Skip to content

Commit

Permalink
autogenerate docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@baksetercx
baksetercx committed Mar 26, 2024
1 parent d6215ae commit 24162ba
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 114 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/build-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ jobs:
unittests:
name: Unit Tests
runs-on: ubuntu-latest
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -31,6 +32,7 @@ jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -41,6 +43,7 @@ jobs:
name: Build and Scan
runs-on: ubuntu-latest
environment: build
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -57,6 +60,7 @@ jobs:
needs: [build, analyze]
runs-on: ubuntu-latest
environment: dev
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -74,6 +78,7 @@ jobs:
needs: [build, analyze]
runs-on: ubuntu-latest
environment: dev
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/check-format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ jobs:
prettier_check:
name: 'Prettier check'
runs-on: ubuntu-latest
if: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/generate-docs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Generate action documentation

on:
push:
branches: [trunk]
pull_request: # TODO: remove this
branches: [trunk]
types: [labeled]

jobs:
generate_docs:
runs-on: ubuntu-latest
strategy:
matrix:
action-file:
- "build/action.yml"
- "deploy/action.yml"
- "trivy-iac-scan/action.yml"
- "terraform-format/action.yml"
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Generate documentation
uses: npalm/[email protected]
with:
sourceFile: ${{ matrix.action-file }}

- name: Commit changes
run: |
git config user.name github-actions
git config user.email [email protected]
git add .
git commit -m "Update action documentation for ${{ matrix.action-file }}"
git push
118 changes: 4 additions & 114 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,123 +99,13 @@ jobs:
helmValuesPath: '.github/deploy/values.yaml'
```
### Build
Template that builds Docker image, scans for vulnerabilities and uploads to Azure Container Registry.
### Inputs
| Name | Type | Required | Default | Description |
| ----------------------------- | ------- | -------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `name` | String | yes | | Name of application. |
| `namespace` | String | yes | | Namespace of application. |
| `dockerfile` | String | yes | | Path to Dockerfile. |
| `dockerBuildContext` | String | | directory of Dockerfile | Path to Docker build context. |
| `severity` | String | | `CRITICAL,HIGH` | Severity levels to scan for. See https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs for more information. |
| `trivy-cve-ignores` | String | | | Comma-separated list of CVEs for Trivy to ignore. See https://aquasecurity.github.io/trivy/v0.49/docs/configuration/filtering/#trivyignore for syntax. |
| `trivy-enable-secret-scanner` | Boolean | | `true` | Enable Trivy secret scanner. |
| `trivy-skip-dirs` | String | | | Directories/files skipped by Trivy. See https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs for more information. |
| `AZURE_CLIENT_ID` | String | yes | Elvia default AKS | ClientId of a service principal that can push to Container Registry. |
| `AZURE_TENANT_ID` | String | | Elvia Tenant | TenantId of a service principal that can push to Azure Container Registry. |
| `ACR_SUBSCRIPTION_ID` | String | | Elvia default ACR | Subscription ID of the Azure Container Registry to push to. |
| `ACR_NAME` | String | | Elvia default ACR | Name of the Azure Container Registry to push to. |

### Deploy

Template that deploys an Elvia Helm chart to Kubernetes

### Inputs

| Name | Type | Required | Default | Description |
| ------------------------------- | ------- | ------------------- | ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| `name` | String | yes | | Name of application. |
| `namespace` | String | yes | | Namespace of application. |
| `environment` | String | yes | | Environment to deploy to. `dev`, `test` or `prod`. |
| `helmValuesPath` | String | | `.github/deploy/values.yaml` | Path to Helm values file, relative to the root of the repository. |
| `checkout` | Boolean | | `true` | If true, the action will check out the repository. If false, the action will assume the repository has already been checked out. |
| `runtimeCloudProvuider` | String | | `AKS` | Kubernetes cloud provider to deploy to: 'AKS' or 'GKE'. Defaults to 'AKS'. |
| `AZURE_CLIENT_ID` | String | only for AKS deploy | | ClientId of a service principal that has access to AKS. Only required for deploying to AKS. |
| `AZURE_TENANT_ID` | String | | Elvia Tenant | TenantId of a service principal that has access to AKS. |
| `AKS_SUBSCRIPTION_ID` | String | | Elvia default AKS | Subscription ID of the AKS cluster to deploy to. |
| `AKS_CLUSTER_NAME` | String | | Elvia default AKS | Name of the AKS cluster to deploy to. |
| `AKS_RESOURCE_GROUP` | String | | Elvia default AKS | Resource group of the AKS cluster to deploy to. |
| `GC_SERVICE_ACCOUNT` | String | only for GKE deploy | | Service account to use for deploying to GKE. Only required for deploying to GKE. |
| `GC_WORKLOAD_IDENTITY_PROVIDER` | String | only for GKE deploy | `gcp` | Workload identity provider to use for deploying to GKE. Only required for deploying to GKE. |
| `GC_PROJECT_ID` | String | | Elvia default GKE | Project ID of the GKE cluster to deploy to. Defaults to Elvias normal clusters. |
| `GC_CLUSTER_NAME` | String | | Elvia default GKE | Name of the GKE cluster to deploy to. Defaults to Elvias normal clusters. |
| `GC_CLUSTER_LOCATION` | String | | Elvia default GKE | Location of the GKE cluster to deploy to. Defaults to Elvias normal clusters. |

## Trivy IaC scanning

Uses https://github.com/aquasecurity/trivy-action to scan IaC and report security issues.
The action will report any vulnerabilities to GitHub Advanced Security, which will be visible in the Security tab on GitHub.

### Inputs

| Name | Type | Required | Default | Description |
| --------------- | ------- | -------- | ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| `path` | String | no | `.` | Path to IaC to scan. |
| `skip-dirs` | String | no | | Comma-separated list of directories to skip |
| `severity` | String | no | `CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN` | Severity levels to scan for. See https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs for more information. |
| `upload-report` | Boolean | no | `true` | Upload Trivy report to GitHub Security tab. |
| `checkout` | Boolean | no | `true` | If true, the action will check out the repository. If false, the action will assume the repository has already been checked out. |
<!-- action-docs-all source="build/action.yml" project="core-github-actions-templates" version="trunk" -->
### Example

```yaml
name: Scan IaC with Trivy
on:
push:
branches: [develop, master]
pull_request:
branches: [develop, master]
schedule:
- cron: '1 2 * * 3' # every Wednesday at 02:01
jobs:
trivy_scan:
runs-on: ubuntu-latest
name: 'Scan IaC with Trivy'
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: 3lvia/core-github-actions-templates/trivy-iac-scan@trunk
with:
path: 'terraform'
skip-dirs: 'terraform/modules'
```

## Terraform format
<!-- action-docs-all source="deploy/action.yml" project="core-github-actions-templates" version="trunk" -->
Uses built-in formatter for Terraform CLI to check format of Terraform code.
<!-- action-docs-all source="trivy-iac-scan/action.yml" project="core-github-actions-templates" version="trunk" -->
### Inputs

| Name | Type | Required | Default | Description |
| ---------- | ------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------- |
| `path` | String | no | `.` | Path to process. |
| `checkout` | Boolean | no | `true` | If true, the action will check out the repository. If false, the action will assume the repository has already been checked out. |

### Example

```yaml
name: Check Terraform code formatting
on:
pull_request:
branches: [develop]
jobs:
terraform_format_check:
permissions:
contents: read
steps:
- uses: 3lvia/core-github-actions-templates/terraform-format@trunk
with:
path: 'terraform'
```
<!-- action-docs-all source="terraform-format/action.yml" project="core-github-actions-templates" version="trunk" -->
# Development
Expand Down

0 comments on commit 24162ba

Please sign in to comment.