ADD: models validation w/ auto revert of commit

edamametechnologies · Jan 7, 2024 · a041ee2 · a041ee2
1 parent 8761fcf
commit a041ee2
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 43 deletions.
diff --git a/.github/workflows/test-models.yml b/.github/workflows/test-models.yml
@@ -2,9 +2,9 @@ name: Test models
 
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
+  # Triggers the workflow on push or pull request events for main and dev branches
   push:
-    branches: [ "main", "dev", "workflow-tests" ]
+    branches: [ "main", "dev" ]
   pull_request:
     branches: [ "main", "dev" ]
 
@@ -93,8 +93,6 @@ jobs:
               # Slack channel ID where message will be posted. Needed if using bot token
               channel-id: 'C05BY6YNDFF'
               # Message to post into Slack. Needed if using bot token
-              slack-message: "GitHub tests result on branch ${{ github.ref }}: \n${{ needs.tests-macos.outputs.macos-report }}\n${{ needs.tests-windows.outputs.windows-report }}\n${{ needs.tests-ubuntu.outputs.ubuntu-report }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-
-              # ${{ github.event.pull_request.html_url || github.event.head_commit.url }
+              slack-message: "GitHub threat models tests result on branch ${{ github.ref }}: \n${{ needs.tests-macos.outputs.macos-report }}\n${{ needs.tests-windows.outputs.windows-report }}\n${{ needs.tests-ubuntu.outputs.ubuntu-report }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
             env:
                 SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/update-models.yml b/.github/workflows/update-models.yml
@@ -2,43 +2,58 @@ name: Update models
 
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push events but only for the "dev" branch
+  # Triggers the workflow on push events for main and dev branches
   push:
-    branches: [ "dev", "workflow-tests" ]
-
-  # Allows you to run this workflow manually from the Actions tab
+    branches: [ "main", "dev" ]
   workflow_dispatch:
 
 jobs:
-    build:
-        runs-on: ubuntu-latest
-        steps:
-        - uses: actions/checkout@v3
-          with:
-            # Fetch all last commits
-            fetch-depth: 0 
-
-        - name: Setup Python
-          uses: actions/[email protected]
-          with:
-            python-version: 3.11.3
-
-        - name: Get changed threat models 
-          id: changed-files-specific
-          uses: tj-actions/changed-files@v36
-          with:
-            files: ./*.json
-
-        - name: Update models hash and date
-          run: |
-            python3 src/publish/update-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }}
-
-        - name: Validate models
-          run: |
-            python3 src/publish/validate-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }}
-
-        - name: Commit & Push changes
-          uses: actions-js/push@master
-          with:
-            github_token: ${{ secrets.GITHUB_TOKEN }}
-            branch: dev
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python
+        uses: actions/[email protected]
+        with:
+          python-version: 3.11.3
+
+      - name: Get changed threat models
+        id: changed-files-specific
+        uses: tj-actions/changed-files@v36
+        with:
+          files: ./*.json
+
+      - name: Update models hash and date
+        run: python3 src/publish/update-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }}
+
+      - name: Validate models
+        id: validate
+        run: python3 src/publish/validate-models.py ${{ steps.changed-files-specific.outputs.all_changed_files }}
+        continue-on-error: true
+
+      - name: Revert last commit if validation fails
+        if: steps.validate.outcome == 'failure'
+        run: |
+          git revert HEAD --no-edit
+          git push origin ${{ github.ref_name }}
+
+      - name: slack-send
+        if: steps.validate.outcome == 'failure'
+        uses: slackapi/[email protected]
+        with:
+          # Slack channel ID where message will be posted. Needed if using bot token
+          channel-id: 'C05BY6YNDFF'
+          # Message to post into Slack. Needed if using bot token
+          slack-message: "GitHub threat models validation on branch ${{ github.ref }} failed, commit has been reverted"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+
+      - name: Commit & Push changes
+        if: steps.validate.outcome == 'success'
+        uses: actions-js/push@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: ${{ github.ref_name }}
diff --git a/.github/workflows/update-wiki.yml b/.github/workflows/update-wiki.yml
@@ -2,9 +2,9 @@ name: Update wiki
 
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push events but only for the "dev" branch
+  # Triggers the workflow on push events but only for the "main" branch
   push:
-    branches: [ "dev", "workflow-tests" ]
+    branches: [ "main" ]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch: