-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Test full pipeline with dynamic max-parallel jobs
- Loading branch information
Mykhailo
committed
Sep 18, 2024
1 parent
63ccd5d
commit 2eb94ab
Showing
1 changed file
with
113 additions
and
113 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,7 +11,7 @@ on: | |
| resource_priority_list: | ||
| type: string | ||
| description: Priority list for resources (you can remove unnecessary resources during testing) | ||
| default: '[ "sqs", "sns", "defender", "role"]' | ||
| default: '[ "sqs", "sns", "defender", "role", "subscription"]' | ||
| #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' | ||
| required: true | ||
|
|
||
|
|
@@ -25,7 +25,7 @@ env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }} | ||
| default_resource_priority_list: '[ "disk", "storage", "defender", "role"]' | ||
| default_resource_priority_list: '[ "disk", "storage", "defender", "role", "subscription"]' | ||
| #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]' | ||
| TF_VAR_project: ${{ secrets.TF_VAR_project }} | ||
| TF_VAR_region: ${{ secrets.AWS_REGION }} | ||
|
|
@@ -45,32 +45,32 @@ permissions: | |
|
|
||
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
| jobs: | ||
| # deploy_common_resources: | ||
| # name: Deploy common | ||
| # runs-on: ubuntu-22.04 | ||
| # strategy: | ||
| # fail-fast: false | ||
| # matrix: | ||
| # compliance: ["green", "red"] | ||
| # env: | ||
| # COMPLINCE: ${{ matrix.compliance }} | ||
| # RESOURCE: common_resources | ||
| # steps: | ||
| # - name: Git clone the repository | ||
| # uses: actions/checkout@v4 | ||
| deploy_common_resources: | ||
| name: Deploy common | ||
| runs-on: ubuntu-22.04 | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| compliance: ["green", "red"] | ||
| env: | ||
| COMPLINCE: ${{ matrix.compliance }} | ||
| RESOURCE: common_resources | ||
| steps: | ||
| - name: Git clone the repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # - name: Checkout ecc-actions | ||
| # run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| # env: | ||
| # PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| # ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
| - name: Checkout ecc-actions | ||
| run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| env: | ||
| PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
|
|
||
| # - name: Deploy common | ||
| # uses: ./ecc-actions/auto-test-actions/deploy-common-resources | ||
| # with: | ||
| # CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| # AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| # COMPLIANCE: ${{ matrix.compliance }} | ||
| - name: Deploy common | ||
| uses: ./ecc-actions/auto-test-actions/deploy-common-resources | ||
| with: | ||
| CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| COMPLIANCE: ${{ matrix.compliance }} | ||
|
|
||
| # create_readonly_role_for_scans: | ||
| # name: Create readonly role for scans | ||
|
|
@@ -104,7 +104,7 @@ jobs: | |
| prepare_resource_matrix: | ||
| name: Prepare resource matrix | ||
| runs-on: ubuntu-22.04 | ||
| # needs: deploy_common_resources | ||
| needs: deploy_common_resources | ||
| outputs: | ||
| parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.parallel_resources_to_scan }} | ||
| not_parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.not_parallel_resources_to_scan }} | ||
|
|
@@ -124,77 +124,77 @@ jobs: | |
| id: prepare-resource-matrix | ||
| uses: ./ecc-actions/auto-test-actions/prepare-resource-matrix | ||
|
|
||
| # deploy_and_scan_parallel_resources: | ||
| # name: Scan P | ||
| # runs-on: ubuntu-22.04 | ||
| # needs: [ deploy_common_resources, prepare_resource_matrix ] | ||
| # if: ${{ needs.prepare_resource_matrix.outputs.parallel_resources_list != '[]' }} | ||
| # strategy: | ||
| # max-parallel: 10 | ||
| # fail-fast: false | ||
| # matrix: | ||
| # compliance: ['green', 'red'] | ||
| # resource: ${{fromJson(needs.prepare_resource_matrix.outputs.parallel_resources_list)}} | ||
| # env: | ||
| # COMPLINCE: ${{ matrix.compliance }} | ||
| # RESOURCE: ${{ matrix.resource }} | ||
| deploy_and_scan_parallel_resources: | ||
| name: Scan P | ||
| runs-on: ubuntu-22.04 | ||
| needs: [ deploy_common_resources, prepare_resource_matrix ] | ||
| if: ${{ needs.prepare_resource_matrix.outputs.parallel_resources_list != '[]' }} | ||
| strategy: | ||
| max-parallel: 10 | ||
| fail-fast: false | ||
| matrix: | ||
| compliance: ['green', 'red'] | ||
| resource: ${{fromJson(needs.prepare_resource_matrix.outputs.parallel_resources_list)}} | ||
| env: | ||
| COMPLINCE: ${{ matrix.compliance }} | ||
| RESOURCE: ${{ matrix.resource }} | ||
|
|
||
| # steps: | ||
| # - name: Git clone the repository | ||
| # uses: actions/checkout@v4 | ||
| steps: | ||
| - name: Git clone the repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # - name: Checkout ecc-actions | ||
| # run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| # env: | ||
| # PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| # ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
| - name: Checkout ecc-actions | ||
| run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| env: | ||
| PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
|
|
||
| # - name: Deploy and scan parallel resources | ||
| # uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources | ||
| # with: | ||
| # CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| # AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| # COMPLIANCE: ${{ matrix.compliance }} | ||
| # PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} | ||
| - name: Deploy and scan parallel resources | ||
| uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources | ||
| with: | ||
| CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| COMPLIANCE: ${{ matrix.compliance }} | ||
| PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} | ||
|
|
||
|
|
||
| # deploy_and_scan_not_parallel_resources: | ||
| # name: Scan N/P | ||
| # runs-on: ubuntu-22.04 | ||
| # needs: [ deploy_common_resources, prepare_resource_matrix] | ||
| # if: ${{ needs.prepare_resource_matrix.outputs.not_parallel_resources_list != '[]' }} | ||
| # strategy: | ||
| # max-parallel: 1 | ||
| # fail-fast: false | ||
| # matrix: | ||
| # compliance: ['green', 'red'] | ||
| # resource: ${{fromJson(needs.prepare_resource_matrix.outputs.not_parallel_resources_list)}} | ||
| # env: | ||
| # COMPLINCE: ${{ matrix.compliance }} | ||
| # RESOURCE: ${{ matrix.resource }} | ||
| deploy_and_scan_not_parallel_resources: | ||
| name: Scan N/P | ||
| runs-on: ubuntu-22.04 | ||
| needs: [ deploy_common_resources, prepare_resource_matrix] | ||
| if: ${{ needs.prepare_resource_matrix.outputs.not_parallel_resources_list != '[]' }} | ||
| strategy: | ||
| max-parallel: 1 | ||
| fail-fast: false | ||
| matrix: | ||
| compliance: ['green', 'red'] | ||
| resource: ${{fromJson(needs.prepare_resource_matrix.outputs.not_parallel_resources_list)}} | ||
| env: | ||
| COMPLINCE: ${{ matrix.compliance }} | ||
| RESOURCE: ${{ matrix.resource }} | ||
|
|
||
| # steps: | ||
| # - name: Git clone the repository | ||
| # uses: actions/checkout@v4 | ||
| steps: | ||
| - name: Git clone the repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # - name: Checkout ecc-actions | ||
| # run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| # env: | ||
| # PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| # ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
| - name: Checkout ecc-actions | ||
| run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| env: | ||
| PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
|
|
||
| # - name: Deploy and scan non parallel resources | ||
| # uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources | ||
| # with: | ||
| # CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| # AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| # COMPLIANCE: ${{ matrix.compliance }} | ||
| # PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} | ||
| - name: Deploy and scan non parallel resources | ||
| uses: ./ecc-actions/auto-test-actions/deploy-and-scan-resources | ||
| with: | ||
| CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| COMPLIANCE: ${{ matrix.compliance }} | ||
| PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} | ||
|
|
||
| deploy_and_scan_sequential_resources: | ||
| name: Scan S | ||
| runs-on: ubuntu-22.04 | ||
| needs: prepare_resource_matrix # [deploy_common_resources, prepare_resource_matrix] | ||
| needs: [deploy_common_resources, prepare_resource_matrix] | ||
| if: ${{ needs.prepare_resource_matrix.outputs.sequential_resources_list != '[]' }} | ||
| strategy: | ||
| max-parallel: ${{ fromJson(needs.prepare_resource_matrix.outputs.sequential_resources_length) }} | ||
|
|
@@ -251,31 +251,31 @@ jobs: | |
| # env: | ||
| # created_role_name: ${{ needs.create_readonly_role_for_scans.outputs.readonly_role_name }} | ||
|
|
||
| # destroy_common_resources: | ||
| # name: Destroy common | ||
| # runs-on: ubuntu-22.04 | ||
| # needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources, deploy_and_scan_sequential_resources] | ||
| # if: ${{ always() }} | ||
| # strategy: | ||
| # max-parallel: 10 | ||
| # fail-fast: false | ||
| # matrix: | ||
| # compliance: ["green", "red"] | ||
| # env: | ||
| # COMPLINCE: ${{ matrix.compliance }} | ||
| # RESOURCE: common_resources | ||
| # steps: | ||
| # - name: Git clone the repository | ||
| # uses: actions/checkout@v4 | ||
| # - name: Checkout ecc-actions | ||
| # run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| # env: | ||
| # PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| # ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
| # - name: Destroy common resources | ||
| # uses: ./ecc-actions/auto-test-actions/destroy-common-resources | ||
| # with: | ||
| # CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| # AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| # COMPLIANCE: ${{ matrix.compliance }} | ||
| destroy_common_resources: | ||
| name: Destroy common | ||
| runs-on: ubuntu-22.04 | ||
| needs: [deploy_and_scan_not_parallel_resources, deploy_and_scan_parallel_resources, deploy_and_scan_sequential_resources] | ||
| if: ${{ always() }} | ||
| strategy: | ||
| max-parallel: 10 | ||
| fail-fast: false | ||
| matrix: | ||
| compliance: ["green", "red"] | ||
| env: | ||
| COMPLINCE: ${{ matrix.compliance }} | ||
| RESOURCE: common_resources | ||
| steps: | ||
| - name: Git clone the repository | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout ecc-actions | ||
| run: git clone -b $ACTIONS_REPO_BRANCH "https://git:[email protected]/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions | ||
| env: | ||
| PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} | ||
| ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} | ||
| - name: Destroy common resources | ||
| uses: ./ecc-actions/auto-test-actions/destroy-common-resources | ||
| with: | ||
| CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} | ||
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | ||
| COMPLIANCE: ${{ matrix.compliance }} | ||
|
|
||