Fix build (attempt 2) #319
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [main] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pages: write | |
| pull-requests: write | |
| jobs: | |
| test_python: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.12' | |
| - name: Install Poetry | |
| run: curl -sSL https://install.python-poetry.org/ | python - | |
| - name: Add Poetry to PATH | |
| run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH | |
| - name: Install Python dependencies | |
| run: poetry install | |
| - name: Check code formatting | |
| run: poetry run black --check src/attack_flow/ | |
| - name: Run unit tests | |
| run: poetry run make test-ci | |
| - name: Upload coverage to CodeCov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_SECRET }} | |
| files: coverage.xml | |
| verbose: true | |
| attack_flow_builder: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '19' | |
| - name: Install dependencies | |
| working-directory: ./src/attack_flow_builder/ | |
| run: npm ci | |
| - name: Build | |
| working-directory: ./src/attack_flow_builder/ | |
| env: | |
| # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
| NODE_OPTIONS: "--openssl-legacy-provider" | |
| run: npm run build | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: attack_flow_builder | |
| path: src/attack_flow_builder/dist/ | |
| comment_flow_links: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PR_NUMBER: ${{ github.event.number }} | |
| with: | |
| script: | | |
| const { PR_NUMBER, GITHUB_SHA } = process.env; | |
| const builderUrl = "https://center-for-threat-informed-defense.github.io/attack-flow/ui/?src="; | |
| const baseRawUrl = "https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-flow" | |
| const response = await github.rest.pulls.listFiles({ | |
| "owner": "center-for-threat-informed-defense", | |
| "repo": "attack-flow", | |
| "pull_number": PR_NUMBER, | |
| "per_page": 50, | |
| "page": 1, | |
| }); | |
| const bullets = []; | |
| for (const file of response.data) { | |
| if (file.filename.startsWith("corpus/")) { | |
| const flowName = file.filename.split("/").pop(); | |
| const flowArg = `${baseRawUrl}/${GITHUB_SHA}/corpus/${flowName}`; | |
| console.log(flowArg) | |
| const flowUrl = builderUrl + encodeURIComponent(flowArg); | |
| bullets.push(`* [${flowName}](${flowUrl})`); | |
| } | |
| } | |
| if (bullets.length > 0) { | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: "Open this PR's flows in Attack Flow Builder:\n\n" + bullets.join("\n") + "\n", | |
| }) | |
| } | |
| docs: | |
| needs: ["test_python", "attack_flow_builder"] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.12' | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '19' | |
| - name: Update APT | |
| run: sudo apt update | |
| - name: Install APT dependencies | |
| run: sudo apt install graphviz | |
| - name: Install Poetry | |
| run: curl -sSL https://install.python-poetry.org/ | python - | |
| - name: Add Poetry to PATH | |
| run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH | |
| - name: Install Python dependencies | |
| run: poetry install | |
| - name: Install Node dependencies | |
| working-directory: ./src/attack_flow_builder/ | |
| run: npm ci | |
| - name: Create client directory | |
| run: mkdir docs/extra/ui | |
| - name: Download Attack Flow Builder | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: attack_flow_builder | |
| path: docs/extra/ui | |
| - name: Make Attack Flow schema | |
| run: poetry run make docs-schema | |
| - name: Validate Corpus | |
| env: | |
| # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
| NODE_OPTIONS: "--openssl-legacy-provider" | |
| run: poetry run make validate | |
| - name: Copy corpus into docs | |
| env: | |
| # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532 | |
| NODE_OPTIONS: "--openssl-legacy-provider" | |
| run: poetry run make docs-examples | |
| - name: Copy matrix-viz code into docs | |
| run: poetry run make docs-matrix | |
| - name: Build HTML docs | |
| run: poetry run sphinx-build -M dirhtml docs docs/_build -W --keep-going | |
| - name: Upload HTML docs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: attack_flow_docs_html | |
| path: docs/_build/dirhtml/ | |
| - name: Install TeX Live | |
| run: sudo apt install -y latexmk texlive texlive-latex-extra | |
| - name: Build PDF docs | |
| run: poetry run sphinx-build -M latexpdf docs docs/_build | |
| - name: Upload PDF docs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: attack_flow_docs_pdf | |
| path: docs/_build/latex/attackflow.pdf | |
| github_pages: | |
| # This job only runs when creating a tag. | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: docs | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| steps: | |
| - name: Setup Pages | |
| uses: actions/configure-pages@v2 | |
| - name: Download HTML docs | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: attack_flow_docs_html | |
| path: docs | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v1 | |
| with: | |
| path: ./docs | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v1 | |
| docker: | |
| # This job only runs when creating a tag. | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: ["test_python", "attack_flow_builder"] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Docker metadata | |
| id: af_meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| labels: org.opencontainers.image.url=https://ctid.mitre-engenuity.org/our-work/attack-flow/ | |
| - name: Build Attack Flow Docker image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.af_meta.outputs.tags }} | |
| labels: ${{ steps.af_meta.outputs.labels }} |