ci-release.yml"
+      - "!.github/workflows/ci-release.yml"
+      - ".github/actions/ci-setup/action.yml"
+      - "requirements.yml"
   pull_request:
     branches:
-      - 'main'
+      - "main"
     types:
       - opened
       - synchronize
       - ready_for_review
     paths:
-      - 'roles/s1_agent_common/**'
-      - '!roles/s1_agent_common/README.md'
-      - '!roles/s1_agent_common/makefile'
-      - '.github/workflows/s1_agent_common.yml'
-      - '.github/workflows/ci-*.yml'
-      - '!.github/workflows/ci-release.yml'
-      - '.github/actions/ci-setup/actions.yml'
-      - 'requirements.yml'
+      - "roles/s1_agent_common/**"
+      - "!roles/s1_agent_common/README.md"
+      - "!roles/s1_agent_common/makefile"
+      - "extensions/molecule/common"
+      - ".github/workflows/s1_agent_common.yml"
+      - ".github/workflows/ci-*.yml"
+      - "!.github/workflows/ci-release.yml"
+      - ".github/actions/ci-setup/actions.yml"
+      - "requirements.yml"
   workflow_dispatch:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -41,7 +43,7 @@ jobs:
       role-path: ./roles/s1_agent_common
 
   call-ci-test:
-    name: 'Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})'
+    name: "Test: ${{ matrix.boxes.display_name }} (${{ matrix.scenario-name }})"
     needs: call-ci-lint
     uses: ./.github/workflows/ci-test.yml
     strategy:
@@ -61,28 +63,27 @@ jobs:
             display_name: Server 2022
             connection: ssh
             group: Windows
-          - distribution: WindowsServer2012R2
-            repository: jborean93
-            display_name: Server 2012r2
-            connection: winrm
+          # - distribution: WindowsServer2012R2
+          #   repository: jborean93
+          #   display_name: Server 2012r2
+          #   connection: winrm
         scenario-name:
-          - default
-          - winrm_default
-        exclude:
-          # OpenSSH is not supported on Windows Server 2012r2. We need to use
-          # custom scenarios configured for winrm connections. Exclude normal
-          # scenarios for winrm connections and winrm_* scenarios for ssh
-          # connections.
-          - { boxes: { connection: winrm }, scenario-name: default }
-          - { boxes: { connection: ssh }, scenario-name: winrm_default }
+          - common
+        # exclude:
+        #   # OpenSSH is not supported on Windows Server 2012r2. We need to use
+        #   # custom scenarios configured for winrm connections. Exclude normal
+        #   # scenarios for winrm connections and winrm_* scenarios for ssh
+        #   # connections.
+        #   - { boxes: { connection: winrm }, scenario-name: default }
+        #   - { boxes: { connection: ssh }, scenario-name: winrm_default }
     with:
       box-distribution: ${{ matrix.boxes.distribution }}
       box-repository: ${{ matrix.boxes.repository }}
       ansible-connection: ${{ matrix.boxes.connection }}
       ansible-group: ${{ matrix.boxes.group }}
       display-name: ${{ matrix.boxes.display_name }}
       scenario-name: ${{ matrix.scenario-name }}
-      role-path: ./roles/s1_agent_common
+      # role-path: ./roles/s1_agent_common
     secrets: inherit
 
   call-ci-assert: