Skip to content

Commit

Permalink
Advanced 9 - Multi-line commands
Browse files Browse the repository at this point in the history
Signed-off-by: Shivani Karikar <[email protected]>
  • Loading branch information
karikarshivani authored Dec 5, 2024
1 parent 7814300 commit a2c4fd5
Showing 1 changed file with 23 additions and 6 deletions.
29 changes: 23 additions & 6 deletions src/courses/advanced/09.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,9 @@ jobs:
run: sudo apt-get update

- name: PREP - Install InSpec executable
run: curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec -v 5
run: |
curl https://omnitruck.chef.io/install.sh | \
sudo bash -s -- -P inspec -v 5
- name: PREP - Install SAF CLI
run: npm install -g @mitre/saf
Expand All @@ -98,15 +100,24 @@ jobs:
# fetch the hardening role and requirements
- name: HARDEN - Fetch Ansible role
run: |
git clone --branch docker https://github.com/mitre/ansible-nginx-stigready-hardening.git || true
git clone \
https://github.com/mitre/ansible-nginx-stigready-hardening.git \
--branch docker \
|| true
chmod 755 ansible-nginx-stigready-hardening
- name: HARDEN - Fetch Ansible requirements
run: ansible-galaxy install -r ansible-nginx-stigready-hardening/requirements.yml
run: |
ansible-galaxy install \
-r ansible-nginx-stigready-hardening/requirements.yml
# harden!
- name: HARDEN - Run Ansible hardening
run: ansible-playbook --inventory=nginx, --connection=docker ansible-nginx-stigready-hardening/hardening-playbook.yml
run: |
ansible-playbook \
--inventory=nginx, \
--connection=docker \
ansible-nginx-stigready-hardening/hardening-playbook.yml
- name: VALIDATE - Run InSpec
# we dont want to stop if our InSpec run finds failures, we want to continue and record the result
Expand All @@ -120,7 +131,9 @@ jobs:
# attest
- name: VALIDATE - Apply an Attestation
run: |
saf attest apply -i results/pipeline_run.json attestation.json -o results/pipeline_run_attested.json
saf attest apply \
-i results/pipeline_run.json attestation.json \
-o results/pipeline_run_attested.json
# save our results to the pipeline artifacts, even if the InSpec run found failing tests
- name: VALIDATE - Save Test Result JSON
Expand All @@ -132,7 +145,11 @@ jobs:
- name: VALIDATE - Upload to Heimdall
continue-on-error: true
run: |
curl -# -s -F data=@results/pipeline_run_attested.json -F "filename=${{ github.actor }}-pipeline-demo-${{ github.sha }}.json" -F "public=true" -F "evaluationTags=${{ github.repository }},${{ github.workflow }}" -H "Authorization: Api-Key ${{ secrets.HEIMDALL_API_KEY }}" "https://heimdall-demo.mitre.org/evaluations"
curl -# -s \

This comment has been minimized.

Copy link
@karikarshivani

karikarshivani Dec 5, 2024

Author Contributor

Test pending - please verify that syntax updates work in codespaces

-F data=@results/pipeline_run_attested.json \
-F "filename=${{ github.actor }}-pipeline-demo-${{ github.sha }}.json" \
-F "public=true" -F "evaluationTags=${{ github.repository }},${{ github.workflow }}" \
-H "Authorization: Api-Key ${{ secrets.HEIMDALL_API_KEY }}" "https://heimdall-demo.mitre.org/evaluations"
- name: VERIFY - Display our results summary
run: |
Expand Down

0 comments on commit a2c4fd5

Please sign in to comment.