feat/prowler shared workflow for AWS and GCP

.github/workflows/prowler.yml

@@ -0,0 +1,97 @@
+---
+name: Prowler Reusable Workflow
+
+on:
+  workflow_call:
+    inputs:
+      cloud_provider:
+        required: true
+        type: string
+        description: 'Cloud Provider'
+      project_id:
+        required: false
+        type: string
+        description: 'Project id for GCP'
+      aws_region:
+        required: false
+        type: string
+        description: 'AWS Region'
+
+    secrets:
+      WIP:
+        required: false
+        description: 'WIP'
+      SERVICE_ACCOUNT:
+        required: false
+        description: 'GCP service account'
+      BUILD_ROLE:
+        required: false
+        description: 'AWS OIDC role for aws authentication.'
+      AWS_ACCESS_KEY_ID:
+        required: false
+        description: AWS Access Key ID to install AWS CLI.
+      AWS_SECRET_ACCESS_KEY:
+        required: false
+        description: AWS Secret access key to install AWS CLI
+      AWS_SESSION_TOKEN:
+        required: false
+        description: AWS Session Token to install AWS CLI
+
+jobs:
+  prowler:
+    runs-on: macos-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Install Homebrew
+        run: |
+          /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+
+      - name: Install Prowler
+        run: |
+          brew install prowler
+
+      - name: Authenticate with Google Cloud
+        if: ${{ inputs.cloud_provider == 'gcp' }}
+        uses: google-github-actions/auth@v1
+        with:
+          token_format: access_token
+          workload_identity_provider: ${{ secrets.WIP }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+          access_token_lifetime: 300s
+          project_id: ${{ inputs.project_id }}
+
+      - name: Install AWS CLI
+        if: ${{ inputs.cloud_provider == 'aws' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          role-to-assume: ${{ secrets.BUILD_ROLE }}
+          aws-region: ${{ inputs.aws_region }}
+          role-duration-seconds: 900
+          role-skip-session-tagging: true
+
+      - name: Run Prowler for GCP
+        if: ${{ inputs.cloud_provider == 'gcp' }}
+        id: prowler-gcp
+        run: |
+          prowler gcp --project-ids ${{ inputs.project_id }} -o ${{ github.workspace }}/report/
+        continue-on-error: true
+
+      - name: Run Prowler for AWS
+        if: ${{ inputs.cloud_provider == 'aws' }}
+        id: prowler-aws
+        run: |
+          prowler aws -f ${{ inputs.aws_region }} -o ${{ github.workspace }}/report/
+        continue-on-error: true
+
+      - name: Upload report directory
+        uses: actions/upload-artifact@v3
+        with:
+          name: compliance-report
+          path: ${{ github.workspace }}/report/
+...