Merge pull request #25 from intelops/test/scsctl_cicd_integration

jegathintelops · web-flow · commit b013be63ab53 · 2023-08-23T12:17:53.000+05:30
Test/scsctl cicd integration
diff --git a/.github/workflows/scsctl_test.yml b/.github/workflows/scsctl_test.yml
@@ -0,0 +1,59 @@
+name: scsctl_test
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  container-test-job:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Pull pyroscope/pyroscope:latest image 
+      run: docker pull pyroscope/pyroscope:latest
+
+    - name: Run pyroscope 
+      run: docker run -d -it -p 4040:4040 pyroscope/pyroscope:latest server
+
+    - name: Start a local k8s cluster
+      uses: jupyterhub/action-k3s-helm@v3
+      with:
+        k3s-channel: latest
+
+    - name: Verify function of k8s, kubectl, and helm
+      run: |
+        echo "kubeconfig: $KUBECONFIG"
+        kubectl version
+        kubectl get pods --all-namespaces
+
+        helm version
+
+        # helm install falco -f custom-rules.yaml --set "falco.rules_file={/etc/falco/falco_rules.local.yaml,/etc/falco/rules.d}" --set falcoctl.artifact.install.enabled=false --set falcoctl.artifact.follow.enabled=false --set falco.json_output=true --set falco.file_output.enabled=true falcosecurity/falco
+    - name: Run falco in k3s
+      run: |
+        helm repo add falcosecurity https://falcosecurity.github.io/charts
+        helm install falco -f custom-rules.yaml --set "falco.rules_file={/etc/falco/falco_rules.local.yaml,/etc/falco/rules.d}" --set falcoctl.artifact.install.enabled=false --set falcoctl.artifact.follow.enabled=false --set falco.json_output=true --set falco.file_output.enabled=true falcosecurity/falco
+        sleep 30
+    - name: Run pyroscope in k3s
+      run: |
+        helm repo add pyroscope-io https://pyroscope-io.github.io/helm-chart
+        helm install pyroscope pyroscope-io/pyroscope
+        sleep 30
+    - name: List pods
+      run: |
+        kubectl get pods
+    - name: Install a python cli tool from test pypi  and run it
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install --upgrade build
+        python -m pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple scsctl
+    - name: Run clickhouse
+      run: |
+        docker run -d --network host --name some-clickhouse-server --ulimit nofile=262144:262144 clickhouse/clickhouse-server
+        sleep 5
+    - name: run scsctl
+      run: |
+        export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=pyroscope,app.kubernetes.io/instance=pyroscope" -o jsonpath="{.items[0].metadata.name}")
+        scsctl scan --pyroscope_app_name pyroscope.server --docker_image_name pyroscope/pyroscope:latest --pyroscope_url http://localhost:4040 --falco_pod_name $POD_NAME --falco_target_deployment_name pyroscope --db_enabled --falco_enabled --non_interactive 
diff --git a/README.md b/README.md
@@ -149,3 +149,38 @@ db_enabled: true
 falco_enabled: true
 docker_file_folder_path: /home/jegath/Documents/intelops/sps/dagflow/app/
 ```
+
+### Running the tool in ci/cd environment
+
+To run scsctl in ci/cd environment,
+1. Install scsctl from pypi
+2. Run the tool
+
+Example
+
+
+```yaml
+name: scsctl_test
+on:
+  push:
+    branches: [ main ]
+jobs:
+  container-test-job:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Pull pyroscope/pyroscope:latest image 
+      run: docker pull pyroscope/pyroscope:latest
+
+    - name: Install a python cli tool from test pypi  and run it
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install --upgrade build
+        python -m pip install scsctl
+
+    - name: run scsctl tool
+      run: |
+        scsctl scan --pyroscope_app_name pyroscope.server --docker_image_name pyroscope/pyroscope:latest --pyroscope_url https://369d-111-92-44-131.ngrok-free.app --non_interactive
+```
diff --git a/custom-rules.yaml b/custom-rules.yaml
@@ -0,0 +1,13 @@
+customRules:
+  falco_rules.yaml: |-
+    - rule: File Opened in Container
+      desc: Detect any file opened in container
+      condition: open_file_in_container
+      output: file - %fd.name type - %evt.type Deplyment name - %k8s.deployment.name time - %evt.time.iso8601
+      priority: INFO
+      tags:
+        - scsctl
+    - macro: open_file_in_container
+      condition: >
+        k8s.deployment.name startswith "pyroscope" and
+        evt.type = "openat"
