From ec23951af267f0147ac35b0374c9cb9490d1dcd7 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Thu, 7 Nov 2024 19:54:56 +0100 Subject: [PATCH] github/nrp-build: Extend to support creating a Github release with artifacts Signed-off-by: Jeremi Piotrowski --- .github/workflows/nrp-build.yml | 49 +++++++++++++++++++ ...LinuxBaseline_DeployIfNotExists.json.tmpl} | 18 +++---- ...urityBaseline_DeployIfNotExists.json.tmpl} | 16 +++--- 3 files changed, 66 insertions(+), 17 deletions(-) rename src/adapters/mc/asb/{AzureLinuxBaseline_DeployIfNotExists.json => AzureLinuxBaseline_DeployIfNotExists.json.tmpl} (93%) rename src/adapters/mc/ssh/{LinuxSshServerSecurityBaseline_DeployIfNotExists.json => LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl} (98%) diff --git a/.github/workflows/nrp-build.yml b/.github/workflows/nrp-build.yml index 799fdfbbd..90811e9b3 100644 --- a/.github/workflows/nrp-build.yml +++ b/.github/workflows/nrp-build.yml @@ -2,6 +2,11 @@ name: Build Azure Policy Packages on: workflow_dispatch: + inputs: + release: + description: 'Release name' + required: false + type: string jobs: package: @@ -19,3 +24,47 @@ jobs: artifact: policy-packages machine-config: true release: true + + release: + if: ${{ github.event.inputs.release }} + name: Release + needs: package + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: policy-packages + + - name: Update json template + run: | + set -xe + asb_artifact=AzureLinuxBaseline.zip + asb_hash="$(sha256sum ${asb_artifact} | awk '{print $1}')" + asb_uri="https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release }}/${asb_artifact}" + asb_template=./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json.tmpl + asb_output=./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json + + ssh_artifact=LinuxSshServerSecurityBaseline.zip + ssh_hash="$(sha256sum ${ssh_artifact} | awk '{print $1}')" + ssh_uri="https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release }}/${ssh_artifact}" + ssh_template=./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl + ssh_output=./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json + + sed -e "s|@HASH@|${asb_hash}|g" -e "s|@URI@|${asb_uri}|g" ${asb_template} > ${asb_output} + sed -e "s|@HASH@|${ssh_hash}|g" -e "s|@URI@|${ssh_uri}|g" ${ssh_template} > ${ssh_output} + + - name: Create or update release with new artifacts + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ github.event.inputs.release }} + target_commitish: ${{ github.sha }} + prerelease: true + body: | + Azure Policy Packages built from ${{ github.sha }} ${{ github.ref_name }} + files: | + AzureLinuxBaseline.zip + LinuxSshServerSecurityBaseline.zip + ./src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json + ./src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json diff --git a/src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json b/src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json.tmpl similarity index 93% rename from src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json rename to src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json.tmpl index dbb74e6ab..bfbafb6c8 100644 --- a/src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json +++ b/src/adapters/mc/asb/AzureLinuxBaseline_DeployIfNotExists.json.tmpl @@ -14,8 +14,8 @@ "name": "AzureLinuxBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip", - "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E" + "contentUri": "@URI@", + "contentHash": "@HASH@" } }, "parameters": { @@ -340,8 +340,8 @@ "name": "AzureLinuxBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip", - "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect" } } @@ -357,8 +357,8 @@ "name": "AzureLinuxBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip", - "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect" } } @@ -374,8 +374,8 @@ "name": "AzureLinuxBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/AzureLinuxBaseline.zip", - "contentHash": "832539A6E9167E356B1CA99F090E20B6C94673FAB6E6714881798C56D8EBD44E", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect" } } @@ -388,4 +388,4 @@ } } } -} \ No newline at end of file +} diff --git a/src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json b/src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl similarity index 98% rename from src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json rename to src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl index b62767a63..ca7f61d70 100644 --- a/src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json +++ b/src/adapters/mc/ssh/LinuxSshServerSecurityBaseline_DeployIfNotExists.json.tmpl @@ -14,8 +14,8 @@ "name": "LinuxSshServerSecurityBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip", - "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6", + "contentUri": "@URI@", + "contentHash": "@HASH@", "configurationParameter": { "accessPermissionsForSshdConfig": "Ensure that permissions on /etc/ssh/sshd_config are configured;DesiredObjectValue", "ignoreHosts": "Ensure that the SSH IgnoreRhosts is configured;DesiredObjectValue", @@ -623,8 +623,8 @@ "name": "LinuxSshServerSecurityBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip", - "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [ { @@ -714,8 +714,8 @@ "name": "LinuxSshServerSecurityBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip", - "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [ { @@ -805,8 +805,8 @@ "name": "LinuxSshServerSecurityBaseline", "version": "1.0.0", "contentType": "Custom", - "contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip", - "contentHash": "1ADA673657D30BC454919EB74AC05785ED946FC948AD64CFFFF436BC229567C6", + "contentUri": "@URI@", + "contentHash": "@HASH@", "assignmentType": "ApplyAndAutoCorrect", "configurationParameter": [ {