Refactor sectool usage in workflows to include configuration file and remove redundant sectool.json files
This commit is contained in:
@@ -38,13 +38,13 @@ jobs:
|
||||
CHANGED_FILES: ${{ steps.setup_env.outputs.CHANGED_FILES }}
|
||||
run: |
|
||||
cd ansible
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_login.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_cis.yml --skip-tags roles::cis::suid
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_encryption.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_microk8s.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_gitea.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_nextcloud.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_wordpress.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_m3uproxy.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_monitoring.yml
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_rustdesk.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_login.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_cis.yml --skip-tags roles::cis::suid
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_encryption.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_microk8s.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_gitea.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_nextcloud.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_wordpress.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_m3uproxy.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_monitoring.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_rustdesk.yml
|
||||
|
||||
@@ -39,5 +39,5 @@ jobs:
|
||||
run: |
|
||||
cd ansible
|
||||
for PLAYBOOK in $(echo $CHANGED_FILES | grep -oP 'playbook_\K\w+'); do
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml
|
||||
done
|
||||
|
||||
@@ -41,5 +41,5 @@ jobs:
|
||||
run: |
|
||||
cd ansible
|
||||
for PLAYBOOK in $(echo $CHANGED_FILES | grep -oP 'playbook_\K\w+'); do
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml -CD
|
||||
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml -CD
|
||||
done
|
||||
|
||||
@@ -31,5 +31,5 @@ jobs:
|
||||
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
|
||||
run: |
|
||||
cd terraform/aws-iac
|
||||
sectool exec terraform init
|
||||
sectool exec terraform apply --auto-approve
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform apply --auto-approve
|
||||
|
||||
@@ -33,7 +33,7 @@ jobs:
|
||||
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
|
||||
run: |
|
||||
cd terraform/aws-iac
|
||||
sectool exec terraform init
|
||||
sectool exec terraform validate
|
||||
sectool exec terraform fmt -check
|
||||
sectool exec terraform plan
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform validate
|
||||
sectool -f ../../sectool.json exec terraform fmt -check
|
||||
sectool -f ../../sectool.json exec terraform plan
|
||||
|
||||
@@ -52,5 +52,5 @@ jobs:
|
||||
run: |
|
||||
cd terraform/iac
|
||||
export TF_VAR_system_id=$SYSTEM_ID
|
||||
sectool exec terraform init
|
||||
sectool exec terraform apply --auto-approve
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform apply --auto-approve
|
||||
|
||||
@@ -54,7 +54,7 @@ jobs:
|
||||
run: |
|
||||
cd terraform/iac
|
||||
export TF_VAR_system_id=$SYSTEM_ID
|
||||
sectool exec terraform init
|
||||
sectool exec terraform validate
|
||||
sectool exec terraform fmt -check
|
||||
sectool exec terraform plan
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform validate
|
||||
sectool -f ../../sectool.json exec terraform fmt -check
|
||||
sectool -f ../../sectool.json exec terraform plan
|
||||
|
||||
@@ -51,5 +51,5 @@ jobs:
|
||||
SSH_AUTH_SOCK: ${{ steps.setup_ansible_env.outputs.ssh-auth-sock }}
|
||||
run: |
|
||||
cd terraform/k8sapps
|
||||
sectool exec terraform init
|
||||
sectool exec terraform apply --auto-approve
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform apply --auto-approve
|
||||
|
||||
@@ -51,7 +51,7 @@ jobs:
|
||||
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
|
||||
run: |
|
||||
cd terraform/k8sapps
|
||||
sectool exec terraform init
|
||||
sectool exec terraform validate
|
||||
sectool exec terraform fmt -check
|
||||
sectool exec terraform plan
|
||||
sectool -f ../../sectool.json exec terraform init
|
||||
sectool -f ../../sectool.json exec terraform validate
|
||||
sectool -f ../../sectool.json exec terraform fmt -check
|
||||
sectool -f ../../sectool.json exec terraform plan
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
{
|
||||
"provider": "bitwarden",
|
||||
"bitwarden": {
|
||||
"api_url": "https://api.bitwarden.eu",
|
||||
"identity_url": "https://identity.bitwarden.eu"
|
||||
}
|
||||
}
|
||||
+2
-1
@@ -2,6 +2,7 @@
|
||||
"provider": "bitwarden",
|
||||
"bitwarden": {
|
||||
"api_url": "https://api.bitwarden.eu",
|
||||
"identity_url": "https://identity.bitwarden.eu"
|
||||
"identity_url": "https://identity.bitwarden.eu",
|
||||
"project": "c6bd56a4-9fec-4388-b74a-b2a100c0ae07"
|
||||
}
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
{
|
||||
"provider": "bitwarden",
|
||||
"bitwarden": {
|
||||
"api_url": "https://api.bitwarden.eu",
|
||||
"identity_url": "https://identity.bitwarden.eu"
|
||||
}
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
{
|
||||
"provider": "bitwarden",
|
||||
"bitwarden": {
|
||||
"api_url": "https://api.bitwarden.eu",
|
||||
"identity_url": "https://identity.bitwarden.eu"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user