Evidence Collection #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Evidence Collection | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 28-31 * *' | |
| env: | |
| AWS_REGION : "us-east-1" | |
| CI_COMMIT_MESSAGE: AWS Evidence Collected | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| aws-evidence: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials with OIDC | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: arn:aws:iam::145023120730:role/elevated-standards | |
| role-session-name: evidencecollection | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Verify code checkout | |
| run: | | |
| echo "Working Directory: $(pwd)" | |
| ls -alR | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install boto3 | |
| - name: Debug Environment Variables | |
| run: | | |
| echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" | |
| echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" | |
| echo "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" | |
| echo "AWS_REGION=${AWS_REGION}" | |
| - name: PREP | |
| run: | | |
| chmod +x $GITHUB_WORKSPACE/.github/workflows/scripts/date.sh | |
| bash $GITHUB_WORKSPACE/.github/workflows/scripts/date.sh | |
| mkdir -p $GITHUB_WORKSPACE/evidence-artifacts/systems/aws/ | |
| - name: Run evidence collection script | |
| run: | | |
| export PYTHONPATH="$PYTHONPATH:$(pwd)/src" | |
| python src/services/aws/automation.services.py | |
| python src/services/aws/certificatesandkey.services.py | |
| python src/services/aws/cloudprefix.services.py | |
| python src/services/aws/containers.services.py | |
| python src/services/aws/dataandstorage.services.py | |
| python src/services/aws/disaster.services.py | |
| python src/services/aws/networking.services.py | |
| python src/services/aws/security.services.py | |
| # python src/services/aws/simpleemail.services.py | |
| - name: Check signed commits in PR | |
| uses: 1Password/check-signed-commits-action@v1 | |
| with: | |
| comment: | | |
| Unsigned Commit in PR | |
| - name: Commit and Push Results | |
| run: | | |
| git config --local user.name "GitHub Actions" | |
| git config --local user.email "actions@github.com" | |
| git add -A | |
| git commit -m "${{ env.CI_COMMIT_MESSAGE }}" | |
| git push origin HEAD:${{ github.ref }} | |