job added

.github/workflows/action.yaml

@@ -46,12 +46,15 @@ on:
 
 env:
   REPO: public.ecr.aws/k9v9d5v2
-  CHART_NAME: accuknox-cis-k8s
-  CHART_PATH: ./accuknox-cis-k8s
-  CHART_REVISION_NAME: accuknox-cis-k8s
+  CHART_NAME_K8S: accuknox-cis-k8s
+  CHART_PATH_K8S: ./accuknox-cis-k8s
+  CHART_REVISION_NAME_K8S: accuknox-cis-k8s
   CHART_NAME_K8TLS: accuknox-k8tls-job
   CHART_PATH_K8TLS: ./accuknox-k8tls-job
   CHART_REVISION_NAME_K8TLS: accuknox-k8tls-job
+  CHART_NAME_KIEM: accuknox-kiem-job
+  CHART_PATH_KIEM: ./accuknox-kiem-job
+  CHART_REVISION_NAME_KIEM: accuknox-kiem-job
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} 
   AWS_REGION: us-east-1
@@ -67,7 +70,7 @@ jobs:
        version: ${{ github.ref_name }}
 
 
-  chart-validate:
+  chart-validate-k8s:
     runs-on: ubuntu-latest
     if: always() && !contains(needs.tag-validate.result, 'failure')
     needs: [tag-validate]
@@ -77,8 +80,8 @@ jobs:
     - name: Validate helm chart 
       uses: accuknox/common-gh-actions/actions/helm-check@main
       with:
-        chart-path: ${{ env.CHART_PATH }}        
-        revision-name: ${{ env.CHART_REVISION_NAME }}         
+        chart-path: ${{ env.CHART_PATH_K8S }}        
+        revision-name: ${{ env.CHART_REVISION_NAME_K8S }}         
 
   chart-validate-k8tls:
     runs-on: ubuntu-latest
@@ -91,19 +94,32 @@ jobs:
       uses: accuknox/common-gh-actions/actions/helm-check@main
       with:
         chart-path: ${{ env.CHART_PATH_K8TLS }}        
-        revision-name: ${{ env.CHART_REVISION_NAME_K8TLS }}         
+        revision-name: ${{ env.CHART_REVISION_NAME_K8TLS }}  
 
-  chart-push:
+  chart-validate-kiem:
+    runs-on: ubuntu-latest
+    if: always() && !contains(needs.tag-validate.result, 'failure')
+    needs: [tag-validate]
+    steps:
+    - name: Checkout source
+      uses: accuknox/common-gh-actions/actions/checkout-source@main 
+    - name: Validate helm chart 
+      uses: accuknox/common-gh-actions/actions/helm-check@main
+      with:
+        chart-path: ${{ env.CHART_PATH_KIEM }}        
+        revision-name: ${{ env.CHART_REVISION_NAME_KIEM}}         
+
+  chart-push-k8s:
     runs-on: ubuntu-latest 
-    needs: [chart-validate]
+    needs: [chart-validate-k8s]
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
     - name: Checkout source
       uses: accuknox/common-gh-actions/actions/checkout-source@main 
     - name: Push helm chart to ECR
       uses: accuknox/common-gh-actions/actions/helm-push@main
       with:
-        chart-path: ${{ env.CHART_PATH }}
+        chart-path: ${{ env.CHART_PATH_K8S }}
         version: ${{ github.ref_name }}
         ecr-region: ${{ env.AWS_REGION }}
         ecr-repo: ${{ env.REPO }}
@@ -123,4 +139,20 @@ jobs:
         version: ${{ github.ref_name }}
         ecr-region: ${{ env.AWS_REGION }}
         ecr-repo: ${{ env.REPO }}
+        type: public
+
+  chart-push-kiem:
+    runs-on: ubuntu-latest 
+    needs: [chart-validate-kiem]
+    if: startsWith(github.ref, 'refs/tags/v')
+    steps:
+    - name: Checkout source
+      uses: accuknox/common-gh-actions/actions/checkout-source@main 
+    - name: Push helm chart to ECR
+      uses: accuknox/common-gh-actions/actions/helm-push@main
+      with:
+        chart-path: ${{ env.CHART_PATH_KIEM }}
+        version: ${{ github.ref_name }}
+        ecr-region: ${{ env.AWS_REGION }}
+        ecr-repo: ${{ env.REPO }}
         type: public

accuknox-cis-k8s/templates/cis-job.yaml

@@ -13,7 +13,7 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ["curl --location --request POST 'https://$ENV_URL/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true'" --header "Authorization: Bearer $AUTH_TOKEN" --form 'file=@"./data/report.json"']
+            args: ["curl --location --request POST 'https://$ENV_URL/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true' --header 'Authorization: Bearer $AUTH_TOKEN' --form 'file=@\"./data/report.json\"'"]
             name: accuknox-cis-cronjob
             resources: {}
             env: