forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
113 lines (111 loc) · 5 KB
/
srg-mapping-table.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: SRG Mapping Table
on:
push:
branches: [ 'master' ]
pull_request:
branches: [ 'master', 'stabilization*' ]
merge_group:
branches: [ 'master' ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
generate-data:
name: SRG Mapping Table
runs-on: ubuntu-latest
container:
image: fedora:latest
env:
PAGES_DIR: __srg_mapping
steps:
- name: Install Deps
run: dnf install -y cmake git ninja-build openscap-utils python3-pyyaml python3-jinja2 python3-pytest ansible-lint libxslt python3-pip rsync
- name: Install deps python
run: pip3 install pandas openpyxl
- name: Checkout
uses: actions/checkout@v4
- name: Setup Build
run: cmake .. -G Ninja
working-directory: ./build
- name: Build
run: ninja -j2 rhel10 rhel9 ocp4
working-directory: ./build
- name: Build rule dir json
run: python3 utils/rule_dir_json.py
env:
PYTHONPATH: ${{ github.workspace }}
- name: Create data directory
run: mkdir -p $PAGES_DIR
- name: Generate XLSX for OCP4
run: python3 utils/create_srg_export.py -c controls/srg_ctr.yml -p ocp4 -m shared/references/disa-ctr-srg-v1r3.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-ocp4.xlsx --prefer-controls
env:
PYTHONPATH: ${{ github.workspace }}
- name: Generate HTML for OCP4
run: python3 utils/create_srg_export.py -c controls/srg_ctr.yml -p ocp4 -m shared/references/disa-ctr-srg-v1r3.xml --out-format html --output $PAGES_DIR/srg-mapping-ocp4.html --prefer-controls
env:
PYTHONPATH: ${{ github.workspace }}
- name: Generate XLSX for RHEL9
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel9 -m shared/references/disa-os-srg-v2r7.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-rhel9.xlsx
env:
PYTHONPATH: ${{ github.workspace }}
- name: Generate HTML for RHEL9
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel9 -m shared/references/disa-os-srg-v2r7.xml --out-format html --output $PAGES_DIR/srg-mapping-rhel9.html
env:
PYTHONPATH: ${{ github.workspace }}
- name: Generate XLSX for RHEL10
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel10 -m shared/references/disa-os-srg-v2r7.xml --out-format xlsx --output $PAGES_DIR/srg-mapping-rhel10.xlsx
env:
PYTHONPATH: ${{ github.workspace }}
- name: Generate HTML for RHEL10
run: python3 utils/create_srg_export.py -c controls/srg_gpos.yml -p rhel10 -m shared/references/disa-os-srg-v2r7.xml --out-format html --output $PAGES_DIR/srg-mapping-rhel10.html
env:
PYTHONPATH: ${{ github.workspace }}
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-rhel9.xlsx
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel9.xlsx
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-rhel9.html
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel9.html
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-rhel10.xlsx
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel10.xlsx
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-rhel10.html
path: ${{ env.PAGES_DIR }}/srg-mapping-rhel10.html
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-ocp4.xlsx
path: ${{ env.PAGES_DIR }}/srg-mapping-ocp4.xlsx
- uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: srg-mapping-ocp4.html
path: ${{ env.PAGES_DIR }}/srg-mapping-ocp4.html
- name: Generate HTML pages
run: utils/generate_html_index_srg_mapping.sh $PAGES_DIR "rhel10 rhel9 ocp4" # add more products to this list to generate their index
shell: bash
- name: Configure git to trust the workspace despite the different owner
run:
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Deploy
if: ${{ github.event_name == 'push' && github.repository == 'ComplianceAsCode/content' }}
uses: JamesIves/github-pages-deploy-action@v4.6.0
with:
branch: main # The branch the action should deploy to.
folder: ${{ env.PAGES_DIR }} # The folder the action should deploy.
target-folder: srg_mapping
clean: false
repository-name: ComplianceAsCode/content-pages
single-commit: true
token: ${{ secrets.CONTENT_PAGES_TOKEN }}
git-config-name: openscap-ci
git-config-email: openscap-ci@gmail.com