moved command into workflow #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint OSCAL Files | |
| on: | |
| push: | |
| paths: | |
| - '**/*oscal*.yaml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| check-oscal-paths: | |
| runs-on: ubuntu-latest | |
| name: OSCAL Change Detection | |
| outputs: | |
| oscal: ${{ steps.path-filter.outputs.oscal }} | |
| oscal_files: ${{ steps.path-filter.outputs.oscal_files }} | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| # Uses a custom action to filter paths for source packages. | |
| - name: Check src paths | |
| id: path-filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 | |
| with: | |
| filters: | | |
| oscal: | |
| - added|modified: "**/*oscal*.yaml" | |
| list-files: shell | |
| lint-oscal: | |
| needs: check-oscal-paths | |
| if: ${{ needs.check-oscal-paths.outputs.oscal == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| # filter the files to remove not oscal files (such as those titles oscal-* under ./.github) | |
| - name: Identify changed OSCAL files | |
| id: find_changed_files | |
| run: | | |
| CHANGED_FILES=$(echo "${{ needs.check-oscal-paths.outputs.oscal_files }}" | tr ' ' '\n' | grep -v ".github*" | tr '\n' ',' | sed 's/.$//' || true) | |
| echo "Changed OSCAL files: $CHANGED_FILES" | |
| echo "oscal_files=$CHANGED_FILES" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| # checkout for access to the oscal files targeted for linting | |
| - name: Checkout the code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| # setup uds-cli | |
| - name: Use Node.js latest | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 20 | |
| - name: Set up Homebrew | |
| uses: Homebrew/actions/setup-homebrew@master | |
| - name: Install UDS CLI | |
| shell: bash | |
| # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver | |
| run: brew install defenseunicorns/tap/[email protected] | |
| # will be pinning this when a tag is released | |
| - name: Install Lula | |
| uses: defenseunicorns/lula-action/setup@095636b7880051e11b05f10a582fdd911526161c | |
| with: | |
| # renovate: datasource=github-tags depName=defenseunicorns/lula versioning=semver-coerced | |
| version: v0.4.1 | |
| # lint the oscal files | |
| - name: lint-oscal | |
| run: uds run lint-oscal --set OSCALFILES=${{ steps.find_changed_files.outputs.oscal_files }} | |
| shell: bash |