fix: update trestlebot actions from TEMPLATES

RedHatProductSecurity · Oct 31, 2024 · 9bf0fd6 · 9bf0fd6
1 parent bcd3b48
commit 9bf0fd6
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 32 deletions.
diff --git a/.github/workflows/trestlebot-autosync-catalog.yml b/.github/workflows/trestlebot-autosync-catalog.yml
@@ -2,13 +2,17 @@
 name: Trestle-bot autosync catalog updates
 
 on:
-  pull_request:
+  push:
     branches:
       - main
     paths:
       - 'catalogs/**'
       - 'markdown/catalogs/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync catalog content
@@ -18,13 +22,10 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
       - name: Run autosync
         id: autosync
         uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
         with:
           markdown_path: "markdown/catalogs"
           oscal_model: "catalog"
           file_pattern: "*.json,markdown/*"
-          branch: ${{ github.head_ref }}
diff --git a/.github/workflows/trestlebot-autosync-profile.yml b/.github/workflows/trestlebot-autosync-profile.yml
@@ -2,13 +2,17 @@
 name: Trestle-bot autosync profile updates
 
 on:
-  pull_request:
+  push:
     branches:
       - main
     paths:
       - 'profiles/**'
       - 'markdown/profiles/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync profile content
@@ -18,13 +22,10 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
       - name: Run autosync
         id: autosync
         uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
           file_pattern: "*.json,markdown/*"
-          branch: ${{ github.head_ref }}
diff --git a/.github/workflows/trestlebot-autosync-ssp.yml b/.github/workflows/trestlebot-autosync-ssp.yml
@@ -0,0 +1,32 @@
+name: Trestle-bot autosync ssp updates
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'profiles/**'
+      - 'catalogs/**'
+      - 'component-definitions/**'
+      - 'system-security-plans/**'
+      - 'markdown/**'
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  autosync:
+    name: Autosync ssp content
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Run autosync
+        id: autosync
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
+        with:
+          markdown_path: "markdown/system-security-plans"
+          oscal_model: "ssp"
+          file_pattern: "*.json,markdown/*"
diff --git a/.github/workflows/trestlebot-create-component-definition.yml b/.github/workflows/trestlebot-create-component-definition.yml
@@ -1,5 +1,5 @@
 ---
-name: Trestle-bot Create Component Definition
+name: Trestle-bot create component-definition
 
 on:
   workflow_dispatch:
@@ -40,7 +40,7 @@ jobs:
           component_title: ${{ github.event.inputs.component_title }}
           component_type: ${{ github.event.inputs.component_type }}
           component_description: ${{ github.event.inputs.component_description }}
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           branch: "create-component-definition-${{ github.run_id }}"
           target_branch: "main"
           file_pattern: "*.json,markdown/*,rules/*"

diff --git a/.github/workflows/trestlebot-rules-transform.yml b/.github/workflows/trestlebot-rules-transform.yml
@@ -2,7 +2,7 @@
 name: Trestle-bot rules-transform and autosync
 
 on:
-  pull_request:
+  push:
     branches:
       - main
     paths:
@@ -17,35 +17,31 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  rules-transform:
-    name: Trestle-bot Rules Transform
+  rules-transform-and-autosync:
+    name: Rules Transform and AutoSync
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-      - name: Transform rules
-        uses: ./.github/actions/rules-transform
-
-  autosync:
-    name: Trestle-bot Autosync Content
-    needs: rules-transform
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-      - name: Autosync component-definitions
+      - name: AutoSync
         id: autosync
         uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
         with:
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           oscal_model: "compdef"
           file_pattern: "*.json,markdown/*"
-          branch: ${{ github.head_ref }}
+      - name: Check if rules changed
+        id: changes
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            rules:
+              - 'rules/**'
+      - name: Rules Transform
+        if: steps.changes.outputs.rules == 'true'
+        uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main
+        with:
+          markdown_path: "markdown/component-definitions"
+          commit_message: "Auto-transform rules [skip ci]"