{"id":21262846,"url":"https://github.com/stackql/stackql-actions-demo","last_synced_at":"2025-07-11T04:31:11.607Z","repository":{"id":104132425,"uuid":"607986996","full_name":"stackql/stackql-actions-demo","owner":"stackql","description":"GitHub Actions for using `stackql` in workflows, for more information see https://github.com/stackql/stackql and give us a ⭐ while you're there!","archived":false,"fork":false,"pushed_at":"2024-10-29T00:10:52.000Z","size":46,"stargazers_count":12,"open_issues_count":3,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-10-29T01:21:14.333Z","etag":null,"topics":["devops-tools","hacktoberfest","stackql","terraform"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace?type=\u0026verification=\u0026query=stackql+","language":"Jsonnet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stackql.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-01T04:29:35.000Z","updated_at":"2024-10-29T00:10:55.000Z","dependencies_parsed_at":"2024-10-29T01:20:29.844Z","dependency_job_id":"691d1ad2-15cd-4c1f-be1d-847f2de23b50","html_url":"https://github.com/stackql/stackql-actions-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackql%2Fstackql-actions-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackql%2Fstackql-actions-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackql%2Fstackql-actions-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackql%2Fstackql-actions-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stackql","download_url":"https://codeload.github.com/stackql/stackql-actions-demo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225674897,"owners_count":17506272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops-tools","hacktoberfest","stackql","terraform"],"created_at":"2024-11-21T04:59:31.229Z","updated_at":"2024-11-21T04:59:31.819Z","avatar_url":"https://github.com/stackql.png","language":"Jsonnet","readme":"\u003e ⚡ **Calling All Cloud/DevOps/Data/Security Enthusiasts, Hacktoberfest 2024 is here!** ⚡  \r\n\u003e Interested in contributing StackQL (SQL) GitHub Actions for **Cloud Security Posture Management (CSPM)**, **Infrastructure-as-Code (IaC) Assurance** or more?  \r\n\u003e\r\n\u003e Check out the issues and get started with your first pull request!, Let’s build something amazing together this Hacktoberfest!  \r\n\r\n💡 **Explore our repositories:** [StackQL](https://github.com/stackql/stackql), [__`stackql-exec`__](https://github.com/marketplace/actions/stackql-exec), [__`stackql-assert`__](https://github.com/marketplace/actions/stackql-assert), [StackQL Deploy](https://stackql-deploy.io/docs/), find provider documentation in the [StackQL Provider Registry Docs](https://registry.stackql.io/)  \r\n\r\n🔎 Build out example queries for [`aws`](https://aws.stackql.io/providers/aws/), [`gcp`](https://google.stackql.io/providers/google/), [`azure`](https://azure.stackql.io/providers/azure/), [`digitalocean`](https://digitalocean.stackql.io/providers/digitalocean/), [`linode`](https://linode.stackql.io/providers/linode/), [`okta`](https://okta.stackql.io/providers/okta/) and more, including multicloud queries!  \r\n\r\n---\r\n\r\n# StackQL GitHub Actions Demo\r\n\r\nThis repository demonstrates using [__StackQL__](https://github.com/stackql/stackql) with GitHub Actions.  StackQL can provision, de-provision, and perform lifecycle operations on cloud resources across all major cloud providers.  \r\n\r\nStackQL GitHub Actions include:\r\n- [__`setup-stackql`__](https://github.com/marketplace/actions/setup-stackql) : Installs the `stackql` cli on actions runners, used if you want to perform custom operations using StackQL\r\n- [__`stackql-exec`__](https://github.com/marketplace/actions/stackql-exec) : Executes a StackQL query within an Actions workflow; this could be used to provision, de-provision, or perform lifecycle operations on cloud resources (using the [`INSERT`](https://stackql.io/docs/language-spec/insert), `UPDATE`, [`DELETE`](https://stackql.io/docs/language-spec/delete), [`EXEC`](https://stackql.io/docs/language-spec/exec) methods), as well as running queries and returning results to the log, file or variable (using the [`SELECT`](https://stackql.io/docs/language-spec/select) method)\r\n- [__`stackql-assert`__](https://github.com/marketplace/actions/stackql-assert) : Used to test assertions against the results of a StackQL query, this can be used to validate the state of a resource after an IaC or lifecycle operation has been performed, or to validate the system (e.g., CSPM or compliance queries) \r\n\r\n## Prerequisites\r\n\r\nAuthentication to StackQL providers is done via environment variables source from GitHub Actions Secrets. To learn more about authentication, see the setup instructions for your provider or providers at the [StackQL Provider Registry Docs](https://registry.stackql.io/). \r\n\r\n## Demo workflow\r\n\r\nThe demo workflow in this repository is configured to run on a push to the `main` branch and performs the following steps:  \r\n\r\n```mermaid\r\nflowchart TB\r\n    1[setup StackQL\\n\u003ccode\u003e\u003cb\u003esetup-stackql\u003c/b\u003e\u003c/code\u003e]--\u003e2[dry run query\\nusing \u003ccode\u003e\u003cb\u003estackql\u003c/b\u003e\u003c/code\u003e];\r\n    2--\u003e3[deploy instances\\nusing \u003ccode\u003e\u003cb\u003estackql-exec\u003c/b\u003e\u003c/code\u003e];\r\n    3--\u003e4[stop instances\\nusing \u003ccode\u003e\u003cb\u003estackql-exec\u003c/b\u003e\u003c/code\u003e];\r\n    4--\u003e5[validate deployment\\nusing \u003ccode\u003e\u003cb\u003estackql-assert\u003c/b\u003e\u003c/code\u003e];\r\n    5--\u003e6;\r\n\r\n    subgraph \"Terraform Validation\"\r\n        6[deploy instances\\nusing \u003ccode\u003e\u003cb\u003eterraform\u003c/b\u003e\u003c/code\u003e]--\u003e7[validate deployment\\nusing \u003ccode\u003e\u003cb\u003estackql-assert\u003c/b\u003e\u003c/code\u003e];\r\n    end\r\n```\r\n\r\nWorkflow fragments are explained here:  \r\n\r\n### setup StackQL\r\n\r\nThis step uses the [__`setup-stackql`__](https://github.com/marketplace/actions/setup-stackql) action to install the `stackql` cli on the actions runner, which is then available to all subsequent steps in the job via `stackql`.  \r\n\r\n```yaml\r\n- name: setup StackQL\r\n  uses: stackql/setup-stackql@v2.2.3\r\n  with:\r\n    use_wrapper: true\r\n```\r\n\r\n### dry run StackQL query\r\n\r\nThis step demonstrates how to use the `stackql` cli (after the previous `setup-stackql` action is used) to perform a dry run of a StackQL query - which will return a rendered template of your query with all of the fields populated; this is useful for debugging and validating your queries.  \r\n\r\n```yaml\r\n- name: dry run StackQL query\r\n  shell: bash\r\n  run: |\r\n    stackql exec \\\r\n    -i ./stackql/scripts/deploy-instances/deploy-instances.iql \\\r\n    --iqldata ./stackql/data/vars.jsonnet \\\r\n    --var GOOGLE_PROJECT=${{ env.GOOGLE_PROJECT }},GOOGLE_ZONE=${{ env.GOOGLE_ZONE }} \\\r\n    --output text -H --dryrun\r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}\r\n    GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }}\r\n    GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }}    \r\n```\r\n### deploy instances using `stackql-exec`\r\n\r\nThis step demonstrates how to use the [__`stackql-exec`__](https://github.com/marketplace/actions/stackql-exec) method to perform a StackQL query; in this case, we are using the `INSERT` method to deploy instances on GCP.  \r\n\r\n```yaml\r\n- name: deploy instances using stackql-exec\r\n  uses: stackql/stackql-exec@v2.2.3\r\n  with:\r\n    query_file_path: './stackql/scripts/deploy-instances/deploy-instances.iql'\r\n    data_file_path: './stackql/data/vars.jsonnet'\r\n    vars: GOOGLE_PROJECT=${{ env.GOOGLE_PROJECT }},GOOGLE_ZONE=${{ env.GOOGLE_ZONE }}\r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}\r\n    GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }}\r\n    GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }}\r\n```\r\n\r\n### stop running instances using `stackql-exec`\r\n\r\nThis step demonstrates how to use `stackql` via the `stackql-exec` action to perform lifecycle operations using StackQL (using the `EXEC` method).  \r\n\r\n```yaml\r\n- name: stop running instances using stackql-exec\r\n  uses: stackql/stackql-exec@v2.2.3\r\n  with:\r\n    query_file_path: './stackql/scripts/stop-instances/stop-instances.iql'\r\n    data_file_path: './stackql/data/vars.jsonnet'\r\n    vars: GOOGLE_PROJECT=${{ env.GOOGLE_PROJECT }},GOOGLE_ZONE=${{ env.GOOGLE_ZONE }}    \r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} \r\n    GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }}\r\n    GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }}       \r\n```\r\n\r\n### check if we have 4 instances using `stackql-assert`\r\n\r\nThis step demonstrates how to use the [__`stackql-assert`__](https://github.com/marketplace/actions/stackql-assert) action to run a StackQL `SELECT` query and compare the actual result count with an expected result count, if there is a discrepancy then the action will fail.  \r\n\r\n```yaml\r\n- name: check if we have 4 instances using stackql-assert\r\n  uses: stackql/stackql-assert@v2.2.3\r\n  with:\r\n    test_query_file_path: './stackql/scripts/check-instances.iql'\r\n    data_file_path: './stackql/data/vars.jsonnet'\r\n    vars: GOOGLE_PROJECT=${{ env.GOOGLE_PROJECT }},GOOGLE_ZONE=${{ env.GOOGLE_ZONE }}    \r\n    expected_rows: 4\r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} \r\n    GOOGLE_PROJECT: ${{ vars.GOOGLE_PROJECT }}\r\n    GOOGLE_ZONE: ${{ vars.GOOGLE_ZONE }}    \r\n```\r\n\r\n### check `terraform` deployment using `stackql-assert`\r\n\r\nThis step demonstrates how to use the `stackql-assert` action in a `terraform` deployment pipeline to run a StackQL `SELECT` query and compare the actual result with an expected result after a `terraform` deployment.  This can test specific configuration properties of the resource (for compliance or policy enforcement) or just the existence of the resource.\r\n\r\n```yaml\r\n- name: check terraform deployment using stackql-assert\r\n  uses: stackql/stackql-assert@v2.2.3\r\n  with:\r\n    test_query_file_path: './stackql/scripts/check-terraform-instances/check-terraform-instances.iql'\r\n    expected_results_str: '[{\"name\":\"terraform-test-1\",\"name\":\"terraform-test-2\"}]'\r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} \r\n```\r\n\r\n### run a compliance (CSPM) check using `stackql-assert`\r\n\r\nThis step demonstrates how to use the `stackql-assert` action to run a compliance check in a GitHub Actions Workflow.\r\n\r\n```yaml\r\n- name: run a compliance check using stackql-assert\r\n  uses: stackql/stackql-assert@v2.2.3\r\n  with:\r\n    test_query: |\r\n      SELECT name\r\n      , JSON_EXTRACT(iamConfiguration, '$.publicAccessPrevention') as publicAccessPrevention \r\n      FROM google.storage.buckets \r\n      WHERE project = 'stackql-demo-2' \r\n      AND publicAccessPrevention = 'inherited';\r\n    expected_rows: 0\r\n  env:\r\n    GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} \r\n```\r\n\r\nSee [`.github/workflows/stackql.yml`](.github/workflows/stackql.yml) for the complete workflow file.\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackql%2Fstackql-actions-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackql%2Fstackql-actions-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackql%2Fstackql-actions-demo/lists"}