Adds GitHub Actions example

Signed-off-by: Scott Ford <[email protected]>
mondoohq · Oct 18, 2023 · 4cd3933 · 4cd3933
1 parent eb761dc
commit 4cd3933
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -84,7 +84,7 @@ provisioner "cnspec" {
 
 ## Sample Packer Templates
 
-You can find example Packer templates in the [examples](/examples/) directory in this repository.
+You can find example Packer templates in the [examples](/examples/) directory in this repository. You can also find a [GitHub Action workflow example](/examples/github-actions/packer-build-scan.yaml) of how to use cnspec to test builds as part of a CI/CD pipeline.
 
 ## Get Started with cnspec
 

diff --git a/examples/github-actions/packer-build-scan.yaml b/examples/github-actions/packer-build-scan.yaml
@@ -0,0 +1,42 @@
+name: Packer AMI Build and Scan 
+
+on:
+  push:
+
+env:
+  PRODUCT_VERSION: "1.8.6" # or: "latest"
+  MONDOO_CONFIG_BASE64: ${{ secrets.MONDOO_CONFIG_BASE64 }}
+  PACKER_TEMPLATE: image.pkr.hcl
+
+jobs:
+  packer-build-and-test:
+    runs-on: ubuntu-latest
+    name: packer
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Setup Packer
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: ${{ env.PRODUCT_VERSION }}
+
+      - name: Initialize Packer Template
+        id: init
+        run: packer init ${{ env.PACKER_TEMPLATE }}
+
+      - name: Validate Packer Template
+        id: validate
+        run: packer validate ${{ env.PACKER_TEMPLATE }}
+
+      - name: Build Packer AMI
+        run: packer build -color=false -on-error=abort ${{ env.PACKER_TEMPLATE }}
diff --git a/examples/packer-aws/amazon-linux-2.pkr.hcl b/examples/packer-aws/amazon-linux-2.pkr.hcl
@@ -60,13 +60,15 @@ build {
   provisioner "shell" {
     inline = [
       "sudo hostnamectl set-hostname ${var.image_prefix}-${local.timestamp}",
-      "sudo yum update -y",
-      "sudo yum upgrade -y"]
+    ]
   }
 
   provisioner "cnspec" {
     on_failure = "continue"
     asset_name = "${var.image_prefix}-${local.timestamp}"
+    sudo {
+      active = true
+    }
     annotations = {
       Source_AMI    = "{{ .SourceAMI }}"
       Creation_Date = "{{ .SourceAMICreationDate }}"