Skip to content

added chef lisense key for testing #28

added chef lisense key for testing

added chef lisense key for testing #28

Workflow file for this run

name: Test the Profile
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
my-job:
name: Test the Profile
runs-on: ubuntu-latest
env:
CHEF_LICENSE: accept-silent
CHEF_LICENSE_KEY: ${{ secrets.SAF_CHEF_LICENSE_KEY }}
steps:
- name: add needed packages
run: sudo apt-get install -y jq
- name: Configure AWS credentials
env:
AWS_SG_ID: ${{ secrets.AWS_SG_ID }}
AWS_SUBNET_ID: ${{ secrets.AWS_SUBNET_ID }}
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Check out repository
uses: actions/checkout@v2
- name: Clone full repository so we can push
run: git fetch --prune --unshallow
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: "3.1.2"
- name: Disable ri and rdoc
run: 'echo "gem: --no-ri --no-rdoc" >> ~/.gemrc'
- name: Bundle install gems
run: bundle install
- name: Vendor the Inspec profile
run: bundle exec inspec vendor .
- name: Lint the Inspec profile
run: bundle exec inspec check . --auto-install-gems
- name: Run Inspec test
run: bundle exec inspec exec . --input single_bucket=${{ secrets.BUCKET_W_PUB_OBJ }} --auto-install-gems --target aws:// --reporter cli json:results.json || true
- name: Save Test Result JSON
uses: actions/upload-artifact@v3
with:
path: ./results.json
- name: Display our results summary
uses: mitre/saf_action@v1
with:
command_string: "view:summary -i results.json"
- name: Ensure the scan meets our results threshold
uses: mitre/saf_action@v1
with:
command_string: "validate:threshold -i results.json -F threshold.yml"