forked from owaspsamm/core
-
Notifications
You must be signed in to change notification settings - Fork 1
107 lines (107 loc) · 3.89 KB
/
yaml-process.yml
File metadata and controls
107 lines (107 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Generate Web Markdown
on:
push:
paths:
- '.github/workflows/*.yml'
- 'model/**/*.yml'
tags:
- '*'
workflow_dispatch:
inputs:
release:
description: 'Generate Web Markdown for this SAMM release'
required: true
type: string
workflow_call:
inputs:
release:
required: true
type: string
release_name:
required: true
type: string
external_call:
default: true
required: false
type: boolean
jobs:
lintModelv20:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: yaml-lint
run: |
yamllint -c .yamllint -f github model
generate-markdown:
runs-on: ubuntu-latest
needs: lintModelv20
steps:
- name: 'Checkout using release is workflow dispatched or workflow call (reused from other workflow)'
if: github.event_name == 'workflow_dispatch' || inputs.external_call
uses: actions/checkout@v3
with:
ref: ${{ inputs.release }}
- name: 'Checkout from ref when push'
if: github.event_name == 'push'
uses: actions/checkout@v3
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
- name: 'Set release env var from workflow dispatched'
if: github.event_name == 'push'
run: |
echo "release_name=${GITHUB_REF_SLUG}" >> $GITHUB_ENV
- name: 'Checkout using release is workflow dispatched'
if: github.event_name == 'workflow_dispatch'
run: |
echo "release_name=${{ inputs.release }}" >> $GITHUB_ENV
- name: 'Checkout using release is workflow call (reused from other workflow)'
if: inputs.external_call
run: |
echo "release_name=${{ inputs.release_name }}" >> $GITHUB_ENV
- name: 'Create output dir and copy files to override spaces in directories'
run: |
mkdir output
- name: 'Generate model for website'
uses: docker://backnot/owasp-samm-process-yaml-content:latest
with:
args: '-d model -o output'
- name: 'Move generated files to common directory structure'
run: |
mkdir -p build/business-function/practice/stream
BASE=output/markdown
cp "$BASE"/{Design.md,Governance.md,Implementation.md,Operations.md,Verification.md} build/business-function
cp "$BASE"/*-??-?.md build/business-function/practice/stream
cp "$BASE"/*-??.md build/business-function/practice
- name: Deploy
uses: s0/git-publish-subdir-action@develop
env:
REPO: self
BRANCH: markdown/${{ env.release_name }}
FOLDER: build
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SQUASH_HISTORY: true
# after changing something, we need to trigger the website build
trigger-website-build:
if: (github.event_name == 'push' && github.ref_type == 'tag') || inputs.external_call || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
needs: generate-markdown
steps:
- name: 'Decide if version comes from push'
if: github.event_name == 'push'
run: |
echo "release_name=${{ github.ref_name }}" >> $GITHUB_ENV
- name: 'Decide if version comes from workflow dispatch'
if: github.event_name == 'workflow_dispatch'
run: |
echo "release_name=${{ inputs.release }}" >> $GITHUB_ENV
- name: 'Decide if version comes from release (workflow call)'
if: inputs.external_call
run: |
echo "release_name=${{ inputs.release_name }}" >> $GITHUB_ENV
- name: Trigger Website Dispatch
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.OWASP_SAMM_WEBSITE_TOKEN }}
repository: owaspsamm/website
event-type: samm-core-released
client-payload: '{"release": "${{ env.release_name }}"}'