Feat/actions (#127)

Ankit-clouddrove · web-flow · commit c138c5a7443d · 2024-03-01T14:46:41.000-05:00
diff --git a/.github/workflows/AWSSSMSendCommand.yml b/.github/workflows/AWSSSMSendCommand.yml
@@ -0,0 +1,84 @@
+---
+name: "run remote bash commands without ssh"
+on:
+  workflow_call:
+    inputs:
+      command:
+        required: false
+        description: "Specify the Bash command to be executed"
+        type: string
+      working-directory:
+        required: false
+        description: "Specify the location for command execution"
+        type: string
+      slack_username:
+        description: "It is the name displayed to others in Message on Slack channel"
+        required: false
+        type: string
+      slack_footer:
+        description: "Additional information or context often placed at the bottom of a message in Slack"
+        required: false
+        type: string
+      slack_icon:
+        description: "The visual representation associated with a user or a group on Slack"
+        required: false
+        type: string
+      slack_message:
+        description: "The content or information you want to share on Slack, which is a messaging platform."
+        required: false
+        type: string
+      slack_color:
+        description: "The visual styling applied to elements within a message or interface on Slack."
+        required: false
+        type: string
+      slack-notification:
+        description: "Sending a brief message to a designated Slack channel."
+        default: false
+        type: string
+    secrets:
+      AWS_REGION:
+        required: true
+        description: "Specify the AWS region where the EC2 instance is located"
+      AWS_ACCESS_KEY_ID:
+        required: true
+        description: "Provide the AWS access key ID for authentication"
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+        description: "Provide the AWS secret access key for authentication"
+      INSTANCE_ID:
+        required: true
+        description: "Specify the AWS EC2 instance ID or IDs"
+      SLACK_WEBHOOK_URL:
+        required: false
+        description: "Specify Slack Incoming Webhook URL"
+jobs:
+  ssm-send-commands:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Execute Remote Command via AWS SSM
+        uses: peterkimzz/aws-ssm-send-command@master
+        id: ssm
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          instance-ids: ${{ secrets.INSTANCE_ID }}
+          working-directory: ${{ inputs.working-directory }}
+          command: |-
+            ${{ inputs.command }}
+
+      - name: Slack notification
+        if: ${{ inputs.slack-notification == 'true' && always() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_MESSAGE: ${{ inputs.slack_message }}
+          SLACK_ICON: ${{ inputs.slack_icon }}
+          SLACK_USERNAME: ${{ inputs.slack_username }}
+          SLACK_FOOTER: ${{ inputs.slack_footer }}
+          SLACK_COLOR: ${{ job.status }}
+          slack-notification: ${{ inputs.slack-notification }}
+...
diff --git a/.github/workflows/RemoteSSHCommand.yml b/.github/workflows/RemoteSSHCommand.yml
@@ -0,0 +1,111 @@
+---
+name: "remote ssh command"
+on:
+  workflow_call:
+    inputs:
+      port:
+        description: "Specify the SSH port number for the remote connection."
+        type: string
+        default: "22"
+      sync:
+        description: "Enable synchronous execution when dealing with multiple hosts."
+        type: string
+        required: false
+      timeout:
+        description: "Timeout duration for establishing an SSH connection to the host."
+        type: string
+        default: "30s"
+        required: false
+      command_timeout:
+        description: "Timeout duration for executing SSH commands."
+        type: string
+        default: "10m"
+        required: false
+      script:
+        description: "Specify the commands to be executed on the remote host."
+        required: false
+        type: string
+      script_stop:
+        description: "Stop the script after the first failure."
+        type: string
+        default: false
+      envs:
+        description: "Specify environment variables to be passed to the remote shell script."
+        type: string
+      debug:
+        description: "Enable debug mode for additional logging."
+        type: string
+        default: false
+      request_pty:
+        description: "Request a pseudo-terminal from the server."
+        type: string
+        default: false
+      slack_username:
+        description: "It is the name displayed to others in Message on Slack channel"
+        required: false
+        type: string
+      slack_footer:
+        description: "Additional information or context often placed at the bottom of a message in Slack"
+        required: false
+        type: string
+      slack_icon:
+        description: "The visual representation associated with a user or a group on Slack"
+        required: false
+        type: string
+      slack_message:
+        description: "The content or information you want to share on Slack, which is a messaging platform."
+        required: false
+        type: string
+      slack_color:
+        description: "The visual styling applied to elements within a message or interface on Slack."
+        required: false
+        type: string
+      slack-notification:
+        description: "sending a brief message to a designated Slack channel."
+        default: false
+        type: string
+    secrets:
+      PRIVATE_SSH_KEY:
+        description: "Private SSH Key for secure communication with the server."
+        required: true
+      HOST:
+        description: "Public IP address of the server for remote access."
+        required: true
+      USERNAME:
+        description: "Username for authentication on the remote system or service."
+        required: true
+      SLACK_WEBHOOK_URL:
+        description: Specify Slack Incoming Webhook URL
+        required: false
+jobs:
+  ssh-action:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+
+      - name: executing remote ssh commands using ssh key
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          key: ${{ secrets.PRIVATE_SSH_KEY }}
+          port: ${{ inputs.port }}
+          envs: ${{ inputs.envs }}
+          request_pty: ${{ inputs.request_pty }}
+          script: |
+            ${{ inputs.script }}
+
+      - name: slack notification
+        if: ${{ inputs.slack-notification == 'true' && always() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_MESSAGE: ${{ inputs.slack_message }}
+          SLACK_ICON: ${{ inputs.slack_icon }}
+          SLACK_USERNAME: ${{ inputs.slack_username }}
+          SLACK_FOOTER: ${{ inputs.slack_footer }}
+          SLACK_COLOR: ${{ job.status }}
+          slack-notification: ${{ inputs.slack-notification }}
+...
diff --git a/.github/workflows/docker-scanner.yml b/.github/workflows/docker-scanner.yml
@@ -7,6 +7,15 @@ on:
       severity:
         required: true
         type: string
+      dockerfile-path:
+        required: false
+        type: string
+        default: ./Dockerfile
+        description: dockerfile path
+      security-upload:
+        default: false
+        type: string
+        description: "Enable image scan report upload to GitHub Security tab."
 
 jobs:
   build-image:
@@ -32,6 +41,7 @@ jobs:
           load: true  #  Export to Docker Engine rather than pushing to a registry
           tags: ${{ github.sha }}
           platforms: linux/amd64
+          file: ${{inputs.dockerfile-path}}
 
       - name: Docker Scan with trivy (non-blocking)
         uses: aquasecurity/trivy-action@master
@@ -44,6 +54,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
+        if: ${{ inputs.security-upload == 'true' }}
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/README.md b/README.md
@@ -61,12 +61,14 @@ Above example is just a simple example to call workflow from github shared workf
    * [Example for terraform checks with digitalocean cloud](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-checks.md#example-for-terraform-checks-with-digitalocean-cloud)
 6. [Terraform Lint Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-lint.md)
 7. [Terraform Checks Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-checks.md)
-7. [Checkov Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/checkov.md)
-8. [Terraform Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform_workflow.md)
-9. [Infracost workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/infracost.md)
-10. [ Deploy Cloudformation Stack workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/deploy-cloudformation.md)
-11. [ Deploy Cloudformation Stackset workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/deploy-cloudformation-stackset.md)
-12. [ Readme Generation workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/readme.md)
+8. [Checkov Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/checkov.md)
+9. [Terraform Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform_workflow.md)
+10. [Infracost workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/infracost.md)
+11. [ Deploy Cloudformation Stack workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/deploy-cloudformation.md)
+12. [ Deploy Cloudformation Stackset workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/deploy-cloudformation-stackset.md)
+13. [ Readme Generation workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/readme.md)
+14. [ AWS SSM Send Command workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/AWSSSMSendCommand.md)
+15. [ Remote SSH Command workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/RemoteSSHCommand.md)
 
 ## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com).
diff --git a/docs/AWSSSMSendCommand.md b/docs/AWSSSMSendCommand.md
@@ -0,0 +1,49 @@
+## Running the bash commands on ec2 instance without SSH
+
+## Requirements
+
+- To utilize this action, you must configure your IAM user with the AWS IAM Role "AmazonSSMFullAccess".
+- EC2 instance needs to be associated with an IAM Role that includes the "AmazonSSMFullAccess" policy.
+
+
+#### [running bash command without ssh workflow](https://github.com/clouddrove/github-shared-workflows/blob/feat/docker-scanner/.github/workflows/AWSSSMsendCommand.yml)
+
+- This workflow is used to run the bash commands on Ec2 instance without ssh and Send the Notification to the particular slack channel after the completion of github-action using the Slack Webhook url.
+
+#### Usage
+
+- This action helps you to execute remote bash command for AWS EC2 instance without SSH or other accessing. Also send the Notification to Slack channel after the completion of GitHub-action whether its (Pass, fail or cancelled.)
+
+#### Example for running the bash commands on ec2 instance without SSH and send notification to Slack channel.
+
+````yaml
+name: Bash commands without ssh
+permissions:
+  contents: read
+  packages: write
+  pull-requests: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  bash-commands-without-ssh:
+    uses: clouddrove/github-shared-workflows/.github/workflows/AWSSSMSendCommand.yml@master
+    with:
+      working-directory: # Specify the working directory for the job
+      slack_message: # Message to be sent to Slack
+      slack_icon: # Icon for Slack message
+      slack_username: # Username for Slack message
+      slack_footer: # Footer for Slack message
+      slack_color: # Color for Slack message
+      slack-notification: # Enable or disable Slack notifications (example 'true' or 'false')
+      command: |- 
+      # Add your bash commands here
+     
+    secrets:
+      AWS_REGION:  # AWS region for authentication
+      AWS_ACCESS_KEY_ID: # AWS access key ID for authentication
+      AWS_SECRET_ACCESS_KEY: # AWS secret access key for authentication
+      INSTANCE_ID: # ID of the instance for the bash commands
+      SLACK_WEBHOOK_URL: # Webhook URL for sending messages to Slack          
+````      
diff --git a/docs/RemoteSSHCommand.md b/docs/RemoteSSHCommand.md
@@ -0,0 +1,45 @@
+## Running the bash commands on ec2 instance using private ssh key
+
+#### [running bash command with ssh workflow](https://github.com/clouddrove/github-shared-workflows/blob/feat/docker-scanner/.github/workflows/RemoteSSHCommand.yml)
+
+- This workflow is used to run the bash commands on Ec2 instance using the private ssh key and Send the Notification to the particular slack channel after the completion of github-action using the Slack Webhook url.
+
+#### Usage
+
+- This workflow is designed to run all the bash commands on Ec2 instance using the private ssh key and also send the Notification to Slack channel after the completion of GitHub-action whether its Pass, fail or cancelled.
+
+#### Example for running the bash commands on ec2 instance using private ssh key and send notification to Slack channel.
+
+````yaml
+name: Bash-commands with ssh Workflow
+permissions:
+  contents: read
+  packages: write
+  pull-requests: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  ssh-commands:
+    uses: clouddrove/github-shared-workflows/.github/workflows/RemoteSSHCommand.yml@master
+    with:
+      port: # your_ssh_port
+      timeout: # your_timeout_in_seconds
+      command_timeout: # your_command_timeout_in_seconds
+      slack_message: # your_slack_notification_message
+      slack_icon: # your_slack_icon_url
+      slack_username: # your_slack_username 
+      slack_footer: # your_slack_footer
+      slack_color: # your_slack_color
+      slack-notification: # Enable or disable Slack notifications (example 'true' or 'false')
+      script: |-
+       # Add your bash commands here
+    
+    secrets:
+      HOST: # Hostname or IP address of the EC2 instance
+      PRIVATE_SSH_KEY: # Private SSH key for authenticating with the EC2 instance
+      USERNAME: # SSH username for connecting to the EC2 instance
+      SLACK_WEBHOOK_URL: # Slack Webhook URL for sending notifications
+      
+````      
