rename mitigations to best-practices (#3085) #1804
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Documents Build | |
on: | |
workflow_dispatch: | |
pull_request: | |
paths: | |
- 'Document/**.md' | |
push: | |
branches: | |
- master | |
tags: | |
- v*.*.* | |
paths: | |
- 'Document/**.md' | |
jobs: | |
Generate-MASTG-Documents: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.x | |
- name: Install dependencies | |
run: pip install -r src/scripts/requirements.txt | |
- name: Set MASTG_VERSION to env | |
run: echo "MASTG_VERSION=$(curl "https://api.github.com/repos/OWASP/owasp-mastg/tags" | jq -r '.[0].name')" >> $GITHUB_ENV | |
- name: Set DEV MASTG_VERSION if it's not a tag | |
if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
run: echo "MASTG_VERSION=${{env.MASTG_VERSION}}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Get Latest MASVS Release Tag | |
run: echo "MASVS_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-masvs/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_ENV | |
- name: Assemble Chapters | |
run: python3 src/scripts/assemble_chapters_for_pdf.py | |
- name: Generate English PDF | |
run: ./src/pandocker/pandoc_makedocs.sh Document ${{env.MASTG_VERSION}} ${{env.MASVS_VERSION}} | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: OWASP_MASTG | |
path: OWASP_MASTG* | |
Generate-Checklists: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.x | |
- name: Install dependencies | |
run: pip install -r src/scripts/requirements.txt | |
- name: Set MASTG_VERSION to env | |
# run: echo "MASTG_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV | |
run: echo "MASTG_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-mastg/tags | jq '.[0].name' | sed 's/\"//g')" >> $GITHUB_ENV | |
- name: Set DEV VERSION if it's not a tag | |
if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
run: echo "MASTG_VERSION=${{env.MASTG_VERSION}}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Confirm MASTG Current Tag | |
run: echo ${{env.MASTG_VERSION}} | |
- name: Get MASTG Current Commit ID | |
run: echo "MASTG_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Confirm MASTG Current Commit ID | |
run: echo ${{env.MASTG_COMMIT}} | |
- name: Get Latest MASVS Release Tag | |
run: echo "MASVS_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-masvs/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_ENV | |
- name: Confirm MASVS Release Tag | |
run: echo ${{env.MASVS_VERSION}} | |
- uses: actions/checkout@v4 | |
with: | |
repository: "OWASP/owasp-masvs.git" | |
ref: ${{env.MASVS_VERSION}} | |
fetch-depth: 1 | |
path: owasp-masvs | |
- name: Get MASVS Current Commit ID | |
run: cd owasp-masvs && echo "MASVS_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Confirm MASTG Current Commit ID | |
run: echo ${{env.MASVS_COMMIT}} | |
- name: Generate Excel | |
run: python3 src/scripts/yaml_to_excel.py --mastgversion ${{env.MASTG_VERSION}} --mastgcommit ${{env.MASTG_COMMIT}} --masvsversion ${{env.MASVS_VERSION}} --masvscommit ${{env.MASVS_COMMIT}} | |
# - name: Upload Enhanced MASVS YAML | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: Enhanced-MASVS-YAML-Files | |
# path: src/scripts/masvs_full_*.yaml | |
- name: Upload Checklists | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Checklists | |
path: OWASP_MAS_Checklist*.xlsx | |
release: | |
runs-on: ubuntu-latest | |
needs: [Generate-MASTG-Documents, Generate-Checklists] | |
if: startsWith(github.ref, 'refs/tags/') && (github.actor == 'cpholguera' || github.actor == 'sushi2k') | |
steps: | |
- uses: actions/download-artifact@v4 | |
- name: List Downloaded document (sampling of download-artifact) | |
run: ls -l OWASP_MASTG* | |
- name: print working directory | |
run: pwd | |
- name: Listing of root directory | |
run: ls -l | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
prerelease: false | |
draft: true | |
generate_release_notes: true | |
discussion_category_name: Announcements | |
files: | | |
OWASP_MASTG/OWASP_MASTG.pdf | |
OWASP_MASTG/OWASP_MASTG.epub | |
Checklists/*.xlsx | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |