diff --git a/.github/workflows/check_pr_plugin_aws.yml b/.github/workflows/check_pr_plugin_aws.yml index 30741eb48..e9ce86fb3 100644 --- a/.github/workflows/check_pr_plugin_aws.yml +++ b/.github/workflows/check_pr_plugin_aws.yml @@ -73,19 +73,3 @@ jobs: user: __token__ password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_AWS }} packages_dir: ./plugins/aws/dist/ - - - name: Upload AWS policies - if: github.event_name != 'pull_request' - working-directory: ./plugins/aws - run: | - pip install --upgrade --editable . - pip install --upgrade --editable ./tools/awspolicygen - export GITHUB_REF="${{ github.ref }}" - export GITHUB_REF_TYPE="${{ github.ref_type }}" - export GITHUB_EVENT_NAME="${{ github.event_name }}" - export API_TOKEN="${{ secrets.API_TOKEN }}" - export SPACES_KEY="${{ secrets.SPACES_KEY }}" - export SPACES_SECRET="${{ secrets.SPACES_SECRET }}" - export AWS_ACCESS_KEY_ID="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_ACCESS_KEY_ID }}" - export AWS_SECRET_ACCESS_KEY="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_SECRET_ACCESS_KEY }}" - awspolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/aws/ --aws-s3-bucket fixinventorypublic --aws-s3-bucket-path cf/ diff --git a/.github/workflows/check_pr_plugin_gcp.yml b/.github/workflows/check_pr_plugin_gcp.yml index 7d4a3ac68..c6c2fd807 100644 --- a/.github/workflows/check_pr_plugin_gcp.yml +++ b/.github/workflows/check_pr_plugin_gcp.yml @@ -73,17 +73,3 @@ jobs: user: __token__ password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_GCP }} packages_dir: ./plugins/gcp/dist/ - - - name: Upload GCP policies - if: github.event_name != 'pull_request' - working-directory: ./plugins/gcp - run: | - pip install --upgrade --editable . - pip install --upgrade --editable ./tools/gcppolicygen - export GITHUB_REF="${{ github.ref }}" - export GITHUB_REF_TYPE="${{ github.ref_type }}" - export GITHUB_EVENT_NAME="${{ github.event_name }}" - export API_TOKEN="${{ secrets.API_TOKEN }}" - export SPACES_KEY="${{ secrets.SPACES_KEY }}" - export SPACES_SECRET="${{ secrets.SPACES_SECRET }}" - gcppolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/gcp/ diff --git a/.github/workflows/create_plugin_workflows.py b/.github/workflows/create_plugin_workflows.py index ac311bdf6..4700998f7 100755 --- a/.github/workflows/create_plugin_workflows.py +++ b/.github/workflows/create_plugin_workflows.py @@ -138,7 +138,8 @@ .replace("@name@", plugin) .replace("@PKGNAME@", f"fixinventory_plugin_{plugin}".upper()) ) - if plugin == "aws": - yml.write(aws_policygen) - elif plugin == "gcp": - yml.write(gcp_policygen) + # PolicyGen Upload disabled for now. Uncomment when required. + # if plugin == "aws": + # yml.write(aws_policygen) + # elif plugin == "gcp": + # yml.write(gcp_policygen) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e91fd803c..4b062e228 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -34,34 +34,34 @@ jobs: run: | yarn install --frozen-lockfile - - name: Wait for AWS policies to be uploaded - if: github.event_name != 'workflow_dispatch' - uses: lewagon/wait-on-check-action@v1.3.1 - with: - ref: ${{ github.ref }} - check-name: aws - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update AWS policy JSON - shell: bash - working-directory: ./docs.fix.security/iam/aws - run: | - wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json - wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json - - - name: Wait for GCP policies to be uploaded - if: github.event_name != 'workflow_dispatch' - uses: lewagon/wait-on-check-action@v1.3.1 - with: - ref: ${{ github.ref }} - check-name: gcp - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update GCP policy JSON - shell: bash - working-directory: ./docs.fix.security/iam/gcp - run: | - wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json +# - name: Wait for AWS policies to be uploaded +# if: github.event_name != 'workflow_dispatch' +# uses: lewagon/wait-on-check-action@v1.3.1 +# with: +# ref: ${{ github.ref }} +# check-name: aws +# repo-token: ${{ secrets.GITHUB_TOKEN }} +# +# - name: Update AWS policy JSON +# shell: bash +# working-directory: ./docs.fix.security/iam/aws +# run: | +# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json +# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json +# +# - name: Wait for GCP policies to be uploaded +# if: github.event_name != 'workflow_dispatch' +# uses: lewagon/wait-on-check-action@v1.3.1 +# with: +# ref: ${{ github.ref }} +# check-name: gcp +# repo-token: ${{ secrets.GITHUB_TOKEN }} +# +# - name: Update GCP policy JSON +# shell: bash +# working-directory: ./docs.fix.security/iam/gcp +# run: | +# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json - name: Clean existing Kroki images shell: bash @@ -138,28 +138,28 @@ jobs: run: | yarn gen-api-docs - - name: Update AWS policy JSON - shell: bash - working-directory: ./inventory.fix.security/iam/aws/edge - run: | - wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json - wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json - wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json - - - name: Wait for GCP policies to be uploaded - if: github.event_name != 'workflow_dispatch' - uses: lewagon/wait-on-check-action@v1.3.1 - with: - ref: ${{ github.ref }} - check-name: gcp - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update GCP policy JSON - shell: bash - working-directory: ./inventory.fix.security/iam/gcp/edge - run: | - wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json - wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json +# - name: Update AWS policy JSON +# shell: bash +# working-directory: ./inventory.fix.security/iam/aws/edge +# run: | +# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json +# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json +# wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json +# +# - name: Wait for GCP policies to be uploaded +# if: github.event_name != 'workflow_dispatch' +# uses: lewagon/wait-on-check-action@v1.3.1 +# with: +# ref: ${{ github.ref }} +# check-name: gcp +# repo-token: ${{ secrets.GITHUB_TOKEN }} +# +# - name: Update GCP policy JSON +# shell: bash +# working-directory: ./inventory.fix.security/iam/gcp/edge +# run: | +# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json +# wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json - name: Clean existing Kroki images if: github.event_name == 'workflow_dispatch' # only when triggered manually @@ -286,38 +286,38 @@ jobs: run: | yarn gen-api-docs - - name: Wait for AWS policies to be uploaded - if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch' - uses: lewagon/wait-on-check-action@v1.3.1 - with: - ref: ${{ github.ref }} - check-name: aws - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update AWS policy JSON - if: steps.release.outputs.prerelease == 'false' - shell: bash - working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }} - run: | - wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json - wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json - wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json - - - name: Wait for GCP policies to be uploaded - if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch' - uses: lewagon/wait-on-check-action@v1.3.1 - with: - ref: ${{ github.ref }} - check-name: gcp - repo-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update GCP policy JSON - if: steps.release.outputs.prerelease == 'false' - shell: bash - working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }} - run: | - wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json - wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json +# - name: Wait for AWS policies to be uploaded +# if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch' +# uses: lewagon/wait-on-check-action@v1.3.1 +# with: +# ref: ${{ github.ref }} +# check-name: aws +# repo-token: ${{ secrets.GITHUB_TOKEN }} +# +# - name: Update AWS policy JSON +# if: steps.release.outputs.prerelease == 'false' +# shell: bash +# working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }} +# run: | +# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json +# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json +# wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json +# +# - name: Wait for GCP policies to be uploaded +# if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch' +# uses: lewagon/wait-on-check-action@v1.3.1 +# with: +# ref: ${{ github.ref }} +# check-name: gcp +# repo-token: ${{ secrets.GITHUB_TOKEN }} +# +# - name: Update GCP policy JSON +# if: steps.release.outputs.prerelease == 'false' +# shell: bash +# working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }} +# run: | +# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json +# wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json - name: Modify Docker Compose YAML if: steps.release.outputs.prerelease == 'false'