Skip to content

Dstecholution patch 1 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dstecholution wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Dstecholution patch 1 #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
53064cd
Update main.yml
dstecholution Mar 24, 2023
a3176dc
Create policy.policy
dstecholution Mar 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,14 +112,20 @@ jobs:
if: steps.plan.outcome == 'failure'
run: exit 1

- name: Snyk scan
- name: Setup snyk
uses: snyk/actions/setup@master

- name: IaC Test
run: snyk iac test
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Report infrastructure costs
- name: setup infracost
uses: infracost/actions/setup@v2

- name: Report on IaC Costs
env:
INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
run: |
infracost breakdown --path=. \
--format=json \
Expand All @@ -134,8 +140,6 @@ jobs:
--compare-to=infracost-base.json \
--format=json \
--out-file=infracost.json
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}

- name: 'Sentinel Test'
uses: hashicorp/sentinel-github-actions@master
Expand All @@ -147,8 +151,6 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}



- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform apply -auto-approve
47 changes: 47 additions & 0 deletions policy/policy.policy
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
import "strings"

limitTotalDiff = rule {
float(breakdown.totalMonthlyCost) < 1500
}

awsInstances = filter breakdown.projects[0].breakdown.resources as _, resource {
strings.split(resource.name, ".")[0] is "aws_instance"
}

limitInstanceCost = rule {
all awsInstances as _, instance {
float(instance.hourlyCost) <= 2.00
}
}

instanceBaseCost = func(instance) {
cost = 0.0
for instance.costComponents as cc {
cost += float(cc.hourlyCost)
}
return cost
}

instanceIOPSCost = func(instance) {
cost = 0.0
for instance.subresources as sr {
for sr.costComponents as cc {
if cc.name == "Provisioned IOPS" {
cost += float(cc.hourlyCost)
}
}
}
return cost
}

limitInstanceIOPSCost = rule {
all awsInstances as _, instance {
instanceIOPSCost(instance) <= instanceBaseCost(instance)
}
}

main = rule {
limitTotalDiff and
limitInstanceCost and
limitInstanceIOPSCost
}