add new wf

elastic · Aug 28, 2024 · 49ef779 · 49ef779
1 parent e2448ec
commit 49ef779
Show file tree

Hide file tree

Showing 3 changed files with 268 additions and 153 deletions.
diff --git a/.ci/scripts/set_cloud_env_params.sh b/.ci/scripts/set_cloud_env_params.sh
@@ -47,3 +47,21 @@ echo "KSPM_PUBLIC_IP=$KSPM_PUBLIC_IP" >>"$GITHUB_ENV"
 CSPM_PUBLIC_IP=$(terraform output -raw ec2_cspm_public_ip)
 echo "::add-mask::$CSPM_PUBLIC_IP"
 echo "CSPM_PUBLIC_IP=$CSPM_PUBLIC_IP" >>"$GITHUB_ENV"
+
+if [ "${TF_VAR_cdr_infra:-}" == "true" ]; then
+    ec2_cloudtrail_public_ip=$(terraform output -raw ec2_cloudtrail_public_ip)
+    echo "::add-mask::$ec2_cloudtrail_public_ip"
+    echo "CLOUDTRAIL_PUBLIC_IP=$ec2_cloudtrail_public_ip" >>"$GITHUB_ENV"
+
+    ec2_cloudtrail_key=$(terraform output -raw ec2_cloudtrail_key)
+    echo "::add-mask::$ec2_cloudtrail_key"
+    echo "CLOUDTRAIL_KEY=$ec2_cloudtrail_key" >>"$GITHUB_ENV"
+
+    az_vm_activity_logs_public_ip=$(terraform output -raw az_vm_activity_logs_public_ip)
+    echo "::add-mask::$az_vm_activity_logs_public_ip"
+    echo "ACTIVITY_LOGS_PUBLIC_IP=$az_vm_activity_logs_public_ip" >>"$GITHUB_ENV"
+
+    az_vm_activity_logs_key=$(terraform output -raw az_vm_activity_logs_key)
+    echo "::add-mask::$az_vm_activity_logs_key"
+    echo "ACTIVITY_LOGS_KEY=$az_vm_activity_logs_key" >>"$GITHUB_ENV"
+fi
diff --git a/.github/workflows/cdr-infra.yml b/.github/workflows/cdr-infra.yml
@@ -0,0 +1,37 @@
+name: Create CDR Infrastructure
+run-name: Creating ${{ github.event.inputs.deployment_name }} by @${{ github.actor }}
+
+on:
+  # Ability to execute on demand
+  workflow_dispatch:
+    inputs:
+      deployment-name:
+        type: string
+        description: |
+          Name with letters, numbers, hyphens; start with a letter. Max 20 chars. e.g., 'my-env-123'
+        required: true
+      elk-stack-version:
+        required: true
+        description: "The version of the ELK stack: For BC use version without hash 8.x.y, for SNAPSHOT use 8.x.y-SNAPSHOT"
+        default: "8.16.0"
+        type: string
+      docker-image-override:
+        required: false
+        description: "Provide the full Docker image path to override the default image (e.g. for testing BC/SNAPSHOT)"
+        type: string
+
+jobs:
+  deploy:
+    uses: ./.github/workflows/test-environment.yml
+    secrets: inherit
+    # Required for the 'Deploy' job in the 'test-environment.yml' to authenticate with Google Cloud (gcloud).
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    with:
+      deployment_name: ${{ inputs.deployment-name }}
+      # For now, the region is not used because it's overridden in the tf, but it's here for future compatibility.
+      ess-region: "gcp-us-west2"
+      elk-stack-version: ${{ inputs.elk-stack-version }}
+      serverless_mode: false
+      cdr-infra: true