From 6438e895876d6b3c659b173d007cb4e0220696ab Mon Sep 17 00:00:00 2001 From: Mykhailo Date: Wed, 18 Sep 2024 23:50:09 +0300 Subject: [PATCH] Approach 3: test with old deploy and scan resources comp action --- .github/workflows/auto-test.yml | 71 ++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml index 33586cb..60eafcb 100644 --- a/.github/workflows/auto-test.yml +++ b/.github/workflows/auto-test.yml @@ -45,32 +45,32 @@ permissions: # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: - deploy_common_resources: - name: Deploy common - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - compliance: ["green", "red"] - env: - COMPLINCE: ${{ matrix.compliance }} - RESOURCE: common_resources - steps: - - name: Git clone the repository - uses: actions/checkout@v4 + # deploy_common_resources: + # name: Deploy common + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # matrix: + # compliance: ["green", "red"] + # env: + # COMPLINCE: ${{ matrix.compliance }} + # RESOURCE: common_resources + # steps: + # - name: Git clone the repository + # uses: actions/checkout@v4 - - name: Checkout ecc-actions - run: git clone -b $ACTIONS_REPO_BRANCH "https://git:$PROJECT_TOKEN@git.epam.com/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions - env: - PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} - ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} + # - name: Checkout ecc-actions + # run: git clone -b $ACTIONS_REPO_BRANCH "https://git:$PROJECT_TOKEN@git.epam.com/epmc-sec/cloudlab/cloud_custodian/ecc-actions.git" ecc-actions + # env: + # PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} + # ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} - - name: Deploy common - uses: ./ecc-actions/auto-test-actions/deploy-common-resources - with: - CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} - AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - COMPLIANCE: ${{ matrix.compliance }} + # - name: Deploy common + # uses: ./ecc-actions/auto-test-actions/deploy-common-resources + # with: + # CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} + # AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + # COMPLIANCE: ${{ matrix.compliance }} # create_readonly_role_for_scans: # name: Create readonly role for scans @@ -104,7 +104,7 @@ jobs: prepare_resource_matrix: name: Prepare resource matrix runs-on: ubuntu-22.04 - needs: deploy_common_resources + # needs: deploy_common_resources outputs: parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.parallel_resources_to_scan }} not_parallel_resources_list: ${{ steps.prepare-resource-matrix.outputs.not_parallel_resources_to_scan }} @@ -194,7 +194,7 @@ jobs: deploy_and_scan_sequential_resources: name: Scan S runs-on: ubuntu-22.04 - needs: [deploy_common_resources, prepare_resource_matrix] + needs: [ prepare_resource_matrix] #deploy_common_resources, if: ${{ needs.prepare_resource_matrix.outputs.sequential_resources_list != '[]' }} strategy: fail-fast: false @@ -211,13 +211,30 @@ jobs: env: PROJECT_TOKEN: ${{ secrets.ECC_CHANGELOG_ACTION }} ACTIONS_REPO_BRANCH: ${{ env.ACTIONS_REPO_BRANCH }} - - name: Deploy and scan non-parallel resources + + - name: Deploy and scan non-parallel resource (green) + uses: ./ecc-actions/auto-test-actions/deploy-and-scan-sequential-resources + env: + COMPLINCE: "green" + with: + CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + COMPLIANCE: "green" + PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} + + - name: Deploy and scan non-parallel resource (red) uses: ./ecc-actions/auto-test-actions/deploy-and-scan-sequential-resources + env: + COMPLINCE: "red" with: CI_ASSUME_ROLE: ${{ secrets.CI_ASSUME_ROLE }} AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + COMPLIANCE: "red" PROJECT_TOKEN: ${{ secrets.CLOUDCUSTODIAN_CORE }} + + + # delete_readonly_role_for_scans: # name: Delete readonly role for scans # if: ${{ always() }}