forked from erant10/sentinel-content-as-code-bugbash
-
Notifications
You must be signed in to change notification settings - Fork 0
73 lines (64 loc) · 2.33 KB
/
sentinel-deploy-b8788415-dbe1-4132-8208-02c59489fadf.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: Deploy Content to Azure Sentinel
on:
push:
branches: [ bugbash-1 ]
paths:
- 'Detections/**'
- '.github/workflows/sentinel-deploy**'
jobs:
deploy-content:
runs-on: windows-latest
env:
resourceGroupName: 'cac-test-rg'
workspaceName: 'cac-bugbash-workspace'
directory: '${{ github.workspace }}/Detections'
cloudEnv: 'AzureCloud'
creds: ${{ secrets.AZURE_SENTINEL_CREDENTIALS_b8788415dbe14132820802c59489fadf }}
steps:
- name: Login to Azure (Attempt 1)
continue-on-error: true
id: login1
uses: azure/login@v1
if: ${{ env.cloudEnv == 'AzureCloud' }}
with:
creds: ${{ secrets.AZURE_SENTINEL_CREDENTIALS_b8788415dbe14132820802c59489fadf }}
enable-AzPSSession: true
- name: Wait 30 seconds if login attempt 1 failed
uses: juliangruber/sleep-action@v1
if: ${{ env.cloudEnv == 'AzureCloud' && steps.login1.outcome=='failure' }}
with:
time: 30s
- name: Login to Azure (Attempt 2)
continue-on-error: true
id: login2
uses: azure/login@v1
if: ${{ env.cloudEnv == 'AzureCloud' && steps.login1.outcome=='failure' }}
with:
creds: ${{ secrets.AZURE_SENTINEL_CREDENTIALS_b8788415dbe14132820802c59489fadf }}
enable-AzPSSession: true
- name: Wait 30 seconds if login attempt 2 failed
uses: juliangruber/sleep-action@v1
if: ${{ env.cloudEnv == 'AzureCloud' && steps.login2.outcome=='failure' }}
with:
time: 30s
- name: Login to Azure (Attempt 3)
continue-on-error: false
id: login3
uses: azure/login@v1
if: ${{ env.cloudEnv == 'AzureCloud' && steps.login2.outcome=='failure' }}
with:
creds: ${{ secrets.AZURE_SENTINEL_CREDENTIALS_b8788415dbe14132820802c59489fadf }}
enable-AzPSSession: true
- name: Checkout
uses: actions/checkout@v1
- name: Read deployment script
id: deploymentScript
uses: juliangruber/read-file-action@v1
with:
path: '${{ github.workspace }}/.github/workflows\azure-sentinel-deploy.ps1'
- name: Deploy Analytic Rules
uses: azure/powershell@v1
with:
azPSVersion: 'latest'
inlineScript: |
${{ steps.deploymentScript.outputs.content }}