From 6bb953090ccae1a297d6656081e81c04268cee02 Mon Sep 17 00:00:00 2001 From: Bernd Worsch Date: Mon, 9 Mar 2026 16:44:06 +0000 Subject: [PATCH] feat: datetime reports, auto-commit on verify, register pruning EP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Include time in TAP report filename (ISO 8601: date + HHmmssZ) - Add changed_when: false to report write task — verify play now shows changed=0 on a clean run (all green recap) - make verify auto-commits new reports to repo after a passing run; exits non-zero before committing if assertions fail - Register EP-RAIL-001: report pruning extension point for future implementation when reports/ accumulates beyond a threshold Co-Authored-By: Claude Sonnet 4.6 --- Makefile | 9 ++-- ansible/roles/goss/tasks/main.yml | 3 +- ...1--railiance-hosts--goss-report-pruning.md | 53 +++++++++++++++++++ 3 files changed, 61 insertions(+), 4 deletions(-) create mode 100644 contrib/extension-points/EP-RAIL-001--railiance-hosts--goss-report-pruning.md diff --git a/Makefile b/Makefile index a01c5b7..87b5834 100644 --- a/Makefile +++ b/Makefile @@ -198,11 +198,14 @@ status: ## Show live security state of all hosts (UFW, fail2ban, SSH hardening) @echo "" @echo "--- Hint: run 'make verify' for a structured pass/fail report ---" -verify: ## Run Goss test suite against all hosts — exits non-zero on failure +verify: ## Run Goss test suite against all hosts, commit TAP reports — exits non-zero on failure @echo "Running Goss baseline assertions..." - @cd $(ANS_DIR) && ansible-playbook playbooks/verify.yaml -u $(SSH_USER) && \ - echo "All assertions passed." || \ + @cd $(ANS_DIR) && ansible-playbook playbooks/verify.yaml -u $(SSH_USER) || \ (echo "One or more assertions FAILED — see reports/ for TAP output." && exit 1) + @echo "All assertions passed." + @git add reports/ && \ + git diff --cached --quiet && echo "No new reports to commit." || \ + git commit -m "chore: Goss verification reports $$(date -u +%Y-%m-%dT%H%M%SZ)" converge: ## Converge all hosts to the baseline (idempotent) cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) diff --git a/ansible/roles/goss/tasks/main.yml b/ansible/roles/goss/tasks/main.yml index baf3e14..b4b1670 100644 --- a/ansible/roles/goss/tasks/main.yml +++ b/ansible/roles/goss/tasks/main.yml @@ -50,7 +50,8 @@ - name: Write TAP report locally ansible.builtin.copy: content: "{{ goss_result.stdout }}" - dest: "{{ playbook_dir }}/../../reports/goss-{{ inventory_hostname }}-{{ ansible_date_time.date }}.tap" + dest: "{{ playbook_dir }}/../../reports/goss-{{ inventory_hostname }}-{{ ansible_date_time.date }}T{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}Z.tap" mode: "0644" delegate_to: localhost become: false + changed_when: false diff --git a/contrib/extension-points/EP-RAIL-001--railiance-hosts--goss-report-pruning.md b/contrib/extension-points/EP-RAIL-001--railiance-hosts--goss-report-pruning.md new file mode 100644 index 0000000..ba1e6cf --- /dev/null +++ b/contrib/extension-points/EP-RAIL-001--railiance-hosts--goss-report-pruning.md @@ -0,0 +1,53 @@ +--- +type: extension-point +id: EP-RAIL-001 +title: "Goss TAP report pruning" +target_org: railiance +target_repo: railiance-hosts +status: open +created: "2026-03-09" +source_repo: railiance-hosts +related_workstream_id: "" +--- + +# EP-RAIL-001: Goss TAP Report Pruning + +## Context + +`make verify` commits a new TAP report file to `reports/` on every run: + +``` +reports/goss-Railiance01-2026-03-09T154855Z.tap +``` + +As the fleet grows and verify runs more frequently, `reports/` will accumulate +indefinitely and bloat the repository history. + +## Extension Point + +Add a `make prune-reports` target (or integrate into `make verify`) that: + +- Keeps the N most recent reports per host (suggested default: N=30) +- Removes older files and commits the deletion +- Is configurable via a Makefile variable (`REPORTS_KEEP ?= 30`) + +Suggested implementation sketch: + +```makefile +REPORTS_KEEP ?= 30 + +prune-reports: ## Remove old Goss TAP reports, keep REPORTS_KEEP most recent per host + @for host in $$(ls reports/goss-*.tap 2>/dev/null | sed 's|reports/goss-||;s|-[0-9T]*Z\.tap||' | sort -u); do \ + ls -t reports/goss-$$host-*.tap | tail -n +$$(($(REPORTS_KEEP)+1)) | xargs -r rm -v; \ + done + @git add reports/ && git diff --cached --quiet || \ + git commit -m "chore: prune Goss reports older than $(REPORTS_KEEP) per host" +``` + +## Trigger + +Implement when any of the following is true: + +- `reports/` contains more than 200 files, OR +- Repository size grows noticeably due to reports, OR +- verify is integrated into CI with high frequency runs