diff --git a/.gitignore b/.gitignore index 08d7f3e..542a744 100644 --- a/.gitignore +++ b/.gitignore @@ -161,3 +161,4 @@ cython_debug/ #.idea/ ansible/credentials/ terraform/mcaptcha/mcaptcha +sec/ diff --git a/.woodpecker.yml b/.woodpecker.yml index 23fa2b9..d7fd24e 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -3,16 +3,24 @@ steps: image: python:3-bookworm commands: - apt-get update - - apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping + - apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients + - echo ${TEST_NODE_SSH_KEY} > /tmp/ssh-key && chmod 600 /tmp/ssh-key + - cat /tmp/ssh-key + - eval "$(ssh-agent -s)" + - ssh-add /tmp/ssh-key + - ssh mcaptcha-ci@192.168.0.102 "echo f" + - virsh -c qemu+ssh://mcaptcha-ci@192.168.0.102/system?sshauth=privkey&no_verify=1 list - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg - chmod a+r /etc/apt/keyrings/opentofu.gpg - - echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list - echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list + - echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list + echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list - apt-get update - apt-get install -y tofu - - ping -c 10 192.168.0.102 - - ping -c 10 192.168.0.127 + - tofu -chdir=terraform/mcaptcha/ init + - tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha" + - tofu -chdir=terraform/mcaptcha/ apply mcaptcha -var-file="ci.tfvars" + - cd ../../ - pipx install --include-deps ansible - pipx ensurepath && echo $SHELL - /root/.local/bin/ansible-galaxy install -r ./ansible/requirements.yml @@ -20,3 +28,7 @@ steps: - pipx install --include-deps pytest-testinfra - cd tests/cache/ && py.test --verbose base.py - cd tests/mcaptcha/ && py.test --verbose base.py + - echo yes | tofu -chdir=terraform/mcaptcha/ destroy \ + -var-file="ci.tfvars" + - shred /tmp/ssh-key && rm /tmp/ssh-key + secrets: [TEST_NODE_SSH_KEY] diff --git a/terraform/mcaptcha/ci.tfvars b/terraform/mcaptcha/ci.tfvars new file mode 100644 index 0000000..3205632 --- /dev/null +++ b/terraform/mcaptcha/ci.tfvars @@ -0,0 +1,4 @@ +libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1" +#known_hosts_verify=ignore&keyfile=/tmp/ssh-key&sshauth=privkey&no_verify=1" +libvirt_pool_path = "/srv/libvirt/pool/mcaptcha_basic/" +libvirt_debian_src = "https://images.ci.mcaptcha.org/debian-12-generic-amd64.qcow2"