Update OSCAL type definitions #373
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Update OSCAL type definitions | |
on: | |
schedule: | |
# Run daily (Monday-Friday) at 12:15 UTC (08:15 EDT/07:15 EST) | |
- cron: "15 12 * * 1-5" | |
workflow_dispatch: | |
inputs: | |
prerelease: | |
description: "Allow prerelease OSCAL version" | |
required: true | |
default: false | |
type: boolean | |
permissions: | |
contents: read | |
jobs: | |
fetch-schema: | |
name: Fetch the latest complete schema | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get information about the latest release | |
id: fetch-data | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const prerelease = context.payload?.inputs?.prerelease ?? false; | |
const requestParams = { owner: "usnistgov", repo: "OSCAL" }; | |
const release = prerelease | |
? (await github.rest.repos.listReleases(requestParams)).data[0] | |
: (await github.rest.repos.getLatestRelease(requestParams)).data; | |
const version = release.tag_name.slice(1); // Remove leading `v` character | |
core.setOutput("version", version); | |
let url = undefined; | |
for (const asset of release.assets) { | |
if (asset.name == `oscal-${version}.zip`) { | |
url = asset.browser_download_url; | |
break; | |
} | |
} | |
if (!url) { | |
console.log(`Failed to find a matching download URL for ${version}`); | |
} | |
core.setOutput("url", url); | |
- name: Download the latest OSCAL release | |
run: | | |
wget -q ${{ steps.fetch-data.outputs.url }} | |
unzip oscal-${{ steps.fetch-data.outputs.version }}.zip | |
basedir="$(test -d json && echo "." || echo "oscal-${{ steps.fetch-data.outputs.version }}")" | |
cp "$basedir/json/schema/oscal_complete_schema.json" . | |
echo "${{ steps.fetch-data.outputs.version }}" > VERSION.txt | |
- name: Upload schema artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: schema | |
path: | | |
oscal_complete_schema.json | |
VERSION.txt | |
generate: | |
name: Generate types from schema | |
needs: [fetch-schema] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: main | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 'lts/*' | |
cache: 'npm' | |
- name: Install npm | |
run: npm install -g npm@latest | |
- name: Install OS dependencies | |
run: sudo apt-get update && sudo apt-get install -y unzip wget | |
- name: Install package dependencies | |
run: npm ci | |
- name: Fetch the artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: schema | |
path: schema | |
- name: Run the update command | |
run: | | |
npx ts-node scripts/generate-types.ts schema packages/oscal-types/src | |
- name: Save version as output | |
id: version | |
run: | |
echo "VERSION_ID=$(cat schema/VERSION.txt)" >> "$GITHUB_OUTPUT" | |
- name: Login as the automation app | |
# This Action generates a token from the GitHub App and provides it as | |
# an output. It _does_ register that token as a secret so that it will be | |
# filtered from log output automatically | |
id: generate-token | |
# This maps to v1.8.0 https://github.com/tibdex/github-app-token/releases/tag/v1.8.0 | |
uses: tibdex/github-app-token@0914d50df753bbc42180d982a6550f195390069f | |
with: | |
app_id: ${{ secrets.APP_ID }} | |
private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
permissions: >- | |
{ | |
"contents": "write", | |
"pull_requests": "write" | |
} | |
- name: Create update pull request | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
commit-message: "chore(deps): update OSCAL types to v${{ steps.version.outputs.VERSION_ID }}" | |
title: "chore(deps): update OSCAL types to v${{ steps.version.outputs.VERSION_ID }}" | |
body: | | |
This was generated by the "${{ github.workflow }}" workflow. For more information, | |
see the workflow and `scripts/generate-types.ts`. | |
branch: automation/update-oscal-types | |
add-paths: | | |
packages/oscal-types | |
delete-branch: true | |
base: main | |
committer: Easy Dynamics Automation <[email protected]> | |
author: Easy Dynamics Automation <[email protected]> | |
token: "${{ steps.generate-token.outputs.token }}" |