Updated paths and corrections #50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Checks | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - 'playbooks/**' | |
| jobs: | |
| Required_files: | |
| name: Checking for required files | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| - name: List all changed files | |
| env: | |
| MODIFIED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} | |
| run: | | |
| for file in "${{ env.MODIFIED_FILES }}"; do | |
| echo "$file was changed" | |
| done | |
| echo "MODIFIED_FILES=${{ env.MODIFIED_FILES }}" >> $GITHUB_ENV | |
| - name: Get the list of assessment tools | |
| run: | | |
| tools=$(cat /home/runner/work/besecure-playbooks-store/besecure-playbooks-store/.github/scripts/assessment_tools.txt | tr '\n' '|') | |
| tools=${tools%|} | |
| echo "ASSESSMENT_TOOLS=$(echo "$tools")" >> $GITHUB_ENV | |
| - run: echo "${{ env.ASSESSMENT_TOOLS }}" | |
| - name: Check if steps file present | |
| run: | | |
| steps_flag=false | |
| for file in ${{ env.MODIFIED_FILES }}; do | |
| if (echo $file | grep -E "${{ env.ASSESSMENT_TOOLS }}" | grep '\-playbook\.sh$') | |
| then | |
| tool_name=$(echo "$file" | cut -d "-" -f 2) | |
| version=$(echo "$file" | cut -d "-" -f 3) | |
| if ! (echo "${{ env.MODIFIED_FILES }}" | grep "besman-$tool_name-$version-steps" || ls -R . | grep "besman-$tool_name-$version-steps"); then | |
| steps_flag=true | |
| echo -e "\e[31mCould not find steps file for \e[33mbesman-$tool_name-$version-playbook.sh\e[31m" | |
| fi | |
| fi | |
| done | |
| if [[ $steps_flag == true ]] | |
| then | |
| exit 1 | |
| fi | |
| File_Name_Standard: | |
| name: Check for file naming convention | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| - name: List all changed files | |
| env: | |
| MODIFIED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} | |
| run: | | |
| for file in "${MODIFIED_FILES}"; do | |
| echo "$file was changed" | |
| done | |
| echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV | |
| - name: Print files | |
| run: echo "${{ env.MODIFIED_FILES }}" | |
| - name: Get the list of assessment tools | |
| run: | | |
| tools=$(cat /home/runner/work/besecure-playbooks-store/besecure-playbooks-store/.github/scripts/assessment_tools.txt | tr '\n' '|') | |
| tools=${tools%|} | |
| echo "ASSESSMENT_TOOLS=$(echo "$tools")" >> $GITHUB_ENV | |
| - name: Print the list of required tools | |
| run: echo "Required tools= ${{ env.ASSESSMENT_TOOLS }}" | |
| - name: Check playbook naming convention | |
| run: | | |
| file_flag=false | |
| for file in ${{env.MODIFIED_FILES}}; do | |
| if [[ $file =~ playbooks\/(.*)-(.*)-(.*)-((playbook\.sh)|(steps\.(sh|md|ipynb)))$ ]]; then | |
| file_name=$(echo $file | cut -d "/" -f 2) | |
| if ! [[ $file_name =~ ^besman-(${{ env.ASSESSMENT_TOOLS }})-[0-9]+\.[0-9]+\.[0-9]+-((playbook\.sh)|(steps\.(sh|md|ipynb)))$ ]]; then | |
| echo -e "\e[31mThe file \e[33m$file_name \e[31m does not match standard naming convention.\e[0m" | |
| file_flag=true | |
| fi | |
| fi | |
| done | |
| if [[ $file_flag == true ]] | |
| then | |
| exit 1 | |
| fi | |
| Check_if_metadata_update: | |
| name: Checking for playbook in metadata | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| - name: List all changed files | |
| env: | |
| MODIFIED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} | |
| run: | | |
| for file in "${MODIFIED_FILES}"; do | |
| echo "$file was changed" | |
| done | |
| echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV | |
| - name: Print files | |
| run: echo "${{ env.MODIFIED_FILES }}" | |
| - name: Get the list of assessment tools | |
| run: | | |
| tools=$(cat /home/runner/work/besecure-playbooks-store/besecure-playbooks-store/.github/scripts/assessment_tools.txt | tr '\n' '|') | |
| tools=${tools%|} | |
| echo "ASSESSMENT_TOOLS=$(echo "$tools")" >> $GITHUB_ENV | |
| - name: Print the list of required tools | |
| run: echo "Required tools= ${{ env.ASSESSMENT_TOOLS }}" | |
| - name: Install jq | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install jq -y | |
| - name: Check for metadata file | |
| run: | | |
| metadata_json_path="" | |
| if echo "${{ env.MODIFIED_FILES }}" | grep -q "playbook-metadata.json"; then | |
| metadata_json_path="playbook-metadata.json" | |
| else | |
| metadata_json_path="/home/runner/work/besecure-playbooks-store/besecure-playbooks-store/playbook-metadata.json" | |
| fi | |
| echo "metadata_json_path=$metadata_json_path" | |
| json_flag=false | |
| for file in ${{env.MODIFIED_FILES}}; do | |
| found="" | |
| if [[ $file =~ ^playbooks\/(.*)-(.*)-(.*)-playbook\.sh$ ]]; then | |
| name=$(echo $file | cut -d "/" -f 2 | cut -d "-" -f 2) | |
| version=$(echo $file | cut -d "/" -f 2 | cut -d "-" -f 3) | |
| found=$(cat "$metadata_json_path" | jq --arg name "$name" --arg version "$version" '.playbooks[] | select(.name == $name and .version == $version)') | |
| if [[ -z $found ]]; then | |
| echo -e "\e[31mPlaybook \e[33m$file \e[31m with version \e[33m$version \e[31m not found in $metadata_json_path\e[0m" | |
| json_flag=true | |
| fi | |
| fi | |
| done | |
| if [[ $json_flag == true ]] | |
| then | |
| exit 1 | |
| fi | |
| Required_functions: | |
| name: Checking for required functions | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v44 | |
| - name: List all changed files | |
| env: | |
| MODIFIED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} | |
| run: | | |
| for file in "${MODIFIED_FILES}"; do | |
| echo "$file was changed" | |
| done | |
| echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV | |
| - name: Print files | |
| run: echo "${{ env.MODIFIED_FILES }}" | |
| - name: Get the list of required functions | |
| id: get_functions | |
| run: | | |
| functions=$(cat .github/scripts/playbook_functions.txt) | |
| echo "PLAYBOOK_FUNCTIONS=$(echo "$functions" | tr '\n' ' ')" >> $GITHUB_ENV | |
| - name: Get the list of assessment tools | |
| run: | | |
| tools=$(cat .github/scripts/assessment_tools.txt | tr '\n' '|') | |
| tools=${tools%|} | |
| echo "ASSESSMENT_TOOLS=$(echo "$tools")" >> $GITHUB_ENV | |
| - name: Print the list of required functions | |
| run: echo "Required functions= ${{ env.PLAYBOOK_FUNCTIONS }}" | |
| - name: Print the list of required tools | |
| run: echo "Required tools= ${{ env.ASSESSMENT_TOOLS }}" | |
| - name: Check for required functions | |
| run: | | |
| function_flag=false | |
| for file in ${{ env.MODIFIED_FILES }};do | |
| # Check if the file ends with "-playbook.sh" | |
| if [[ $file =~ playbooks\/(.*)-(.*)-(.*)-playbook\.sh ]]; then | |
| for f in ${{ env.PLAYBOOK_FUNCTIONS }}; do | |
| if ! grep -q -w "function $f" $file | |
| then | |
| echo -e "\e[31mMissing function \e[33m$f\e[31m in \e[33m$file\e[0m" | |
| function_flag=true | |
| fi | |
| done | |
| if [[ $function_flag == true ]] | |
| then | |
| exit 1 | |
| fi | |
| fi | |
| done | |