diff --git a/.github/workflows/keyfactor-extension-generate-readme.yml b/.github/workflows/keyfactor-extension-generate-readme.yml deleted file mode 100644 index 8b82c7e..0000000 --- a/.github/workflows/keyfactor-extension-generate-readme.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Update README -on: [push, workflow_dispatch] - -jobs: - update_readme: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@master - - - uses: cuchi/jinja2-action@v1.2.0 - with: - template: README.md.tpl - output_file: README.md - data_file: integration-manifest.json - env: - GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} - - - uses: stefanzweifel/git-auto-commit-action@v4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - push_options: '--force' - commit_message: Update generated README - commit_user_name: Keyfactor - commit_user_email: keyfactor@keyfactor.github.io - commit_author: Keyfactor diff --git a/.github/workflows/keyfactor-extension-prerelease.yml b/.github/workflows/keyfactor-extension-prerelease.yml deleted file mode 100644 index d7b3efc..0000000 --- a/.github/workflows/keyfactor-extension-prerelease.yml +++ /dev/null @@ -1,164 +0,0 @@ -# This workflow will build a Release Candidate (pre-release) -# It runs automatically when attempting a PR from pre-release branch to the release branch - -name: Keyfactor Extension - Release Candidate - -env: - SOLUTION_FOLDER: '.' - PROJECT_FOLDER: 'PaloAlto' - -# Controls when the action will run. -on: - # Triggers the workflow on PR open - pull_request: - types: [opened, synchronize] - # only run this workflow when opening PR to release branch - branches: - - '!release-[0-9]+.[0-9]+-pre' - - 'release-[0-9]+.[0-9]+' - - # Release Candidate can be triggered manually - workflow_dispatch: - -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: windows-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Setup Envrionment - id: setup_env - run: | - echo "Setup Envrionment Variables for Workflow" - echo "Working Path: ${Env:GITHUB_WORKSPACE}" - $slnPath = (Get-ChildItem -Include *.sln -File -Recurse).fullname - $relName = "${{ github.base_ref }}".Split("/") - $repoName = "${{ github.repository }}".Split("/") - $relVersion = "${{ github.base_ref }}".Split("-") - echo "Solution File Path: ${slnPath}" - echo "SOLUTION_PATH=${slnPath}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Release Name: $($relName[-1])" - echo "RELEASE_NAME=$($relName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Repo Name: $($repoName[-1])" - echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Release Version: $($relVersion[-1])" - echo "RELEASE_VERSION=$($relVersion[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '3.1.x' # SDK Version to use; x will use the latest version of the 3.1 channel - #dotnet-version: - - - name: Add Package Source - run: | - dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.BUILD_PACKAGE_ACCESS }} --store-password-in-clear-text - - # Configures msbuild path envrionment - - name: setup-msbuild - uses: microsoft/setup-msbuild@v1 - - # Restores Packages to Local Machine - - name: restore nuget packages - run: | - nuget restore ${{ env.SOLUTION_PATH }} - - - name: GitHub Script checks for existing version tags - id: existing_version - uses: actions/github-script@v4.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - VERSION_NUMBER: ${{ env.RELEASE_VERSION }} - with: - script: | - // check for existing tags on this major.minor version - const tagsList = await github.git.listMatchingRefs({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'tags' - }); - - const { VERSION_NUMBER } = process.env; - const tags = tagsList.data.reverse(); - - // assume linear release pattern - i.e. always working on latest major.minor version - // if there are no tags, or latest tag does not start with VERSION_NUMBER, set a manual version for release - if (tags.length < 1 - || !tags.shift().ref.startsWith(`refs/tags/${VERSION_NUMBER}`)) { - core.exportVariable('MANUAL_VERSION', `${VERSION_NUMBER}.0-rc.0`); - } - - # Create a new release to auto-increment (or use manual version number) - - name: Create new release - id: create_release - #uses: zendesk/action-create-release@v1 - uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - MANUAL_VERSION: ${{ env.MANUAL_VERSION }} - with: - release_name: Release Candidate ${{ env.REPO_NAME }} ${{ env.RELEASE_VERSION }} - body: | - [Changelog](../CHANGELOG.MD) - draft: false - prerelease: true - prerelease_suffix: rc - tag_name: ${{ env.MANUAL_VERSION }} - auto_increment_type: prerelease - tag_schema: semantic - commitish: ${{ github.sha }} - - # update version number of AssemblyInfo.cs file - - name: Increment Assembly Version - run: | - $VersionRegex = "\d+\.\d+\.\d+" - $assemblyInfoFiles = (Get-ChildItem -Include AssemblyInfo.cs -File -Recurse).fullname - $newVer = "${{ steps.create_release.outputs.current_tag }}".TrimStart('v').Split('-')[0] - echo "Prepared to overwrite Assembly version to: ${newVer}" - foreach ($assemblyInfoFile in $assemblyInfoFiles) - { - $filecontent = Get-Content($assemblyInfoFile) - attrib $assemblyInfoFile -r - $filecontent -replace $VersionRegex, $newVer | Out-File $assemblyInfoFile - } - - # Runs a set of commands using the runners shell - - name: Execute MSBuild Commands - run: | - MSBuild.exe $Env:SOLUTION_PATH -p:RestorePackagesConfig=true -p:Configuration=Release - - - name: Archive Files - run: | - md ${{ github.workspace }}\zip\Keyfactor - Compress-Archive -Path ` - ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.dll, ` - ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.json, ` - ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\*.config ` - -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force - - - - name: Upload a Build Artifact - uses: actions/upload-artifact@v2.2.2 - with: - # Artifact name - name: ${{ env.REPO_NAME }}.zip - # A file, directory or wildcard pattern that describes what to upload - path: | - ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip - # The desired behavior if no files are found using the provided path. - if-no-files-found: error # optional, default is warn - - - name: Upload Release Asset (x64) - id: upload-release-asset-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip - asset_name: ${{ env.REPO_NAME}}_${{ steps.create_release.outputs.current_tag }}.zip - asset_content_type: application/zip diff --git a/.github/workflows/keyfactor-extension-release.yml b/.github/workflows/keyfactor-extension-release.yml deleted file mode 100644 index 6153557..0000000 --- a/.github/workflows/keyfactor-extension-release.yml +++ /dev/null @@ -1,129 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Keyfactor Extension - Release - -env: - SOLUTION_FOLDER: '.' - project_folder: PaloAlto -# Controls when the action will run. -on: - # Triggers the workflow on pull requests closing - pull_request: - # only run this workflow when closing a PR to a branch that contains a release number. ignore -pre - branches: - - 'release-[0-9]+.[0-9]+' - - '!release-[0-9]+.[0-9]+-pre' - types: [closed] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # run if pull request is completed and merged, or if manually dispatched - if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true) - - # The type of runner that the job will run on - runs-on: windows-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Setup Envrionment - id: setup_env - run: | - echo "Setup Envrionment Variables for Workflow" - echo "Working Path: ${Env:GITHUB_WORKSPACE}" - $slnPath = (Get-ChildItem -Include *.sln -File -Recurse).fullname - $relName = "${{ github.ref }}".Split("/") - $repoName = "${{ github.repository }}".Split("/") - echo "Solution File Path: ${slnPath}" - echo "SOLUTION_PATH=${slnPath}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Release Name: $($relName[-1])" - echo "RELEASE_NAME=$($relName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Repo Name: $($repoName[-1])" - echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '3.1.x' # SDK Version to use; x will use the latest version of the 3.1 channel - #dotnet-version: - - - name: Add Package Source - run: | - dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.BUILD_PACKAGE_ACCESS }} --store-password-in-clear-text - - # Configures msbuild path envrionment - - name: setup-msbuild - uses: microsoft/setup-msbuild@v1 - - # Restores Packages to Local Machine - - name: restore nuget packages - run: | - nuget restore ${{ env.SOLUTION_PATH }} - - - name: Create Release - id: create_release - #uses: zendesk/action-create-release@v1 - uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - release_name: Release ${{ env.RELEASE_NAME }} - body: | - [Changelog](../CHANGELOG.MD) - draft: false - prerelease: false - auto_increment_type: patch - tag_schema: semantic - commitish: ${{ github.sha }} - - #update version number of AssemblyInfo.cs file - - name: Increment Assembly Version - run: | - $VersionRegex = "\d+\.\d+\.\d+" - $assemblyInfoFiles = (Get-ChildItem -Include AssemblyInfo.cs -File -Recurse).fullname - foreach ($assemblyInfoFile in $assemblyInfoFiles) - { - $filecontent = Get-Content($assemblyInfoFile) - $newVer = "${{ steps.create_release.outputs.current_tag }}".TrimStart('v') - attrib $assemblyInfoFile -r - $filecontent -replace $VersionRegex, $newVer | Out-File $assemblyInfoFile - } - - - name: Execute MSBuild Commands - run: | - MSBuild.exe $Env:SOLUTION_PATH -p:RestorePackagesConfig=false -p:Configuration=Release - - - name: Archive Files - if: ${{ success() }} - run: | - md ${{ github.workspace }}\zip\Keyfactor - Compress-Archive -Path ` - ${{ env.SOLUTION_FOLDER }}\${{ env.PROJECT_FOLDER }}\bin\Release\netcoreapp3.1\* ` - -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force - - - name: Upload Release Asset (x64) - if: ${{ success() }} - id: upload-release-asset-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip - asset_name: ${{ env.REPO_NAME}}_${{ steps.create_release.outputs.current_tag }}.zip - asset_content_type: application/zip - - - name: On Failure - Remove Tags and Release - if: ${{ failure() }} - uses: dev-drprasad/delete-tag-and-release@v0.2.0 - with: - delete_release: true # default: false - tag_name: ${{ steps.create_release.outputs.current_tag }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml new file mode 100644 index 0000000..8cf923d --- /dev/null +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -0,0 +1,26 @@ +name: Starter Workflow +on: [workflow_dispatch, push, pull_request] + +jobs: + call-create-github-release-workflow: + uses: Keyfactor/actions/.github/workflows/github-release.yml@main + + call-dotnet-build-and-release-workflow: + needs: [call-create-github-release-workflow] + uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main + with: + release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} + release_dir: PaloAlto/bin/Release/netcoreapp3.1 # output directory to upload as a release, relative to checkout workspace + secrets: + token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} + + call-generate-readme-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + + call-update-catalog-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main + secrets: + token: ${{ secrets.SDK_SYNC_PAT }} \ No newline at end of file diff --git a/README.md b/README.md index 43c5c06..0e04881 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,19 @@ # Palo Alto PA-VM Firewall -## Orchestrator Palo Alto PA-VM Firewall Orchestrator for Add, Remove and Inventory. -## Prototype Ready +#### Integration status: Prototype - Demonstration quality. Not for use in customer environments. + +## About the Keyfactor Universal Orchestrator Capability + +This repository contains a Universal Orchestrator Capability which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. + +The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Capabilities, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Capability, see below in this readme. + +The Universal Orchestrator is the successor to the Windows Orchestrator. This Capability plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator. + +--- - -*** **Palo Alto PA-VM Firewall Device Configuration** **Overview** @@ -121,3 +128,4 @@ curl -k -X GET 'https:///api/?type=keygen&user=&password= -*** **Palo Alto PA-VM Firewall Device Configuration** **Overview**