Skip to content

Commit

Permalink
update actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@gurevichdmitry
gurevichdmitry committed Nov 7, 2024
1 parent 886f42e commit d58c1f2
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 103 deletions.
48 changes: 0 additions & 48 deletions .github/actions/cdr/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,6 @@ inputs:
default: "eu-west-1"
required: false
type: string
azure-location:
description: "Azure location"
default: "East US"
required: false
type: string
gcp-project-id:
description: "GCP project ID"
default: "default"
Expand All @@ -30,26 +25,6 @@ inputs:
default: "default"
required: false
type: string
deploy-az-vm:
description: "Deploy Azure VM resources"
default: true
required: false
type: boolean
deploy-gcp-vm:
description: "Deploy GCP VM resources"
default: true
required: false
type: boolean
deploy-aws-ec2:
description: "Deploy AWS EC2 resources"
default: true
required: false
type: boolean
deploy-aws-asset-inventory:
description: "Deploy AWS Asset Inventory EC2 resources"
default: true
required: false
type: boolean
aws-cloudtrail-s3-bucket:
description: "AWS Cloudtrail S3 bucket"
default: "default"
Expand Down Expand Up @@ -90,21 +65,6 @@ inputs:
default: "Key=division,Value=engineering"
required: false
type: string
tag-division:
description: "Optional division resource tag"
default: "engineering"
required: false
type: string
tag-org:
description: "Optional org resource tag"
default: "security"
required: false
type: string
tag-team:
description: "Optional team resource tag"
default: "cloud-security-posture"
required: false
type: string
tag-project:
description: "Optional project resource tag"
default: "test-environments"
Expand All @@ -124,16 +84,8 @@ runs:
env:
TF_VAR_deployment_name: ${{ inputs.deployment-name }}
TF_VAR_region: ${{ inputs.aws-region }}
TF_VAR_location: ${{ inputs.azure-location }}
TF_VAR_gcp_project_id: ${{ inputs.gcp-project-id }}
TF_VAR_gcp_service_account_json: ${{ inputs.gcp-service-account-json }}
TF_VAR_deploy_az_vm: ${{ inputs.deploy-az-vm }}
TF_VAR_deploy_gcp_vm: ${{ inputs.deploy-gcp-vm }}
TF_VAR_deploy_aws_ec2: ${{ inputs.deploy-aws-ec2 }}
TF_VAR_deploy_aws_asset_inventory: ${{ inputs.deploy-aws-asset-inventory }}
TF_VAR_division: ${{ inputs.tag-division }}
TF_VAR_org: ${{ inputs.tag-org }}
TF_VAR_team: ${{ inputs.tag-team }}
TF_VAR_project: ${{ inputs.tag-project }}
TF_VAR_owner: ${{ inputs.tag-owner }}
shell: bash
Expand Down
13 changes: 1 addition & 12 deletions .github/actions/cis/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,9 @@ inputs:
type: string
aws-region:
description: "AWS region"
default: "eu-west-1"
required: false
default: "eu-west-1"
type: string
deploy-aws-kspm:
description: "Deploy AWS KSPM EC2 resources"
type: boolean
default: true
deploy-aws-cspm:
description: "Deploy AWS CSPM EC2 resources"
type: boolean
default: true
cnvm-stack-name:
description: "CNVM CloudFormation stack name"
required: true
Expand Down Expand Up @@ -80,9 +72,6 @@ runs:
id: deploy-cis-infra
env:
TF_VAR_deployment_name: ${{ inputs.deployment-name }}
TF_VAR_region: ${{ inputs.aws-region }}
TF_VAR_deploy_aws_kspm: ${{ inputs.deploy-aws-kspm }}
TF_VAR_deploy_aws_cspm: ${{ inputs.deploy-aws-cspm }}
TF_VAR_project: ${{ inputs.tag-project }}
TF_VAR_owner: ${{ inputs.tag-owner }}
shell: bash
Expand Down
46 changes: 11 additions & 35 deletions .github/actions/elk-stack/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,35 +29,9 @@ inputs:
description: "Optional Docker image version to override the default stack image. Accepts formats like 8.x.y, 8.x.y-hash, or 8.x.y-SNAPSHOT."
type: string
required: false
deployment-template:
description: "Optional deployment template. Defaults to the CPU optimized template for GCP"
default: "gcp-general-purpose"
required: false
type: string
elasticsearch-size:
description: "Optional Elasticsearch instance size"
default: "8g"
required: false
type: string
elasticsearch-zone-count:
description: "Optional Elasticsearch zone count"
default: 2
required: false
type: number
tag-division:
description: "Optional division resource tag"
default: "engineering"
required: false
type: string
tag-org:
description: "Optional org resource tag"
default: "security"
required: false
type: string
tag-team:
description: "Optional team resource tag"
default: "cloud-security-posture"
required: false
env-s3-bucket:
description: "S3 bucket"
required: true
type: string
tag-project:
description: "Optional project resource tag"
Expand Down Expand Up @@ -101,12 +75,6 @@ runs:
TF_VAR_ess_region: ${{ inputs.ess-region }}
TF_VAR_pin_version: ${{ inputs.docker-image-version-override }}
TF_VAR_ec_api_key: ${{ inputs.ec-api-key }}
TF_VAR_deployment_template: ${{ inputs.deployment-template }}
TF_VAR_elasticsearch_size: ${{ inputs.elasticsearch-size }}
TF_VAR_elasticsearch_zone_count: ${{ inputs.elasticsearch-zone-count }}
TF_VAR_division: ${{ inputs.tag-division }}
TF_VAR_org: ${{ inputs.tag-org }}
TF_VAR_team: ${{ inputs.tag-team }}
TF_VAR_project: ${{ inputs.tag-project }}
TF_VAR_owner: ${{ inputs.tag-owner }}
shell: bash
Expand Down Expand Up @@ -147,3 +115,11 @@ runs:
test_es_url="https://${ES_USER}:${ES_PASSWORD}@${es_url_stripped}"
echo "::add-mask::${test_es_url}"
echo "test-es-url=${test_es_url}" >> "$GITHUB_OUTPUT"
- name: Upload tf state
id: upload-state-elk
working-directory: deploy/test-environments
env:
S3_BUCKET: "${{ inputs.env-s3-bucket }}"
run: |
./manage_infrastructure.sh "elk-stack" "upload-state"
13 changes: 5 additions & 8 deletions .github/workflows/test-environment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,17 +278,17 @@ jobs:
ess-region: ${{ env.TF_VAR_ess_region }}
ec-api-key: ${{ env.TF_VAR_ec_api_key }}
docker-image-version-override: ${{ env.TF_VAR_pin_version }}
env-s3-bucket: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
tag-project: ${{ github.actor }}
tag-owner: ${{ github.actor }}

- name: Upload tf state
- name: Upload environment info
id: upload-state
if: always()
env:
S3_BUCKET: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
EXPIRATION_DAYS: ${{ inputs.expiration_days }}
run: |
./manage_infrastructure.sh "elk-stack" "upload-state"
echo "s3-bucket-folder=${S3_BUCKET}" >> $GITHUB_OUTPUT
echo "aws-cnvm-stack=${CNVM_STACK_NAME}" >> $GITHUB_OUTPUT
python3 ../../.ci/scripts/create_env_config.py
Expand Down Expand Up @@ -318,13 +318,8 @@ jobs:
with:
deployment-name: ${{ env.DEPLOYMENT_NAME }}
aws-region: ${{ env.AWS_REGION }}
azure-location: "East US"
gcp-project-id: ${{ env.GCP_PROJECT }}
gcp-service-account-json: ${{ secrets.GCP_AGENT_CREDENTIALS }}
deploy-az-vm: true
deploy-gcp-vm: true
deploy-aws-ec2: true
deploy-aws-asset-inventory: true
aws-cloudtrail-s3-bucket: ${{ secrets.CLOUDTRAIL_S3 }}
azure-eventhub-connection-string: ${{ secrets.AZURE_EVENTHUB_CONNECTION_STRING }}
azure-storage-account-key: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
Expand All @@ -342,13 +337,15 @@ jobs:
uses: ./.github/actions/cis
with:
deployment-name: ${{ env.DEPLOYMENT_NAME }}
aws-region: ${{ env.AWS_REGION }}
cnvm-stack-name: ${{ env.CNVM_STACK_NAME }}
gcp-zone: ${{ env.GCP_ZONE }}
cspm-azure-creds: ${{ secrets.AZURE_CREDENTIALS }}
cspm-azure-tags: ${{ env.AZURE_DEFAULT_TAGS }}
stack-enrollment-token: ${{ env.ENROLLMENT_TOKEN }}
env-s3-bucket: "${{ env.S3_BASE_BUCKET }}/${{ env.DEPLOYMENT_NAME }}_${{ env.TF_STATE_FOLDER }}"
es-user: ${{ steps.elk-stack.outputs.es-user }}
es-password: ${{ steps.elk-stack.outputs.es-password }}
kibana-url: ${{ steps.elk-stack.outputs.kibana-url }}
test-agentless: ${{ env.TEST_AGENTLESS }}
tag-project: ${{ github.actor }}
tag-owner: ${{ github.actor }}
Expand Down

0 comments on commit d58c1f2

Please sign in to comment.