GitHub ActionsでDevSecOpsごっこ

Transcript

1. GitHub ActionsͰ DevSecOpsͬ͜͝ June 13, 2022 ୈ5ճLTձ Akira Moroo (@retrage)

2. GitHub Actions (GHA) • GitHubʹ౷߹͞Ε͍ͯΔ • ઃఆϑΝΠϧΛ഑ஔ͢Δ͚ͩ • ߏ଄Խ͞Ε͍ͯΔ •

   ࠷খ୯Ґ: step • ίϚϯυ࣮ߦ or action࣮ߦ • action͸ࣗ࡞Մೳ CI/CDαʔϏεͷ1ͭ Job Work f low Step

3. actionͷ࡞Γํ • GitHubϦϙδτϦ௚Լʹ action.yamlΛ഑ஔ • action.yaml: actionΛఆٛ • ೖྗ (▪)

   • ग़ྗ (▪) • ࣮ߦޙͷstepͰࢀরՄೳ • ࣮ߦํ๏ (▪) Yamlϙϯஔ͖Ͱ؆୯

4. actionͷछྨ ࣮ߦํ๏ʹΑͬͯ3छྨʹ෼͚ΒΕΔ • JavaScript action: JavaScriptͷΈͰهड़ • Docker container action:

   ίϯςφΛ࣮ߦ • Composite action: ࠶ར༻ՄೳͳGHA work f low (stepͷू·Γ) • Docker container action͕Ұ൪ࣗ༝౓͕ߴ͍: • 👉 ؀ڥΛด͡ࠐΊͯ͋͛Ε͹͓खܰʹDevSecOpsͬ͜͝Ͱ͖ͦ͏

5. Actionࣗ࡞ͯ͠Έͨ • ࣗ࡞UEFI SMM੩తղੳGhidraϓ ϥάΠϯΛར༻ • non-GUI GhidraΛ࣮ߦ • ೖྗ

   (▪): ղੳର৅ͷόΠφϦ • ग़ྗ (▪): ղੳ݁Ռ • ࣮ߦํ๏ (▪): Docker container

6. Actionࣗ࡞ͯ͠Έͨ • ೖྗ (▪) ͸όΠφϦ͚ͩ • ϓϩϓϥͰ΋OK • ग़ྗ (▪)

   ͸JUnit XML format • ղੳ݁Ռͷ࠶ར༻ੑ޲্ • ӈͷྫͰ͸ղੳ݁ՌΛطଘ ͷactionʹ౉͍ͯ͠Δ (▪) ޻෉ϙΠϯτ

7. Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ ղੳ݁ՌͷJUnit XML formatग़ྗ ݕग़ͨ݁͠ՌΛΤϥʔͱͯ͠ใࠂ

8. Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ JUnit XML formatͰग़ྗ͢Δ͜ͱͰۤ࿑ͤͣʹղੳ݁ՌΛCIʹ૊ΈࠐΊͨ

9. Actionࣗ࡞ͯ͠Έͨ: վળ఺ • ݡ͘ղੳ݁ՌΛग़ྗ͍ͨ͠ • ࠓճ͸ղੳϩάΛPythonͰύʔεͯ͠ແཧ΍ΓJUnit XML formatʹม׵ • ϓϥάΠϯ͕௚઀JSON/XMLΛग़ྗ͢Δ΂͖

   • ·ͱ΋ͳόΠφϦͷղੳ݁Ռදࣔػೳ͕΄͍͠ • JUnit XML format΋GHA΋ίʔυͷߦͱྻϨϕϧͷΞϊςʔγϣϯͷΈ • ؤுͬͯΤϥʔʹٯΞηϯϒϧ݁ՌΛදࣔ͢Δ͔͠ͳ͍

10. ·ͱΊ • GitHub Actions͸GitHubʹ౷߹͞ΕͨCI/CDαʔϏε • GHAͷaction͸؆୯ʹࣗ࡞Մೳ • Action͸3छྨ͋Δ͕ɺDocker container action͕Ұ൪ࣗ༝౓͕ߴ͍

    • ࣗ࡞UEFI SMM੩తղੳGhidraϓϥάΠϯͷactionΛ࡞ͬͯΈͨ • JUnit XML formatͰग़ྗ͢Δ͜ͱͰղੳ݁Ռͷ࠶ར༻ੑ͕ߴ͘ͳͬͨ • ݱঢ়Ͱ͸όΠφϦͷղੳ݁Ռදࣔ͸޻෉͕ඞཁ