From 4e60011df013cb26b2c03012c443d64721f16cce Mon Sep 17 00:00:00 2001 From: seanlongcc Date: Mon, 8 Jul 2024 14:13:35 -0400 Subject: [PATCH] update actions --- .github/workflows/main.yml | 9 ++------- mongo-validate.pkr.hcl | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6dfff4a..6512eac 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,13 +21,8 @@ jobs: steps: - name: Add Dependencies run: | - sudo apt-get update - curl -fsSL https://get.docker.com -o get-docker.sh - curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" - sudo apt-get install packer - python3 -m pip install --user ansible - python3 -m pip install --upgrade --user ansible + # python3 -m pip install --user ansible + # python3 -m pip install --upgrade --user ansible npm install -g @mitre/saf curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-auditor diff --git a/mongo-validate.pkr.hcl b/mongo-validate.pkr.hcl index 906ca5f..3b99b53 100644 --- a/mongo-validate.pkr.hcl +++ b/mongo-validate.pkr.hcl @@ -62,7 +62,8 @@ build { # docker ps provisioner "shell-local" { inline = [ - "docker ps -a" + "docker ps -a", + "inspec detect -t docker://mongo-hardened" ] } @@ -80,6 +81,14 @@ build { script = "spec/scripts/scan.sh" } + # docker ps + provisioner "shell-local" { + inline = [ + "docker ps -a", + "inspec detect -t docker://mongo-hardened" + ] + } + ### REPORT provisioner "shell-local" { environment_vars = [ @@ -91,6 +100,13 @@ build { scripts = ["spec/scripts/report.sh"] } + # docker ps + provisioner "shell-local" { + inline = [ + "docker ps -a" + ] + } + ### VERIFY provisioner "shell-local" { environment_vars = [