ci: standardize shellcheck --severity=error across all lab scripts #11

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main, develop, 'feature/', 'bugfix/']
	pull_request:
	branches: [main, develop]

	permissions:
	contents: read
	security-events: write

	jobs:
	validate:
	name: Validate Configuration
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Validate Docker Compose files
	run: \|
	for f in docker/docker-compose.*.yml; do
	echo "Validating: $f"
	docker compose -f "$f" config --no-interpolate -q
	done

	- name: ShellCheck — lab test scripts
	run: \|
	sudo apt-get install -y shellcheck -qq
	shellcheck --severity=error tests/labs/*.sh

	- name: Validate module manifest
	run: \|
	python3 -c "
	import sys, re
	with open('it-stack-elasticsearch.yml') as f:
	content = f.read()
	required = ['module:', 'version:', 'phase:', 'category:', 'ports:']
	missing = [k for k in required if k not in content]
	if missing:
	print('Missing fields:', missing); sys.exit(1)
	print('Manifest valid')
	"

	security-scan:
	name: Security Scan
	runs-on: ubuntu-latest
	needs: validate
	steps:
	- uses: actions/checkout@v4

	- name: Trivy — scan Dockerfile
	uses: aquasecurity/trivy-action@0.28.0
	with:
	scan-type: config
	scan-ref: .
	exit-code: '0'
	severity: CRITICAL,HIGH

	- name: Trivy — SARIF output
	uses: aquasecurity/trivy-action@0.28.0
	with:
	scan-type: config
	scan-ref: .
	format: sarif
	output: trivy-results.sarif

	- name: Upload SARIF to GitHub Security
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: trivy-results.sarif

	lab-01-smoke:
	name: Lab 01 — Smoke Test
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true # scaffold stubs; full lab runs on real VMs
	steps:
	- uses: actions/checkout@v4

	- name: Generate CI env file
	run: \|
	# Copy example env and inject CI-safe defaults for any unset port vars
	if [ -f .env.example ]; then cp .env.example .env; fi
	# Set port placeholder vars used in scaffold compose files
	echo "firstPort=389" >> .env
	echo "secondPort=9090" >> .env

	- name: Validate standalone compose can start
	run: \|
	docker compose -f docker/docker-compose.standalone.yml config --no-interpolate -q
	echo "Standalone compose structure is valid"

	- name: Start standalone stack
	run: docker compose -f docker/docker-compose.standalone.yml up -d

	- name: Wait for health
	run: \|
	echo "Waiting for services..."
	sleep 30
	docker compose -f docker/docker-compose.standalone.yml ps

	- name: Run Lab 01 test script
	run: bash tests/labs/test-lab-05-01.sh

	- name: Collect logs on failure
Check failure on line 107 in .github/workflows/ci.yml View workflow run for this annotation GitHub Actions / .github/workflows/ci.yml Invalid workflow file `You have an error in your yaml syntax on line 107`
	if: failure()
	run: docker compose -f docker/docker-compose.standalone.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.standalone.yml down -v

	lab-02-smoke:
	name: Lab 02 -- Elasticsearch + Kibana (LAN tier)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl -qq

	- name: Validate LAN compose
	run: docker compose -f docker/docker-compose.lan.yml config -q && echo "LAN compose valid"

	- name: Start LAN stack
	run: docker compose -f docker/docker-compose.lan.yml up -d

	- name: Wait for Elasticsearch
	run: timeout 180 bash -c 'until curl -sf http://localhost:9210/_cluster/health \| grep -q "green\\|yellow"; do sleep 10; done'

	- name: Wait for Kibana
	run: timeout 240 bash -c 'until curl -sf http://localhost:5610/api/status \| grep -q "available\\|green\\|yellow"; do sleep 10; done'

	- name: Run Lab 05-02 test script
	run: bash tests/labs/test-lab-05-02.sh --no-cleanup

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.lan.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.lan.yml down -v

	lab-03-smoke:
	name: Lab 03 -- Elasticsearch Advanced Features (Kibana + Logstash pipeline)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl -qq

	- name: Validate advanced compose
	run: docker compose -f docker/docker-compose.advanced.yml config -q && echo "Advanced compose valid"

	- name: Start advanced stack
	run: docker compose -f docker/docker-compose.advanced.yml up -d

	- name: Wait for Elasticsearch
	run: timeout 300 bash -c 'until curl -sf http://localhost:9220/_cluster/health \| grep -q "green\\|yellow"; do sleep 10; done'

	- name: Wait for Kibana
	run: timeout 360 bash -c 'until curl -sf http://localhost:5620/api/status \| grep -q "available\\|green\\|yellow"; do sleep 15; done'

	- name: Run Lab 05-03 test script
	run: bash tests/labs/test-lab-05-03.sh --no-cleanup

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.advanced.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.advanced.yml down -v

	lab-04-smoke:
	name: Lab 04 -- Elasticsearch SSO Integration (Kibana + Keycloak OIDC + OpenLDAP)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl ldap-utils netcat-openbsd

	- name: Validate SSO compose
	run: docker compose -f docker/docker-compose.sso.yml config -q && echo "SSO compose valid"

	- name: Start SSO stack
	run: docker compose -f docker/docker-compose.sso.yml up -d

	- name: Wait for OpenLDAP
	run: timeout 120 bash -c 'until docker exec elastic-s04-ldap ldapsearch -x -H ldap://localhost -b dc=lab,dc=local -D cn=admin,dc=lab,dc=local -w LdapLab04! cn=admin >/dev/null 2>&1; do sleep 5; done'

	- name: Wait for Keycloak
	run: timeout 300 bash -c 'until curl -sf http://localhost:8504/realms/master; do sleep 10; done'

	- name: Wait for Kibana
	run: timeout 300 bash -c 'until curl -sf http://localhost:5630/api/status \| grep -q "available\\|green\\|yellow"; do sleep 15; done'

	- name: Run Lab 05-04 test script
	run: bash tests/labs/test-lab-05-04.sh --no-cleanup

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.sso.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.sso.yml down -v

	lab-05-smoke:
	name: Lab 05-05 -- Elasticsearch Advanced Integration (Graylog REST API)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl netcat-openbsd ldap-utils

	- name: Validate integration compose
	run: docker compose -f docker/docker-compose.integration.yml config -q && echo "Integration compose valid"

	- name: Start integration stack
	run: docker compose -f docker/docker-compose.integration.yml up -d

	- name: Wait for WireMock
	run: timeout 90 bash -c 'until curl -sf http://localhost:8760/__admin/health; do sleep 5; done'

	- name: Wait for Elasticsearch
	run: timeout 120 bash -c 'until curl -sf http://localhost:9200/_cluster/health \| grep -q status; do sleep 10; done'

	- name: Wait for Keycloak
	run: timeout 300 bash -c 'until curl -sf http://localhost:8505/realms/master; do sleep 10; done'

	- name: Wait for Kibana
	run: timeout 300 bash -c 'until curl -sf http://localhost:5640/api/status \| grep -q version; do sleep 15; done'

	- name: Run Lab 05-05 test script
	run: bash tests/labs/test-lab-05-05.sh --no-cleanup

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.integration.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.integration.yml down -v

	lab-06-smoke:
	name: Lab 05-06 -- Elasticsearch Production Deployment (restart policy, resource limits, ILM)
	runs-on: ubuntu-latest
	needs: validate
	continue-on-error: true
	steps:
	- uses: actions/checkout@v4

	- name: Install tools
	run: sudo apt-get install -y curl netcat-openbsd ldap-utils

	- name: Validate production compose
	run: docker compose -f docker/docker-compose.production.yml config -q && echo "Production compose valid"

	- name: Start production stack
	run: docker compose -f docker/docker-compose.production.yml up -d

	- name: Wait for Elasticsearch
	run: \|
	for i in $(seq 1 24); do
	curl -sf http://localhost:9200/_cluster/health \| grep -qE '"status":"(green\|yellow)"' && echo "ES ready" && break
	echo "Waiting for ES... ($i/24)"; sleep 5
	done

	- name: Wait for Kibana
	run: \|
	for i in $(seq 1 18); do
	curl -sf http://localhost:5650/api/status \| grep -q overall && echo "Kibana ready" && break
	echo "Waiting for Kibana... ($i/18)"; sleep 5
	done

	- name: Wait for Keycloak
	run: \|
	for i in $(seq 1 24); do
	curl -sf http://localhost:8550/realms/master \| grep -q realm && echo "KC ready" && break
	echo "Waiting for KC... ($i/24)"; sleep 5
	done

	- name: Run Lab 05-06 test script
	run: bash tests/labs/test-lab-05-06.sh --no-cleanup

	- name: Collect logs on failure
	if: failure()
	run: docker compose -f docker/docker-compose.production.yml logs

	- name: Cleanup
	if: always()
	run: docker compose -f docker/docker-compose.production.yml down -v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: standardize shellcheck --severity=error across all lab scripts #11

Workflow file

ci: standardize shellcheck --severity=error across all lab scripts #11

Uh oh!

Workflow file for this run

GitHub Actions / .github/workflows/ci.yml