rprakashg.github.io

Home

About

Archive

author-pic

RAM GOPINATHAN

RAM GOPINATHAN

Writing about my journey in the world of kubernetes, servicemesh and distributed systems in general
HomeResumeArchiveContact

Running roxctl commands from github actions workflows

Published on January 23, 2024 by Ram Gopinathan

If you are a kubernetes developer and you are using Github and Red Hat Advanced Cluster Security for kubernetes, you are going to find yourselves having to run roxctl from your CICD pipelines. If you are not familiar with roxctl, it's is a command line utility provided with Red Hat Advanced Cluster security for Kubernetes that you can use within your CICD pipelines to do things like running container vulnerability scans, container compliance checks based on system policies stored in RHACS, build time network policy generation and many other features. These tools aren't installed on github runners by default and you are going to have to download and install this yourself within your CICD pipelines. I found myself doing this over and over for various demos I worked on and decided to write a custom action to do just that.

Here is the Github repository for the setup-roxctl action.

Usage

- uses: rprakashg-redhat/setup-roxctl@main
  with:
    # Version of roxctl to be downloaded
    # Default: latest
    version: ""

This action is written in typescript and will download platform specific version of the roxctl cli. Input to this action is version which is optional. If you do not specify any value the action will download the latest version of roxctl cli. Below are few sample usage Scenarios

Download latest version

- uses: rprakashg-redhat/setup-roxctl@main
  with:
    version: "latest"

Download specific version (4.3.4)

- uses: rprakashg-redhat/setup-roxctl@main
  with:
    version: "4.3.4"

I've included an example workflow in the repo where you can see the action live. Below you can find the full yaml for the workflow.

name: example
on:
  workflow_dispatch:
    inputs:
      version:
        description: Version of roxctl to setup
        type: string
        default: "latest"
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: setup roxctl
        id: setup-roxctl
        uses: ./
        with:
          version: ${{ inputs.version }}
      - name: verify
        run: |
          ./roxctl version
          ./roxctl help

Check out the output from the most recent run for the example to see this in a live environment

Hope this helps,

As always please reach out to me if you have any questions about this post via any of the contact methods listed here.

Thanks, Ram