Skip to content

Improve audit_rules_privileged_commands #11642

Improve audit_rules_privileged_commands

Improve audit_rules_privileged_commands #11642

Workflow file for this run

name: Gating
on:
pull_request_target:
branches: [ master, 'stabilization*' ]
jobs:
content-test-filtering:
name: Content Test Filtering on Ubuntu Latest
runs-on: ubuntu-latest
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install git python3-jinja2 python3-yaml python3-setuptools python3-deepdiff python3-git python3-github python3-requests xmldiff python3-setuptools
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
# https://github.com/actions/checkout/issues/766
- name: Set git safe directory
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Find forking point
env:
BASE_BRANCH: ${{ github.base_ref }}
run: echo "FORK_POINT=$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT
id: fork_point
- name: Checkout fork point
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ steps.fork_point.outputs.FORK_POINT }}
fetch-depth: 0
- name: Checkout (CTF)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
- name: Detect content changes in the PR
run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
id: ctf
- name: Print changes to content detected if any
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
run: cat output.json
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'output.json'
prop_path: 'product'
- name: Find Comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Start a new ephemeral environment with changes proposed in this pull request
- name: Create or update comment
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
Start a new ephemeral environment with changes proposed in this pull request:
${{steps.product.outputs.prop}} (from CTF) Environment (using Fedora as testing environment)
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#PRODUCT=${{steps.product.outputs.prop}},CONTAINER=fedora/${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }})
Fedora Testing Environment
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }})
Oracle Linux 8 Environment
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#PRODUCT=ol8/${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }})
edit-mode: replace
- name: Create or update a trimmed comment
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE == '0' }}
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }})
Oracle Linux 8 Environment
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#PRODUCT=ol8/${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }})
edit-mode: replace