---
services: docker

env:
  global:
    - version=latest
    - init=/sbin/init
    - run_opts="--cap-add SYS_ADMIN"
    - volume="/sys/fs/cgroup:/sys/fs/cgroup:ro"
  jobs:
    - distro=centos6
      volume=":"
      run_opts=""
    - distro=centos7
    - distro=centos8
    - distro=oracle6
      volume=":"
      run_opts=""
#    - distro=oracle7
    - distro=ubuntu1604
    - distro=ubuntu1804
    - distro=debian9
      init=/lib/systemd/systemd
    - distro=debian10
    - distro=amazon
    - distro=fedora
      init=/lib/systemd/systemd
    - distro=opensuse_tumbleweed
      run_opts="--privileged"

before_install:
  # Pull container
  - 'docker pull rndmh3ro/docker-${distro}-ansible:${version}'

script:
  - pip install --user ansible-lint
  - ansible-lint ./

  - container_id=$(mktemp)
  # Run container in detached state.
  - 'docker run --detach --volume="${volume}" --volume="${PWD}":/etc/ansible/roles/ansible-os-hardening:ro ${run_opts} rndmh3ro/docker-${distro}-ansible:${version} "${init}" > "${container_id}"'

  # Output Ansible version from docker image
  - 'docker exec "$(cat ${container_id})" ansible-playbook --version'

   # Test role.
  - 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-os-hardening/tests/test.yml --diff'

   # Verify role
  - 'inspec exec https://github.com/dev-sec/linux-baseline/ -t docker://$(cat ${container_id}) --no-distinct-exit'

notifications:
  webhooks: https://galaxy.ansible.com/api/v1/notifications/