mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-09-20 05:11:53 +00:00
27 lines
917 B
YAML
27 lines
917 B
YAML
- name: Verify
|
|
hosts: localhost
|
|
environment:
|
|
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
|
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
|
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
|
tasks:
|
|
- name: Execute cinc-auditor tests
|
|
command: >
|
|
docker run
|
|
--volume /run/docker.sock:/run/docker.sock
|
|
docker.io/cincproject/auditor exec
|
|
-t docker://instance
|
|
--no-show-progress --no-color
|
|
--no-distinct-exit https://github.com/dev-sec/nginx-baseline/archive/refs/heads/master.zip
|
|
register: test_results
|
|
changed_when: false
|
|
ignore_errors: true
|
|
|
|
- name: Display details about the cinc-auditor results
|
|
debug:
|
|
msg: "{{ test_results.stdout_lines }}"
|
|
|
|
- name: Fail when tests fail
|
|
fail:
|
|
msg: "Inspec failed to validate"
|
|
when: test_results.rc != 0
|