skip: update CI 22

epam · Jun 19, 2024 · 0da46e6 · 0da46e6
1 parent e04d4fe
commit 0da46e6
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 4 deletions.
diff --git a/.github/workflows/actions/tf-destroy/action.yml b/.github/workflows/actions/tf-destroy/action.yml
@@ -0,0 +1,28 @@
+name: "Destroy terraform infra"
+description: "Destroy terraform infra"
+
+runs:
+  using: "composite"
+  steps: 
+    - name: Destroy terraform infra
+      shell: bash
+      working-directory: ${{ env.AUTO_TEST_DIR }}
+      run: |
+        mkdir -p logs/$RESOURCE
+        cd $COMPLINCE
+        cd $RESOURCE
+
+        echo "Terraform Init..."
+        if [ ${{ github.repository }} == 'epam/ecc-aws-rulepack' ]; then
+          echo 'DONE'
+        elif [ ${{ github.repository }} == 'epam/ecc-gcp-rulepack' ]; then
+          echo 'TO DO'
+        elif [ ${{ github.repository }} == 'epam/ecc-azure-rulepack' ]; then
+          export TF_VAR_remote_state_region=$AWS_DEFAULT_REGION
+          export TF_VAR_remote_state_bucket=$TF_BACKEND_STORAGE_NAME
+          terraform init -backend-config="bucket=$TF_BACKEND_STORAGE_NAME" -backend-config="key=azure/states/${RESOURCE}/${COMPLINCE}.tfstate"  -backend-config="region=$AWS_DEFAULT_REGION"
+        fi
+        echo "Terraform Destroy..."
+        terraform destroy -auto-approve &> "${{ github.workspace }}/${AUTO_TEST_DIR}/logs/${RESOURCE}/${COMPLINCE}_down.txt"
+        echo "Terraform State List..."
+        terraform state list
diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml
@@ -159,3 +159,52 @@ jobs:
         with:
           local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/output"
           remote_path: "policy_output/${{ matrix.compliance }}"
+
+  deploy_and_scan_not_parallel_resources:
+    runs-on: ubuntu-22.04
+    needs: [ deploy_common_resources, prepare_matrix_resources]
+    if: ${{ needs.prepare_matrix_resources.outputs.not_parallel_resources_list != '[]' }}
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        compliance: ['green', 'red']
+        resource: ${{fromJson(needs.prepare_matrix_resources.outputs.not_parallel_resources_list)}}
+    env:
+      COMPLINCE: ${{ matrix.compliance }}
+      RESOURCE: ${{ matrix.resource }}
+      TF_VAR_remote_state_key: "aws/states/common_resources/${{ matrix.compliance }}.tfstate"
+
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v4
+
+      - uses: ./.github/workflows/actions/set-up-cloud-creds
+        with:
+          aws_assume_role: ${{ secrets.CI_ASSUME_ROLE }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          step: common_${{ matrix.compliance }}
+      - uses: ./.github/workflows/actions/install-dependencies
+
+      - name: Deploy terraform resources
+        uses: ./.github/workflows/actions/tf-init-apply
+
+      - name: Custodian scan
+        uses: ./.github/workflows/actions/c7n-scan
+
+      - name: Destroy terraform resources
+        uses: ./.github/workflows/actions/tf-destroy
+        if: ${{ always() }}
+
+      - uses: ./.github/workflows/actions/publish-logs-to-s3
+        if: ${{ always() }}
+        with:
+          local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/logs"
+          remote_path: "logs"
+      - uses: ./.github/workflows/actions/publish-logs-to-s3
+        if: ${{ always() }}
+        with:
+          local_path: "${{ github.workspace }}/${{ env.AUTO_TEST_DIR }}/output"
+          remote_path: "policy_output/${{ matrix.compliance }}"
diff --git a/auto_policy_testing/green/common_resources/random_int.tf b/auto_policy_testing/green/common_resources/random_int.tf
@@ -1,4 +1,4 @@
 resource "random_integer" "this" {
   min = 1
-  max = 98
+  max = 99
 }
diff --git a/auto_policy_testing/red/common_resources/random_int.tf b/auto_policy_testing/red/common_resources/random_int.tf
@@ -1,4 +1,4 @@
 resource "random_integer" "this" {
   min = 1
-  max = 98
+  max = 99
 }
diff --git a/auto_policy_testing/scripts/main.py b/auto_policy_testing/scripts/main.py
@@ -34,12 +34,14 @@ def main():
         if not args.sa:
             print('Please use --sa param for AWS to set IAM role for Custodian scans')
             sys.exit(1)
-        session_policy_path = os.path.join(args.auto_test_dir, 'iam', args.resource + '.json')
+        session_policy_path = os.path.join(args.auto_test_dir, args.resource + '.json')
         if not os.path.exists(session_policy_path):
             print(f"Missing IAM policy for {args.resource} in {session_policy_path}")
             sys.exit(1)
     if args.cloud == "gcp":
         sa = args.sa
+    if args.cloud == "azure":
+        session_policy_path = os.path.join(args.auto_test_dir, 'iam', args.resource + '.json')
 
     path = os.path.join(RULEPACK_TESTING_PATH, args.infra_color, args.resource)
 

diff --git a/auto_policy_testing/scripts/requirements.txt b/auto_policy_testing/scripts/requirements.txt
@@ -5,4 +5,4 @@ requests
 botocore
 python-dateutil
 c7n @ git+https://github.com/cloud-custodian/cloud-custodian@main
-c7n-azure
+c7n-azure @ git+https://github.com/cloud-custodian/cloud-custodian@main