ADD: VM detection for disk encryption (VM means we assume encryption … #278
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update models | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push events for main and dev branches | |
| # Exclude | |
| push: | |
| branches: [ "main", "dev" ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Python | |
| uses: actions/[email protected] | |
| with: | |
| python-version: 3.11.3 | |
| - name: Checkout threatmodel repo | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.DEV_GITHUB_TOKEN }} | |
| - name: Get changed threat models | |
| id: changed-files-specific | |
| uses: tj-actions/changed-files@v36 | |
| with: | |
| files: ./*.json | |
| - name: Validate models | |
| id: validate | |
| run: | | |
| echo "Changed files: ${{ steps.changed-files-specific.outputs.all_changed_files }}" | |
| pip install -r requirements.txt | |
| python3 src/publish/validate-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }} | |
| continue-on-error: true | |
| - name: Revert last commit if validation fails | |
| if: steps.validate.outcome == 'failure' | |
| run: | | |
| # As we are using a non standard token, we need to set our name and use [skip ci] to avoid infinite loop | |
| git config user.email "[email protected]" | |
| git config user.name "Edamame Dev" | |
| git revert -m 1 HEAD --no-edit --no-commit | |
| git commit -m "Reverted after threat models validation failed [skip ci]" | |
| - name: Slack alerts | |
| if: steps.validate.outcome == 'failure' | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: 'C072J0U9TH7' | |
| slack-message: "GitHub threat models (${{ steps.changed-files-specific.outputs.all_changed_files }}) validation on branch ${{ github.ref }} failed, commit has been reverted" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - name: Slack reports | |
| if: steps.validate.outcome != 'failure' | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: 'C07127YECN4' | |
| slack-message: "GitHub threat models (${{ steps.changed-files-specific.outputs.all_changed_files }}) validation on branch ${{ github.ref }} successful" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - name: Update models hash and date | |
| if: steps.validate.outcome == 'success' | |
| run: python3 src/publish/update-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }} | |
| - name: Commit & Push changes | |
| uses: actions-js/push@master | |
| with: | |
| github_token: ${{ secrets.DEV_GITHUB_TOKEN }} | |
| branch: ${{ github.ref_name }} |