Mirrors/ansible-collection-hardening

mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00

Author	SHA1	Message	Date
Martin Schurz	ba1ab8fdfc	fix release workflow Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2024-07-25 11:31:18 +02:00
Sebastian Gumprich	059f9fe96c	try to fix release workflow Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2024-07-03 15:56:05 +02:00
Sebastian Gumprich	d0d438faa4	try to fix release workflow Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2024-07-03 15:49:58 +02:00
Martin Schurz	77de9435fa	remove freebsd12 Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2024-07-02 17:31:22 +02:00
renovate[bot]	563f1833df	chore(deps): pin dependencies Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-06-25 04:51:04 +00:00
Sebastian Gumprich	60de0ab50b	centos8 stream is eol (#770 ) Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2024-06-04 10:10:19 +02:00
Sebastian Gumprich	296f46cc80	centos7 is eol, remove it (#767 ) * centos7 is eol, remove it Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> * change workflow to update readmes when meta/main.yml is changed Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> * remove mention of centos 7 from readme Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> --------- Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2024-05-31 11:25:01 +02:00
Sebastian Gumprich	346ead4455	fix spelling Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2024-05-30 15:07:27 +02:00
Florian Greinacher	16e86125e9	ci: define permissions for enforce-labels workflow Explicitely stating required permissions is considered best practice. This case was detected by Poutine, see https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/default_permissions_on_risky_events.md. Signed-off-by: Florian Greinacher <florian@greinacher.de>	2024-05-06 06:40:19 +00:00
renovate[bot]	0740ebf041	Update ansible/ansible-lint action to v24 (#745 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-02-07 21:32:14 +01:00
Martin Schurz	4a25f72076	Skip update if box is not present Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2024-02-04 16:11:28 +01:00
Martin Schurz	7a76975d01	Skip update if box is not present Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2024-02-04 15:55:31 +01:00
Martin Schurz	063f3190b8	Always update Vagrant Boxes before using Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2024-02-04 15:42:09 +01:00
Sebastian Gumprich	81e177b80c	release only on releases, not pre-releases (#738 )	2023-12-22 10:54:13 +01:00
schurzi	e7bad430f2	Merge pull request #733 from dev-sec/renovate/actions-setup-python-5.x Update actions/setup-python action to v5	2023-12-10 11:10:36 +01:00
Sebastian Gumprich	05cc027919	fix linting for github config (#736 ) Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>	2023-12-08 09:31:05 +01:00
schurzi	b9a0e65e19	Merge pull request #730 from dev-sec/labeler5 update labeler to new config format	2023-12-07 09:32:28 +01:00
renovate[bot]	459113a1e6	Update actions/setup-python action to v5 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-06 13:19:19 +00:00
Martin Schurz	e00716df62	fix lint findings Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-06 11:36:08 +01:00
Martin Schurz	f4500457fa	extend action triggers Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-06 11:09:24 +01:00
Martin Schurz	db437c79f5	extend action triggers Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-06 11:00:22 +01:00
Martin Schurz	099145c9b3	remove excludes Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-06 10:58:26 +01:00
Martin Schurz	9862676ecf	use new ansible-lint action Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-06 10:57:45 +01:00
Martin Schurz	6ef52a125d	use base branch Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-05 21:46:15 +01:00
Martin Schurz	bde286fe47	update config Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-05 21:42:01 +01:00
Martin Schurz	a58fc24301	use correct tag Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-05 21:38:36 +01:00
Martin Schurz	12240fea63	test labler Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-05 21:37:36 +01:00
Martin Schurz	82a0188b8c	update labeler to new config format Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-12-05 21:31:37 +01:00
Martin Schurz	571cec1a5c	re-add vm tests Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-21 22:12:50 +01:00
Martin Schurz	84c43c0550	limit tests to some distros Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-21 21:27:23 +01:00
Martin Schurz	aae720c977	update python version for all tests Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-21 12:23:49 +01:00
Martin Schurz	addbbd32cf	run tests on update of dependencied Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-21 12:22:47 +01:00
Martin Schurz	01cc9c811f	update python versions for testing Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-21 12:22:47 +01:00
schurzi	3d98cbf67b	add testing and support for current versions of Fedora and FreeBSD (#709 ) * add testing and support for current versions of Fedora and FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * add waivers for FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * use original fedora images Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * also harden /home mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * also harden /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * test mock efi directory Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * remove mock Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * umount efi Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * add /tmp to special mountpoints Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * set options for /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * create /tmp mount Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * create /tmp mount and mount it ... Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * make fewer changes to default test run Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * use correct Ansible var Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> --------- Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-16 09:14:03 +01:00
schurzi	57d2d524b3	add temporary fix for nginx ci tests (#710 ) Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-12 12:41:15 +01:00
Martin Schurz	655cb49630	add note to temporary fix Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-12 10:00:33 +01:00
Martin Schurz	219ec1938b	try symlink fix Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-11 15:37:25 +01:00
Martin Schurz	665edd5157	re-add working directories Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-11 15:37:25 +01:00
Martin Schurz	4756a620f2	reduce dir dependencies Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-11-11 15:37:02 +01:00
Moritz	8252b82764	fix: roles-readme action default value (#706 ) * fix: default value for push-branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * docs(ssh_hardening): meta arguments desc Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: split checkout for forked repos in pull requests Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push not on pr and added diff Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> --------- Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com>	2023-10-26 10:43:10 +02:00
Moritz	1b0576695e	feat: workflow for roles readme (#705 ) * chore: added aar_doc config Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: added initial state of roles readme workflow Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: runs on Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: install poetry Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: loop over all roles and install peotry with pip Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: working dir for poetry run Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: cli path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: scale down matrix loop for testing Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: poetry run for py execution command Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: work dir for poetry run Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: cli.py path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: roles path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: push readme Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: on push branch master Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: uncomment other roles Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: limit trigger to master and arguments Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push branch name Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * refactor: simplify steps Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * style: linting and styling Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: trigger for pull request Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push only if ref is master Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: output diff of generated README Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push readme in pull request Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * docs: role var description text Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: aar_doc roles path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: git diff Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: fetch all history and changed diff branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: run diff only for pr Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: remove fetch-depth and switch to normal diff Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: remove diff and set push-branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: head_ref with default ref_name for push-branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> --------- Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2023-10-25 15:10:02 +02:00
renovate[bot]	b01789b14b	chore(deps): update actions/checkout action to v4 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-10-19 10:32:39 +00:00
Sebastian Gumprich	3bdd8c851e	test debian12 on VM (#695 ) Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>	2023-09-22 09:22:27 +02:00
Sebastian Gumprich	ef5e8801e4	add debian 12 support (#684 ) * add debian 12 support Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * temp disable pam-checks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove debian12 from vagrant tests as there's no box yet Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * use new pam-tester from pip Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * use new pam-tester from pip Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add setuptoolks to pam-tester install Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add setuptoolks to pam-tester install Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add setuptoolks to pam-tester install Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add setuptoolks to pam-tester install Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * install pam-tester with python3 and use full path to it Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * install python3-setupttools in verify-tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix path for pam-tester in all tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * set python interpreter to 3 for verify-tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * Revert "set python interpreter to 3 for verify-tests" This reverts commit `00b6556e33`. * add back accidentally deleted tasks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-08-04 12:59:40 +02:00
Nejc Habjan	dd215ba310	feat: explicitly support Fedora 37 and 38 (#682 ) Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>	2023-06-12 14:18:32 +02:00
Martin Schurz	74c76b8240	correct workflow name and use main version Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-16 22:57:44 +02:00
Martin Schurz	cd56c017ba	add parameter for skipped words Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-16 22:54:43 +02:00
Martin Schurz	93ddd4b45e	use shared workflow Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-16 22:49:53 +02:00
Martin Schurz	7259d6b5fd	fix spelling errors Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-14 23:51:53 +02:00
Martin Schurz	edcada16e4	add spellchecking with codespell Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-14 23:34:05 +02:00

1 2 3

140 commits