Skip to content

Commit

Permalink
Added App_id for Qualys2Tone connector
Browse files Browse the repository at this point in the history
  • Loading branch information
@SteveMcGrath
SteveMcGrath committed Dec 27, 2024
1 parent 295ea28 commit c97d591
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 24 deletions.
54 changes: 35 additions & 19 deletions .github/workflows/deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
name: Deployment Pipeline

on:
pull_request:
branches: [main]
types: [closed]
#on:
# pull_request:
# branches: [main]
# types: [closed]
on: [push]

jobs:
connector-list:
Expand All @@ -12,12 +13,14 @@ jobs:
connectors: ${{ steps.list.outputs.connectors }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Collect Connector list
id: list
run: |
CONNECTORS=()
for connector in $(ls connectors);do
if [ "$( git diff --name-only main connectors/${connector} )" != "" ] || [ "$( git diff --name-only main base )" != "" ];then
if [ "$( git diff --name-only origin/main... -- connectors/${connector} )" != "" ] || [ "$( git diff --name-only origin/main... -- base )" != "" ] || [ "${{ vars.BUILD_ALL_CONNECTORS }}" == "true" ];then
CONNECTORS+=("${connector}")
fi
done
Expand Down Expand Up @@ -48,7 +51,7 @@ jobs:
snyk monitor --all-projects --policy-path=.snyk
build-and-deploy:
if: ${{ github.event.pull_request.merged }}
#if: ${{ github.event.pull_request.merged }}
name: connector ${{ matrix.connector }}
runs-on: ubuntu-latest
continue-on-error: true
Expand All @@ -73,27 +76,45 @@ jobs:
echo "app_id=$(cat build/APP_ID)" >> $GITHUB_OUTPUT
echo "name=tenable-connectors/connector-${{ matrix.connector }}" >> $GITHUB_OUTPUT
- uses: docker/setup-docker-action@v4
with:
daemon-config: |
{
"debug": true,
"features": {
"containerd-snapshotter": true
}
}
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3

- name: Login to Artifactory
uses: docker/login-action@v3
with:
registry: docker-terrascan-local.artifactory.eng.tenable.com
username: svc_terrascan
password: ${{ secrets.ARTIFACTORY_API_TOKEN }}

- name: Build Image Meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
connector-${{ matrix.connector }}
docker-terrascan-local.artifactory.eng.tenable.com/connector-${{ matrix.connector }}
tags: |
type=schedule
type=ref,event=branch
type=semver,pattern={{version}},value=${{ steps.build.outputs.version }}
type=sha
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Build Connector
uses: docker/build-push-action@v6
with:
context: build
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
sbom: true
provenance: true
load: true
Expand All @@ -108,32 +129,27 @@ jobs:
uses: docker/scout-action@v1
with:
command: cves,recommendations
image: tenable-connectors/connector-${{ matrix.connector }}
image: docker-terrascan-local.artifactory.eng.tenable.com/connector-${{ matrix.connector }}
only-severities: critical,high,medium
ignore-unchanged: true
ignore-base: true

- name: Login to Artifactory
uses: docker/login-action@v3
with:
registry: docker-terrascan-local.artifactory.eng.tenable.com
username: ${{ vars.ARTIFACTORY_USERNAME }}
password: ${{ secrets.ARTIFACTORY_API_TOKEN }}

- name: Pull Deployment Image
run: docker pull docker-terrascan-local.artifactory.eng.tenable.com/tenb-cb:latest

- name: Publish Connector Image
run: |
# "TARGETS": "${{ steps.build.outputs.name }}:latest,${{ steps.build.outputs.name }}:${{ steps.build.outputs.version }}"
DATA=$(cat <<-END
{
"APP_ID": "${{ steps.build.outputs.app_id }}",
"IMAGE": "docker-terrascan-local.artifactory.eng.tenable.com/connector-${{ matrix.connector }}:latest",
"TARGETS": "${{ steps.build.outputs.name }}:latest,${{ steps.build.outputs.name }}:${{ steps.build.outputs.version }}"
"TARGETS": "tenable/connector-${{ matrix.connector }}:latest",
"MULTIARCH": "true"
}
END
)
echo "${DATA}"
docker run \
-e JKN_USERNAME="${{ secrets.JKN_USERNAME }}" \
-e JKN_PASSWORD="${{ secrets.JKN_PASSWORD }}" \
Expand All @@ -142,6 +158,6 @@ jobs:
--credential-mode env \
-n teams-deleng-terraform \
-p deleng-terraform/dockerhub-publish \
--cloudflare-access-secret "${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}"
--cloudflare-access-secret "${{ secrets.CF_ACCESS_TOKEN }}:${{ secrets.CF_SECRET }}" \
-d "${DATA}"
21 changes: 16 additions & 5 deletions .github/workflows/testing.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
name: Testing Pipeline

#on:
# pull_request:
# types: [assigned, opened, synchronize, reopened, ready_for_review]
on: [push]
on:
pull_request:
types: [assigned, opened, synchronize, reopened, ready_for_review]
#on: [push]


jobs:
Expand All @@ -13,12 +13,14 @@ jobs:
connectors: ${{ steps.list.outputs.connectors }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Collect Connector list
id: list
run: |
CONNECTORS=()
for connector in $(ls connectors);do
if [ "$( git diff --name-only main connectors/${connector} )" != "" ] || [ "$( git diff --name-only main base )" != "" ] || [ "${{ vars.BUILD_ALL_CONNECTORS }}" == "true" ];then
if [ "$( git diff --name-only origin/main... -- connectors/${connector} )" != "" ] || [ "$( git diff --name-only origin/main... -- base )" != "" ] || [ "${{ vars.BUILD_ALL_CONNECTORS }}" == "true" ];then
CONNECTORS+=("${connector}")
fi
done
Expand Down Expand Up @@ -75,6 +77,15 @@ jobs:
echo "app_id=$(cat build/APP_ID)" >> $GITHUB_OUTPUT
echo "name=tenable-connectors/connector-${{ matrix.connector }}" >> $GITHUB_OUTPUT
- uses: docker/setup-docker-action@v4
with:
daemon-config: |
{
"debug": true,
"features": {
"containerd-snapshotter": true
}
}
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3

Expand Down
1 change: 1 addition & 0 deletions connectors/qualys2tone/APP_ID
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
2379

0 comments on commit c97d591

Please sign in to comment.