From 43cd01fbfdc2d00c0f936030d907e61a9b58a2e5 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 20:35:26 -0600 Subject: [PATCH 1/6] Added iterative github action for OSPS Baseline checks Signed-off-by: Eddie Knight --- .github/workflows/osps-baseline.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/osps-baseline.yml diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml new file mode 100644 index 0000000..f434c92 --- /dev/null +++ b/.github/workflows/osps-baseline.yml @@ -0,0 +1,21 @@ +name: OSPS Baseline Scan + +on: [workflow_dispatch] + +jobs: + scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Pull the Docker image + run: docker pull eddieknight/pvtr-github-repo:latest + + - name: Run the container with file and directory mounts + run: | + docker run --rm \ + -v ${{ github.workspace }}/config.yml:/.privateer/config.yml \ + -v ${{ github.workspace }}/docker_output:/evaluation_results \ + eddieknight/pvtr-github-repo:latest From a4d0aca3bba743cec4443c30ae6853e5edda93f0 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 20:37:35 -0600 Subject: [PATCH 2/6] testing PR trigger Signed-off-by: Eddie Knight --- .github/workflows/osps-baseline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml index f434c92..441039b 100644 --- a/.github/workflows/osps-baseline.yml +++ b/.github/workflows/osps-baseline.yml @@ -1,6 +1,6 @@ name: OSPS Baseline Scan -on: [workflow_dispatch] +on: [pull_request] jobs: scan: From b976131c1f5a138e51b980e90e3f17bd4d8dcae7 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 21:02:51 -0600 Subject: [PATCH 3/6] Added config and sed Signed-off-by: Eddie Knight --- .github/pvtr-config.yml | 22 ++++++++++++++++++++++ .github/workflows/osps-baseline.yml | 6 +++++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 .github/pvtr-config.yml diff --git a/.github/pvtr-config.yml b/.github/pvtr-config.yml new file mode 100644 index 0000000..f038705 --- /dev/null +++ b/.github/pvtr-config.yml @@ -0,0 +1,22 @@ +vars: + token: {{ TOKEN }} # repo, admin:org + +policy: + catalogs: + - OSPS_B + applicability: + - Maturity Level 1 + +write-directory: evaluation_output +services: + privateer: + plugin: github-repo + vars: + owner: privateerproj + repo: privateer + privateer-sdk: + plugin: github-repo + vars: + owner: privateerproj + repo: privateer-sdk + diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml index 441039b..ca2e975 100644 --- a/.github/workflows/osps-baseline.yml +++ b/.github/workflows/osps-baseline.yml @@ -13,9 +13,13 @@ jobs: - name: Pull the Docker image run: docker pull eddieknight/pvtr-github-repo:latest + - name: Replace token in config file + run: | + sed -i 's/{{ TOKEN }}/${{ secrets.GITHUB_TOKEN }}/g' ${{ github.workspace }}/.github/pvtr-config.yml + - name: Run the container with file and directory mounts run: | docker run --rm \ - -v ${{ github.workspace }}/config.yml:/.privateer/config.yml \ + -v ${{ github.workspace }}/.github/pvtr-config.yml:/.privateer/config.yml \ -v ${{ github.workspace }}/docker_output:/evaluation_results \ eddieknight/pvtr-github-repo:latest From 835832ab8ddeda146b3a5d329afbb22ee2e17242 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 22:13:55 -0600 Subject: [PATCH 4/6] updated write dir to match dockerfile Signed-off-by: Eddie Knight --- .github/pvtr-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pvtr-config.yml b/.github/pvtr-config.yml index f038705..92219b1 100644 --- a/.github/pvtr-config.yml +++ b/.github/pvtr-config.yml @@ -7,7 +7,7 @@ policy: applicability: - Maturity Level 1 -write-directory: evaluation_output +write-directory: evaluation_results services: privateer: plugin: github-repo From 1e576733732920b6202a8cdbb96cc43dc95022d0 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 22:21:20 -0600 Subject: [PATCH 5/6] Added TOKEN secret to repo Signed-off-by: Eddie Knight --- .github/workflows/osps-baseline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml index ca2e975..215f59e 100644 --- a/.github/workflows/osps-baseline.yml +++ b/.github/workflows/osps-baseline.yml @@ -15,7 +15,7 @@ jobs: - name: Replace token in config file run: | - sed -i 's/{{ TOKEN }}/${{ secrets.GITHUB_TOKEN }}/g' ${{ github.workspace }}/.github/pvtr-config.yml + sed -i 's/{{ TOKEN }}/${{ secrets.TOKEN }}/g' ${{ github.workspace }}/.github/pvtr-config.yml - name: Run the container with file and directory mounts run: | From b3eb8b0fe244b853783974e14012505a94835fb9 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 5 Mar 2025 22:27:14 -0600 Subject: [PATCH 6/6] =?UTF-8?q?polish=20action=20=E2=80=94=20ready=20to=20?= =?UTF-8?q?go?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Eddie Knight --- .github/workflows/osps-baseline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/osps-baseline.yml b/.github/workflows/osps-baseline.yml index 215f59e..abd0986 100644 --- a/.github/workflows/osps-baseline.yml +++ b/.github/workflows/osps-baseline.yml @@ -1,6 +1,6 @@ name: OSPS Baseline Scan -on: [pull_request] +on: [workflow_dispatch] jobs: scan: @@ -10,14 +10,14 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Pull the Docker image + - name: Pull the pvtr-github-repo image run: docker pull eddieknight/pvtr-github-repo:latest - - name: Replace token in config file + - name: Add GitHub Secret to config file so it is protected in outputs run: | sed -i 's/{{ TOKEN }}/${{ secrets.TOKEN }}/g' ${{ github.workspace }}/.github/pvtr-config.yml - - name: Run the container with file and directory mounts + - name: Scan all repos specified in .github/pvtr-config.yml run: | docker run --rm \ -v ${{ github.workspace }}/.github/pvtr-config.yml:/.privateer/config.yml \