plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,18 @@
|
||||
# Implementation Plan: Pulumi Crossguard
|
||||
|
||||
## Objective
|
||||
Implement the Pulumi Crossguard policy enforcement step as a parallel task in the DAG.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `scan-crossguard`.
|
||||
- Depend on the `clone-repo` task.
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Expect Pulumi credentials and cloud provider credentials (e.g., AWS/GCP) to be injected via Infisical as environment variables (using the initContainer logic).
|
||||
- Run `pulumi preview --policy-pack <path>` inside the `/workspace`.
|
||||
- Capture the output and convert/save it into a structured JSON/SARIF format at `/workspace/reports/crossguard.json`.
|
||||
- Ensure the task exits successfully (`|| true`) to allow Phase 3 aggregation.
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `scan-crossguard` template to the `ClusterWorkflowTemplate`.
|
||||
2. Configure the Infisical initContainer to wait for Pulumi and Cloud credentials.
|
||||
3. Wire it into the DAG alongside the other scanners.
|
||||
Reference in New Issue
Block a user