Refactor sectool usage in workflows to include configuration file and remove redundant sectool.json files

This commit is contained in:
2025-03-22 13:06:35 +01:00
parent 51d6229b03
commit 2657388998
13 changed files with 32 additions and 52 deletions
@@ -38,13 +38,13 @@ jobs:
CHANGED_FILES: ${{ steps.setup_env.outputs.CHANGED_FILES }}
run: |
cd ansible
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_login.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_cis.yml --skip-tags roles::cis::suid
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_encryption.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_microk8s.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_gitea.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_nextcloud.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_wordpress.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_m3uproxy.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_monitoring.yml
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_rustdesk.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_login.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_cis.yml --skip-tags roles::cis::suid
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_encryption.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_microk8s.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_gitea.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_nextcloud.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_wordpress.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_m3uproxy.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_monitoring.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_rustdesk.yml
+1 -1
View File
@@ -39,5 +39,5 @@ jobs:
run: |
cd ansible
for PLAYBOOK in $(echo $CHANGED_FILES | grep -oP 'playbook_\K\w+'); do
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml
done
@@ -41,5 +41,5 @@ jobs:
run: |
cd ansible
for PLAYBOOK in $(echo $CHANGED_FILES | grep -oP 'playbook_\K\w+'); do
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml -CD
sectool -f ../sectool.json exec ansible-playbook -u $ANSIBLE_USER playbook_$PLAYBOOK.yml -CD
done
@@ -31,5 +31,5 @@ jobs:
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
run: |
cd terraform/aws-iac
sectool exec terraform init
sectool exec terraform apply --auto-approve
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform apply --auto-approve
@@ -33,7 +33,7 @@ jobs:
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
run: |
cd terraform/aws-iac
sectool exec terraform init
sectool exec terraform validate
sectool exec terraform fmt -check
sectool exec terraform plan
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform validate
sectool -f ../../sectool.json exec terraform fmt -check
sectool -f ../../sectool.json exec terraform plan
+2 -2
View File
@@ -52,5 +52,5 @@ jobs:
run: |
cd terraform/iac
export TF_VAR_system_id=$SYSTEM_ID
sectool exec terraform init
sectool exec terraform apply --auto-approve
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform apply --auto-approve
@@ -54,7 +54,7 @@ jobs:
run: |
cd terraform/iac
export TF_VAR_system_id=$SYSTEM_ID
sectool exec terraform init
sectool exec terraform validate
sectool exec terraform fmt -check
sectool exec terraform plan
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform validate
sectool -f ../../sectool.json exec terraform fmt -check
sectool -f ../../sectool.json exec terraform plan
@@ -51,5 +51,5 @@ jobs:
SSH_AUTH_SOCK: ${{ steps.setup_ansible_env.outputs.ssh-auth-sock }}
run: |
cd terraform/k8sapps
sectool exec terraform init
sectool exec terraform apply --auto-approve
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform apply --auto-approve
@@ -51,7 +51,7 @@ jobs:
BW_ACCESS_TOKEN: ${{ secrets.BW_ACCESS_TOKEN }}
run: |
cd terraform/k8sapps
sectool exec terraform init
sectool exec terraform validate
sectool exec terraform fmt -check
sectool exec terraform plan
sectool -f ../../sectool.json exec terraform init
sectool -f ../../sectool.json exec terraform validate
sectool -f ../../sectool.json exec terraform fmt -check
sectool -f ../../sectool.json exec terraform plan
-7
View File
@@ -1,7 +0,0 @@
{
"provider": "bitwarden",
"bitwarden": {
"api_url": "https://api.bitwarden.eu",
"identity_url": "https://identity.bitwarden.eu"
}
}
+2 -1
View File
@@ -2,6 +2,7 @@
"provider": "bitwarden",
"bitwarden": {
"api_url": "https://api.bitwarden.eu",
"identity_url": "https://identity.bitwarden.eu"
"identity_url": "https://identity.bitwarden.eu",
"project": "c6bd56a4-9fec-4388-b74a-b2a100c0ae07"
}
}
-7
View File
@@ -1,7 +0,0 @@
{
"provider": "bitwarden",
"bitwarden": {
"api_url": "https://api.bitwarden.eu",
"identity_url": "https://identity.bitwarden.eu"
}
}
-7
View File
@@ -1,7 +0,0 @@
{
"provider": "bitwarden",
"bitwarden": {
"api_url": "https://api.bitwarden.eu",
"identity_url": "https://identity.bitwarden.eu"
}
}