elastic · moukoublen · Mar 27, 2024 · Mar 4, 2024 · Mar 5, 2024 · Mar 5, 2024
@@ -0,0 +1,65 @@
+name: 'AWS CI'
+description: 'AWS integration tests'
+inputs:
+ elk-version:
+ description: 'ELK version'
+ required: true
+ aws-access-key-id:
+ description: 'AWS access key id'
+ required: true
+ aws-secret-access-key:
+ description: 'AWS secret access key'
+ required: true
+ aws-account-type:
+ description: 'AWS account type'
+ required: false
+ default: single-account
+
+ debug:
+ description: 'debug'
+ required: false
+ default: 'false'
+runs:
+ using: composite
+ steps:
+ - name: Init Integration
+ uses: ./.github/actions/init-integration
+ with:
+ elk-version: ${{ inputs.elk-version }}
+
+ - name: Run cloudbeat in background
+ env:
+ ES_HOST: http://localhost:9200
+ ES_USERNAME: elastic
+ ES_PASSWORD: changeme
+ AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
+ AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
+ AWS_ACCOUNT_TYPE: ${{ inputs.aws-account-type }}
+ shell: bash
+ run: |
+ ./cloudbeat -c deploy/aws/cloudbeat-aws.yml -d '*' &
+
+ - name: Wait for cloudbeat to send some events
+ shell: bash
+ run: sleep 20
+
+ - name: Check for findings
+ working-directory: ./tests
+ env:
+ USE_K8S: "false"
+ shell: bash
+ run: poetry run pytest -k "aws" --alluredir=./allure/results/ --clean-alluredir
+
+ - name: Upload test results
+ if: ${{ success() || failure() }}
+ uses: actions/upload-artifact@v4
+ with:
+ name: allure-results-ci-aws
+ path: tests/allure/results/
+
+ - if: ${{ (success() || failure()) && inputs.debug == 'true' }}
+ name: Upload cloudbeat logs
+ uses: actions/upload-artifact@v4
+ with:
+ name: cloubeat-logs-ci-aws
+ path: logs/
@@ -0,0 +1,66 @@
+name: 'Azure CI'
+description: 'Azure integration tests'
+inputs:
+ elk-version:
+ description: 'ELK version'
+ required: true
+ azure-client-id:
+ description: 'Azure client id'
+ required: true
+ azure-tenant-id:
+ description: 'Azure tenant id'
+ required: true
+ azure-client-secret:
+ description: 'Azure client secret'
+ required: true
+
+ debug:
+ description: 'debug'
+ required: false
+ default: 'false'
+runs:
+ using: composite
+ steps:
+ - name: Init Integration
+ uses: ./.github/actions/init-integration
+ with:
+ elk-version: ${{ inputs.elk-version }}
+
+ - name: Run cloudbeat in background
+ env:
+ ES_HOST: http://localhost:9200
+ ES_USERNAME: elastic
+ ES_PASSWORD: changeme
+ AZURE_ACCOUNT_TYPE: single-account
+ AZURE_CREDENTIALS_TYPE: service_principal_with_client_secret
+ AZURE_CLIENT_ID: ${{ inputs.azure-client-id }}
+ AZURE_TENANT_ID: ${{ inputs.azure-tenant-id }}
+ AZURE_CLIENT_SECRET: ${{ inputs.azure-client-secret }}
+ shell: bash
+ run: |
+ ./cloudbeat -c deploy/azure/cloudbeat-azure.yml -d '*' &
+
+ - name: Wait for cloudbeat to send some events
+ shell: bash
+ run: sleep 15
+
+ - name: Check for findings
+ working-directory: ./tests
+ env:
+ USE_K8S: "false"
+ shell: bash
+ run: poetry run pytest -k "azure" --alluredir=./allure/results/ --clean-alluredir
+
+ - name: Upload test results
+ if: ${{ success() || failure() }}
+ uses: actions/upload-artifact@v4
+ with:
+ name: allure-results-ci-azure
+ path: tests/allure/results/
+
+ - if: ${{ (success() || failure()) && inputs.debug == 'true' }}
+ name: Upload cloudbeat logs
+ uses: actions/upload-artifact@v4
+ with:
+ name: cloubeat-logs-ci-azure
+ path: logs/
@@ -0,0 +1,68 @@
+name: 'CNVM CI'
+description: 'CNVM integration tests'
+inputs:
+ elk-version:
+ description: 'ELK version'
+ required: true
+ aws-access-key-id:
+ description: 'AWS access key id'
+ required: true
+ aws-secret-access-key:
+ description: 'AWS secret access key'
+ required: true
+ aws-region:
+ description: 'AWS region'
+ required: true
+
+ debug:
+ description: 'debug'
+ required: false
+ default: 'false'
+runs:
+ using: composite
+ steps:
+ - name: Init Integration
+ uses: ./.github/actions/init-integration
+ with:
+ elk-version: ${{ inputs.elk-version }}
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ aws-access-key-id: ${{ inputs.aws-access-key-id }}
+ aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+ aws-region: ${{ inputs.aws-region }}
+
+ - name: Run cloudbeat in background
+ env:
+ ES_HOST: http://localhost:9200
+ ES_USERNAME: elastic
+ ES_PASSWORD: changeme
+ shell: bash
+ run: ./cloudbeat -c deploy/vulnerability/cloudbeat-vuln-mgmt.yml -d '*' &
+
+ - name: Wait for cloudbeat to send some events
+ shell: bash
+ run: sleep 10
+
+ - name: Check for findings
+ working-directory: ./tests
+ env:
+ USE_K8S: "false"
+ shell: bash
+ run: |
+ poetry run pytest -k "cnvm" --alluredir=./allure/results/ --clean-alluredir
+
+ - name: Upload test results
+ if: ${{ success() || failure() }}
+ uses: actions/upload-artifact@v4
+ with:
+ name: allure-results-ci-cnvm
+ path: tests/allure/results/
+
+ - if: ${{ (success() || failure()) && inputs.debug == 'true' }}
+ name: Upload cloudbeat logs
+ uses: actions/upload-artifact@v4
+ with:
+ name: cloubeat-logs-ci-cnvm
+ path: logs/
@@ -0,0 +1,136 @@
+name: 'Docker Images'
+description: 'Build docker images'
+inputs:
+ build-docker-images:
+ description: "Build docker images"
+ required: false
+ default: 'true'
+
+ container-image-suffix:
+ description: 'Container image suffix'
+ required: false
+ default: ${{ github.run_id }}
+ elastic-agent-docker-image:
+ description: 'Elastic-Agent docker image'
+ required: false
+ default: "704479110758.dkr.ecr.eu-west-2.amazonaws.com/elastic-agent"
+ elastic-agent-docker-image-tag:
+ description: 'Elastic-Agent docker image tag'
+ required: false
+ default: "8.14.0-SNAPSHOT"
+
+ docker-build-cache-folder:
+ description: 'Docker build cache folder'
+ required: false
+ default: '/tmp/.buildx-cache'
+ docker-images-folder:
+ description: 'Docker build cache folder'
+ required: false
+ default: '/tmp/.docker-images'
+
+ goos:
+ description: 'GOOS environment variable'
+ required: false
+ default: 'linux'
+ goarch:
+ description: 'GOARCH environment variable'
+ required: false
+ default: 'amd64'
+ docker-build-platforms:
+ description: 'Docker build platforms'
+ required: false
+ default: 'linux/amd64'
+runs:
+ using: composite
+ steps:
+ - name: Init directories
+ shell: bash
+ run: |
+ mkdir -p ${{ inputs.docker-build-cache-folder }}/{cloudbeat,agent,pytest}
+ mkdir -p ${{ inputs.docker-build-cache-folder }}-new/{cloudbeat,agent,pytest}
+ mkdir -p ${{ inputs.docker-images-folder }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Build cloudbeat binary
+ shell: bash
+ run: |
+ mage -v build
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Cache docker build cache
+ uses: actions/cache@v4
+ with:
+ path: ${{ inputs.docker-build-cache-folder }}
+ key: ci-buildx-${{ runner.os }}-${{ runner.arch }}-${{ github.workflow }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Build cloudbeat-docker image
+ uses: docker/build-push-action@v5
+ with:
+ context: .
+ file: ./deploy/Dockerfile
+ push: false
+ tags: cloudbeat:latest
+ cache-from: type=local,src=${{ inputs.docker-build-cache-folder }}/cloudbeat
+ cache-to: type=local,mode=max,dest=${{ inputs.docker-build-cache-folder }}-new/cloudbeat
+ outputs: type=docker,dest=${{ inputs.docker-images-folder }}/cloudbeat.tar
+ no-cache: false
+ platforms: ${{ inputs.docker-build-platforms }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Build elastic-agent
+ uses: docker/build-push-action@v5
+ env:
+ GOOS: ${{ inputs.goos }}
+ GOARCH: ${{ inputs.goarch }}
+ with:
+ context: .
+ file: ./scripts/packaging/docker/elastic-agent/Dockerfile
+ push: false
+ pull: true
+ tags: ${{ inputs.elastic-agent-docker-image }}:${{ inputs.elastic-agent-docker-image-tag }}
+ cache-from: type=local,src=${{ inputs.docker-build-cache-folder }}/agent
+ cache-to: type=local,mode=max,dest=${{ inputs.docker-build-cache-folder }}-new/agent
+ outputs: type=docker,dest=${{ inputs.docker-images-folder }}/elastic-agent.tar
+ build-args: |
+ ELASTIC_AGENT_IMAGE=docker.elastic.co/beats/elastic-agent:${{ inputs.elastic-agent-docker-image-tag }}
+ no-cache: false
+ platforms: ${{ inputs.docker-build-platforms }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Build pytest-docker
+ uses: docker/build-push-action@v5
+ with:
+ context: ./tests/.
+ push: false
+ tags: cloudbeat-test:latest
+ cache-from: type=local,src=${{ inputs.docker-build-cache-folder }}/pytest
+ cache-to: type=local,mode=max,dest=${{ inputs.docker-build-cache-folder }}-new/pytest
+ outputs: type=docker,dest=${{ inputs.docker-images-folder }}/pytest.tar
+ no-cache: false
+ platforms: ${{ inputs.docker-build-platforms }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Rotate cache
+ shell: bash
+ run: |
+ ls -lahR /tmp/ || true
+ [[ -d ${{ inputs.docker-build-cache-folder }}-new ]] && rm -rf ${{ inputs.docker-build-cache-folder }} && mv ${{ inputs.docker-build-cache-folder }}-new ${{ inputs.docker-build-cache-folder }}
+
+ - if: ${{ inputs.build-docker-images == 'true' }}
+ name: Upload docker images
+ uses: actions/upload-artifact@v4
+ with:
+ name: docker-images
+ path: ${{ inputs.docker-images-folder }}
+
+ - if: ${{ inputs.build-docker-images == 'false' }}
+ name: Download docker images
+ uses: actions/download-artifact@v4
+ with:
+ name: docker-images
+ path: ${{ inputs.docker-images-folder }}