Merge pull request #2 from evankanderson/minder_set_up_iac_with_minder

Set up IaC with Minder
evankanderson · Aug 29, 2024 · 09f3f29 · 09f3f29
2 parents 1fd0344 + d20a003
commit 09f3f29
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/.github/workflows/minder-iac.yml b/.github/workflows/minder-iac.yml
@@ -0,0 +1,36 @@
+name: Minder Apply IaC repo
+
+on:
+  push:
+    branches:
+    - main
+
+jobs:
+  apply-iac:
+    runs-on: ubuntu-latest
+    name: Apply Minder Policies And RuleTypes
+    steps:
+      - name: Fetch ID token
+        run: |
+          set -x -e
+          echo $GITHUB_TOKEN
+          URL="${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=minder"
+          curl -o .action-token -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" $URL
+          echo "MINDER_AUTH_TOKEN=$(jq -r .value <.action-token)" >> "$GITHUB_ENV"
+      - name: Install cosign to verify Minder
+        uses: sigstore/[email protected]
+      - name: Install Minder Client
+        uses: stacklok/minder-client-installer@main
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - name: Apply Minder ruletypes
+        env:
+          MINDER_PROJECT: 14ac1534-e81a-4060-b4b8-bff2f1ee076a
+          # Very temporary!  My ngrok endpoint
+          MINDER_GRPC_SERVER_PORT: 13401
+          MINDER_GRPC_SERVER_HOST: 0.tcp.us-cal-1.ngrok.io
+          MINDER_GRPC_SERVER_INSECURE: true
+        run: |
+          minder ruletype apply -f ./rule-types
+          # Minder ruletype apply takes a directory, but profile apply does not!!
+          minder profile apply -f ./profiles/enable-auto-apply.yaml