-
Notifications
You must be signed in to change notification settings - Fork 3
66 lines (63 loc) · 2.35 KB
/
create-new.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
name: Profile Create
on:
workflow_dispatch:
inputs:
import_type:
type: choice
description: Import type
options:
- catalog
- profile
import_name:
required: true
description: Name of profile or catalog in trestle workspace to be imported
output:
required: true
description: Name of the profile to create
jobs:
create-profile:
name: Create profile
runs-on: ubuntu-latest
steps:
- name: Generate app token
uses: tibdex/[email protected]
id: get_installation_token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.PRIVATE_KEY }}
permissions: >-
{"contents": "write", "pull_requests": "write"}
- name: Clone
uses: actions/checkout@v4
with:
token: ${{ steps.get_installation_token.outputs.token }}
- name: Set up Python 3.8
uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Install Trestlebot
run: python3 -m pip install --upgrade pip setuptools && python3 -m pip install -r requirements.txt
- name: Create new profile with imports
run: |
python3 scripts/set_default_profile.py --import_path "${IMPORT_TYPE}s/${IMPORT_NAME}/${IMPORT_TYPE}.json" \
--profile_name "${OUTPUT}" --trestle_root .
env:
OUTPUT: ${{ github.event.inputs.output }}
IMPORT_NAME: ${{ github.event.inputs.import_name }}
IMPORT_TYPE: ${{ github.event.inputs.import_type }}
- name: Generate and PR new profile
id: generate-profile
uses: RedHatProductSecurity/trestle-bot/actions/[email protected]
with:
markdown_path: "markdown/profiles"
oscal_model: "profile"
branch: "profile-create-${{ github.run_id }}"
target_branch: "main"
file_pattern: "*.json,markdown/*"
skip_items: "fedramp_rev5_high"
skip_assemble: true
commit_user_name: "trestle-bot[bot]"
commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"
commit_message: "adds profile ${{ github.event.inputs.output }}"
pull_request_title: "Add profile ${{ github.event.inputs.output }}"
github_token: ${{ steps.get_installation_token.outputs.token }}