Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: updates workflow approach for trestlebot testing #93

Merged
merged 4 commits into from
Sep 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 0 additions & 43 deletions .github/workflows/autofix-cd.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/create-new.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
token: ${{ steps.get_installation_token.outputs.token }}
- name: Create new component definition
id: create-cd
uses: RedHatProductSecurity/trestle-bot/actions/create-cd@v0.10.1
uses: RedHatProductSecurity/trestle-bot/actions/create-cd@main
with:
markdown_path: "markdown/components"
profile_name: ${{ github.event.inputs.import_name }}
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/linters.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
---

name: MegaLinter

on:
push:
pull_request:
branches:
- main
- main

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
Expand Down
11 changes: 0 additions & 11 deletions .github/workflows/manual-autofix.yml

This file was deleted.

11 changes: 0 additions & 11 deletions .github/workflows/manual-transform.yml

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,20 +1,22 @@
name: Transform Rules

name: Push to main
on:
workflow_call:
inputs:
branch:
required: true
type: string
push:
branches:
- main
paths:
- 'profiles/**'
- 'catalogs/**'
- 'component-definitions/**'
- 'markdown/components/**'
- 'rules/**'

# Using concurrency to ensure any branch-modifying workflows are not run at the same time.
concurrency:
group: sync-${{ inputs.branch }}
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
transform-rules:
name: Transform rules content
transform-and-sync:
name: Automatically Sync Content
runs-on: ubuntu-latest
steps:
- name: Generate app token
Expand All @@ -28,25 +30,28 @@ jobs:
- name: Clone
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
token: ${{ steps.get_installation_token.outputs.token }}
- name: Transform rules
id: transform
uses: RedHatProductSecurity/trestle-bot/actions/[email protected]
- name: AutoSync
id: autosync
uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
with:
file_pattern: "*.json,rules/*"
branch: ${{ inputs.branch }}
commit_message: "Transform rules to OSCAL [skip ci]"
markdown_path: "markdown/components"
oscal_model: "compdef"
commit_message: "Autosync component definition content [skip ci]"
commit_user_name: "trestle-bot[bot]"
commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"
- name: Regenerate component definitions
uses: RedHatProductSecurity/trestle-bot/actions/[email protected]
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
rules:
- 'rules/**'
- name: Transform
if: steps.changes.outputs.rules == 'true'
id: transform
uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main
with:
markdown_path: "markdown/components"
oscal_model: "compdef"
file_pattern: "markdown/*"
branch: ${{ inputs.branch }}
skip_assemble: true
commit_message: "Generate markdown changes [skip ci]"
commit_message: "Auto-transform rules [skip ci]"
commit_user_name: "trestle-bot[bot]"
commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"
52 changes: 52 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Release

on:
workflow_dispatch:
inputs:
version:
description: 'Release version'
required: true

jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Generate app token
uses: tibdex/[email protected]
id: get_installation_token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.PRIVATE_KEY }}
permissions: >-
{"contents": "write"}
- name: Clone
uses: actions/checkout@v4
with:
token: ${{ steps.get_installation_token.outputs.token }}
- name: Autosync
uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
with:
markdown_path: "markdown/components"
oscal_model: "compdef"
commit_message: "Update content for release [skip ci]"
commit_user_name: "trestle-bot[bot]"
commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"
version: ${{ github.event.inputs.version }}
- name: Create and push tags
env:
VERSION: ${{ github.event.inputs.version }}
run: |
git tag "${VERSION}"
git push origin "${VERSION}"
- name: Create Release
uses: actions/github-script@v7
with:
github-token: ${{ steps.get_installation_token.outputs.token }}
script: |
await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: '${{ github.event.inputs.version }}',
name: 'Release v${{ github.event.inputs.version }}',
generate_release_notes: true,
})
18 changes: 0 additions & 18 deletions .github/workflows/transform-on-push.yml

This file was deleted.

74 changes: 74 additions & 0 deletions .github/workflows/update-external-components.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Transform and update OSCAL content

on:
workflow_dispatch:
inputs:
cac-reference:
description: 'Compliance as Code git reference'
required: true
default: 'master'

jobs:
create:
name: Create content
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel
- name: Checkout
uses: actions/checkout@v4
with:
repository: ComplianceAsCode/content
ref: ${{ github.event.inputs.cac-reference }}
- name: Install deps python
run: pip install pcre2 -r requirements.txt -r test-requirements.txt
- name: Build
run: |-
./build_product ocp4
./utils/rule_dir_json.py
./utils/oscal/build_cd_from_policy.py -o build/ocp4.json -p fedramp_rev5_high -pr ocp4 -c nist_ocp4:high
env:
PYTHONPATH: ${{ github.workspace }}
- name: Create artifacts
uses: actions/upload-artifact@v4
with:
name: trestle-content
path: build/ocp4.json

update:
name: Update content
needs: create
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
container:
image: quay.io/continuouscompliance/trestle-bot:v0.10.1
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: trestle-content
path: /tmp
- name: Import Trestle content
run: |
rm -rf component-definitions/ocp4/
trestle import -f /tmp/ocp4.json -o ocp4
- name: Update content
uses: peter-evans/[email protected]
with:
base: main
branch: "oscal-update-${{ github.run_id }}"
delete-branch: true
commit-message: "Update OSCAL content from CaC"
title: "Update OSCAL content from CaC"
body: |
Updates to transformed OCP4 component definitions from CaC.

Auto-generated by GitHub Actions.
add-paths: |
component-definitions/
5 changes: 2 additions & 3 deletions .github/workflows/update-profiles.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
token: ${{ steps.get_installation_token.outputs.token }}
- name: Update from upstream repo
id: sync_upstreams
uses: RedHatProductSecurity/trestle-bot/actions/sync-upstreams@v0.10.1
uses: RedHatProductSecurity/trestle-bot/actions/sync-upstreams@main
with:
branch: "sync-upstream-${{ github.run_id }}"
target_branch: "main"
Expand All @@ -40,7 +40,7 @@ jobs:
https://github.com/RedHatProductSecurity/oscal-profiles@${{ github.event.inputs.ref }}
- name: Regenerate component definitions
if: ${{ steps.sync_upstreams.outputs.commit }}
uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.10.1
uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
with:
markdown_path: "markdown/components"
oscal_model: "compdef"
Expand All @@ -50,4 +50,3 @@ jobs:
commit_message: "Generate markdown changes [skip ci]"
commit_user_name: "trestle-bot[bot]"
commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"

Loading