ansible-collection-hardening/.github/workflows/nginx_hardening.yml

---
name: "devsec.nginx_hardening"
on:  # yamllint disable-line rule:truthy
  workflow_dispatch:
  push:
    branches: [master]
    paths:
      - 'roles/nginx_hardening/**'
      - 'molecule/nginx_hardening/**'
      - '.github/workflows/nginx_hardening.yml'
  pull_request:
    branches: [master]
    paths:
      - 'roles/nginx_hardening/**'
      - 'molecule/nginx_hardening/**'
      - '.github/workflows/nginx_hardening.yml'
  schedule:
    - cron: '0 6 * * 1'

concurrency:
  group: >-
    ${{ github.workflow }}-${{
      github.event.pull_request.number || github.sha
    }}    
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      PY_COLORS: 1
      ANSIBLE_FORCE_COLOR: 1
    strategy:
      fail-fast: false
      matrix:
        molecule_distro:
          - centos7
          - centosstream8
          - centosstream9
          - rocky8
          - rocky9
          - ubuntu1804
          - ubuntu2004
          - ubuntu2204
          - debian10
          - debian11
          - debian12
          - amazon2023
          # - arch  # needs to be fixed
          # - opensuse_tumbleweed  # needs to be fixed
          # - fedora  # no support from geerlingguy role
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
        with:
          path: ansible_collections/devsec/hardening
          submodules: true

      - name: Set up Python 3.11
        uses: actions/setup-python@v4
        with:
          python-version: 3.11

      - name: Install dependencies
        run: |
          sudo apt install git
          python -m pip install --no-cache-dir --upgrade pip
          pip install -r requirements.txt          
        working-directory: ansible_collections/devsec/hardening

      - name: Test with molecule
        run: |
          molecule --version
          molecule test -s nginx_hardening          
        env:
          MOLECULE_DISTRO: ${{ matrix.molecule_distro }}
        working-directory: ansible_collections/devsec/hardening