-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat/prowler shared workflow for AWS and GCP #146
Merged
Merged
Changes from 8 commits
Commits
Show all changes
26 commits
Select commit
Hold shift + click to select a range
dc9dcba
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 dd0624b
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 0d2a402
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 5877e98
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 e68432f
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 0e1c5df
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 587db1a
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 918e0ea
feat/prowler shared workflow for AWS and GCP
Bharadwajshivam28 be26f3a
Improvied workflow
Bharadwajshivam28 ad90754
feat:Adding Azure Prowler
Bharadwajshivam28 95aa124
feat:Adding Azure Prowler
Bharadwajshivam28 cbf8c40
feat:Adding Azure Prowler
Bharadwajshivam28 8613ed4
feat: changed auth way in azure
Bharadwajshivam28 ea095d9
feat:changed auth way for azure
Bharadwajshivam28 dc0142c
feat:changed auth way for azure
Bharadwajshivam28 4e08be3
feat:changed auth way for azure
Bharadwajshivam28 492866a
feat:changed auth way for azure
Bharadwajshivam28 e0184a4
feat:changed auth way for azure
Bharadwajshivam28 06f6f80
feat:Readme for Prowler
Bharadwajshivam28 7124c79
Readme for prowler
Bharadwajshivam28 3b7a41c
Readme for prowler
Bharadwajshivam28 5dcb209
added link in text
Bharadwajshivam28 466394d
modified readme
Bharadwajshivam28 ba5f00a
modified readme
Bharadwajshivam28 9cc8c70
feat:Added contributors section in README
Bharadwajshivam28 88d2f05
feat:Changed branch name in README
Bharadwajshivam28 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
--- | ||
name: Prowler Reusable Workflow | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
cloud_provider: | ||
required: true | ||
type: string | ||
description: 'Cloud Provider' | ||
project_id: | ||
required: false | ||
type: string | ||
description: 'Project id for GCP' | ||
aws_region: | ||
required: false | ||
type: string | ||
description: 'AWS Region' | ||
|
||
secrets: | ||
WIP: | ||
required: false | ||
description: 'WIP' | ||
SERVICE_ACCOUNT: | ||
required: false | ||
description: 'GCP service account' | ||
BUILD_ROLE: | ||
required: false | ||
description: 'AWS OIDC role for aws authentication.' | ||
AWS_ACCESS_KEY_ID: | ||
required: false | ||
description: AWS Access Key ID to install AWS CLI. | ||
AWS_SECRET_ACCESS_KEY: | ||
required: false | ||
description: AWS Secret access key to install AWS CLI | ||
AWS_SESSION_TOKEN: | ||
required: false | ||
description: AWS Session Token to install AWS CLI | ||
|
||
jobs: | ||
prowler: | ||
runs-on: macos-latest | ||
|
||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install Homebrew | ||
run: | | ||
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | ||
|
||
- name: Install Prowler | ||
run: | | ||
brew install prowler | ||
|
||
- name: Authenticate with Google Cloud | ||
if: ${{ inputs.cloud_provider == 'gcp' }} | ||
uses: google-github-actions/auth@v1 | ||
with: | ||
token_format: access_token | ||
workload_identity_provider: ${{ secrets.WIP }} | ||
service_account: ${{ secrets.SERVICE_ACCOUNT }} | ||
access_token_lifetime: 300s | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Pass access_token_lifetime value in inputs and set default value |
||
project_id: ${{ inputs.project_id }} | ||
|
||
- name: Install AWS CLI | ||
if: ${{ inputs.cloud_provider == 'aws' }} | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} | ||
role-to-assume: ${{ secrets.BUILD_ROLE }} | ||
aws-region: ${{ inputs.aws_region }} | ||
role-duration-seconds: 900 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Pass value in inputs |
||
role-skip-session-tagging: true | ||
|
||
- name: Run Prowler for GCP | ||
if: ${{ inputs.cloud_provider == 'gcp' }} | ||
id: prowler-gcp | ||
run: | | ||
prowler gcp --project-ids ${{ inputs.project_id }} -o ${{ github.workspace }}/report/ | ||
continue-on-error: true | ||
|
||
- name: Run Prowler for AWS | ||
if: ${{ inputs.cloud_provider == 'aws' }} | ||
id: prowler-aws | ||
run: | | ||
prowler aws -f ${{ inputs.aws_region }} -o ${{ github.workspace }}/report/ | ||
continue-on-error: true | ||
|
||
- name: Upload report directory | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: compliance-report | ||
path: ${{ github.workspace }}/report/ | ||
... |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
give proper description