all: children: controllers: hosts: controller: null zuul_unreachable: hosts: {} hosts: controller: ansible_connection: ssh ansible_host: 162.253.55.140 ansible_port: 22 ansible_python_interpreter: /usr/bin/python3 ansible_user: zuul cilium_helm_values: operator: replicas: 1 cilium_ipv4_cidr: 172.24.0.0/16 kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' kubernetes_version: 1.34.0 molecule_scenario: aio nodepool: az: nova cloud: public external_id: 825ec597-deec-41bf-947e-5ddd079ac851 host_id: c9670958829e9c96e47d452d2c9c4ce9edaac336d3dbc4a3c4ec531c interface_ip: 162.253.55.140 label: rockylinux-9 node_properties: {} private_ipv4: 162.253.55.140 private_ipv6: null provider: yul1 public_ipv4: 162.253.55.140 public_ipv6: 2604:e100:1:0:f816:3eff:fe36:b042 region: ca-ymq-1 slot: null zuul_node: az: nova cloud: public external_id: 825ec597-deec-41bf-947e-5ddd079ac851 host_id: c9670958829e9c96e47d452d2c9c4ce9edaac336d3dbc4a3c4ec531c interface_ip: 162.253.55.140 label: rockylinux-9 node_properties: {} private_ipv4: 162.253.55.140 private_ipv6: null provider: yul1 public_ipv4: 162.253.55.140 public_ipv6: 2604:e100:1:0:f816:3eff:fe36:b042 region: ca-ymq-1 slot: null uuid: null vars: cilium_helm_values: operator: replicas: 1 kubernetes_version: 1.34.0 molecule_scenario: aio zuul: _inheritance_path: - '' - '' - '' - '' - '' - '' ansible_version: '9' attempts: 1 branch: main build: 5811ad9fb59b4a59b8d4ae932ef7a1df build_refs: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null buildset: 90aa7809dafc409dbe964cbfa1020cdf buildset_refs: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 child_jobs: [] commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 event_id: f483c040-18ad-11f1-82de-983357ded420 executor: hostname: 0a8996d2b663 inventory_file: /var/lib/zuul/builds/5811ad9fb59b4a59b8d4ae932ef7a1df/ansible/inventory.yaml log_root: /var/lib/zuul/builds/5811ad9fb59b4a59b8d4ae932ef7a1df/work/logs result_data_file: /var/lib/zuul/builds/5811ad9fb59b4a59b8d4ae932ef7a1df/work/results.json src_root: /var/lib/zuul/builds/5811ad9fb59b4a59b8d4ae932ef7a1df/work/src work_root: /var/lib/zuul/builds/5811ad9fb59b4a59b8d4ae932ef7a1df/work include_vars: [] items: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null job: ansible-collection-kubernetes-molecule-aio-rockylinux-9 jobtags: [] max_attempts: 3 message: W1N0ZXBTZWN1cml0eV0gQXBwbHkgc2VjdXJpdHkgYmVzdCBwcmFjdGljZXMKCiMjIFN1bW1hcnkKClRoaXMgcHVsbCByZXF1ZXN0IGhhcyBiZWVuIGdlbmVyYXRlZCBieSBbU3RlcFNlY3VyaXR5XShodHRwczovL2FwcC5zdGVwc2VjdXJpdHkuaW8vZ2l0aHViL3ZleHhob3N0L2FjdGlvbnMvZGFzaGJvYXJkKSBhcyBwYXJ0IG9mIHlvdXIgZW50ZXJwcmlzZSBzdWJzY3JpcHRpb24gdG8gZW5zdXJlIGNvbXBsaWFuY2Ugd2l0aCByZWNvbW1lbmRlZCBzZWN1cml0eSBiZXN0IHByYWN0aWNlcy4gUGxlYXNlIHJldmlldyBhbmQgbWVyZ2UgdGhlIHB1bGwgcmVxdWVzdCB0byBhcHBseSB0aGVzZSBzZWN1cml0eSBlbmhhbmNlbWVudHMuCgojIyBTZWN1cml0eSBGaXhlcwoKIyMjIEhhcmRlbiBSdW5uZXIKCkhhcmRlbi1SdW5uZXIgaXMgYW4gb3Blbi1zb3VyY2Ugc2VjdXJpdHkgYWdlbnQgZm9yIHRoZSBHaXRIdWItaG9zdGVkIHJ1bm5lciB0byBwcmV2ZW50IHNvZnR3YXJlIHN1cHBseSBjaGFpbiBhdHRhY2tzLiBJdCBwcmV2ZW50cyBleGZpbHRyYXRpb24gb2YgY3JlZGVudGlhbHMsIGRldGVjdHMgdGFtcGVyaW5nIG9mIHNvdXJjZSBjb2RlIGR1cmluZyBidWlsZCwgYW5kIGVuYWJsZXMgcnVubmluZyBqb2JzIHdpdGhvdXQgc3VkbyBhY2Nlc3MuCgotIFtHaXRIdWIgU2VjdXJpdHkgR3VpZGVdKGh0dHBzOi8vZG9jcy5naXRodWIuY29tL2VuL2FjdGlvbnMvc2VjdXJpdHktZm9yLWdpdGh1Yi1hY3Rpb25zL3NlY3VyaXR5LWd1aWRlcy9zZWN1cml0eS1oYXJkZW5pbmctZm9yLWdpdGh1Yi1hY3Rpb25zKQotIFtUaGUgT3BlbiBTb3VyY2UgU2VjdXJpdHkgRm91bmRhdGlvbiAoT3BlblNTRikgU2VjdXJpdHkgR3VpZGVdKGh0dHBzOi8vZ2l0aHViLmNvbS9vc3NmL3Njb3JlY2FyZC9ibG9iL21haW4vZG9jcy9jaGVja3MubWQjZGFuZ2Vyb3VzLXdvcmtmbG93KQoKIyMjIFBpbm5lZCBEZXBlbmRlbmNpZXMKClBpbm5pbmcgR2l0SHViIEFjdGlvbnMgdG8gc3BlY2lmaWMgdmVyc2lvbnMgb3IgY29tbWl0IFNIQXMgZW5zdXJlcyB0aGF0IHlvdXIgd29ya2Zsb3dzIHJlbWFpbiBjb25zaXN0ZW50IGFuZCBzZWN1cmUuClVucGlubmVkIGFjdGlvbnMgY2FuIGxlYWQgdG8gdW5leHBlY3RlZCBjaGFuZ2VzIG9yIHZ1bG5lcmFiaWxpdGllcyBjYXVzZWQgYnkgdXBzdHJlYW0gdXBkYXRlcy4KCi0gW0dpdEh1YiBTZWN1cml0eSBHdWlkZV0oaHR0cHM6Ly9kb2NzLmdpdGh1Yi5jb20vZW4vYWN0aW9ucy9zZWN1cml0eS1mb3ItZ2l0aHViLWFjdGlvbnMvc2VjdXJpdHktZ3VpZGVzL3NlY3VyaXR5LWhhcmRlbmluZy1mb3ItZ2l0aHViLWFjdGlvbnMjdXNpbmctdGhpcmQtcGFydHktYWN0aW9ucykKLSBbVGhlIE9wZW4gU291cmNlIFNlY3VyaXR5IEZvdW5kYXRpb24gKE9wZW5TU0YpIFNlY3VyaXR5IEd1aWRlXShodHRwczovL2dpdGh1Yi5jb20vb3NzZi9zY29yZWNhcmQvYmxvYi9tYWluL2RvY3MvY2hlY2tzLm1kI3Bpbm5lZC1kZXBlbmRlbmNpZXMpCiMjIyBTdGVwU2VjdXJpdHkgTWFpbnRhaW5lZCBBY3Rpb25zCgpSaXNreSBHaXRIdWIgQWN0aW9ucyBjYW4gZXhwb3NlIHlvdXIgcHJvamVjdCB0byBwb3RlbnRpYWwgc2VjdXJpdHkgcmlza3MuIFJpc2t5IGFjdGlvbnMgaGF2ZSBiZWVuIHJlcGxhY2VkIHdpdGggU3RlcFNlY3VyaXR5IG1haW50YWluZWQgYWN0aW9ucywgdGhhdCBhcmUgc2VjdXJlIGRyb3AtaW4gcmVwbGFjZW1lbnRzLgoKLSBbU3RlcFNlY3VyaXR5IE1haW50YWluZWQgQWN0aW9uc10oaHR0cHM6Ly9kb2NzLnN0ZXBzZWN1cml0eS5pby9hY3Rpb25zL3N0ZXBzZWN1cml0eS1tYWludGFpbmVkLWFjdGlvbnMpCgoKIyMgRmVlZGJhY2sKRm9yIGJ1ZyByZXBvcnRzLCBmZWF0dXJlIHJlcXVlc3RzLCBhbmQgZ2VuZXJhbCBmZWVkYmFjazsgcGxlYXNlIGNyZWF0ZSBhbiBpc3N1ZSBpbiBbc3RlcC1zZWN1cml0eS9zZWN1cmUtcmVwb10oaHR0cHM6Ly9naXRodWIuY29tL3N0ZXAtc2VjdXJpdHkvc2VjdXJlLXJlcG8pIG9yIGNvbnRhY3QgdXMgdmlhIFtvdXIgd2Vic2l0ZV0oaHR0cHM6Ly93d3cuc3RlcHNlY3VyaXR5LmlvLykuCgoK patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 pipeline: check playbook_context: playbook_projects: trusted/project_0/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b trusted/project_1/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 trusted/project_2/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_0/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_1/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b untrusted/project_2/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 playbooks: - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/run.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/playbook_0/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/playbook_0/role_2/zuul-jobs/roles post_playbooks: - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_0/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_0/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_0/role_2/zuul-jobs/roles - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post-logs.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_1/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_1/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_1/role_2/zuul-jobs/roles pre_playbooks: - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_0/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/pre_playbook_0/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_0/role_2/zuul-jobs/roles - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_1/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/pre_playbook_1/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_1/role_2/zuul-jobs/roles post_review: false post_timeout: null pre_timeout: null project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes projects: github.com/vexxhost/ansible-collection-kubernetes: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes checkout: main checkout_description: zuul branch commit: ec7f117ef109de8a54da4928eeb804a44a37d848 name: vexxhost/ansible-collection-kubernetes required: false short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes ref: refs/pull/234/head resources: {} tenant: oss timeout: 1800 topic: null voting: true