skip: update CI 16 #16

Workflow file for this run

.github/workflows/auto-test.yml at f21ea63

	# This is a basic workflow to help you get started with Actions
	name: Auto-testing

	# Controls when the workflow will run
	on:
	# Triggers the workflow on push or pull request events but only for the "main" branch
	push:
	branches:
	- 'feature/auto_policy_testing'

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	inputs:
	resource_priority_list:
	type: string
	description: Priority list for resources (you can remove unnecessary resources during testing)
	default: '["storage"]'
	required: true

	# limits to only one workflow in time
	concurrency:
	group: ${{ github.workflow }}

	env:
	AUTO_TEST_DIR: "auto_policy_testing"
	AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
	default_resource_priority_list: '["storage"]'
	TF_VAR_project: ${{ secrets.TF_VAR_project }}
	TF_VAR_region: ${{ secrets.AWS_REGION }}
	TF_VAR_zone: ${{ secrets.TF_VAR_zone }}
	TF_BACKEND_STORAGE_NAME: ${{ secrets.TF_BACKEND_STORAGE_NAME }}
	TF_CLI_ARGS: "-no-color"
	AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}


	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout


	# A workflow run is made up of one or more jobs that can run sequentially or in parallel
	jobs:
	deploy_common_resources:
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	compliance: ['green', 'red']

	env:
	COMPLINCE: ${{ matrix.compliance }}
	RESOURCE: common_resources

	steps:
	- name: Git clone the repository
	uses: actions/checkout@v4
	- uses: ./.github/workflows/actions/set-up-cloud-creds
	with:
	aws_assume_role: ${{ secrets.CI_ASSUME_ROLE }}
	step: common_${{ matrix.compliance }}
	client_id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Clean old S3 logs
	shell: bash
	run: \|
	cloud=$(echo "${{ github.repository }}" \| cut -d'-' -f 2)
	aws s3 rm s3://$TF_BACKEND_STORAGE_NAME/$cloud/logs --recursive
	aws s3 rm s3://$TF_BACKEND_STORAGE_NAME/$cloud/policy_output --recursive

	- name: Deploy common resources
	uses: ./.github/workflows/actions/tf-init-apply

	- uses: ./.github/workflows/actions/publish-logs-to-s3
	if: ${{ always() }}
	with:
	local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/logs"
	remote_path: "logs"

	prepare_matrix_resources:
	runs-on: ubuntu-22.04
	needs: [ deploy_common_resources ]
	outputs:
	parallel_resources_list: ${{ steps.pass-resource-priority-list-to-matrix.outputs.parallel_resources_to_scan }}
	not_parallel_resources_list: ${{ steps.pass-resource-priority-list-to-matrix.outputs.not_parallel_resources_to_scan }}
	steps:
	- name: Git clone the repository
	uses: actions/checkout@v4
	- id: pass-resource-priority-list-to-matrix
	shell: bash
	working-directory: ${{ env.AUTO_TEST_DIR }}/scripts
	run: \|
	if [ "${{ inputs.resource_priority_list }}" != '' ]; then
	resource_priority_list="${{ inputs.resource_priority_list }}"
	else
	resource_priority_list="$default_resource_priority_list"
	fi

	cloud=$(echo "${{ github.repository }}" \| cut -d'-' -f 2)
	not_parallel_resources="$(python -c "import exception_rules; print(exception_rules.$cloud.get('not-parallel',[]))")"
	source resources_to_scan.sh
	parallel_resources_to_scan="$(get_parallel_resources_to_scan "$not_parallel_resources" "$resource_priority_list")"
	not_parallel_resources_to_scan="$(get_not_parallel_resources_to_scan "$not_parallel_resources" "$resource_priority_list")"

	echo "parallel_resources_to_scan=$parallel_resources_to_scan"
	echo "not_parallel_resources_to_scan=$not_parallel_resources_to_scan"

	echo "parallel_resources_to_scan=$parallel_resources_to_scan" >> "$GITHUB_OUTPUT"
	echo "not_parallel_resources_to_scan=$not_parallel_resources_to_scan" >> "$GITHUB_OUTPUT"

	deploy_and_scan_parallel_resources:
	runs-on: ubuntu-22.04
	needs: [ deploy_common_resources, prepare_matrix_resources]
	strategy:
	max-parallel: 10
	fail-fast: false
	matrix:
	compliance: ['green', 'red']
	resource: ${{fromJson(needs.prepare_matrix_resources.outputs.parallel_resources_list)}}
	env:
	COMPLINCE: ${{ matrix.compliance }}
	RESOURCE: ${{ matrix.resource }}
	TF_VAR_remote_state_key: "azure/states/common_resources/${{ matrix.compliance }}.tfstate"

	steps:
	- name: Git clone the repository
	uses: actions/checkout@v4

	- uses: ./.github/workflows/actions/set-up-cloud-creds
	with:
	aws_assume_role: ${{ secrets.CI_ASSUME_ROLE }}
	service_account: ${{ secrets.SERVICE_ACCOUNT }}
	workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
	step: common_${{ matrix.compliance }}
	- uses: ./.github/workflows/actions/install-dependencies

	- name: Deploy terraform resources
	uses: ./.github/workflows/actions/tf-init-apply

	- name: Custodian scan
	uses: ./.github/workflows/actions/c7n-scan

	- name: Destroy terraform resources
	uses: ./.github/workflows/actions/tf-destroy
	if: ${{ always() }}

	- uses: ./.github/workflows/actions/publish-logs-to-s3
	if: ${{ always() }}
	with:
	local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/logs"
	remote_path: "logs"
	- uses: ./.github/workflows/actions/publish-logs-to-s3
	if: ${{ always() }}
	with:
	local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/output"
	remote_path: "policy_output/${{ matrix.compliance }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

skip: update CI 16 #16

Workflow file

skip: update CI 16 #16

Jobs

Run details

Workflow file for this run