Add GitHub Actions

Add GitHub Actions as CI.

.github/workflows/CI.yml

@@ -0,0 +1,42 @@
+---
+name: Test deployment
+'on':
+  pull_request:
+  push:
+  schedule:
+    # Run every Wednesday at 01:42
+    - cron: "42 1 * * 3"
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out codebase
+        uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - name: Install dependencies
+        run: pip3 install yamllint
+      - name: Lint repository
+        run: yamllint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - name: Install dependencies
+        run: pip3 install ansible molecule[docker] docker pytest testinfra
+      - name: Run Molecule
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'

.gitignore

@@ -0,0 +1,2 @@
+# Python cache
+__pycache__

handlers/main.yml

@@ -3,7 +3,7 @@
 
 
 - name: restart pureftpd
-  service:
+  systemd:
     name: "{{pureftpd_service}}"
     state: restarted
 

molecule/default/converge.yml

@@ -0,0 +1,25 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include geekoops-pureftpd"
+      include_role:
+        name: "geekoops-pureftpd"
+    ## Setup test enviroment
+    # Test file 1 is accessible (0754), test file 2 not (0750)
+    - name: Deploy test file
+      copy:
+        content: |
+          Happy test file
+        dest: "{{ftp_dir}}/testfile.txt"
+        group: "root"
+        owner: "root"
+        mode: 0754
+    - name: Deploy secrets test file
+      copy:
+        content: |
+          Password: 12345
+        dest: "{{ftp_dir}}/secrets.txt"
+        group: "root"
+        owner: "root"
+        mode: 0750

molecule/default/molecule.yml

@@ -0,0 +1,30 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: leap15_2
+    image: grisu48/leap-ansible
+    pre_build_image: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    capabilities:
+      - SYS_ADMIN
+    privileged: true
+    tmpfs:
+      - /run
+      - /tmp
+provisioner:
+  name: ansible
+  inventory:
+    host_vars:
+      leap15_2:
+        ftp_dir: "/srv/ftp"
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+lint: |
+  set -e
+  yamllint .

molecule/default/tests/test_default.py

@@ -0,0 +1,17 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+
+
+import testinfra.utils.ansible_runner
+import os
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+ 
+def test_ftp(host):
+	cmd = host.run("curl -v ftp://127.0.0.1/testfile.txt")
+	assert cmd.succeeded
+	assert "Happy test file" in cmd.stdout
+	cmd = host.run("curl -v ftp://127.0.0.1/secrets.txt")
+	assert cmd.failed
+	assert "550" in cmd.stderr
+

tasks/firewall.yml

@@ -1,7 +1,7 @@
 ---
 # Configure firewall
 
-- name: Ensure ftp service is enabled
+- name: Ensure ftp is enabled in firewall
   firewalld:
     zone: "{{firewall_zone}}"
     service: ftp

tasks/main.yml

@@ -20,7 +20,7 @@
     group: root
     mode: 0744
   notify: restart pureftpd
-- name: Ensure PureFTPd service is enabled
+- name: Ensure PureFTPd service is started and enabled
   systemd:
     name: "{{pureftpd_service}}"
     state: started