Skip to content

Profile Create

Profile Create #14

Workflow file for this run

name: Profile Create
on:
workflow_dispatch:
inputs:
import_type:
type: choice
description: Import type
options:
- catalog
- profile
import_name:
required: true
description: Name of profile or catalog in trestle workspace to be imported
output:
required: true
description: Name of the profile to create
jobs:
create-profile:
name: Create profile
runs-on: ubuntu-latest
container:
image: quay.io/continuouscompliance/trestle-bot:v0.7.0
steps:
- name: Generate app token
uses: tibdex/[email protected]
id: get_installation_token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.PRIVATE_KEY }}
permissions: >-
{"contents": "write", "pull_requests": "write"}
- name: Clone
uses: actions/checkout@v4
with:
token: ${{ steps.get_installation_token.outputs.token }}
- name: Create new profile with imports
run: |
python3 scripts/set_default_profile.py --import_path "${IMPORT_TYPE}s/${IMPORT_NAME}/${IMPORT_TYPE}.json" \
--profile_name "${OUTPUT}" --trestle_root .
env:
OUTPUT: ${{ github.event.inputs.output }}
IMPORT_NAME: ${{ github.event.inputs.import_name }}
IMPORT_TYPE: ${{ github.event.inputs.import_type }}
- name: Configure git to trust the github workspace
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}"
- name: Generate and PR new profile
id: generate-profile
run: |
trestlebot-autosync \
--markdown-path="markdown/profiles" \
--oscal-model="profile" \
--commit-message="adds profile ${OUTPUT}" \
--pull-request-title="Add profile ${OUTPUT}" \
--branch="profile-create-${{ github.run_id }}" \
--file-patterns="*.json,markdown/*" \
--committer-name="trestle-bot[bot]" \
--committer-email="136850459+trestle-bot[bot]@users.noreply.github.com" \
--author-name="${{ github.actor }}" \
--author-email="${{ github.actor }}@users.noreply.github.com" \
--target-branch="main" \
--skip-items="fedramp_rev5_high" \
--skip-assemble \
--with-token - <<<"${GITHUB_TOKEN}"
env:
GITHUB_TOKEN: ${{ steps.get_installation_token.outputs.token }}
OUTPUT: ${{ github.event.inputs.output }}