diff --git a/.github/actions/get_service_guides/README.md b/.github/actions/get_service_guides/README.md index 15464caba..4047d343f 100644 --- a/.github/actions/get_service_guides/README.md +++ b/.github/actions/get_service_guides/README.md @@ -4,13 +4,13 @@ This action retrieves the recommendations described in [Well-Architected Service ## Inputs -## `service` +## `services` -**Optional** Service whose service guide will be downloaded (leave blank for all service guides). Default `""`. +**Optional** Service(s) whose service guide will be downloaded (leave blank for all service guides). You can specify multiple comma-separated values. Default `""`. ## `output_folder` -**Optional** File where the new checklist will be stored. Default `"./checklists"`. +**Optional** Folder where the new checklists will be stored. Default `"./checklists-ext"`. ## `verbose` @@ -23,4 +23,4 @@ uses: ./.github/actions/get_service_guides with: output_file: './checklists' service: 'Azure Kubernetes Service' -``` \ No newline at end of file +``` diff --git a/.github/actions/get_service_guides/action.yml b/.github/actions/get_service_guides/action.yml index cd20ad6b5..d621a2db3 100644 --- a/.github/actions/get_service_guides/action.yml +++ b/.github/actions/get_service_guides/action.yml @@ -2,14 +2,14 @@ name: 'Get WAF service guide recommendations' description: 'Get recommendations from the Well-Architected service guides' inputs: - service: - description: 'Service for which to get the recommendations' + services: + description: 'Services for which to get the recommendations' required: false default: '' output_folder: description: 'Output folder where the resulting recommendations will be stored' required: false - default: './checklists' + default: './checklists-ext' verbose: description: 'Verbose output, true/false' required: false diff --git a/.github/actions/get_service_guides/entrypoint.py b/.github/actions/get_service_guides/entrypoint.py index 25d0932e1..5598b0dfc 100644 --- a/.github/actions/get_service_guides/entrypoint.py +++ b/.github/actions/get_service_guides/entrypoint.py @@ -56,10 +56,14 @@ # The script has been modified to be run from a github action with positional parameters # 1. Output folder -# 2. Service +# 2. Service (CSV supported) # 3. Verbose try: - args_service = sys.argv[1] + args_service = sys.argv[1].lower() + if len(args_service) > 0: + args_service_list = args_service.split(',') + # Remove leading and trailing spaces + args_service_list = [x.split() for x in args_service_list] except: args_service = '' try: @@ -216,7 +220,7 @@ def get_waf_service_guide_recos(): service = service.replace('.md', '') service = service.replace('-', ' ') service = service.title() - if (len(args_service) == 0) or (args_service.lower() == service.lower()): + if (len(args_service) == 0) or (service.lower() in args_service_list): if (args_verbose): print("DEBUG: Service {0} in service guide '{1}' matching input service {2}...".format(service, file_path, args_service)) svcguide_url = f'https://raw.githubusercontent.com/{github_org}/{github_repo}/main/' + file_path if (args_verbose): print("DEBUG: Found service guide '{0}' for service '{1}'".format(file_path, service)) @@ -342,8 +346,9 @@ def compare_recos(waf_recos, checklist_recos, minimum_similarity=0.5): if (len(args_output_checklist_folder) > 0): # Check that the output folder is a valid directory if os.path.isdir(args_output_checklist_folder): - # First, create a list with all the services + # First, create a list with all the services in the recommendations services = list(set([x['service'] for x in waf_recos])) + waf_pillars = list(set([{'name': x['waf']} for x in waf_recos])) for service in services: # Only export recommendations! service_recos = [x for x in waf_recos if x['service'] == service and x['type'] == 'recommendation'] @@ -351,8 +356,8 @@ def compare_recos(waf_recos, checklist_recos, minimum_similarity=0.5): service_checklist = { 'items': service_recos, 'categories': (), - 'waf': ({'name': 'resiliency'}, {'name': 'cost'}, {'name': 'performance'}, {'name': 'operations'}, {'name': 'security'}), - 'yesno': ({'name': 'yes'}, {'name': 'no'}), + 'waf': waf_pillars, + 'yesno': ({'name': 'Yes'}, {'name': 'No'}), 'metadata': { 'name': f'{service} Service Guide', 'waf': 'all', @@ -369,6 +374,24 @@ def compare_recos(waf_recos, checklist_recos, minimum_similarity=0.5): store_json(service_checklist, service_filename) # Print a message if (args_verbose): print("DEBUG: Exported {0} recos (only recommendations and not design checks are exported) to filename {1}".format(len(service_recos), service_filename)) + # Finally, export the full file + full_checklist = { + 'items': waf_recos, + 'categories': (), + 'waf': waf_pillars, + 'yesno': ({'name': 'Yes'}, {'name': 'No'}), + 'metadata': { + 'name': f'{service} Service Guide', + 'waf': 'all', + 'state': 'preview', + 'timestamp': datetime.date.today().strftime("%B %d, %Y") + + } + } + full_checklist_filename = os.path.join(args_output_checklist_folder, 'wafsg_checklist.en.json') + store_json(service_checklist, full_checklist_filename) + if (args_verbose): print("DEBUG: Exported {0} recos (only recommendations and not design checks are exported) to filename {1}".format(len(waf_recos), full_checklist_filename)) + else: print("ERROR: Output folder {0} is not a valid directory".format(args_output_checklist_folder)) else: diff --git a/.github/workflows/get_waf_sg.yml b/.github/workflows/get_waf_sg.yml index b7db80a5f..73065ac02 100644 --- a/.github/workflows/get_waf_sg.yml +++ b/.github/workflows/get_waf_sg.yml @@ -9,19 +9,12 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 - # Get AKS service guide recos - - name: Retrieve the AKS WAF service guide + # Get service guide recos + - name: Retrieve the WAF service guides uses: ./.github/actions/get_service_guides with: - service: 'Azure Kubernetes Service' - output_folder: './checklists-ext' - verbose: 'true' - # Get Azure Firewall service guide recos - - name: Retrieve the Azure Firewall WAF service guide - uses: ./.github/actions/get_service_guides - with: - service: 'Azure Firewall' - output_folder: './checklists-ext' + services: 'Azure Kubernetes Service, Azure Firewall, ExpressRoute' + output_file: './checklists-ext/wafsg_checklist.en.json' verbose: 'true' # Create a PR - name: Create pull request