diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 169fc07..7c36dc4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -181,14 +181,17 @@ jobs: PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} # TODO: https://github.com/cisagov/skeleton-generic/issues/165 - # We are temporarily using a branch of @mcdonnnj's fork of terraform-docs that - # groups changes from his PRs until they are approved and merged: + # We are temporarily using the cisagov branch of @mcdonnnj's + # fork of terraform-docs that groups changes from his PRs until + # they are approved and merged: # https://github.com/terraform-docs/terraform-docs/pull/745 # https://github.com/terraform-docs/terraform-docs/pull/901 - # This temporary fix will allow for ATX header support when terraform-docs is run - # during linting and output delimiter rows with cell spacing that passes + # + # This temporary fix (via the cisagov branch) allows for ATX + # header support when terraform-docs is run during linting and + # outputs delimiter rows with cell spacing that passes # Markdownlint's MD060/table-column-style rule. - - name: Clone ATX headers branch from terraform-docs fork + - name: Clone cisagov branch from terraform-docs fork run: | git clone \ --branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \ @@ -205,7 +208,13 @@ jobs: python -m pip install --upgrade pip setuptools pip install --upgrade --requirement requirements-test.txt - name: Install Ansible roles - run: ansible-galaxy install --force --role-file ansible/requirements.yml + run: >- + ansible-galaxy role install --force + --role-file ansible/requirements.yml + - name: Install Ansible collections + run: >- + ansible-galaxy collection install --force + --requirements-file ansible/requirements.yml # This must happen before pre-commit is run or the Packer format # linter will throw an error. - name: Install Packer plugins diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 5f23239..83ee09b 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,5 +1,22 @@ --- collections: + # Required by the following Ansible roles: + # - ansible-role-cdm-nessus-agent (uses amazon.aws.s3_object) + # - ansible-role-crowdstrike (uses amazon.aws.s3_object) + - amazon.aws + # Required by the following Ansible roles: + # - ansible-role-amazon-ssm-agent (uses community.general.snap) + # - ansible-role-automated-security-updates (uses community.general.ini_file) + # - ansible-role-cloudwatch-agent (uses community.general.ini_file) + # - ansible-role-hardening-2 (uses community.general.modprobe and + # community.general.ufw) + # - ansible-role-persist-journald (uses community.general.ini_file) + # - ansible-role-systemd-resolved (uses community.general.ini_file) + # - ansible-role-ufw (uses community.general.ufw) + # + # Also required by the following playbooks: + # - ansible/cdm.yml (uses community.general.ufw) + # - ansible/ufw.yml (uses community.general.ufw) - community.general roles: - name: amazon_ssm_agent diff --git a/requirements.txt b/requirements.txt index cb8f868..39d2534 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,8 +13,11 @@ ansible>=10,<11 # requirements-test.txt in cisagov/skeleton-ansible-role and # .pre-commit-config.yaml in cisagov/skeleton-generic. ansible-core>=2.17.7 -# Required because we are using the amazon.aws.aws_ssm Ansible lookup -# plugin to pull a parameter value from AWS Parameter Store. +# Required because we are using the amazon.aws.s3_object Ansible module +# in our Ansible code in the following roles: +# - ansible-role-cdm-nessus-agent (uses amazon.aws.s3_object) +# - ansible-role-crowdstrike (uses amazon.aws.s3_object) +# https://docs.ansible.com/projects/ansible/latest/collections/amazon/aws/s3_object_module.html boto3 # The bump-version script requires at least version 3 of semver. semver>=3