Merge pull request #61 from dev-sec/update_all

Include current Linux distributions and remove unsupported versions

Author: rndmh3ro

.github/workflows/all.yml

@@ -16,19 +16,21 @@ jobs:
       fail-fast: false
       matrix:
         dockerimage:
+          - almalinux8-ansible
+          - almalinux9-ansible
+          - almalinux10-ansible
           - alpine-ansible
           - amazon2-ansible
           - amazon2023-ansible
           - arch-ansible
-          - centos7-ansible
-          - centos8-ansible
           - centosstream8-ansible
           - centosstream9-ansible
           - rocky8-ansible
           - rocky9-ansible
-          - debian10-ansible
+          - rocky10-ansible
           - debian11-ansible
           - debian12-ansible
+          - debian13-ansible
           - fedora37-ansible
           - fedora38-ansible
           - fedora39-ansible

…hub/workflows/centos7-ansible-latest.yml …workflows/almalinux10-ansible-latest.yml.github/workflows/centos7-ansible-latest.yml renamed to .github/workflows/almalinux10-ansible-latest.yml .github/workflows/centos7-ansible-latest.yml renamed to .github/workflows/almalinux10-ansible-latest.yml

@@ -1,13 +1,13 @@
-name: centos7-ansible-latest
+name: almalinux10-ansible-latest
 on:
   # yamllint disable-line rule:truthy
   workflow_dispatch:
   push:
     paths:
-      - 'centos7-ansible-latest/**'
+      - 'almalinux10-ansible-latest/**'
   pull_request:
     paths:
-      - 'centos7-ansible-latest/**'
+      - 'almalinux10-ansible-latest/**'
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -18,10 +18,10 @@ jobs:
       fail-fast: false
       matrix:
         dockerimage:
-          - centos7-ansible
+          - almalinux10-ansible
         platforms:
           - linux/amd64
-          # #- linux/arm64  # not supported upstream
+          #- linux/arm64
     steps:
       -
         name: Checkout

.github/workflows/almalinux8-ansible-latest.yml

@@ -0,0 +1,79 @@
+name: almalinux8-ansible-latest
+on:
+  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  push:
+    paths:
+      - 'almalinux8-ansible-latest/**'
+  pull_request:
+    paths:
+      - 'almalinux8-ansible-latest/**'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        dockerimage:
+          - almalinux8-ansible
+        platforms:
+          - linux/amd64
+          #- linux/arm64
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build and export to Docker
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          tags: docker-${{ matrix.dockerimage }}:test
+          platforms: ${{ matrix.platforms }}
+          load: true
+      -
+        name: Test
+        run: |
+          docker run --rm docker-${{ matrix.dockerimage }}:test
+      -
+        name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push to ghcr.io
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'

.github/workflows/almalinux9-ansible-latest.yml

@@ -0,0 +1,79 @@
+name: almalinux9-ansible-latest
+on:
+  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  push:
+    paths:
+      - 'almalinux9-ansible-latest/**'
+  pull_request:
+    paths:
+      - 'almalinux9-ansible-latest/**'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        dockerimage:
+          - almalinux9-ansible
+        platforms:
+          - linux/amd64
+          #- linux/arm64
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build and export to Docker
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          tags: docker-${{ matrix.dockerimage }}:test
+          platforms: ${{ matrix.platforms }}
+          load: true
+      -
+        name: Test
+        run: |
+          docker run --rm docker-${{ matrix.dockerimage }}:test
+      -
+        name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push to ghcr.io
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ghcr.io/dev-sec/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: github.ref == 'refs/heads/master'
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.dockerimage }}-latest
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-${{ matrix.dockerimage }}:latest
+          platforms: ${{ matrix.platforms }}
+        if: github.ref == 'refs/heads/master'

…ub/workflows/debian10-ansible-latest.yml …ub/workflows/debian13-ansible-latest.yml.github/workflows/debian10-ansible-latest.yml renamed to .github/workflows/debian13-ansible-latest.yml .github/workflows/debian10-ansible-latest.yml renamed to .github/workflows/debian13-ansible-latest.yml

@@ -1,13 +1,13 @@
-name: debian10-ansible-latest
+name: debian13-ansible-latest
 on:
   # yamllint disable-line rule:truthy
   workflow_dispatch:
   push:
     paths:
-      - 'debian10-ansible-latest/**'
+      - 'debian13-ansible-latest/**'
   pull_request:
     paths:
-      - 'debian10-ansible-latest/**'
+      - 'debian13-ansible-latest/**'
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         dockerimage:
-          - debian10-ansible
+          - debian13-ansible
         platforms:
           - linux/amd64
           #- linux/arm64

…hub/workflows/centos8-ansible-latest.yml …hub/workflows/rocky10-ansible-latest.yml.github/workflows/centos8-ansible-latest.yml renamed to .github/workflows/rocky10-ansible-latest.yml .github/workflows/centos8-ansible-latest.yml renamed to .github/workflows/rocky10-ansible-latest.yml

@@ -1,13 +1,13 @@
-name: centos8-ansible-latest
+name: rocky10-ansible-latest
 on:
   # yamllint disable-line rule:truthy
   workflow_dispatch:
   push:
     paths:
-      - 'centos8-ansible-latest/**'
+      - 'rocky10-ansible-latest/**'
   pull_request:
     paths:
-      - 'centos8-ansible-latest/**'
+      - 'rocky10-ansible-latest/**'
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         dockerimage:
-          - centos8-ansible
+          - rocky10-ansible
         platforms:
           - linux/amd64
           #- linux/arm64

almalinux10-ansible-latest/Dockerfile

@@ -0,0 +1,48 @@
+FROM almalinux:10
+LABEL maintainer="Sebastian Gumprich"
+ENV container=docker
+
+# Install systemd -- See https://hub.docker.com/_/centos/
+RUN yum -y update; yum clean all;
+
+# Install Ansible and other requirements.
+RUN yum makecache --timer \
+ && yum -y install epel-release initscripts \
+ && yum -y update \
+ && yum -y install \
+      sudo \
+      which \
+      hostname \
+      python3 \
+      python3-pip \
+ && yum clean all
+
+# upgrade pip because of the rust dependency error
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
+
+# Disable requiretty.
+RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
+
+# Install Ansible inventory file.
+RUN mkdir -p /etc/ansible && \
+    echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
+
+# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so
+# each `item` is an element of platforms list from the molecule.yml file for this scenario.
+ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
+
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
+VOLUME ["/sys/fs/cgroup"]
+CMD [ "ansible-playbook", "--version" ]

centos8-ansible-latest/Dockerfile almalinux8-ansible-latest/Dockerfilecentos8-ansible-latest/Dockerfile renamed to almalinux8-ansible-latest/Dockerfile

@@ -1,4 +1,4 @@
-FROM centos:8
+FROM almalinux:8
 LABEL maintainer="Sebastian Gumprich"
 ENV container=docker
 
@@ -14,21 +14,20 @@ RUN yum -y update; yum clean all; \
     rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # Install Ansible and other requirements.
-RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-Linux-* \
- && yum makecache --timer \
+RUN yum makecache --timer \
  && yum -y install epel-release initscripts \
  && yum -y update \
  && yum -y install \
       sudo \
       which \
       hostname \
-      python3 \
-      python3-pip \
+      python3.12 \
+      python3.12-pip \
  && yum clean all
 
 # upgrade pip because of the rust dependency error
-RUN python3 -m pip install --no-cache-dir --upgrade pip && \
-    pip3 install --no-cache-dir ansible
+RUN pip3.12 install --no-cache-dir --upgrade pip && \
+    pip3.12 install --no-cache-dir ansible
 
 # Disable requiretty.
 RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers

almalinux9-ansible-latest/Dockerfile

@@ -0,0 +1,48 @@
+FROM almalinux:9
+LABEL maintainer="Sebastian Gumprich"
+ENV container=docker
+
+# Install systemd -- See https://hub.docker.com/_/centos/
+RUN yum -y update; yum clean all;
+
+# Install Ansible and other requirements.
+RUN yum makecache --timer \
+ && yum -y install epel-release initscripts \
+ && yum -y update \
+ && yum -y install \
+      sudo \
+      which \
+      hostname \
+      python3 \
+      python3-pip \
+ && yum clean all
+
+# upgrade pip because of the rust dependency error
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir ansible
+
+# Disable requiretty.
+RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/'  /etc/sudoers
+
+# Install Ansible inventory file.
+RUN mkdir -p /etc/ansible && \
+    echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
+
+# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user
+# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP`
+# This template gets rendered using `loop: "{{ molecule_yml.platforms }}"`, so
+# each `item` is an element of platforms list from the molecule.yml file for this scenario.
+ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer SUDO_GROUP=wheel
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
+
+# delete file created by systemd that prevents login via ssh
+RUN rm -f /{var/run,etc,run}/nologin
+
+VOLUME ["/sys/fs/cgroup"]
+CMD [ "ansible-playbook", "--version" ]