Gitlab migration pr devel 2.x (#2737)

gregharvey · drazenCE · matej5 · web-flow · commit 0a76366f3a68 · 2025-10-06T18:54:42.000+02:00
* Fixing-email-title-for-backup-validation (#2657) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Adding-task-to-create-aurora-cluster (#2659) * Adding-task-to-create-aurora-cluster * Adding-region-profile-and-tags-to-aurora-cluster * Updating-engine-for-aurora-cluster * Updating-parameter-group-engine * Updating-engine-version * Updating-engine-version-2 * Disabling-automated-backups * Disabling-automated-backups-2 * Disabling-automated-backups-3 * Disabling-automated-backups-4 * Skipping-task-if-not-aurora * Adding-subnet-group-to-instances * Adding-subnet-group-to-instances * Updating-SG-return-values * Updating-SG-return-values-2 * Updating-SG-return-values-3 * Updating-SG-return-values-4 * Updating-SG-return-value-debug * Updating-SG-return-value-debug-2 * Updating-SG-return-value-debug-3 * Removing-debug-tasks * Removing-init-var-for-SG-list * Adding-character-set-option --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Fixing truthy variable mistakes. (#2662) * Fixing installer variable bug. * Fixing tests for external PRs. * Testing with a fork. * Adding repo owner's username into installer string. * Refactoring config repo detection to simplify. * No longer permitted to use an integer as a truthy value. * No longer permitted to use existence check as a truthy value. * Can't see a reason why linotp var shouldn't be a boolean. * No longer permitted to use existence check as a truthy value. * Fixing truthy errors in ce_deploy role. * No longer permitted to use an integer as a truthy value. * feat(php): Add FPM slow logrotate (#2625) * feat(php): Support removal of APCU, add FPM slow logrotate * simplify condition * revert apcu installed setting, not needed * r73458-install-php-gmp-by-default2 (#2667) * r73458-install-php-gmp-by-default2 * re-add required packages * Wazuh-mitre-report-setup (#2588) * Wazuh-mitre-report-setup * Wazuh-mitre-shellshock-longurl-block * Fixing-vars * Wazuh-mitre-report-setup-PR-2.x * Wazuh mitre report setup pr 2.x (#2669) * Wazuh-mitre-report-setup * Wazuh-mitre-shellshock-longurl-block * Fixing-vars * Wazuh-mitre-report-setup-PR-2.x * Wazuh-mitre-report-setup-PR-2.x * pin_ansible_version (#2671) * pin_ansible_version * pin_ansible_version * pin_ansible_version * pin_ansible_version * pin_ansible_version_fix_upgrade_timer * pin_ansible_version_fix_upgrade_timer * pin_ansible_version_fix_upgrade_timer * pin_ansible_version_disable_upgrade_timer * pin_ansible_version_disable_upgrade_timer * pin_ansible_version_disable_upgrade_timer * pin_ansible_version_disable_upgrade_timer * Fixing-ce-provision-vars (#2678) * Updating-string (#2507) * Updating-string * Updating-string-3 --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Added-tasks-to-backup-Aurora-and-copy-AMI-to-safe-region (#2682) * Added-tasks-to-backup-Aurora-and-copy-AMI-to-safe-region * Fixing-aurora-backup-tasks * Fixing-aurora-backup-tasks-2 * Fixing-aurora-backup-tasks-3 * Fixing-aurora-backup-tasks-5 * Adding-aurora-template * Updating-aurora-vars * Adding-handler-to-defaults-for-CF --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * SG-creation-update (#2605) * SG-creation-update * Updating-lambda-tasks-to-handle-various-file-options * Updating-lambda-tasks-for-url-handling * Updating-aws_admin_tools-for-aws_lambda * Updating-aws_admin_tools-for-aws_lambda * Setting-loop-item * Setting-loop-item-2 * Updating-vpc-sec-group-vars * Removing-extra-vars-for-git-module * Adding-default-for-git_url * Cleaning-up-tasks * Updating-ansible-lint * Updating-ansible-lint * Ommiting-name-if-no-sec_group-name-defined * Removing-loop-var --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Fixing-copy-AMI-to-backup-region (#2684) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Fixing-ami-copy-task (#2686) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Bug fixes pr 2.x (#2690) * Fixing installer variable bug. * Fixing tests for external PRs. * Testing with a fork. * Adding repo owner's username into installer string. * Refactoring config repo detection to simplify. * No longer permitted to use an integer as a truthy value. * No longer permitted to use existence check as a truthy value. * Can't see a reason why linotp var shouldn't be a boolean. * No longer permitted to use existence check as a truthy value. * Fixing truthy errors in ce_deploy role. * No longer permitted to use an integer as a truthy value. * Updating clamav command to use flock avoiding duplicate processes running. * 73569 allowing webp nginx pr 2.x (#2692) * allowing webp extension * adding webp mime type --------- Co-authored-by: filip <filip.rupic@codeenigma.com> * extending provision.sh to support tags in plays (#2431) Co-authored-by: filip <filip.rupic@codeenigma.com> * Adding-option-for-Aurora-RDS-for-backup-validation (#2635) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Fixing-aws_vpc-override (#2688) * Fixing-aws_vpc-override * Adding-defaults * Fixing-register-command * Defaulting-tags * Defaulting-tags-2 * Updating-region * Updating-iam_role-vars * Updating-iam_role-vars-2 * Updating-when-statement * Updating-when-statement-for-backups * Updating-when-statement-for-iam-policy * Updating-when-statement-for-iam-policy * Updating-vars-for-SG-creation * Updating-when-statement-for-iam-role * Updating-handle-git-url * Updating-handle-git-url-2 * Updating-handle-git-url-3 * Updating-handle-git-url-4 * Updating-handle-git-url-5 * Updating-handle-git-url-6 * Updating-handle-git-url-7 * Fixing-indentation --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Updating-pam-ldap-condition (#2695) * Updating-pam-ldap-condition * Updating-pam-ldap-condition-PR-2.x * Nslcd-nscd-restart (#2693) * Fixing-varnish-pinning (#2710) * Bug fixes pr 2.x (#2698) * Fixing installer variable bug. * Fixing tests for external PRs. * Testing with a fork. * Adding repo owner's username into installer string. * Refactoring config repo detection to simplify. * No longer permitted to use an integer as a truthy value. * No longer permitted to use existence check as a truthy value. * Can't see a reason why linotp var shouldn't be a boolean. * No longer permitted to use existence check as a truthy value. * Fixing truthy errors in ce_deploy role. * No longer permitted to use an integer as a truthy value. * Updating clamav command to use flock avoiding duplicate processes running. * More truthy length fixes. * Fixing more LDAP role truthy issues. * Slight block refactor for LDAP. * DN length check should not be negated. * Forgot to add the length filter. * Another boolean Ansible 12 error in AMI role. * ALB port must be cast as a string for RedirectAction. * Setting the correct Jinja filter, it's string, not str. * Fixing more Ansible 12 length issues in autoscale role. * Simplifying ASG role by refactoring into blocks. * Further simplifying ASG CloudFront block. * Scaling rules refactor needs work. * Scaling policies list needs to be defined in case it is empty and we try to concatenate. * Enhancing installer to accept an Ansible version and putting Ansible 12 back into GitHub Actions containers. * Trying a different approach to defaulting the venv username. * Removing default() filter from python_pip_packages role. * Fixing up the ce_ansible role for Ansible 12. * Removing unnecessary from_json filter from CloudFront acc ID lookup. * Adding-cyphers-nginx-template (#2679) * Fixing-when-statement (#2700) * Fixing-when-statement * Updating-LE-tasks * Adding-from_json-for-systemd-timers * Adding-from_json-for-systemd-timers-2 * Removin-from_json-for-systemd-timers * Updating-pam_ldap-when-statements * Updating-pam_ldap-when-statements-2 * Updated-Backup-validation-role * Updated-trusted-entity-file-name * Updated-event-patterns * Dropped-default-aurora-retention-to-1 * Bug-fixes * Moving-iam-policy * Moving-iam-policy-2 * Updating-tasks * Updating-tasks-2 * Updating-return-value * Updating-file-names * Updating-file-names-2 * Updating-file-names-3 * Updating-file-names-4 * Adding-debug * Adding-debug-2 * Adding-debug-3 * Updating-source-for-iam * Updating-source-for-iam * Removing-handle-zip-for-lambda * Updating-regex-search * Updating-regex-search * Updating-lambda-function-handling * Updating-lambda-function-handling * Updating-lambda-function-handling-2 * Updating-event-bridge-role-arn * Updating-event-bridge-role-arn-2 * Moving-functions-to-gitlab * Updating-event-pattern * Updating-iam-role * Updating-iam-role-2 * Updating-defaults * Removing-files * Adding-LE-vars-for-apache --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> Co-authored-by: Greg Harvey <greg.harvey@gmail.com> * Bug fixes pr 2.x (#2714) * Fixing installer variable bug. * Fixing tests for external PRs. * Testing with a fork. * Adding repo owner's username into installer string. * Refactoring config repo detection to simplify. * No longer permitted to use an integer as a truthy value. * No longer permitted to use existence check as a truthy value. * Can't see a reason why linotp var shouldn't be a boolean. * No longer permitted to use existence check as a truthy value. * Fixing truthy errors in ce_deploy role. * No longer permitted to use an integer as a truthy value. * Updating clamav command to use flock avoiding duplicate processes running. * More truthy length fixes. * Fixing more LDAP role truthy issues. * Slight block refactor for LDAP. * DN length check should not be negated. * Forgot to add the length filter. * Another boolean Ansible 12 error in AMI role. * ALB port must be cast as a string for RedirectAction. * Setting the correct Jinja filter, it's string, not str. * Fixing more Ansible 12 length issues in autoscale role. * Simplifying ASG role by refactoring into blocks. * Further simplifying ASG CloudFront block. * Scaling rules refactor needs work. * Scaling policies list needs to be defined in case it is empty and we try to concatenate. * Enhancing installer to accept an Ansible version and putting Ansible 12 back into GitHub Actions containers. * Trying a different approach to defaulting the venv username. * Removing default() filter from python_pip_packages role. * Fixing up the ce_ansible role for Ansible 12. * Removing unnecessary from_json filter from CloudFront acc ID lookup. * Trying to fix AWS standalone builds. * Bug fixes pr 2.x (#2717) * Fixing installer variable bug. * Fixing tests for external PRs. * Testing with a fork. * Adding repo owner's username into installer string. * Refactoring config repo detection to simplify. * No longer permitted to use an integer as a truthy value. * No longer permitted to use existence check as a truthy value. * Can't see a reason why linotp var shouldn't be a boolean. * No longer permitted to use existence check as a truthy value. * Fixing truthy errors in ce_deploy role. * No longer permitted to use an integer as a truthy value. * Updating clamav command to use flock avoiding duplicate processes running. * More truthy length fixes. * Fixing more LDAP role truthy issues. * Slight block refactor for LDAP. * DN length check should not be negated. * Forgot to add the length filter. * Another boolean Ansible 12 error in AMI role. * ALB port must be cast as a string for RedirectAction. * Setting the correct Jinja filter, it's string, not str. * Fixing more Ansible 12 length issues in autoscale role. * Simplifying ASG role by refactoring into blocks. * Further simplifying ASG CloudFront block. * Scaling rules refactor needs work. * Scaling policies list needs to be defined in case it is empty and we try to concatenate. * Enhancing installer to accept an Ansible version and putting Ansible 12 back into GitHub Actions containers. * Trying a different approach to defaulting the venv username. * Removing default() filter from python_pip_packages role. * Fixing up the ce_ansible role for Ansible 12. * Removing unnecessary from_json filter from CloudFront acc ID lookup. * Trying to fix AWS standalone builds. * Fixing standalone EC2 playbooks. * Adding hostname print out for debug. * Adding back in the hostname check. * Fixing AWS hostname variable in comparisons. * Trying to find a hostname variation that meets all requirements. * Adding both hostnames to ec2.yml. * Fixing python venv vars. (#2724) * Fixing python venv vars. * Bad var name in pip role. * Updating-aws-iam-tasks (#2727) * Updating-aws-iam-tasks * Updating-aws-backup-defaults * Adding-profile-to-task * Changing-when-statements --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Wazuh mitre report setup pr 2.x (#2676) * Wazuh-mitre-report-setup * Wazuh-mitre-shellshock-longurl-block * Fixing-vars * Wazuh-mitre-report-setup-PR-2.x * Wazuh-mitre-report-setup-PR-2.x * Wazuh-mitre-report-setup-PR-2.x * r73510-apt-reboot-alerts (#2730) * r73510-apt-reboot-alerts * fix linting error * Avoiding-backup-validation-plan-due-to-IAM-issues (#2731) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> * Ansible12 pr 2.x (#2734) * Fixing python venv vars. * Bad var name in pip role. * Ensuring Ansible version gets passed to ce-provision as well. * Trying an ansible-lint container for GitLab. * Trying an ansible-lint container for GitLab. (#2736) * Preparing GitLab CI config for ce-provision tests. * Run linters unless merging to 2.x. * Fixed the CI rules for linting. --------- Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com> Co-authored-by: Matej Štajduhar <30931414+matej5@users.noreply.github.com> Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com> Co-authored-by: Klaus Purer <klaus.purer@protonmail.ch> Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com> Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> Co-authored-by: Filip Rupic <123341158+filiprupic@users.noreply.github.com> Co-authored-by: filip <filip.rupic@codeenigma.com>
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,12 +1,68 @@
 ---
+variables:
+  FF_SCRIPT_SECTIONS: "true"
+
 before_script:
   - export $BASH_VARS
 
 stages:
   - linting
+  - builds
 
 ansible-lint:
   stage: linting
   image: registry.gitlab.com/pipeline-components/ansible-lint:latest
   script:
     - ansible-lint --show-relpath roles
+  rules:
+    - if: $CI_COMMIT_BRANCH != "$CI_DEFAULT_BRANCH"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
+
+yamllint:
+  stage: linting
+  image: registry.gitlab.com/pipeline-components/yamllint:latest
+  script:
+    - yamllint roles
+  rules:
+    - if: $CI_COMMIT_BRANCH != "$CI_DEFAULT_BRANCH"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
+
+webserver:
+  stage: builds
+  image: debian:bookworm
+  script:
+    - |
+      /usr/bin/apt-get update
+      /usr/bin/apt-get install -y curl sudo
+      /usr/bin/curl -LO ${CI_MERGE_REQUEST_SOURCE_PROJECT_URL}/-/raw/${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}/install.sh
+      /usr/bin/chmod +x ./install.sh
+      /usr/bin/sudo ./install.sh --version ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --config-branch ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} --docker --no-firewall
+      /usr/bin/git config --global --add safe.directory /home/controller/ce-provision
+      /usr/bin/git config --global --add safe.directory /home/controller/ce-provision/config
+      /usr/sbin/sshd&
+      /usr/bin/su - controller -c "cd /home/controller/ce-provision && /bin/sh /home/controller/ce-provision/scripts/provision.sh --python-interpreter /home/controller/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/controller/ce-provision/ce-dev/ansible --playbook plays/web/ci.yml --own-branch ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --config-branch ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} --force"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: always
+
+gitlabserver:
+  stage: builds
+  image: debian:bookworm
+  script:
+    - |
+      /usr/bin/apt-get update
+      /usr/bin/apt-get install -y curl sudo
+      /usr/bin/curl -LO ${CI_MERGE_REQUEST_SOURCE_PROJECT_URL}/-/raw/${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}/install.sh
+      /usr/bin/chmod +x ./install.sh
+      /usr/bin/sudo ./install.sh --version ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --config-branch ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} --docker --no-firewall
+      /usr/bin/git config --global --add safe.directory /home/controller/ce-provision
+      /usr/bin/git config --global --add safe.directory /home/controller/ce-provision/config
+      /usr/sbin/sshd&
+      /usr/bin/su - controller -c "cd /home/controller/ce-provision && /bin/sh /home/controller/ce-provision/scripts/provision.sh --python-interpreter /home/controller/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/controller/ce-provision/ce-dev/ansible --playbook plays/gitlab/ci.yml --own-branch ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --config-branch ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} --force"
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: always
