diff --git a/src/courses/advanced/09.md b/src/courses/advanced/09.md index be2774f47..6ba8b7372 100644 --- a/src/courses/advanced/09.md +++ b/src/courses/advanced/09.md @@ -72,7 +72,9 @@ jobs: run: sudo apt-get update - name: PREP - Install InSpec executable - run: curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec -v 5 + run: | + curl https://omnitruck.chef.io/install.sh | \ + sudo bash -s -- -P inspec -v 5 - name: PREP - Install SAF CLI run: npm install -g @mitre/saf @@ -98,15 +100,24 @@ jobs: # fetch the hardening role and requirements - name: HARDEN - Fetch Ansible role run: | - git clone --branch docker https://github.com/mitre/ansible-nginx-stigready-hardening.git || true + git clone \ + https://github.com/mitre/ansible-nginx-stigready-hardening.git \ + --branch docker \ + || true chmod 755 ansible-nginx-stigready-hardening - name: HARDEN - Fetch Ansible requirements - run: ansible-galaxy install -r ansible-nginx-stigready-hardening/requirements.yml + run: | + ansible-galaxy install \ + -r ansible-nginx-stigready-hardening/requirements.yml # harden! - name: HARDEN - Run Ansible hardening - run: ansible-playbook --inventory=nginx, --connection=docker ansible-nginx-stigready-hardening/hardening-playbook.yml + run: | + ansible-playbook \ + --inventory=nginx, \ + --connection=docker \ + ansible-nginx-stigready-hardening/hardening-playbook.yml - name: VALIDATE - Run InSpec # we dont want to stop if our InSpec run finds failures, we want to continue and record the result @@ -120,7 +131,9 @@ jobs: # attest - name: VALIDATE - Apply an Attestation run: | - saf attest apply -i results/pipeline_run.json attestation.json -o results/pipeline_run_attested.json + saf attest apply \ + -i results/pipeline_run.json attestation.json \ + -o results/pipeline_run_attested.json # save our results to the pipeline artifacts, even if the InSpec run found failing tests - name: VALIDATE - Save Test Result JSON @@ -132,7 +145,11 @@ jobs: - name: VALIDATE - Upload to Heimdall continue-on-error: true run: | - curl -# -s -F data=@results/pipeline_run_attested.json -F "filename=${{ github.actor }}-pipeline-demo-${{ github.sha }}.json" -F "public=true" -F "evaluationTags=${{ github.repository }},${{ github.workflow }}" -H "Authorization: Api-Key ${{ secrets.HEIMDALL_API_KEY }}" "https://heimdall-demo.mitre.org/evaluations" + curl -# -s \ + -F data=@results/pipeline_run_attested.json \ + -F "filename=${{ github.actor }}-pipeline-demo-${{ github.sha }}.json" \ + -F "public=true" -F "evaluationTags=${{ github.repository }},${{ github.workflow }}" \ + -H "Authorization: Api-Key ${{ secrets.HEIMDALL_API_KEY }}" "https://heimdall-demo.mitre.org/evaluations" - name: VERIFY - Display our results summary run: |