Skip to content

fix: hypervisor is not related to mitigations #568

fix: hypervisor is not related to mitigations

fix: hypervisor is not related to mitigations #568

Workflow file for this run

name: Create and Validate Atlas Playbook
on:
push:
paths:
- 'src/**'
pull_request:
paths:
- 'src/**'
env:
PACKAGE_PATH: '..\Atlas\src\playbook\Executables\AtlasModules\Packages'
SXSC_REPO: 'https://github.com/Atlas-OS/sxsc'
ZIP_PASSWORD: 'malte'
jobs:
package-build:
runs-on: windows-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
fetch-depth: 2
- name: Check for modifications & copy .yamls
id: check_modifications
run: |
$files = git diff-tree --no-commit-id --name-only -r HEAD | Where-Object { $_ -like "src/sxsc/*.yaml" }
if ($files -ne $null) {
$changes = 'true'
$configs = "..\configs"
mkdir $configs | Out-Null
foreach ($file in $files) {
Write-Output "Copying: $file"
Copy-Item $file $configs -Force
}
} else {$changes = 'false'}
echo "CBS_CHANGES=$changes" | Out-File -FilePath $Env:GITHUB_ENV -Encoding UTF8 -Append
- name: Clone the sxsc repository
id: clone_repo
run: |
git clone --depth=1 ${{ env.SXSC_REPO }}
Copy-Item -Path "configs" -Destination ".\sxsc\configs" -Recurse -Force
working-directory: ..
if: ${{ env.CBS_CHANGES == 'true' }}
- name: Build CAB
run: |
Write-Host "Installing dependencies..."
pip install -r requirements.txt | Out-Null
$packagePath = ${{ env.PACKAGE_PATH }}
mkdir $packagePath -EA SilentlyContinue | Out-Null
Get-ChildItem -Recurse "configs" -Filter *.yaml | ForEach-Object {
Write-Host "`nProcessing $($_.Name)`n------------------------------------------------------"
Copy-Item -Path $_.FullName -Destination "cfg.yaml" -Force | Out-Null
Write-Host "Generating package files..."
python sxsc.py
if ($LASTEXITCODE -ne 0) { exit 1 }
Write-Host "Building package..."
.\build.bat
Write-Host "Copying package to AtlasModules..."
Get-ChildItem -File -Recurse -Filter *.cab | ForEach-Object {
Copy-Item -Path $_.FullName -Destination $packagePath -Force
}
Write-Host "Cleaning up..."
.\clean.bat
}
working-directory: ..\sxsc
if: ${{ steps.clone_repo.outcome != 'skipped' }}
- name: Commit and push changes
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git add -A
git commit -m "feat: auto-update CAB packages ($($env:GITHUB_SHA.Substring(0, 8)))"
git push
working-directory: src\playbook\Executables\AtlasModules\Packages
if: ${{ steps.clone_repo.outcome != 'skipped' }}
build:
needs: package-build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
- name: Validate YAML files
run: 'yamllint -d "{extends: relaxed, rules: {line-length: disable, new-line-at-end-of-file: disable, trailing-spaces: disable}}" src/playbook/.'
- name: Configure playbook
id: config-playbook
if: ${{ !startsWith(github.ref, 'refs/heads/na-') }}
run: |
cd src/playbook
echo "Making playbook display as unverified (remove ProductCode) so that it is not marked as malicious..."
sed -i '/<ProductCode>/d' playbook.conf
echo "Change description of playbook..."
sed -i 's|<Description>.*<\/Description>|<Description>Experimental testing version of the Atlas Playbook, built with GitHub Actions from commit ${{ github.sha }}. Be aware of these builds being potentially unstable and buggy!</Description>|g' playbook.conf
- name: Create playbook (ZIP/APBX password is malte)
if: ${{ steps.config-playbook.outcome != 'skipped' }}
run: |
cd src/playbook
echo "Making a renamed password protected (malte) ZIP of playbook files..."
zip -r -P ${{ env.ZIP_PASSWORD }} "Atlas Playbook ${GITHUB_SHA::8}.apbx" . -x "local-build.cmd"
echo "Move the .abpx playbook into the 'Release ZIP' to be released as an artifact with the additional files..."
mv "Atlas Playbook ${GITHUB_SHA::8}.apbx" "../release-zip"
- name: Upload artifact
uses: actions/upload-artifact@v3
if: ${{ steps.config-playbook.outcome != 'skipped' }}
with:
name: Atlas Playbook
path: |
src/release-zip/*
if-no-files-found: error