run our CI tests periodically (#634)

* allow multiple instances for os vm tests Signed-off-by: Martin Schurz <[email protected]> * add scheduled trigger to all test actions Signed-off-by: Martin Schurz <[email protected]> * use different scenario names Signed-off-by: Martin Schurz <[email protected]> * use different scenario names Signed-off-by: Martin Schurz <[email protected]> * use different scenario names Signed-off-by: Martin Schurz <[email protected]> * use username to create uniqe vms Signed-off-by: Martin Schurz <[email protected]> * use compatible name Signed-off-by: Martin Schurz <[email protected]> * add explaination Signed-off-by: Martin Schurz <[email protected]> --------- Signed-off-by: Martin Schurz <[email protected]>
dev-sec · Feb 7, 2023 · 9b32aca · 9b32aca
1 parent 8d667aa
commit 9b32aca
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 1 deletion.
diff --git a/.github/workflows/mysql_hardening.yml b/.github/workflows/mysql_hardening.yml
@@ -15,6 +15,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/mysql_hardening/**'
       - 'molecule/mysql_hardening/**'
       - '.github/workflows/mysql_hardening.yml'
+  schedule:
+    - cron: '0 6 * * 0'
 
 concurrency:
   group: >-

diff --git a/.github/workflows/nginx_hardening.yml b/.github/workflows/nginx_hardening.yml
@@ -14,6 +14,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/nginx_hardening/**'
       - 'molecule/nginx_hardening/**'
       - '.github/workflows/nginx_hardening.yml'
+  schedule:
+    - cron: '0 6 * * 1'
 
 concurrency:
   group: >-

diff --git a/.github/workflows/os_hardening.yml b/.github/workflows/os_hardening.yml
@@ -14,6 +14,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening/**'
       - '.github/workflows/os_hardening.yml'
+  schedule:
+    - cron: '0 6 * * 3'
 
 concurrency:
   group: >-

diff --git a/.github/workflows/os_hardening_vm.yml b/.github/workflows/os_hardening_vm.yml
@@ -14,6 +14,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening_vm/**'
       - '.github/workflows/os_hardening_vm.yml'
+  schedule:
+    - cron: '0 6 * * 2'
 
 concurrency:
   group: >-

diff --git a/.github/workflows/ssh_hardening.yml b/.github/workflows/ssh_hardening.yml
@@ -14,6 +14,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening/**'
       - '.github/workflows/ssh_hardening.yml'
+  schedule:
+    - cron: '0 6 * * 5'
 
 concurrency:
   group: >-

diff --git a/.github/workflows/ssh_hardening_custom_tests.yml b/.github/workflows/ssh_hardening_custom_tests.yml
@@ -14,6 +14,8 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_custom_tests/**'
       - '.github/workflows/ssh_hardening_custom_tests.yml'
+  schedule:
+    - cron: '0 6 * * 4'
 
 concurrency:
   group: >-

diff --git a/molecule/os_hardening_vm/molecule.yml b/molecule/os_hardening_vm/molecule.yml
@@ -8,7 +8,10 @@ driver:
   provider:
     name: libvirt
 platforms:
-  - name: instance
+  # we need to name every instance differntly to start multiple VMs on the same host (parallelization)
+  # since we also need to use different OS users to run the tests because of how molecule operates,
+  # the VM names must be predictable by OS user (to clean up canceled runs)
+  - name: "${USER}"
     box: "generic/${MOLECULE_DISTRO}"
     memory: 1024
     cpus: 2