Skip to content

build-attack-destroy-azure #69

build-attack-destroy-azure

build-attack-destroy-azure #69

name: build-attack-destroy-azure
on:
workflow_dispatch: # Manually trigger the workflow
schedule:
- cron: '30 8 * * *'
jobs:
build-attack-destroy-azure:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Install System Packages
run: |
sudo apt update -qq
sudo apt install -y openssh-client
- uses: actions/setup-python@v5
with:
python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
- uses: Azure/login@v2
with:
creds: '{"clientId":"${{ secrets.CLIENT_ID }}","clientSecret":"${{ secrets.CLIENT_SECRET }}","subscriptionId":"${{ secrets.SUBSCRIPTION_ID }}","tenantId":"${{ secrets.TENANT_ID }}"}'
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.AR_SSH_PRIVATE_KEY }}
name: ar-github-actions
known_hosts: unnecessary
if_key_exists: fail
- name: Store public key
run: |
echo ${{ secrets.AR_SSH_PUBLIC_KEY }} > ~/.ssh/ar-github-actions.pub
- uses: hashicorp/setup-terraform@v3
- name: Install Packer
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install packer
- name: Install Dependencies using Poetry
run: |
pip3 install poetry
poetry install
- name: Copy Attack Range config
run: |
cp -f configs/github_actions_config_azure.yml attack_range.yml
sed -i "s/xxx/${{ secrets.SUBSCRIPTION_ID }}/g" attack_range.yml
- name: Test Terraform Build, Attack, Destroy
run: |
export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}"
export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}"
export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}"
export ARM_TENANT_ID="${{ secrets.TENANT_ID }}"
poetry run python attack_range.py build
poetry run python attack_range.py simulate --target ar-win-ar-github-actions-ar-0 --technique T1003.002
poetry run python attack_range.py destroy
- name: Cleanup terraform on failures
if: failure()
run: |
poetry run python attack_range.py destroy