Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update workflows to use artifact actions v4 and replace the archived workflow … #20

Merged
merged 10 commits into from
Jan 15, 2025
Merged

Update workflows to use artifact actions v4 and replace the archived workflow … #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
561ea17
Update workflows to use actions v4 and replace the archived workflow …
jtquach1 Dec 12, 2024
4542b74
Revert version change
jtquach1 Dec 12, 2024
68c066a
Update secrets used in verify-ec2.yml
jtquach1 Dec 26, 2024
1bae38f
Update secrets used in verify-ec2.yml again
jtquach1 Dec 26, 2024
e4240c8
Update Ruby version in verify-ec2.yml
jtquach1 Dec 27, 2024
d4b52c7
Add unique artifact name per suite
jtquach1 Dec 31, 2024
25be23e
Update to Ruby 3.1
jtquach1 Jan 14, 2025
aaee4e2
it's trying to install inspec6 and then dying on the license key
Amndeep7 Jan 15, 2025
ab2cb8c
update actions/checkout to v4
Amndeep7 Jan 15, 2025
655276f
threshold file flag changed from F to T
Amndeep7 Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions .github/workflows/verify-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,21 @@ jobs:
runs-on: ubuntu-latest
env:
CHEF_LICENSE: accept-silent
CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
KITCHEN_YAML: kitchen.docker.yml
strategy:
matrix:
suite: ["vanilla", "hardened"]
fail-fast: false
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Setup Ruby
uses: actions/setup-ruby@v1
uses: ruby/setup-ruby@v1
with:
ruby-version: "2.7"
ruby-version: "3.1"
- name: Setup caching
uses: actions/cache@v2
uses: actions/cache@v4
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
Expand All @@ -58,8 +59,9 @@ jobs:
- name: Ensure the scan meets our ${{ matrix.suite }} results threshold
uses: mitre/saf_action@v1
with:
command_string: "validate:threshold -i spec/results/${{ matrix.suite }}-test-result.json -F ${{ matrix.suite }}.threshold.yml"
command_string: "validate:threshold -i spec/results/${{ matrix.suite }}-test-result.json -T ${{ matrix.suite }}.threshold.yml"
- name: Save Test Result JSON
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.suite }}-results
path: spec/results
30 changes: 16 additions & 14 deletions .github/workflows/verify-ec2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,33 +14,34 @@ jobs:
runs-on: ubuntu-latest
env:
CHEF_LICENSE: accept-silent
CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
KITCHEN_YAML: kitchen.ec2.yml
strategy:
matrix:
suite: ["vanilla", "hardened"]
suite: ['vanilla', 'hardened']
fail-fast: false
steps:
- name: add needed packages
run: sudo apt-get install -y jq
- name: Configure AWS credentials
env:
AWS_SUBNET_ID: ${{ secrets.AWS_SUBNET_ID }}
AWS_SSH_KEY_ID: ${{ secrets.AWS_SSH_KEY_ID }}
AWS_SUBNET_ID: ${{ secrets.SAF_AWS_SUBNET_ID }}
AWS_SSH_KEY_ID: ${{ secrets.SAF_AWS_SSH_KEY_ID }}
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
aws-access-key-id: ${{ secrets.SAF_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.SAF_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.SAF_AWS_REGION }}
- name: Check out repository
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Clone full repository so we can push
run: git fetch --prune --unshallow
- name: Setup Ruby
uses: actions/setup-ruby@v1
uses: ruby/setup-ruby@v1
with:
ruby-version: "2.7"
ruby-version: '3.1'
# - name: Setup caching
# uses: actions/cache@v2
# uses: actions/cache@v4
# with:
# path: vendor/bundle
# key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
Expand All @@ -57,7 +58,7 @@ jobs:
- name: Update profile.json in the repository
uses: stefanzweifel/[email protected]
with:
commit_message: "Updating profile.json in the repository"
commit_message: 'Updating profile.json in the repository'
branch: ${{ github.branch }}
- name: Run Kitchen Create
run: bundle exec kitchen create ${{ matrix.suite }}-ubuntu-1804 || true
Expand All @@ -70,12 +71,13 @@ jobs:
- name: Display our ${{ matrix.suite }} results summary
uses: mitre/saf_action@v1
with:
command_string: "view:summary -i spec/results/${{ matrix.suite }}-test-result.json"
command_string: 'view:summary -i spec/results/${{ matrix.suite }}-test-result.json'
- name: Ensure the scan meets our ${{ matrix.suite }} results threshold
uses: mitre/saf_action@v1
with:
command_string: "validate:threshold -i spec/results/${{ matrix.suite }}-test-result.json -F ${{ matrix.suite }}.threshold.yml"
command_string: 'validate:threshold -i spec/results/${{ matrix.suite }}-test-result.json -T ${{ matrix.suite }}.threshold.yml'
- name: Save Test Result JSON
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.suite }}-results
path: spec/results
Loading