Skip to content

Commit

Permalink
skip: Merge pull request #106 from epam/feature/add_sequential_resources
Browse files Browse the repository at this point in the history
Add deploy and scan sequential resources
  • Loading branch information
anna-shcherbak authored Sep 19, 2024
2 parents 3a714d6 + 58c2031 commit dd180a5
Showing 1 changed file with 48 additions and 3 deletions.
51 changes: 48 additions & 3 deletions .github/workflows/auto-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on:
resource_priority_list:
type: string
description: Priority list for resources (you can remove unnecessary resources during testing)
default: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
default: '["disk"]'
#'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
required: true

Expand All @@ -24,7 +24,7 @@ env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
default_resource_priority_list: '["disk"]'
#default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
TF_VAR_project: ${{ secrets.TF_VAR_project }}
TF_VAR_region: ${{ secrets.AWS_REGION }}
Expand Down Expand Up @@ -106,6 +106,8 @@ jobs:
outputs:
parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.parallel_resources_to_scan }}
not_parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.not_parallel_resources_to_scan }}
sequential_resources_list: ${{ steps.prepare-resource-matrix.outputs.sequential_resources_to_scan }}
sequential_resources_length: ${{ steps.prepare-resource-matrix.outputs.sequential_resources_length }}
steps:
- name: Git clone the repository
uses: actions/checkout@v4
Expand Down Expand Up @@ -187,6 +189,48 @@ jobs:
COMPLIANCE: ${{ matrix.compliance }}
PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }}

deploy_and_scan_sequential_resources:
name: Scan S
runs-on: ubuntu-22.04
needs: [deploy_common_resources, prepare_resource_matrix]
if: ${{ needs.prepare_resource_matrix.outputs.sequential_resources_list != '[]' }}
strategy:
fail-fast: false
matrix:
resource: ${{fromJson(needs.prepare_resource_matrix.outputs.sequential_resources_list)}}
env:
RESOURCE: ${{ matrix.resource }}
steps:
- name: Git clone the repository
uses: actions/checkout@v4

- name: Checkout ecc-actions
run: git clone -b $ACTIONS_REPO_BRANCH "https://git:$PROJECT_TOKEN@git.epam.com/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions
env:
PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }}
ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }}

- name: Deploy and scan non-parallel resource (green)
uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources
env:
COMPLINCE: "green"
with:
CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
COMPLIANCE: "green"
PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }}

- name: Deploy and scan non-parallel resource (red)
uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources
env:
COMPLINCE: "red"
if: always()
with:
CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
COMPLIANCE: "red"
PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }}

# delete_readonly_role_for_scans:
# name: Delete readonly role for scans
# if: ${{ always() }}
Expand Down Expand Up @@ -216,7 +260,7 @@ jobs:
destroy_common_resources:
name: Destroy common
runs-on: ubuntu-22.04
needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources]
needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources, deploy_and_scan_sequential_resources]
if: ${{ always() }}
strategy:
max-parallel: 10
Expand All @@ -240,3 +284,4 @@ jobs:
CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }}
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
COMPLIANCE: ${{ matrix.compliance }}

0 comments on commit dd180a5

Please sign in to comment.