Skip to content

Commit

Permalink
🐛 Add back service-account-credentials (#50)
Browse files Browse the repository at this point in the history 
* 🐛 Add back `service-account-credentials`

Signed-off-by: Christian Zunker <[email protected]>
  • Loading branch information
@czunker
czunker authored Jan 10, 2023
1 parent 22b28a4 commit 5eb6cbc
Show file tree
Hide file tree
Showing 25 changed files with 163 additions and 62 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/docker-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ jobs:
uses: ./docker-image
with:
image: ${{env.APP}}:${{env.VERSION}}
env:
MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
service-account-credentials: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}

- name: Scan Docker Image
uses: ./docker-image
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/general-action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ jobs:
steps:
- uses: actions/checkout@v3

- name: Show status
uses: ./
with:
args: status
service-account-credentials: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
- name: Show status
uses: ./
env:
Expand Down
24 changes: 24 additions & 0 deletions .github/workflows/github-repo.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: GitHub repo Scanning
on:
pull_request:
push:
paths:
- "action.yaml"
branches:
- "main"
tags: ["v*.*.*"]

jobs:
github-repo-tests:
runs-on: ubuntu-latest
name: Test GitHub repo scanning
steps:
- uses: actions/checkout@v3
# currently broken, because of https://github.com/mondoohq/cnspec/issues/239
# - name: Scan GitHub repo
# uses: ./github-repo
# env:
# MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# repository: mondoohq/actions
6 changes: 6 additions & 0 deletions .github/workflows/k8s-manifest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,9 @@ jobs:
MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
with:
path: ./.github/test_files/k8s-manifest.yaml
- name: Scan k8s directory
uses: ./k8s-manifest
env:
MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}
with:
path: ./.github/test_files/
6 changes: 6 additions & 0 deletions action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,15 @@ inputs:
Sets the log level: error, warn, info, debug, trace (default "info")
default: info
required: false
service-account-credentials:
description: "Base64 encoded service account credentials used to authenticate with Mondoo Platform"
required: false
runs:
using: "composite"
steps:
- run: echo "MONDOO_CONFIG_BASE64=${{ inputs.service-account-credentials }}" >> $GITHUB_ENV
if: env.MONDOO_CONFIG_BASE64 == ''
shell: bash
- uses: "docker://mondoo/cnspec:7"
with:
args: ${{ inputs.args }} --log-level "${{ inputs.log-level }}"
11 changes: 6 additions & 5 deletions aws/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ A GitHub Action for using Mondoo to check for misconfigurations in your AWS acco

The Mondoo AWS Action has properties which are passed to the underlying image. These are passed to the action using `with`.

| Property | Required | Default | Description |
| ----------------- | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| Property | Required | Default | Description |
| ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `service-account-credentials` | false | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform. You can also use the environment variable mentioned below. |

Additionally, you need to specify the service account credentials as an environment variable.

Expand Down
5 changes: 5 additions & 0 deletions aws/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ inputs:
Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan).
default: "0"
required: false
service-account-credentials:
description: "Base64 encoded service account credentials used to authenticate with Mondoo Platform"
required: false
runs:
using: "docker"
image: "docker://mondoo/cnspec:7"
Expand All @@ -32,3 +35,5 @@ runs:
- ${{ inputs.score-threshold }}
- --log-level
- ${{ inputs.log-level }}
env:
MONDOO_CONFIG_BASE64: ${{ inputs.service-account-credentials }}
13 changes: 7 additions & 6 deletions docker-image/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@ A GitHub Action for using Mondoo to check for vulnerabilities and misconfigurati

The Mondoo Docker Image Action has properties which are passed to the underlying image. These are passed to the action using `with`.

| Property | Required | Default | Description |
| ----------------- | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `image` | true | | Docker image ID or `name:tag` to scan. |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| Property | Required | Default | Description |
| ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `image` | true | | Docker image ID or `name:tag` to scan. |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `service-account-credentials` | false | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform. You can also use the environment variable mentioned below. |

Additionally, you need to specify the service account credentials as an environment variable.

Expand Down
5 changes: 5 additions & 0 deletions docker-image/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ inputs:
Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan).
default: "0"
required: false
service-account-credentials:
description: "Base64 encoded service account credentials used to authenticate with Mondoo Platform"
required: false
runs:
using: "docker"
image: "docker://mondoo/cnspec:7"
Expand All @@ -36,3 +39,5 @@ runs:
- ${{ inputs.score-threshold }}
- --log-level
- ${{ inputs.log-level }}
env:
MONDOO_CONFIG_BASE64: ${{ inputs.service-account-credentials }}
15 changes: 8 additions & 7 deletions github-org/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,14 @@ Depending on the amount that should be covered, you need to provide the proper p

The GitHub Organization Action has properties which are passed to the underlying image. These are passed to the action using `with`.

| Property | Required | Default | Description |
| ----------------- | -------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `organization` | true | | GitHub organization to scan eg. `mondoohq`. |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `is-cicd` | false | true | Flag to disable the auto-detection for CI/CD runs. If deactivated it reports into the Fleet view |
| Property | Required | Default | Description |
| ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `organization` | true | | GitHub organization to scan eg. `mondoohq`. |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `is-cicd` | false | true | Flag to disable the auto-detection for CI/CD runs. If deactivated it reports into the Fleet view |
| `service-account-credentials` | false | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform. You can also use the environment variable mentioned below. |

Additionally, you need to specify the service account and GitHub credentials as an environment variable.

Expand Down
5 changes: 5 additions & 0 deletions github-org/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ inputs:
is-cicd:
description: "Automatically detects the GitHub Action Runs and report results into the CI/CD view"
default: true
service-account-credentials:
description: "Base64 encoded service account credentials used to authenticate with Mondoo Platform"
required: false
runs:
using: "docker"
image: "docker://mondoo/cnspec:7"
Expand All @@ -43,3 +46,5 @@ runs:
- ${{ inputs.log-level }}
- --detect-cicd
- ${{ inputs.is-cicd }}
env:
MONDOO_CONFIG_BASE64: ${{ inputs.service-account-credentials }}
19 changes: 10 additions & 9 deletions github-repo/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,16 @@ Depending on the amount that should be covered, you need to provide the proper p

The GitHub repository Action has properties that are passed to the action using `with`.

| Property | Required | Default | Description |
| ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `repository` | true | | GitHub Repository eg. `mondoohq/actions` |
| `token` | true | | GitHub token used for authentication |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `service-account-credentials` | true | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform |
| `is-cicd` | false | true | Flag to disable the auto-detection for CI/CD runs. If deactivated it reports into the Fleet view |
| Property | Required | Default | Description |
| ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `repository` | true | | GitHub Repository eg. `mondoohq/actions` |
| `token` | true | | GitHub token used for authentication |
| `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") |
| `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") |
| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). |
| `service-account-credentials` | true | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform |
| `is-cicd` | false | true | Flag to disable the auto-detection for CI/CD runs. If deactivated it reports into the Fleet view |
| `service-account-credentials` | false | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform. You can also use the environment variable mentioned below. |

Additionally, you need to specify the service account and GitHub credentials as an environment variable.

Expand Down
Loading

0 comments on commit 5eb6cbc

Please sign in to comment.