Improve rule file_permissions_ungroupowned for use in bootable containers #11738
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SRG Mapping Table | |
on: | |
push: | |
branches: [ 'master' ] | |
pull_request: | |
branches: [ 'master', 'stabilization*', 'oscal-update-*' ] | |
merge_group: | |
branches: [ 'master' ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
generate-data: | |
name: SRG Mapping Table | |
runs-on: ubuntu-latest | |
container: | |
image: fedora:latest | |
env: | |
PAGES_DIR: __srg_mapping | |
steps: | |
- name: Install Deps | |
run: dnf install -y cmake git ninja-build openscap-utils python3-pyyaml python3-jinja2 python3-pytest ansible-lint libxslt python3-pip rsync python3-setuptools | |
- name: Install deps python | |
run: pip3 install pandas openpyxl | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- name: Setup Build | |
run: cmake .. -G Ninja | |
working-directory: ./build | |
- name: Build | |
run: ninja -j2 rhel10 rhel9 ocp4 | |
working-directory: ./build | |
- name: Build rule dir json | |
run: python3 utils/rule_dir_json.py | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Create data directory | |
run: mkdir -p $PAGES_DIR | |
- name: Generate XLSX for OCP4 | |
run: python3 utils/create_srg_export.py -c controls/srg_ctr.yml -p ocp4 -m shared/references/disa-ctr-srg-v1r3.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-ocp4.xlsx --prefer-controls | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Generate HTML for OCP4 | |
run: python3 utils/create_srg_export.py -c controls/srg_ctr.yml -p ocp4 -m shared/references/disa-ctr-srg-v1r3.xml --out-format html --output $PAGES_DIR/srg-mapping-ocp4.html --prefer-controls | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Generate XLSX for RHEL9 | |
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel9 -m shared/references/disa-os-srg-v3r1.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-rhel9.xlsx | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Generate HTML for RHEL9 | |
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel9 -m shared/references/disa-os-srg-v3r1.xml --out-format html --output $PAGES_DIR/srg-mapping-rhel9.html | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Generate XLSX for RHEL10 | |
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel10 -m shared/references/disa-os-srg-v3r1.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-rhel10.xlsx | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- name: Generate HTML for RHEL10 | |
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel10 -m shared/references/disa-os-srg-v3r1.xml --out-format html --output $PAGES_DIR/srg-mapping-rhel10.html | |
env: | |
PYTHONPATH: ${{ github.workspace }} | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-rhel9.xlsx | |
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel9.xlsx | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-rhel9.html | |
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel9.html | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-rhel10.xlsx | |
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel10.xlsx | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-rhel10.html | |
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel10.html | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-ocp4.xlsx | |
path: ${{ env.PAGES_DIR }}/srg-mapping-ocp4.xlsx | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
name: srg-mapping-ocp4.html | |
path: ${{ env.PAGES_DIR }}/srg-mapping-ocp4.html | |
- name: Generate HTML pages | |
run: utils/generate_html_index_srg_mapping.sh $PAGES_DIR "rhel10 rhel9 ocp4" # add more products to this list to generate their index | |
shell: bash | |
- name: Configure git to trust the workspace despite the different owner | |
run: | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Deploy | |
if: ${{ github.event_name == 'push' && github.repository == 'ComplianceAsCode/content' }} | |
uses: JamesIves/github-pages-deploy-action@881db5376404c5c8d621010bcbec0310b58d5e29 # v4.6.8 | |
with: | |
branch: main # The branch the action should deploy to. | |
folder: ${{ env.PAGES_DIR }} # The folder the action should deploy. | |
target-folder: srg_mapping | |
clean: false | |
repository-name: ComplianceAsCode/content-pages | |
single-commit: true | |
token: ${{ secrets.CONTENT_PAGES_TOKEN }} | |
git-config-name: openscap-ci | |
git-config-email: openscap-ci@gmail.com | |