Generate Web Markdown #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate Web Markdown | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/*.yml' | |
| - 'model/**/*.yml' | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| release: | |
| description: 'Generate Web Markdown for this SAMM release' | |
| required: true | |
| type: string | |
| workflow_call: | |
| inputs: | |
| release: | |
| required: true | |
| type: string | |
| release_name: | |
| required: true | |
| type: string | |
| external_call: | |
| default: true | |
| required: false | |
| type: boolean | |
| jobs: | |
| lintModelv20: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: yaml-lint | |
| run: | | |
| yamllint -c .yamllint -f github model | |
| generate-markdown: | |
| runs-on: ubuntu-latest | |
| needs: lintModelv20 | |
| steps: | |
| - name: 'Checkout using release is workflow dispatched or workflow call (reused from other workflow)' | |
| if: github.event_name == 'workflow_dispatch' || inputs.external_call | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.release }} | |
| - name: 'Checkout from ref when push' | |
| if: github.event_name == 'push' | |
| uses: actions/checkout@v3 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: 'Set release env var from workflow dispatched' | |
| if: github.event_name == 'push' | |
| run: | | |
| echo "release_name=${GITHUB_REF_SLUG}" >> $GITHUB_ENV | |
| - name: 'Checkout using release is workflow dispatched' | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| echo "release_name=${{ inputs.release }}" >> $GITHUB_ENV | |
| - name: 'Checkout using release is workflow call (reused from other workflow)' | |
| if: inputs.external_call | |
| run: | | |
| echo "release_name=${{ inputs.release_name }}" >> $GITHUB_ENV | |
| - name: 'Create output dir and copy files to override spaces in directories' | |
| run: | | |
| mkdir output | |
| - name: 'Generate model for website' | |
| uses: docker://backnot/owasp-samm-process-yaml-content:latest | |
| with: | |
| args: '-d model -o output' | |
| - name: 'Move generated files to common directory structure' | |
| run: | | |
| mkdir -p build/business-function/practice/stream | |
| BASE=output/markdown | |
| cp "$BASE"/{Design.md,Governance.md,Implementation.md,Operations.md,Verification.md} build/business-function | |
| cp "$BASE"/*-??-?.md build/business-function/practice/stream | |
| cp "$BASE"/*-??.md build/business-function/practice | |
| - name: Deploy | |
| uses: s0/git-publish-subdir-action@develop | |
| env: | |
| REPO: self | |
| BRANCH: markdown/${{ env.release_name }} | |
| FOLDER: build | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SQUASH_HISTORY: true | |
| # after changing something, we need to trigger the website build | |
| trigger-website-build: | |
| if: (github.event_name == 'push' && github.ref_type == 'tag') || inputs.external_call || github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| needs: generate-markdown | |
| steps: | |
| - name: 'Decide if version comes from push' | |
| if: github.event_name == 'push' | |
| run: | | |
| echo "release_name=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: 'Decide if version comes from workflow dispatch' | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| echo "release_name=${{ inputs.release }}" >> $GITHUB_ENV | |
| - name: 'Decide if version comes from release (workflow call)' | |
| if: inputs.external_call | |
| run: | | |
| echo "release_name=${{ inputs.release_name }}" >> $GITHUB_ENV | |
| - name: Trigger Website Dispatch | |
| uses: peter-evans/repository-dispatch@v2 | |
| with: | |
| token: ${{ secrets.OWASP_SAMM_WEBSITE_TOKEN }} | |
| repository: owaspsamm/website | |
| event-type: samm-core-released | |
| client-payload: '{"release": "${{ env.release_name }}"}' |