Delete .github/workflows/verify-vagrant.yml.example #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: EC2 Testing Matrix | |
| on: | |
| push: | |
| branches-ignore: | |
| - none | |
| pull_request: | |
| jobs: | |
| validate: | |
| name: Validate my profile | |
| runs-on: ubuntu-latest | |
| env: | |
| CHEF_LICENSE: accept-silent | |
| CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }} | |
| KITCHEN_LOCAL_YAML: kitchen.ec2.yml | |
| PLATFORM: "ubuntu-18.04" | |
| LC_ALL: "en_US.UTF-8" | |
| strategy: | |
| matrix: | |
| suite: ["vanilla", "hardened"] | |
| fail-fast: false | |
| steps: | |
| - name: add needed packages | |
| run: sudo apt-get install -y jq | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.SAF_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.SAF_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Clone full repository so we can push | |
| run: git fetch --prune --unshallow | |
| - name: Set short git commit SHA | |
| id: vars | |
| run: | | |
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | |
| echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV | |
| - name: Confirm git commit SHA output | |
| run: echo ${{ env.COMMIT_SHORT_SHA }} | |
| - name: Get commit message | |
| id: commit | |
| run: echo "::set-output name=message::$(git log --format=%B -n 1 ${{ github.sha }})" | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: "3.1" | |
| - name: Disable ri and rdoc | |
| run: 'echo "gem: --no-ri --no-rdoc" >> ~/.gemrc' | |
| - name: Run Bundle Install | |
| run: bundle install | |
| - name: Installed Inspec | |
| run: bundle exec inspec version | |
| - name: Vendor the Profile | |
| run: bundle exec inspec vendor . --overwrite | |
| - name: Run kitchen test | |
| continue-on-error: true | |
| run: bundle exec kitchen test --destroy=always ${{ matrix.suite }}-ubuntu-1804 | |
| - name: Save our ${{ matrix.suite }} results summary | |
| continue-on-error: true | |
| uses: mitre/[email protected] | |
| with: | |
| command_string: "view summary -j -i spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}.json -o spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}-data.json" | |
| - name: Save Test Result JSON | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ github.workflow }}-${{ env.COMMIT_SHORT_SHA }}-results | |
| path: spec/results/ | |
| - name: Upload ${{ matrix.suite }} to Heimdall | |
| continue-on-error: true | |
| run: | | |
| curl -# -s -F data=@spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}.json -F "filename=${{ env.COMMIT_SHORT_SHA }}-${{ env.PLATFORM }}_${{ matrix.suite }}" -F "public=true" -F "evaluationTags=${{ env.COMMIT_SHORT_SHA }},${{ github.repository }},${{ github.workflow }}" -H "Authorization: Api-Key ${{ secrets.HEIMDALL_UPLOAD_GROUP_KEY }}" "${{ vars.SAF_HEIMDALL_URL }}/evaluations" | |
| - name: Display our ${{ matrix.suite }} results summary | |
| uses: mitre/[email protected] | |
| with: | |
| command_string: "view summary -i spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}.json" | |
| - name: Generate Markdown Summary | |
| continue-on-error: true | |
| id: generate-summary | |
| run: | | |
| cat spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}-data.json | python markdown-summary.py > spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}-markdown-summary.md | |
| cat spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}-markdown-summary.md >> $GITHUB_STEP_SUMMARY | |
| - name: Ensure the scan meets our ${{ matrix.suite }} results threshold | |
| if: ${{ !contains(steps.commit.outputs.message, 'only-validate-profile') }} | |
| uses: mitre/[email protected] | |
| with: | |
| command_string: "validate threshold -i spec/results/${{ env.PLATFORM }}_${{ matrix.suite }}.json -F ${{ matrix.suite }}.threshold.yml" |