-
Notifications
You must be signed in to change notification settings - Fork 124
123 lines (123 loc) · 4.91 KB
/
content-artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
on:
push:
branches:
- main
- develop
paths:
- 'src/**'
- 'oscal'
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch:
branches:
- main
- develop
name: Process Content Artifacts
env:
OSCAL_DIR_PATH: oscal
CICD_DIR_PATH: oscal/build/ci-cd
CONTENT_CONFIG_PATH: src/config
JAVA_CLASSPATH: ${{ github.workspace}}/lib
SAXON_VERSION: 9.9.0-1
HOME_REPO: usnistgov/oscal-content
jobs:
validate-and-publish-content:
name: Check, Convert and Validate Content
runs-on: ubuntu-20.04
steps:
# use this if checkout needs to be authenticated
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
if: github.repository == env.HOME_REPO && github.ref == 'refs/heads/main'
with:
path: git-content
submodules: recursive
token: ${{ secrets.COMMIT_TOKEN }}
# use this if checkout is anonymous
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
if: github.repository != env.HOME_REPO || github.ref != 'refs/heads/main'
with:
path: git-content
submodules: recursive
- name: Set env
run: |
echo "SAXON_HOME=${JAVA_CLASSPATH}" >> $GITHUB_ENV
echo "CALABASH_HOME=${JAVA_CLASSPATH}" >> $GITHUB_ENV
- name: Update APT package metadata
run: |
sudo rm -rf /var/lib/apt/lists/* && sudo apt-get update
- name: Install APT dependencies
run: |
sudo apt-get install libxml2-utils
- name: Set up NodeJS
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
with:
node-version-file: git-content/${{ env.OSCAL_DIR_PATH }}/build/.nvmrc
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
- name: Setup Dependencies
run: |
# NodeJS
# If you are a developer and need to modify the workflow, be sure to review
# the package.json and package-lock.json to ensure the following deps are
# at least installed (they will be updated by dependabot):
# - ajv-cli
# - ajv-formats
# - markdown-link-check
# - yaml-convert
npm ci
echo "$PWD/node_modules/.bin/" >> $GITHUB_PATH
working-directory: git-content/${{ env.OSCAL_DIR_PATH }}/build
- name: Set up JDK
uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b
with:
java-version: 11
distribution: 'temurin'
cache: 'maven'
- name: Install JDK Deps Saxon and XML Calabash
run: |
mkdir -p "${JAVA_CLASSPATH}"
mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
working-directory: git-content/${{ env.OSCAL_DIR_PATH }}/build
- name: Set up Python 3.x
uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
with:
python-version: '3.8'
architecture: 'x64'
cache: 'pip'
cache-dependency-path: |
git-content/${{ env.CICD_DIR_PATH }}/python/requirements.txt
- name: Install Python dependencies
run: |
pip install -r requirements.txt
working-directory: git-content/${{ env.CICD_DIR_PATH }}/python
- name: Validate Content
run:
# mkdir -p "${OSCAL_BUILD_DIR_PATH}"
bash "${GITHUB_WORKSPACE}/git-content/${CICD_DIR_PATH}/validate-content.sh" -o "${GITHUB_WORKSPACE}/git-content/${OSCAL_DIR_PATH}" -a "${GITHUB_WORKSPACE}/git-content" -c "${GITHUB_WORKSPACE}/git-content/${CONTENT_CONFIG_PATH}"
# job-copy-and-convert-content
- name: Auto-convert Content
run:
bash "${GITHUB_WORKSPACE}/git-content/${CICD_DIR_PATH}/copy-and-convert-content.sh" -o "${GITHUB_WORKSPACE}/git-content/${OSCAL_DIR_PATH}" -a "${GITHUB_WORKSPACE}/git-content" -c "${GITHUB_WORKSPACE}/git-content/${CONTENT_CONFIG_PATH}" -w "${GITHUB_WORKSPACE}/git-content" --resolve-profiles
- name: Zip Artifacts for Upload
if: always()
run: |
zip ${{ runner.temp }}/generated-content.zip -r .
working-directory: ${{ github.workspace }}
- uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
if: always()
with:
name: generated-content
path: |
${{ runner.temp }}/generated-content.zip
retention-days: 5
- name: Publish Artifacts
# only do this on main
if: github.repository == env.HOME_REPO && github.ref == 'refs/heads/main'
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a
with:
repository: git-content
push_options: --force
commit_message: Publishing auto-converted artifacts
commit_user_name: OSCAL GitHub Actions Bot
commit_user_email: [email protected]
commit_author: OSCAL GitHub Actions Bot <[email protected]>