Add sequential resources deploy and scan

.github/workflows/auto-test.yml

@@ -3,14 +3,15 @@ on:
   push:
     branches:
       - "feature/auto_policy_testing"
+      - "feature/add_sequential_resources"
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
     inputs:
       resource_priority_list:
         type: string
         description: Priority list for resources (you can remove unnecessary resources during testing)
-        default: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+        default: '[ "sqs", "sns", "defender", "role"]'
         #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
         required: true
 
@@ -24,7 +25,8 @@ env:
   AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
   AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
-  default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+  MAX_PRLL: "1"
+  default_resource_priority_list: '[ "disk", "storage", "defender", "role"]'
   #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
   TF_VAR_project: ${{ secrets.TF_VAR_project }}
   TF_VAR_region: ${{ secrets.AWS_REGION }}
@@ -33,7 +35,7 @@ env:
   TF_CLI_ARGS: "-no-color"
   AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
   RED: '\033[0;31m'
-  ACTIONS_REPO_BRANCH: "main"
+  ACTIONS_REPO_BRANCH: "feature/deploy_scan_sequential_resources"
 
 
 permissions:
@@ -106,6 +108,8 @@ jobs:
     outputs:
       parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.parallel_resources_to_scan }}
       not_parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.not_parallel_resources_to_scan }}
+      sequential_resources_list: ${{ steps.prepare-resource-matrix.outputs.sequential_resources_to_scan }}
+      sequential_resources_length: ${{ steps.prepare-resource-matrix.outputs.sequential_resources_length }}
     steps:
       - name: Git clone the repository
         uses: actions/checkout@v4
@@ -126,7 +130,7 @@ jobs:
     needs: [ deploy_common_resources, prepare_resource_matrix ]
     if: ${{ needs.prepare_resource_matrix.outputs.parallel_resources_list != '[]' }}
     strategy:
-      max-parallel: 10
+      max-parallel: ${{ env.MAX_PRLL }}
       fail-fast: false
       matrix:
         compliance: ['green', 'red']
@@ -187,6 +191,37 @@ jobs:
           COMPLIANCE: ${{ matrix.compliance }}
           PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }}
 
+  deploy_and_scan_sequential_resources:
+    name: Scan S
+    runs-on: ubuntu-22.04
+    needs: [deploy_common_resources, prepare_resource_matrix]
+    if: ${{ needs.prepare_resource_matrix.outputs.sequential_resources_list != '[]' }}
+    strategy:
+      max-parallel: ${{ env.MAX_PRLL }}
+      fail-fast: false
+      matrix:
+        compliance: ['green', 'red']
+        resource: ${{fromJson(needs.prepare_resource_matrix.outputs.sequential_resources_list)}}
+    env:
+      COMPLINCE: ${{ matrix.compliance }}
+      RESOURCE: ${{ matrix.resource }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
+
+    - name: Checkout ecc-actions
+      run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions
+      env:
+        PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }}
+        ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }}
+    - name: Deploy and scan non-parallel resources
+      uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources
+      with:
+        CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }}
+        AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+        COMPLIANCE: ${{ matrix.compliance }}
+        PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }}
+
   # delete_readonly_role_for_scans:
   #   name: Delete readonly role for scans
   #   if: ${{ always() }}
@@ -216,7 +251,7 @@ jobs:
   destroy_common_resources:
     name: Destroy common
     runs-on: ubuntu-22.04
-    needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources]
+    needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources, deploy_and_scan_sequential_resources]
     if: ${{ always() }}
     strategy:
       max-parallel: 10
@@ -240,3 +275,4 @@ jobs:
           CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
           COMPLIANCE: ${{ matrix.compliance }}
+