Restrict frontend access to CDNs, monitoring and admins #4152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Kitchen | |
on: | |
- push | |
- pull_request | |
- workflow_dispatch | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
kitchen: | |
name: Test Kitchen | |
runs-on: ubuntu-22.04 | |
permissions: | |
packages: read | |
strategy: | |
matrix: | |
suite: | |
- accounts | |
- apache | |
- apt | |
- backup | |
- bind | |
- blog | |
- blogs | |
- chef | |
- civicrm | |
- clamav | |
- community | |
- db-backup | |
- db-base | |
- db-master | |
- db-slave | |
- devices | |
- dhcpd | |
- dmca | |
- dns | |
- docker | |
- elasticsearch | |
- exim | |
- fail2ban | |
- foundation-board | |
- foundation-dwg | |
- foundation-mastodon | |
- foundation-mwg | |
- foundation-owg | |
- foundation-welcome | |
- foundation-wiki | |
- ftp | |
- geodns | |
- geoipupdate | |
- git | |
- git-server | |
- git-web | |
- gps-tile | |
- hardware | |
- hot | |
- ideditor | |
- irc | |
- kibana | |
- letsencrypt | |
- logstash | |
- logstash-forwarder | |
- mailman | |
- matomo | |
- memcached | |
- mysql | |
- networking | |
- nginx | |
- nodejs | |
- nominatim | |
- ntp | |
- openssh | |
- osmosis | |
- osqa | |
- otrs | |
- overpass | |
- passenger | |
- php | |
- php-apache | |
- php-fpm | |
- planet | |
- planet-aws | |
- planet-current | |
- planet-dump | |
- planet-notes | |
- planet-replication | |
- postgresql | |
- prometheus | |
- prometheus-server | |
- python | |
- rsyncd | |
- serverinfo | |
- snmpd | |
- spamassassin | |
- ssl | |
- stateofthemap-container | |
- stateofthemap-wordpress | |
- subversion | |
- supybot | |
- switch2osm | |
- sysctl | |
- sysfs | |
- taginfo | |
- tile | |
- tilelog | |
- tools | |
- trac | |
- web-cgimap | |
- web-frontend | |
- web-rails | |
- wordpress | |
- wiki | |
os: | |
- ubuntu-2204 | |
include: | |
- os: ubuntu-2004 | |
suite: mailman | |
- os: ubuntu-2004 | |
suite: osqa | |
- os: debian-12 | |
suite: dns | |
- os: debian-12 | |
suite: git-server | |
- os: debian-12 | |
suite: git-web | |
- os: debian-12 | |
suite: imagery-tiler | |
- os: debian-12 | |
suite: letsencrypt | |
- os: debian-12 | |
suite: otrs | |
- os: debian-12 | |
suite: serverinfo | |
- os: debian-12 | |
suite: supybot | |
exclude: | |
- suite: dns | |
os: ubuntu-2204 | |
- suite: git-server | |
os: ubuntu-2204 | |
- suite: git-web | |
os: ubuntu-2204 | |
- suite: mailman | |
os: ubuntu-2204 | |
- suite: letsencrypt | |
os: ubuntu-2204 | |
- suite: osqa | |
os: ubuntu-2204 | |
- suite: otrs | |
os: ubuntu-2204 | |
- suite: serverinfo | |
os: ubuntu-2204 | |
- suite: supybot | |
os: ubuntu-2204 | |
fail-fast: false | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 3.1 | |
bundler-cache: true | |
- name: Run kitchen test ${{ matrix.suite }}-${{ matrix.os }} | |
run: bundle exec kitchen test ${{ matrix.suite }}-${{ matrix.os }} | |
- name: Gather journal output | |
run: | | |
bundle exec kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl --since=yesterday" | |
bundle exec kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "networkctl status --all" | |
bundle exec kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "resolvectl status" || true | |
if: ${{ failure() }} |