Skip to content
AWS Auto Inventory

.github/workflows/aws-inventory.yml #8

Sign in to view logs

.github/workflows/aws-inventory.yml

.github/workflows/aws-inventory.yml #8

Workflow file for this run

.github/workflows/aws-inventory.yml at f4075da
name: AWS Auto Inventory
on:
workflow_dispatch:
jobs:
aws-scan:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
CI_COMMIT_MESSAGE: Fetched AWS Assets
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
- name: Set up Python 3.x
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install System Dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-dev libatlas-base-dev gfortran libopenblas-dev liblapack-dev build-essential
python -m pip install --upgrade pip
pip install --only-binary=:all: numpy==1.24.4 pandas==2.1.0 boto3==1.28.34 openpyxl==3.1.2
- name: Install AWS CLI
run: |
sudo apt-get update
sudo apt-get install -y python3 python3-pip
pip install awscli==1.36.40 botocore==1.35.99 --upgrade --user
- name: Add AWS CLI to PATH
run: |
echo "export PATH=\"$HOME/.local/bin:$PATH\"" >> $GITHUB_ENV
- name: Configure AWS CLI
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AUTOMATION_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AUTOMATION_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1 # Hardcoded region for testing
run: |
echo "AWS_ACCESS_KEY_ID is set"
echo "AWS_SECRET_ACCESS_KEY is set"
echo "AWS_DEFAULT_REGION is $AWS_DEFAULT_REGION"
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ] || [ -z "$AWS_DEFAULT_REGION" ]; then
echo "AWS credentials or region are not set." >&2
exit 1
fi
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"
aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"
aws configure set region "$AWS_DEFAULT_REGION"
# - name: Verify AWS CLI Configuration
# env:
# AWS_REGION: us-east-1 # Hardcoded region for testing
# run: |
# if ! aws sts get-caller-identity; then
# echo "Failed to verify AWS credentials." >&2
# exit 1
# fi
- name: Run AWS Auto Inventory
run: |
git clone https://github.com/aws-samples/aws-auto-inventory.git
cd aws-auto-inventory
pip install -r requirements.txt
TIMESTAMP=$(date +"%Y-%m-%dT%H-%M")
OUTPUT_DIR="../data/json/aws/${TIMESTAMP}/us-east-1"
python3 scan.py -s ../config/aws.json -r us-east-1 --output_dir $OUTPUT_DIR
echo "Scan complete."
# - name: Commit and Push Results
# run: |
# echo "aws-auto-inventory/" >> .gitignore
# git config --local user.name "GitHub Actions"
# git config --local user.email "actions@github.com"
# mkdir -p data/json/aws
# git add data/json/aws
# git commit -m "${{ env.CI_COMMIT_MESSAGE }}" || echo "No changes to commit"
# git push origin HEAD:${{ github.ref }}
process-inventory:
needs: aws-scan
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
CI_COMMIT_MESSAGE: Processed FedRAMP AWS Inventory
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
# Step 2: Set up Python
- name: Set up Python 3.x
uses: actions/setup-python@v4
with:
python-version: '3.10'
# Step 3: Install System Dependencies
- name: Install System Dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-dev libatlas-base-dev gfortran libopenblas-dev liblapack-dev build-essential
# Step 4: Install Python Dependencies
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install --only-binary=:all: numpy==1.24.4 pandas==2.1.0 openpyxl==3.1.2
# Step 5: Run Inventory Processing
- name: Run Inventory Processing
run: |
python3 main.py
echo "${{ env.CI_COMMIT_MESSAGE }}"
# Step 6: Commit and Push Results
- name: Commit and Push Results
run: |
git config --local user.name "GitHub Actions"
git config --local user.email "actions@github.com"
mkdir -p output
git add output
git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
git push origin HEAD:${{ github.ref }}