Merge pull request #721 from dev-sec/python_version

pin Ansible to always let Renovate update to the most current version in our tests

.github/workflows/ansible-lint.yml

@@ -7,11 +7,13 @@ on:  # yamllint disable-line rule:truthy
     branches: [master]
     paths:
       - 'roles/**'
+      - 'requirements.txt'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [master]
     paths:
       - 'roles/**'
+      - 'requirements.txt'
 
 jobs:
   ansible-lint:

.github/workflows/mysql_hardening.yml

@@ -9,12 +9,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/mysql_hardening/**'
       - 'molecule/mysql_hardening/**'
       - '.github/workflows/mysql_hardening.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/mysql_hardening/**'
       - 'molecule/mysql_hardening/**'
       - '.github/workflows/mysql_hardening.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 0'
 
@@ -57,10 +59,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
-      - name: Set up Python 3.11
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install dependencies
         run: |

.github/workflows/nginx_hardening.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/nginx_hardening/**'
       - 'molecule/nginx_hardening/**'
       - '.github/workflows/nginx_hardening.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/nginx_hardening/**'
       - 'molecule/nginx_hardening/**'
       - '.github/workflows/nginx_hardening.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 1'
 
@@ -56,10 +58,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
-      - name: Set up Python 3.11
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install dependencies
         run: |

.github/workflows/os_hardening.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening/**'
       - '.github/workflows/os_hardening.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening/**'
       - '.github/workflows/os_hardening.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 3'
 
@@ -57,10 +59,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
-      - name: Set up Python 3.11
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install dependencies
         run: |

.github/workflows/os_hardening_vm.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening_vm/**'
       - '.github/workflows/os_hardening_vm.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/os_hardening/**'
       - 'molecule/os_hardening_vm/**'
       - '.github/workflows/os_hardening_vm.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 2'
 

.github/workflows/roles-readme.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install aar_doc
         run: pip3 install aar_doc

.github/workflows/ssh_hardening.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening/**'
       - '.github/workflows/ssh_hardening.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening/**'
       - '.github/workflows/ssh_hardening.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 5'
 
@@ -57,10 +59,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
-      - name: Set up Python 3.11
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install dependencies
         run: |

.github/workflows/ssh_hardening_bsd.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_bsd/**'
       - '.github/workflows/ssh_hardening_bsd.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_bsd/**'
       - '.github/workflows/ssh_hardening_bsd.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 5'
 

.github/workflows/ssh_hardening_custom_tests.yml

@@ -8,12 +8,14 @@ on:  # yamllint disable-line rule:truthy
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_custom_tests/**'
       - '.github/workflows/ssh_hardening_custom_tests.yml'
+      - 'requirements.txt'
   pull_request:
     branches: [master]
     paths:
       - 'roles/ssh_hardening/**'
       - 'molecule/ssh_hardening_custom_tests/**'
       - '.github/workflows/ssh_hardening_custom_tests.yml'
+      - 'requirements.txt'
   schedule:
     - cron: '0 6 * * 4'
 
@@ -57,10 +59,10 @@ jobs:
           path: ansible_collections/devsec/hardening
           submodules: true
 
-      - name: Set up Python 3.11
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
 
       - name: Install dependencies
         run: |

requirements.txt

@@ -1,7 +1,7 @@
 molecule
 molecule-plugins[docker]
 yamllint
-ansible
+ansible-core==2.16.0
 ansible-lint
 docker
 flake8