Skip to main content

GitHub Actions

Aaron LippoldJanuary 5, 2024Less than 1 minute

GitHub Actions

Our profile utilizes GitHub Actions as its primary CI/CD process. The Actions are separated by general business or process functions, allowing for a clear distinction between the workflow stages that we are testing in our workflow.

lint-profile.yml

This action checks out the repository, installs Ruby and InSpec, then runs bundle exec inspec check . to validate the structure and syntax of the InSpec profile and its Ruby code.

verify-ec2.yml

This action performs the following steps:

  1. Checks out the repository.
  2. Installs Ruby, InSpec, AWS CLI, and Test Kitchen along with its drivers.
  3. Sets up the 'runner'.
  4. Configures access to the AWS VPC environment.
  5. Runs the vanilla and hardened test suites.
  6. Displays a summary of the test suite results.
  7. Saves the test suite results.
  8. Uploads the results to our Heimdall Demo server.
  9. Determines the success or failure of the test run based on the validation of the test suite results against the threshold.yml files for each test suite (hardened and vanilla).

verify-container.yml

This action performs similar steps to verify-ec2.yml, but with some differences:

  1. It configures access to the required container registries - Platform One and Red Hat.

verify-vagrant.yml.example

This action is similar to the verify-ec2 workflow, but instead of using a remote AWS EC2 instance in a VPC, it uses a local Vagrant virtual machine as the test target. The user can configure whether to upload the results to our Heimdall Demo server or not by modifing the Github Action.

Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Aaron Lippold