[FileCache#Find] N to 1 calls for file matching #1269
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: selfhosted-fips | |
| "on": | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| linux: | |
| strategy: | |
| fail-fast: false | |
| runs-on: [self-hosted, chef-18 ubuntu-2004-pro-fips-tester] | |
| steps: | |
| - name: 'If Ruby 3.1 not installed, then install it' | |
| id: ruby | |
| run: | | |
| set +e | |
| if ! command -v ruby &> /dev/null | |
| then | |
| # sudo apt-get update | |
| # sudo apt-get install -y ruby-full=3.1.2 | |
| git clone https://github.com/rbenv/rbenv.git ~/.rbenv | |
| echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc | |
| echo 'eval "$(rbenv init -)"' >> ~/.bashrc | |
| exec $SHELL | |
| git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build | |
| echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc | |
| exec $SHELL | |
| rbenv install 3.1.2 | |
| rbenv global 3.1.2 | |
| fi | |
| set -e | |
| - name: 'Clean up any previous installs' | |
| id: cleanup | |
| run: | | |
| set +e | |
| if [ -d "/home/azureuser/actions-runner/_work/chef/chef" ]; then | |
| sudo rm -r /home/azureuser/actions-runner/_work/chef/chef/* | |
| fi | |
| set -e | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| with: | |
| clean: false | |
| - name: 'Install Chef/Ohai from Omnitruck' | |
| id: install_chef | |
| run: | | |
| curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -v 18 | |
| /opt/chef/bin/chef-client -v | |
| /opt/chef/bin/ohai -v | |
| /opt/chef/embedded/bin/rake --version | |
| - name: 'Upgrade Chef/Ohai via Appbundler' | |
| id: upgrade | |
| run: | | |
| OHAI_VERSION=$(sed -n '/ohai .[0-9]/{s/.*(//;s/)//;p;}' Gemfile.lock) | |
| sudo /opt/chef/embedded/bin/gem install appbundler appbundle-updater --no-doc | |
| sudo /opt/chef/embedded/bin/appbundle-updater chef chef $GITHUB_SHA --tarball --github $GITHUB_REPOSITORY | |
| echo "Installed Chef / Ohai release:" | |
| /opt/chef/bin/chef-client -v | |
| /opt/chef/bin/ohai -v | |
| - name: 'Verify FIPS is enabled' | |
| id: run | |
| run: | | |
| sudo /opt/chef/embedded/bin/bundle config set --local without 'omnibus_package' | |
| sudo /opt/chef/embedded/bin/bundle config set --local path 'vendor/bundle' | |
| sudo /opt/chef/embedded/bin/bundle install --jobs=3 --retry=3 | |
| sudo rm -f /opt/chef/embedded/bin/{htmldiff,ldiff} | |
| sudo /opt/chef/embedded/bin/gem install berkshelf --no-doc | |
| OUTPUT=$(cat /proc/sys/crypto/fips_enabled) | |
| if [ "$OUTPUT" = "1" ] | |
| then | |
| echo "fips is enabled" | |
| else | |
| echo "fips is not enabled" | |
| fi |