Adding a workflow to append preview links for flows in a PR #235
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [main] | |
tags: | |
- 'v*' | |
pull_request: | |
permissions: | |
contents: read | |
id-token: write | |
pages: write | |
pull-requests: write | |
jobs: | |
attack_flow_builder: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '19' | |
- name: Install dependencies | |
working-directory: ./src/attack_flow_builder/ | |
run: npm ci | |
- name: Build | |
working-directory: ./src/attack_flow_builder/ | |
env: | |
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
NODE_OPTIONS: "--openssl-legacy-provider" | |
run: npm run build | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: attack_flow_builder | |
path: src/attack_flow_builder/dist/ | |
comment_flow_links: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/github-script@v6 | |
if: github.event_name == 'pull_request' | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
with: | |
script: | | |
const { PR_NUMBER, GITHUB_SHA } = process.env; | |
const builderUrl = "https://center-for-threat-informed-defense.github.io/attack-flow/ui/?src="; | |
const baseRawUrl = "https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-flow" | |
const response = await github.rest.pulls.listFiles({ | |
"owner": "center-for-threat-informed-defense", | |
"repo": "attack-flow", | |
"pull_number": PR_NUMBER, | |
"per_page": 50, | |
"page": 1, | |
}); | |
const bullets = []; | |
for (const file of response.data) { | |
if (file.filename.startsWith("corpus/")) { | |
const flowName = file.filename.split("/").pop(); | |
const flowArg = `${baseRawUrl}/${GITHUB_SHA}/corpus/${flowName}`; | |
console.log(flowArg) | |
const flowUrl = builderUrl + encodeURIComponent(flowArg); | |
bullets.push(`* [${flowName}](${flowUrl})`); | |
} | |
} | |
if (bullets.length > 0) { | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: "Open this PR's flows in Attack Flow Builder:\n\n" + bullets.join("\n") + "\n", | |
}) | |
} | |
docs: | |
needs: attack_flow_builder | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.8' | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '19' | |
- name: Update APT | |
run: sudo apt update | |
- name: Install APT dependencies | |
run: sudo apt install graphviz | |
- name: Install Poetry | |
run: curl -sSL https://install.python-poetry.org/ | python - | |
- name: Add Poetry to PATH | |
run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH | |
- name: Install Python dependencies | |
run: poetry install | |
- name: Install Node dependencies | |
working-directory: ./src/attack_flow_builder/ | |
run: npm ci | |
- name: Install Mermaid | |
run: npm install -g @mermaid-js/mermaid-cli | |
- name: Create client directory | |
run: mkdir docs/extra/ui | |
- name: Download Attack Flow Builder | |
uses: actions/download-artifact@v3 | |
with: | |
name: attack_flow_builder | |
path: docs/extra/ui | |
- name: Make Attack Flow schema | |
run: poetry run make docs-schema | |
- name: Validate Corpus | |
env: | |
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
NODE_OPTIONS: "--openssl-legacy-provider" | |
run: poetry run make validate | |
- name: Copy corpus into docs | |
env: | |
# Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
NODE_OPTIONS: "--openssl-legacy-provider" | |
run: poetry run make docs-examples | |
- name: Copy matrix-viz code into docs | |
run: poetry run make docs-matrix | |
- name: Build HTML docs | |
run: poetry run sphinx-build -M dirhtml docs docs/_build -W --keep-going | |
- name: Upload HTML docs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: attack_flow_docs_html | |
path: docs/_build/dirhtml/ | |
- name: Install TeX Live | |
run: sudo apt install -y latexmk texlive texlive-latex-extra | |
- name: Build PDF docs | |
run: poetry run sphinx-build -M latexpdf docs docs/_build | |
- name: Upload PDF docs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: attack_flow_docs_pdf | |
path: docs/_build/latex/attackflow.pdf | |
github_pages: | |
# This job only runs when committing or merging to main branch. | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: docs | |
runs-on: ubuntu-latest | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Setup Pages | |
uses: actions/configure-pages@v2 | |
- name: Download HTML docs | |
uses: actions/download-artifact@v3 | |
with: | |
name: attack_flow_docs_html | |
path: docs | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v1 | |
with: | |
path: ./docs | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v1 |