Why is openssl busted? #1278
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: selfhosted-fips | |
"on": | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
linux: | |
strategy: | |
fail-fast: false | |
runs-on: [self-hosted, chef17-ubuntu-pro-fips] | |
steps: | |
- name: 'Clean up any previous installs' | |
id: cleanup | |
run: | | |
set +e | |
if [ -d "/home/azureuser/actions-runner/_work/chef/chef" ]; then | |
sudo rm -rf /home/azureuser/actions-runner/_work/chef/chef/* | |
fi | |
set -e | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
clean: false | |
- name: 'Install Chef/Ohai from Omnitruck' | |
id: install_chef | |
run: | | |
curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -v 17 | |
/opt/chef/bin/chef-client -v | |
/opt/chef/bin/ohai -v | |
/opt/chef/embedded/bin/rake --version | |
- name: 'Upgrade Chef/Ohai via Appbundler' | |
id: upgrade | |
run: | | |
OHAI_VERSION=$(sed -n '/ohai .[0-9]/{s/.*(//;s/)//;p;}' Gemfile.lock) | |
sudo /opt/chef/embedded/bin/gem install appbundler appbundle-updater --no-doc | |
sudo /opt/chef/embedded/bin/appbundle-updater chef chef $GITHUB_SHA --tarball --github $GITHUB_REPOSITORY | |
echo "Installed Chef / Ohai release:" | |
/opt/chef/bin/chef-client -v | |
/opt/chef/bin/ohai -v | |
- name: 'Verify FIPS is enabled' | |
id: run | |
run: | | |
sudo /opt/chef/embedded/bin/bundle config set --local without 'omnibus_package' | |
sudo /opt/chef/embedded/bin/bundle config set --local path 'vendor/bundle' | |
sudo /opt/chef/embedded/bin/bundle install --jobs=3 --retry=3 | |
sudo rm -f /opt/chef/embedded/bin/{htmldiff,ldiff} | |
sudo /opt/chef/embedded/bin/gem install berkshelf --no-doc | |
OUTPUT=$(cat /proc/sys/crypto/fips_enabled) | |
if [ "$OUTPUT" = "1" ] | |
then | |
echo "fips is enabled" | |
else | |
echo "fips is not enabled" | |
fi |