зеркало из
https://github.com/ceios/ceios.git
synced 2025-10-30 04:26:04 +02:00
169 строки
5.3 KiB
YAML
169 строки
5.3 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags:
|
|
- 'v*'
|
|
pull_request:
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pages: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
attack_flow_builder:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '19'
|
|
- name: Install dependencies
|
|
working-directory: ./src/attack_flow_builder/
|
|
run: npm ci
|
|
- name: Build
|
|
working-directory: ./src/attack_flow_builder/
|
|
env:
|
|
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
|
|
NODE_OPTIONS: "--openssl-legacy-provider"
|
|
run: npm run build
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: attack_flow_builder
|
|
path: src/attack_flow_builder/dist/
|
|
|
|
comment_flow_links:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/github-script@v6
|
|
if: github.event_name == 'pull_request'
|
|
env:
|
|
PR_NUMBER: ${{ github.event.number }}
|
|
with:
|
|
script: |
|
|
const { PR_NUMBER, GITHUB_SHA } = process.env;
|
|
const builderUrl = "https://center-for-threat-informed-defense.github.io/attack-flow/ui/?src=";
|
|
const baseRawUrl = "https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-flow"
|
|
const response = await github.rest.pulls.listFiles({
|
|
"owner": "center-for-threat-informed-defense",
|
|
"repo": "attack-flow",
|
|
"pull_number": PR_NUMBER,
|
|
"per_page": 50,
|
|
"page": 1,
|
|
});
|
|
const bullets = [];
|
|
for (const file of response.data) {
|
|
if (file.filename.startsWith("corpus/")) {
|
|
const flowName = file.filename.split("/").pop();
|
|
const flowArg = `${baseRawUrl}/${GITHUB_SHA}/corpus/${flowName}`;
|
|
console.log(flowArg)
|
|
const flowUrl = builderUrl + encodeURIComponent(flowArg);
|
|
bullets.push(`* [${flowName}](${flowUrl})`);
|
|
}
|
|
}
|
|
if (bullets.length > 0) {
|
|
github.rest.issues.createComment({
|
|
issue_number: context.issue.number,
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
body: "Open this PR's flows in Attack Flow Builder:\n\n" + bullets.join("\n") + "\n",
|
|
})
|
|
}
|
|
|
|
docs:
|
|
needs: attack_flow_builder
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.8'
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '19'
|
|
- name: Update APT
|
|
run: sudo apt update
|
|
- name: Install APT dependencies
|
|
run: sudo apt install graphviz
|
|
- name: Install Poetry
|
|
run: curl -sSL https://install.python-poetry.org/ | python -
|
|
- name: Add Poetry to PATH
|
|
run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH
|
|
- name: Install Python dependencies
|
|
run: poetry install
|
|
- name: Install Node dependencies
|
|
working-directory: ./src/attack_flow_builder/
|
|
run: npm ci
|
|
- name: Install Mermaid
|
|
run: npm install -g @mermaid-js/mermaid-cli
|
|
- name: Create client directory
|
|
run: mkdir docs/extra/ui
|
|
- name: Download Attack Flow Builder
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: attack_flow_builder
|
|
path: docs/extra/ui
|
|
- name: Make Attack Flow schema
|
|
run: poetry run make docs-schema
|
|
- name: Validate Corpus
|
|
env:
|
|
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
|
|
NODE_OPTIONS: "--openssl-legacy-provider"
|
|
run: poetry run make validate
|
|
- name: Copy corpus into docs
|
|
env:
|
|
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
|
|
NODE_OPTIONS: "--openssl-legacy-provider"
|
|
run: poetry run make docs-examples
|
|
- name: Copy matrix-viz code into docs
|
|
run: poetry run make docs-matrix
|
|
- name: Build HTML docs
|
|
run: poetry run sphinx-build -M dirhtml docs docs/_build -W --keep-going
|
|
- name: Upload HTML docs
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: attack_flow_docs_html
|
|
path: docs/_build/dirhtml/
|
|
- name: Install TeX Live
|
|
run: sudo apt install -y latexmk texlive texlive-latex-extra
|
|
- name: Build PDF docs
|
|
run: poetry run sphinx-build -M latexpdf docs docs/_build
|
|
- name: Upload PDF docs
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: attack_flow_docs_pdf
|
|
path: docs/_build/latex/attackflow.pdf
|
|
|
|
github_pages:
|
|
# This job only runs when committing or merging to main branch.
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
needs: docs
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: github-pages
|
|
url: ${{ steps.deployment.outputs.page_url }}
|
|
|
|
steps:
|
|
- name: Setup Pages
|
|
uses: actions/configure-pages@v2
|
|
- name: Download HTML docs
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: attack_flow_docs_html
|
|
path: docs
|
|
- name: Upload artifact
|
|
uses: actions/upload-pages-artifact@v1
|
|
with:
|
|
path: ./docs
|
|
- name: Deploy to GitHub Pages
|
|
id: deployment
|
|
uses: actions/deploy-pages@v1
|