Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/turbot/steampipe-action-setup
Set up your GitHub Actions workflow with Steampipe and plugin connections
https://github.com/turbot/steampipe-action-setup
github-actions hacktoberfest steampipe
Last synced: 3 months ago
JSON representation
Set up your GitHub Actions workflow with Steampipe and plugin connections
- Host: GitHub
- URL: https://github.com/turbot/steampipe-action-setup
- Owner: turbot
- License: apache-2.0
- Created: 2022-06-12T14:23:18.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-04-08T00:58:22.000Z (7 months ago)
- Last Synced: 2024-04-13T23:18:03.017Z (7 months ago)
- Topics: github-actions, hacktoberfest, steampipe
- Language: JavaScript
- Homepage: https://steampipe.io
- Size: 1.34 MB
- Stars: 11
- Watchers: 11
- Forks: 0
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Setup Steampipe for GitHub Actions
This action installs [Steampipe](https://github.com/turbot/steampipe/) and optionally installs plugins and creates plugin connection configurations.
## Usage
See [action.yml](action.yml).
## Examples
### Install the latest version Steampipe
```yaml
- name: Install Steampipe
uses: turbot/steampipe-action-setup@v1
```
### Install a specific version of Steampipe
```yaml
- name: Install Steampipe v0.19.4
uses: turbot/steampipe-action-setup@v1
with:
steampipe-version: 0.19.4
```
> For available Steampipe versions refer to [Steampipe Releases](https://github.com/turbot/steampipe/releases).
### Configure multiple AWS connections
```yaml
- name: Setup Steampipe
uses: turbot/steampipe-action-setup@v1
with:
plugin-connections: |
connection "aws_prod" {
plugin = "aws"
access_key = "${{ secrets.AWS_ACCESS_KEY_ID_PROD }}"
secret_key = "${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}"
regions = ["us-east-1", "us-west-2"]
}
connection "aws_dev" {
plugin = "aws"
access_key = "${{ secrets.AWS_ACCESS_KEY_ID_DEV }}"
secret_key = "${{ secrets.AWS_SECRET_ACCESS_KEY_DEV }}"
regions = ["*"]
}
- name: Run queries
run: |
steampipe query "select account_id from aws_prod.aws_account"
steampipe query "select account_id from aws_dev.aws_account"
```
### Install a specific plugin version
```yaml
- name: Setup Steampipe
uses: turbot/steampipe-action-setup@v1
with:
plugin-connections: |
connection "net" {
plugin = "[email protected]"
}
- name: Run query
run: steampipe query "select issuer from net_certificate where domain = 'github.com'"
```
### Create connections using JSON
```yaml
- name: Setup Steampipe
uses: turbot/steampipe-action-setup@v1
with:
plugin-connections: |
{
"connection": {
"aws": {
"plugin": "aws",
"profile": "default",
"regions": ["us-east-1", "eu-west-1"]
},
"github": {
"plugin": "github",
"token": "${{ secrets.GITHUB_TOKEN }}"
}
}
}
- name: Run query
run: steampipe query "select name from aws_s3_bucket"
```
## Advanced Examples
### Run local controls
```yaml
steps:
- uses: actions/checkout@v3
- uses: turbot/steampipe-action-setup@v1
with:
steampipe-version: 'latest'
plugin-connections: |
connection "github" {
plugin = "github"
token = "${{ secrets.GITHUB_TOKEN }}"
}
connection "scalingo" {
plugin = "francois2metz/scalingo"
type = "aggregator"
connections = ["scalingo2", "scalingo3"]
}
connection "scalingo2" {
plugin = "francois2metz/scalingo"
token = "${{ secrets.SCALINGO_TOKEN }}"
regions = ["osc-fr1"]
}
connection "scalingo3" {
plugin = "francois2metz/scalingo"
token = "${{ secrets.SCALINGO_SECNUM_TOKEN }}"
regions = ["osc-fr1", "osc-secnum-fr1"]
}
- name: Run checks
id: checks
continue-on-error: true
run: steampipe check all --progress=false --export=results.md
- name: Output markdown to the step
run: cat results.md >> $GITHUB_STEP_SUMMARY
- name: Exit
if: ${{ steps.checks.outcome == 'failure' }}
run: exit 1
```
Run local controls and post failure on slack with a [custom control output template](https://steampipe.io/docs/develop/writing-control-output-templates).
The template must be installed before. It's available in the [templates directory](./templates).
```yaml
steps:
- uses: actions/checkout@v3
- uses: turbot/steampipe-action-setup@v1
with:
steampipe-version: 'latest'
plugin-connections: |
connection "github" {
plugin = "github"
token = "${{ secrets.GITHUB_TOKEN }}"
}
connection "scalingo" {
plugin = "francois2metz/scalingo"
type = "aggregator"
connections = ["scalingo2", "scalingo3"]
}
connection "scalingo2" {
plugin = "francois2metz/scalingo"
token = "${{ secrets.SCALINGO_TOKEN }}"
regions = ["osc-fr1"]
}
connection "scalingo3" {
plugin = "francois2metz/scalingo"
token = "${{ secrets.SCALINGO_SECNUM_TOKEN }}"
regions = ["osc-fr1", "osc-secnum-fr1"]
}
- name: Install slack output template
run: |
mkdir -p ~/.steampipe/check/templates/slack
cp slackoutput.tmpl ~/.steampipe/check/templates/slack/output.tmpl
sed -i s/##RUN_ID##/${{ github.run_id }}/ ~/.steampipe/check/templates/slack/output.tmpl
sed -i s/##SERVER_URL##/${{ github.server_url }}/ ~/.steampipe/check/templates/slack/output.tmpl
sed -i s/##REPOSITORY##/${{ github.repository }}/ ~/.steampipe/check/templates/slack/output.tmpl
- name: Run checks
id: checks
continue-on-error: true
run: steampipe check all --progress=false --export=results.md --export=results.slack
- name: Output markdown to the step
run: cat results.md >> $GITHUB_STEP_SUMMARY
- name:
run: |
echo "STEAMPIPE_OUTPUT<> $GITHUB_ENV
cat results.slack >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Post to a Slack channel
if: ${{ steps.checks.outcome == 'failure' }}
uses: slackapi/[email protected]
with:
channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
payload: |
${{ env.STEAMPIPE_OUTPUT }}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
- name: Exit
if: ${{ steps.checks.outcome == 'failure' }}
run: exit 1
```
## Helpful Links
- [Steampipe docs](https://steampipe.io/docs)
- [Steampipe plugins](https://hub.steampipe.io/plugins)