Skip to content

Use in CI-CD pipelines

GitHub

An example GitHub workflow to generate an inventory from cloud resources is this:

name: Generate cloud inventory

on:
  # replace the trigger with whatever fit your use case
  push:

jobs:
  infra-inspector:
    name: Generate inventory
    runs-on: ubuntu-latest
    # replace the tag here with the specified version you want to use
    container: ghcr.io/infra-inspector/infra-inspector:latest
    steps:
      # We are generating the inventory config, but you might want to check it
      # out from a repository
      - name: Create inspector config
        uses: 1arp/create-a-file-action@0.4.5
        with:
          path: /opt/infra-inspector
          isAbsolutePath: true
          file: inventory-config.yml
          content: |
            awsAccounts:
              - regions:
                  - regionName: us-west-2
                    services:
                      rdsEnabled: true
                      elbEnabled: true
                      mskEnabled: true
                      elasticacheEnabled: true
                      openSearchEnabled: true
                      transitGatewayEnabled: true
      # We are using an access key for simplicity reason, but please refer to
      # the documentation of your cloud provider for the best practices
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2
      # Generate the inventory using the config from the previous step
      - name: Generate inventory
        run: infra-inspector inventory -c /opt/infra-inspector/inventory-config.yml -o /output/inventory.yml
      # We are simply showing the inventory content in the workflow output log,
      # but you might want to save it as an artifact or publish it somewhere
      - name: Output inventory
        run: cat /output/inventory.yml
      # Optionally you can take the inventory generated above and create the
      # related diagram

The first thing to notice is that we are running the workflow in a container, using the infra-inspector image. Here we are using the latest version, but in production environment is recommended to fix the tag.

The steps to perform are:

  1. Checkout the configuration needed to create the inventory; in this example above we are simply generating it, for simplicity reason, but you might want to check it out from a repository;
  2. Configure the cloud credentials; in the example above we are using an AWS acccess key, but please refer to the specific cloud provider documentation for the best practices and the recommended approach;
  3. Generate the inventory;
  4. Output the inventory or store it; in the example above we are simply logging the inventory content to the standard output, but you might want to publish it somewhere or story it as CI artifact
  5. (Optional) Generate the diagram from the inventory and store it.