Compliance Evaluation #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Compliance Evaluation | |
| on: | |
| # Manual trigger | |
| workflow_dispatch: | |
| inputs: | |
| flavor: | |
| type: string | |
| description: "Flavor of the source package to test" | |
| required: true | |
| # Triggered by pull-request-conditionals.yaml | |
| workflow_call: | |
| inputs: | |
| flavor: | |
| type: string | |
| description: "Flavor of the source package to test" | |
| required: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| evaluate: | |
| runs-on: ubuntu-latest | |
| name: Evaluate | |
| continue-on-error: true | |
| # env: | |
| # UDS_PKG: ${{ inputs.package }} | |
| steps: | |
| # Used to execute the uds run command | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Environment setup | |
| uses: ./.github/actions/setup | |
| - name: review compliance directory | |
| run: ls -al ./compliance/ | |
| shell: bash | |
| - name: remove overlapping file | |
| run: rm ./compliance/oscal-assessment-results.yaml | |
| shell: bash | |
| - name: Download assessment | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: ${{ inputs.flavor }}-assessment-results | |
| path: ./compliance | |
| - name: review compliance directory again | |
| run: ls -al ./compliance/ | |
| shell: bash | |
| - name: Evaluate compliance | |
| id: compliance-evaluation | |
| run: uds run test-compliance-evaluate --no-progress | |
| # steps in this action only run when there has been a previous failure - will indicate success thereafter | |
| # need to think about how much noise this could create - noise currently = good | |
| - name: Notify Lula Team of Compliance Assessment Results | |
| if: ${{ always() }} | |
| uses: ./.github/actions/notify-lula | |
| with: | |
| state: ${{ steps.compliance-evaluation.outcome }} | |
| flavor: ${{ inputs.flavor }} | |
| ghToken: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload Evaluated Assessment | |
| uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
| with: | |
| name: ${{ inputs.flavor }}-assessment-results | |
| path: ./compliance/oscal-assessment-results.yaml | |
| overwrite: true |