refactor(Atlas-Defender-Remover): improve comment #536
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create and Validate Atlas Playbook | |
on: | |
push: | |
paths: | |
- 'src/**' | |
pull_request: | |
paths: | |
- 'src/**' | |
jobs: | |
package-build: | |
runs-on: windows-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
fetch-depth: 2 | |
- name: Check for modifications & copy .yamls | |
id: check_modifications | |
run: | | |
$files = git diff-tree --no-commit-id --name-only -r HEAD | Where-Object { $_ -like "src/sxsc/*.yaml" } | |
if ($files -ne $null) { | |
$changes = 'true' | |
$configs = "..\configs" | |
mkdir $configs | Out-Null | |
foreach ($file in $files) { | |
Write-Output "Copying: $file" | |
Copy-Item $file $configs -Force | |
} | |
} else {$changes = 'false'} | |
echo "CBS_CHANGES=$changes" | Out-File -FilePath $Env:GITHUB_ENV -Encoding UTF8 -Append | |
- name: Clone the sxsc repository | |
id: clone_repo | |
run: | | |
git clone --depth=1 https://github.com/Atlas-OS/sxsc | |
Copy-Item -Path "configs" -Destination ".\sxsc\configs" -Recurse -Force | |
working-directory: .. | |
if: ${{ env.CBS_CHANGES == 'true' }} | |
- name: Build CAB | |
run: | | |
Write-Host "Installing dependencies..." | |
pip install -r requirements.txt | Out-Null | |
$packagePath = "..\Atlas\src\playbook\Executables\AtlasModules\Packages" | |
mkdir $packagePath -EA SilentlyContinue | Out-Null | |
Get-ChildItem -Recurse "configs" -Filter *.yaml | ForEach-Object { | |
Write-Host "`nProcessing $($_.Name)`n------------------------------------------------------" | |
Copy-Item -Path $_.FullName -Destination "cfg.yaml" -Force | Out-Null | |
Write-Host "Generating package files..." | |
python sxsc.py | |
if ($LASTEXITCODE -ne 0) { exit 1 } | |
Write-Host "Building package..." | |
.\build.bat | |
Write-Host "Copying package to AtlasModules..." | |
Get-ChildItem -File -Recurse -Filter *.cab | ForEach-Object { | |
Copy-Item -Path $_.FullName -Destination $packagePath -Force | |
} | |
Write-Host "Cleaning up..." | |
.\clean.bat | |
} | |
working-directory: ..\sxsc | |
if: ${{ steps.clone_repo.outcome != 'skipped' }} | |
- name: Commit and push changes | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "GitHub Action" | |
git add -A | |
git commit -m "feat: auto-update CAB packages ($($env:GITHUB_SHA.Substring(0, 8)))" | |
git push | |
working-directory: src\playbook\Executables\AtlasModules\Packages | |
if: ${{ steps.clone_repo.outcome != 'skipped' }} | |
build: | |
needs: package-build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
- name: Validate YAML files | |
run: 'yamllint -d "{extends: relaxed, rules: {line-length: disable, new-line-at-end-of-file: disable, trailing-spaces: disable}}" src/playbook/.' | |
- name: Configure playbook | |
id: config-playbook | |
if: ${{ !startsWith(github.ref, 'refs/heads/na-') }} | |
run: | | |
cd src/playbook | |
echo "Making playbook display as unverified (remove ProductCode) so that it is not marked as malicious..." | |
sed -i '/<ProductCode>/d' playbook.conf | |
echo "Change description of playbook..." | |
sed -i 's|<Description>.*<\/Description>|<Description>Experimental testing version of the Atlas Playbook, built with GitHub Actions from commit ${{ github.sha }}. Be aware of these builds being potentially unstable and buggy!</Description>|g' playbook.conf | |
- name: Create playbook (ZIP/APBX password is malte) | |
if: ${{ steps.config-playbook.outcome != 'skipped' }} | |
run: | | |
cd src/playbook | |
echo "Making a renamed password protected (malte) ZIP of playbook files..." | |
zip -r -P malte "Atlas Playbook ${GITHUB_SHA::8}.apbx" . -x "local-build.cmd" | |
echo "Move the .abpx playbook into the 'Release ZIP' to be released as an artifact with the additional files..." | |
mv "Atlas Playbook ${GITHUB_SHA::8}.apbx" "../release-zip" | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
if: ${{ steps.config-playbook.outcome != 'skipped' }} | |
with: | |
name: Atlas Playbook | |
path: | | |
src/release-zip/* | |
if-no-files-found: error |