GitHub Actions
GitHub Actions
Our profile utilizes GitHub Actions as its primary CI/CD process. The Actions are separated by general business or process functions, allowing for a clear distinction between the workflow stages that we are testing in our workflow.
lint-profile.yml
This action checks out the repository, installs Ruby and InSpec, then runs bundle exec inspec check .
to validate the structure and syntax of the InSpec profile and its Ruby code.
verify-ec2.yml
This action performs the following steps:
- Checks out the repository.
- Installs Ruby, InSpec, AWS CLI, and Test Kitchen along with its drivers.
- Sets up the 'runner'.
- Configures access to the AWS VPC environment.
- Runs the
vanilla
andhardened
test suites. - Displays a summary of the test suite results.
- Saves the test suite results.
- Uploads the results to our Heimdall Demo server.
- Determines the success or failure of the test run based on the validation of the test suite results against the
threshold.yml
files for each test suite (hardened
andvanilla
).
verify-container.yml
This action performs similar steps to verify-ec2.yml
, but with some differences:
- It configures access to the required container registries - Platform One and Red Hat.
verify-vagrant.yml.example
This action is similar to the verify-ec2
workflow, but instead of using a remote AWS EC2 instance in a VPC, it uses a local Vagrant virtual machine as the test target. The user can configure whether to upload the results to our Heimdall Demo server or not by modifing the Github Action.