From a8885651165fb8dea2b21164c5defd2e05c49388 Mon Sep 17 00:00:00 2001
From: YiscahLevySilas1 <yiscahls@armosec.io>
Date: Mon, 4 Mar 2024 15:57:02 +0200
Subject: [PATCH] add workflow to create release without system tests

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
---
 .../workflows/create-release-without-st.yaml  | 124 ++++++++++++++++++
 1 file changed, 124 insertions(+)
 create mode 100644 .github/workflows/create-release-without-st.yaml

diff --git a/.github/workflows/create-release-without-st.yaml b/.github/workflows/create-release-without-st.yaml
new file mode 100644
index 000000000..34f9f1597
--- /dev/null
+++ b/.github/workflows/create-release-without-st.yaml
@@ -0,0 +1,124 @@
+name: create release without system tests
+on:
+  workflow_dispatch:
+    inputs:
+      TAG:
+        description: 'Tag name'
+        required: true
+        type: string
+
+env:
+  REGO_ARTIFACT_KEY_NAME: rego_artifact
+  REGO_ARTIFACT_PATH: release
+
+jobs:
+  # build regolibrary artifacts / test rego dependencies / test rego unit-tests
+  build-and-rego-test:
+    name: Build and test rego artifacts
+    runs-on: ubuntu-latest
+    outputs:
+      NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }}
+      REGO_ARTIFACT_KEY_NAME: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_KEY_NAME }}
+      REGO_ARTIFACT_PATH: ${{ steps.set_outputs.outputs.REGO_ARTIFACT_PATH }}
+    steps:
+      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f
+        name: checkout repo content
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+
+      - id: tag-calculator
+        uses: kubescape/workflows/.github/actions/tag-action@main
+        with:
+          ORIGINAL_TAG: ${{ inputs.TAG }}
+          SUB_STRING: "-rc"
+
+      # Test using Golang OPA hot rule compilation
+      - name: Set up Go
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568
+        with:
+          go-version: '1.20'
+
+      - name: setup python
+        uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa
+        with:
+          python-version: 3.10.6
+
+      # generating subsections ids
+      - name: Update frameworks subsections
+        run: python ./scripts/generate_subsections_ids.py
+
+      # validate control-ID duplications
+      - run: python ./scripts/validations.py
+
+      # run export script to generate regolibrary artifacts
+      - run: python ./scripts/export.py
+
+      # removing release artifacts file extensions
+      - name: Strip Metadata Files Extensions
+        run: |
+          cd release
+          find -type f -name '*.json' | while read f; do mv "$f" "${f%.json}"; done
+          find -type f -name '*.csv' | while read f; do mv "$f" "${f%.csv}"; done
+
+      - run: ls -laR
+
+      - name: Set outputs
+        id: set_outputs
+        run: |
+          echo "REGO_ARTIFACT_KEY_NAME=${{ env.REGO_ARTIFACT_KEY_NAME }}" >> $GITHUB_OUTPUT
+          echo "REGO_ARTIFACT_PATH=${{ env.REGO_ARTIFACT_PATH }}" >> $GITHUB_OUTPUT
+
+      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
+        name: Upload artifact
+        with:
+          name: ${{ env.REGO_ARTIFACT_KEY_NAME }}
+          path: ${{ env.REGO_ARTIFACT_PATH }}/
+          if-no-files-found: error
+ 
+  # start release process
+  release:
+    if: ${{ (always() && (contains(needs.*.result, 'success')) && !(contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }}
+    name: create release and upload assets
+    needs: [build-and-rego-test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
+        id: download-artifact
+        with:
+          name: ${{ env.REGO_ARTIFACT_KEY_NAME }}
+          path: ${{ env.REGO_ARTIFACT_PATH }}
+
+      - name: Create Release and upload assets
+        id: create_release_upload_assets
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          name: Release ${{ needs.build-and-rego-test.outputs.NEW_TAG }}
+          tag_name: ${{ needs.build-and-rego-test.outputs.NEW_TAG }}
+          draft: false
+          fail_on_unmatched_files: true
+          prerelease: false
+          files: '${{ env.REGO_ARTIFACT_PATH }}/*'
+
+  # Update regolibrary documentation with latest controls and rules.
+  update-documentation:
+    needs: [release]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # ratchet:actions/checkout@v3.5.2
+        name: checkout repo content
+      - name: setup python
+        uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # ratchet:actions/setup-python@v4.6.0
+        with:
+          python-version: 3.8
+      - name: install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install requests
+      - name: execute upload script
+        env:
+          README_API_KEY: ${{ secrets.README_API_KEY }}
+        run: |-
+          python ./scripts/upload-readme.py
+      - name: execute docs generator script
+        run: python ./scripts/mk-generator.py # Script to generate controls library documentation
\ No newline at end of file