Skip to content

Add Trend Micro Vision One remediation actions #4028

Add Trend Micro Vision One remediation actions

Add Trend Micro Vision One remediation actions #4028

Workflow file for this run

name: Build Modules
on:
pull_request:
types: [ opened, synchronize, reopened ]
push:
branches:
- main
workflow_dispatch:
env:
REGISTRY: ghcr.io
SECONDARY_REGISTRY: registry.sekoia.io
IMAGE_PREFIX_NAME: sekoia-io
jobs:
find-modules:
name: Find modules in repo
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.list-modules.outputs.matrix }}
steps:
- name: Check-out the repo under $GITHUB_WORKSPACE
uses: actions/checkout@v3
with:
fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }}
- id: list-modules
name: List modules having changed files
run: |
if ${{ github.event_name == 'workflow_dispatch' }}; then
echo "matrix=$(cut -d "/" -f1 <<< "$(ls -a */manifest.json)" | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
exit 0
fi
if ${{ github.event_name == 'pull_request' }}; then
start="HEAD^1"
end="HEAD"
else
start=${{ github.event.before }}
end=${{ github.event.after }}
fi
echo "matrix=$(comm -12 <(cut -d "/" -f1 <<< "$(git diff --name-only -r $start $end)" | sort | uniq) <(cut -d "/" -f1 <<< "$(ls -a */manifest.json)") | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
test:
name: Test module ${{ matrix.module }}
runs-on: ubuntu-latest
needs: find-modules
if: needs.find-modules.outputs.matrix != '[]'
strategy:
matrix:
module: ${{fromJSON(needs.find-modules.outputs.matrix)}}
fail-fast: false
steps:
- name: Check-out the repo under $GITHUB_WORKSPACE
uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v4
id: setup-python
with:
python-version: '3.11'
- name: Install Poetry
run: |
pip install poetry
poetry config virtualenvs.in-project true
- name: Install Dependencies
id: install-dependencies
run: |
poetry install
working-directory: ${{ matrix.module }}
- name: Execute Black
uses: psf/black@stable
with:
options: "--check --verbose"
src: ./"${{ matrix.module }}"
- name: Execute Mypy
run: |
poetry run pip install mypy
mkdir -p .mypy_cache
poetry run mypy --install-types --non-interactive --ignore-missing-imports --show-column-numbers --hide-error-context .
working-directory: "${{ matrix.module }}"
- name: Execute Python tests
id: execute-tests
run: |
poetry run python -m pytest --junit-xml=junit.xml --cov-report term --cov-report xml:coverage.xml --cov . --cov-config pyproject.toml
working-directory: "${{ matrix.module }}"
- name: Upload Event
uses: actions/upload-artifact@v4
with:
name: Event File
path: ${{ github.event_path }}
- name: Upload Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Unit Test Results (${{ matrix.module }})
path: "${{ matrix.module }}/junit.xml"
- name: Code Coverage Flag
run: |
FLAG="${{ matrix.module }}"
FLAG=${FLAG// } # replace spaces
echo FLAG=${FLAG} >> $GITHUB_ENV # update GitHub ENV vars
- name: Code Coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ${{ matrix.module }}/coverage.xml
flags: ${{ env.FLAG }}
fail_ci_if_error: true
build-docker:
name: Build ${{ matrix.module }} docker image
runs-on: ubuntu-latest
needs: find-modules
if: needs.find-modules.outputs.matrix != '[]'
strategy:
matrix:
module: ${{fromJSON(needs.find-modules.outputs.matrix)}}
fail-fast: false
steps:
- name: Check-out the repo under $GITHUB_WORKSPACE
uses: actions/checkout@v3
- name: Read Module Manifest
id: read-module-manifest
run: |
content=`cat "${{ matrix.module }}/manifest.json"`
# the following lines are only required for multi line json
content="${content//$'\n'/''}"
content="${content//$'\r'/''}"
# end of optional handling for multi line json
echo $content
echo "$content"
echo "manifest=$content" >> $GITHUB_OUTPUT
- name: Log in to the Container registry
if: ${{ github.event_name == 'push' }}
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the secondary Container registry
if: ${{ github.event_name == 'push' }}
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.SECONDARY_REGISTRY }}
username: ${{ secrets.SECONDARY_REGISTRY_USERNAME }}
password: ${{ secrets.SECONDARY_REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
if: ${{ github.event_name == 'push' }}
id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX_NAME }}/automation-module-${{fromJson(steps.read-module-manifest.outputs.manifest).slug}}
${{ env.SECONDARY_REGISTRY }}/${{ env.IMAGE_PREFIX_NAME }}/automation-module-${{fromJson(steps.read-module-manifest.outputs.manifest).slug}}
flavor: |
latest=auto
prefix=
suffix=
tags: |
type=pep440,pattern={{version}},value=${{fromJson(steps.read-module-manifest.outputs.manifest).version}}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
push: ${{ github.event_name == 'push' }}
context: ${{ matrix.Module }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
test-gate:
name: Build & Test Gate
runs-on: ubuntu-latest
needs: [find-modules, test, build-docker]
if: always()
steps:
- name: Success
if: ${{ !(contains(needs.*.result, 'failure')) || needs.find-modules.outputs.matrix == '[]' }}
run: exit 0
- name: Failure
if: ${{ contains(needs.*.result, 'failure') && needs.find-modules.outputs.matrix != '[]' }}
run: |
exit 1
deploy-module:
name: Deploy modules
runs-on: ubuntu-latest
needs: [find-modules, build-docker]
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && needs.find-modules.outputs.matrix != '[]' }}
strategy:
matrix:
module: ${{fromJSON(needs.find-modules.outputs.matrix)}}
steps:
- name: my-app-install token
id: my-app
uses: getsentry/action-github-app-token@v1
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v1
with:
token: ${{ steps.my-app.outputs.token }}
event-type: publish-automation-modules
repository: SekoiaLab/platform
client-payload: '{"module": "${{ matrix.module }}"}'