Pipelines and docs for CIS compliant tWAS VM Images as Azure Marketplace offerings #65
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
…was ND server installed Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
…HS server installed Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
addtional changes: make action secret MSTEAMS_WEBHOOK as optional Signed-off-by: Jianguo Ma <[email protected]>
…rieved Signed-off-by: Jianguo Ma <[email protected]>
Signed-off-by: Jianguo Ma <[email protected]>
…g in comment. modified: .github/workflows/ihs-cisBuild.yml Signed-off-by: Ed Burns <[email protected]>
…g in comment. modified: .github/workflows/twas-base-cisBuild.yml Signed-off-by: Ed Burns <[email protected]>
modified: .github/workflows/twas-base-cisBuild.yml modified: .github/workflows/twas-nd-cisBuild.yml Signed-off-by: Ed Burns <[email protected]>
edburns
reviewed
Jan 20, 2023
| @@ -80,13 +80,15 @@ jobs: | |||
| runs-on: ubuntu-latest | |||
| steps: | |||
| - name: send notification | |||
| if: always() | |||
| if: ${{ env.msTeamsWebhook != 'NA' }} | |||
There was a problem hiding this comment.
@majguo love this. Thanks.
edburns
reviewed
Jan 20, 2023
Comment on lines
+24
to
+28
| azureCredentials: ${{ secrets.AZURE_CREDENTIALS }} | ||
| entitledIbmUserId: ${{ secrets.ENTITLED_IBM_USER_ID }} | ||
| entitledIbmPassword: ${{ secrets.ENTITLED_IBM_USER_PWD }} | ||
| unEntitledIbmUserId: ${{ secrets.UNENTITLED_IBM_USER_ID }} | ||
| unEntitledIbmPassword: ${{ secrets.UNENTITLED_IBM_USER_PWD }} |
There was a problem hiding this comment.
@majguo I appreciate you already including the necessary setup and teardown scripts.
edburns
reviewed
Jan 20, 2023
.github/workflows/ihs-cisBuild.yml
Outdated
Comment on lines
61
to
62
| distribution: 'zulu' | ||
| java-version: '8' |
There was a problem hiding this comment.
I will add a commit to change this to microsoft and 8. Zulu is no longer recommended.
edburns
reviewed
Jan 20, 2023
Comment on lines
+1
to
+5
| #!/bin/bash | ||
|
|
||
| # Copyright (c) Microsoft Corporation. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); |
edburns
approved these changes
Jan 20, 2023
git4rk
approved these changes
Jan 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The PR addresses most of the requirements listed in #64 by providing pipelines and docs for CIS compliant tWAS VM Images as Azure Marketplace offerings.
Testing
CICD pipelines for generating VHD files for CIS compliant tWAS VM Images:
These generated VHD files are also used for updating the testing tWAS VM offer in PartnerCenter. After the testing tWAS VM offer is successfully published and in preview, it's successfully verified by deploying VM from both Azure Portal and solution template.
How-To docs
Part of how-to docs of updating the VM images are located in the following PRs:
The others are included in this PR.
As a result, after the above PRs and this PR are merged, instructions on how to update CIS compliant tWAS VM images can be referenced from howto-update-image.md.
The remaining work
Depending on what images are used in the twas-single and twas-cluster solution template, e.g.,
(Note: @edburns @m-reza-rahman @git4rk @gcharters) Pls lead the discussion to reach the consensus.)
the following sections need to be updated accordingly:
Signed-off-by: Jianguo Ma [email protected]