feat: misc extra policies #1638
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create and Validate Atlas Playbook | |
on: | |
push: | |
paths: | |
- "src/**" | |
- "**/*.yaml" | |
- "**/*.yml" | |
env: | |
SXSC_REPO: "https://github.com/Atlas-OS/sxsc" | |
jobs: | |
build: | |
runs-on: windows-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.ref }} | |
token: ${{ secrets.RUNNER_SECRET }} | |
- name: Validate YAML files | |
run: 'yamllint -d "{extends: relaxed, rules: {empty-lines: disable, line-length: disable, new-line-at-end-of-file: disable, trailing-spaces: disable, new-lines: {type: platform}}}" .' | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/[email protected] | |
with: | |
files_yaml: | | |
sxsc: | |
- 'src/sxsc/*.yaml' | |
- name: Copy modified .yamls | |
run: | | |
$sxsc = '.\src\sxsc' | |
$configs = '..\configs' | |
mkdir $configs | Out-Null | |
if ('${{ steps.changed-files.outputs.sxsc_any_changed }}' -eq 'true') { | |
$changedFiles = '${{ steps.changed-files.outputs.sxsc_all_changed_files }}' -split ' ' | |
} elseif (Test-Path "$sxsc\regenAllConfigs") { | |
Write-Output "Regenerating all configs..." | |
Remove-Item -Path "$sxsc\regenAllConfigs" -Force | |
Remove-Item -Path ".\src\playbook\Executables\AtlasModules\Packages\*.cab" -Force -Recurse | |
$changedFiles = Get-ChildItem $sxsc -Filter *.yaml | |
} else { | |
Write-Output "Not building any packages, no sxsc config changes detected." | |
"runSxsc=false" >> $env:GITHUB_ENV | |
exit | |
} | |
"runSxsc=true" >> $env:GITHUB_ENV | |
foreach ($file in $changedFiles) { | |
Write-Output "Copying: $file" | |
Copy-Item $file $configs -Force | |
} | |
- name: Clone the sxsc repository | |
run: | | |
git clone --depth=1 ${{ env.SXSC_REPO }} | |
Copy-Item -Path "configs" -Destination ".\sxsc\configs" -Recurse -Force | |
working-directory: .. | |
if: env.runSxsc == 'true' | |
- name: Build CAB | |
run: | | |
Write-Output "Installing dependencies..." | |
pip install -r requirements.txt | Out-Null | |
Write-Output "Making certificate..." | |
$thumbprint = .\make-cert.ps1 | |
$atlasSrcPath = '..\Atlas\src\' | |
$packagePath = "$atlasSrcPath\playbook\Executables\AtlasModules\Packages" | |
mkdir $packagePath -EA 0 | Out-Null | |
Get-ChildItem "configs" -Filter *.yaml | ForEach-Object { | |
Write-Output "`n`nProcessing $($_.Name)`n------------------------------------------------------" | |
Copy-Item -Path $_.FullName -Destination "cfg.yaml" -Force | Out-Null | |
$folderDir = ".\$atlasSrcPath\sxsc\$($_.Name -replace '-Arm','')" | |
if (Test-Path $folderDir -PathType Container) { | |
Write-Output "Copying $($_.Name)'s files..." | |
Copy-Item -Path "$folderDir\*" -Destination '.\' -Recurse -Force | Out-Null | |
} | |
Write-Output "Generating package files..." | |
python sxsc.py | |
if ($LASTEXITCODE -ne 0) { throw "sxsc.py didn't return 0!" } | |
Write-Output "Building package..." | |
.\start-build.ps1 -Thumbprint $thumbprint | |
Write-Output "Copying package to AtlasModules..." | |
Get-ChildItem -File -Recurse -Filter *.cab | ForEach-Object { | |
Copy-Item -Path $_.FullName -Destination $packagePath -Force | |
} | |
Write-Output "Cleaning up..." | |
.\clean.ps1 | |
} | |
working-directory: ..\sxsc | |
if: env.runSxsc == 'true' | |
- name: Commit and push changes | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "atlasos-admin" | |
git add -A | |
git commit -m "feat: auto-update CAB packages ($($env:GITHUB_SHA.Substring(0, 8)))" | |
git push | |
working-directory: src\playbook\Executables\AtlasModules\Packages | |
if: env.runSxsc == 'true' | |
- name: Create playbook (ZIP/APBX password is malte) | |
id: create-pb | |
if: ${{ !startsWith(github.ref, 'refs/heads/na-') }} | |
run: | | |
echo "Making a renamed password protected (malte) ZIP of playbook files..." | |
$pbName = "Atlas Playbook $($env:GITHUB_SHA.Substring(0,8))" | |
& ..\local-build.ps1 -ReplaceOldPlaybook -AddLiveLog -Removals Verification, WinverRequirement -FileName $pbName | |
echo "Move the .apbx playbook into 'Release ZIP' to be released as an artifact with the additional files..." | |
Move-Item "$pbName.apbx" "../release-zip" | |
working-directory: src\playbook | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
if: ${{ steps.create-pb.outcome != 'skipped' }} | |
with: | |
name: Atlas Playbook | |
path: | | |
src/release-zip/* | |
if-no-files-found: error |