github/nrp-build: Extend to support creating a Github release with ar…

…tifacts Signed-off-by: Jeremi Piotrowski <[email protected]>
Azure · Nov 8, 2024 · ec23951 · ec23951
1 parent b2d4e9f
commit ec23951
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 17 deletions.
diff --git a/.github/workflows/nrp-build.yml b/.github/workflows/nrp-build.yml
@@ -2,6 +2,11 @@ name: Build Azure Policy Packages
 
 on:
   workflow_dispatch:
+    inputs:
+      release:
+        description: 'Release name'
+        required: false
+        type: string
 
 jobs:
   package:
@@ -19,3 +24,47 @@ jobs:
       artifact: policy-packages
       machine-config: true
       release: true
+
+  release:
+    if: ${{ github.event.inputs.release }}
+    name: Release
+    needs: package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: policy-packages
+
+      - name: Update json template
+        run: |
+          set -xe
+          asb_artifact=AzureLinuxBaseline.zip
+          asb_hash="$(sha256sum ${asb_artifact} | awk '{print $1}')"
+          asb_uri="https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release }}/${asb_artifact}"
+          asb_template=./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json.tmpl
+          asb_output=./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json
+
+          ssh_artifact=LinuxSshServerSecurityBaseline.zip
+          ssh_hash="$(sha256sum ${ssh_artifact} | awk '{print $1}')"
+          ssh_uri="https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release }}/${ssh_artifact}"
+          ssh_template=./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl
+          ssh_output=./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json
+
+          sed -e "s|@HASH@|${asb_hash}|g" -e "s|@URI@|${asb_uri}|g" ${asb_template} > ${asb_output}
+          sed -e "s|@HASH@|${ssh_hash}|g" -e "s|@URI@|${ssh_uri}|g" ${ssh_template} > ${ssh_output}
+
+      - name: Create or update release with new artifacts
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.inputs.release }}
+          target_commitish: ${{ github.sha }}
+          prerelease: true
+          body: |
+            Azure Policy Packages built from ${{ github.sha }} ${{ github.ref_name }}
+          files: |
+            AzureLinuxBaseline.zip
+            LinuxSshServerSecurityBaseline.zip
+            ./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json
+            ./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json
diff --git a/...AzureLinuxBaseline_DeployIfNotExists.json → ...LinuxBaseline_DeployIfNotExists.json.tmpl b/...AzureLinuxBaseline_DeployIfNotExists.json → ...LinuxBaseline_DeployIfNotExists.json.tmpl
@@ -14,8 +14,8 @@
         "name": "AzureLinuxBaseline",
         "version": "1.0.0",
         "contentType": "Custom",
-        "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip",
-        "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E"
+        "contentUri": "@URI@",
+        "contentHash": "@HASH@"
       }
     },
     "parameters": {
@@ -340,8 +340,8 @@
                         "name": "AzureLinuxBaseline",
                         "version": "1.0.0",
                         "contentType": "Custom",
-                        "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip",
-                        "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E",
+                        "contentUri": "@URI@",
+                        "contentHash": "@HASH@",
                         "assignmentType": "ApplyAndAutoCorrect"
                       }
                     }
@@ -357,8 +357,8 @@
                         "name": "AzureLinuxBaseline",
                         "version": "1.0.0",
                         "contentType": "Custom",
-                        "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip",
-                        "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E",
+                        "contentUri": "@URI@",
+                        "contentHash": "@HASH@",
                         "assignmentType": "ApplyAndAutoCorrect"
                       }
                     }
@@ -374,8 +374,8 @@
                         "name": "AzureLinuxBaseline",
                         "version": "1.0.0",
                         "contentType": "Custom",
-                        "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip",
-                        "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E",
+                        "contentUri": "@URI@",
+                        "contentHash": "@HASH@",
                         "assignmentType": "ApplyAndAutoCorrect"
                       }
                     }
@@ -388,4 +388,4 @@
       }
     }
   }
-}
+}
diff --git a/...erSecurityBaseline_DeployIfNotExists.json → ...urityBaseline_DeployIfNotExists.json.tmpl b/...erSecurityBaseline_DeployIfNotExists.json → ...urityBaseline_DeployIfNotExists.json.tmpl
@@ -14,8 +14,8 @@
                 "name": "LinuxSshServerSecurityBaseline",
                 "version": "1.0.0",
                 "contentType": "Custom",
-                "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
-                "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6",
+                "contentUri": "@URI@",
+                "contentHash": "@HASH@",
                 "configurationParameter": {
                     "accessPermissionsForSshdConfig": "Ensure that permissions on /etc/ssh/sshd_config are configured;DesiredObjectValue",
                     "ignoreHosts": "Ensure that the SSH IgnoreRhosts is configured;DesiredObjectValue",
@@ -623,8 +623,8 @@
                                                 "name": "LinuxSshServerSecurityBaseline",
                                                 "version": "1.0.0",
                                                 "contentType": "Custom",
-                                                "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
-                                                "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6",
+                                                "contentUri": "@URI@",
+                                                "contentHash": "@HASH@",
                                                 "assignmentType": "ApplyAndAutoCorrect",
                                                 "configurationParameter": [
                                                     {
@@ -714,8 +714,8 @@
                                                 "name": "LinuxSshServerSecurityBaseline",
                                                 "version": "1.0.0",
                                                 "contentType": "Custom",
-                                                "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
-                                                "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6",
+                                                "contentUri": "@URI@",
+                                                "contentHash": "@HASH@",
                                                 "assignmentType": "ApplyAndAutoCorrect",
                                                 "configurationParameter": [
                                                     {
@@ -805,8 +805,8 @@
                                                 "name": "LinuxSshServerSecurityBaseline",
                                                 "version": "1.0.0",
                                                 "contentType": "Custom",
-                                                "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
-                                                "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6",
+                                                "contentUri": "@URI@",
+                                                "contentHash": "@HASH@",
                                                 "assignmentType": "ApplyAndAutoCorrect",
                                                 "configurationParameter": [
                                                     {