Skip to main content

23. GitHub Actions

Aaron LippoldJanuary 5, 2024Less than 1 minute

GitHub Actions

Our profile utilizes GitHub Actions as its primary CI/CD process. The Actions are separated by general business or process functions, allowing for a clear distinction between the workflow stages that we are testing.

lint-profile.yml

This action checks out the repository, installs Ruby and InSpec, then runs bundle exec inspec check . to validate the structure and syntax of the InSpec profile and its Ruby code.

verify-ec2.yml

This action performs the following steps:

  1. Checks out the repository.
  2. Installs Ruby, InSpec, AWS CLI, and Test Kitchen along with its drivers.
  3. Sets up the 'runner'.
  4. Configures access to the AWS VPC environment.
  5. Runs the vanilla and hardened test suites.
  6. Displays a summary of the test suite results.
  7. Saves the test suite results.
  8. Uploads the results to our Heimdall Demo server.
  9. Determines the success or failure of the test run based on the validation of the test suite results against the threshold.yml files for each test suite (hardened and vanilla).

verify-container.yml

This action performs similar steps to verify-ec2.yml, with a key additional step of configuring access to the required container registries - Platform One and Red Hat.

Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Aaron Lippold