diff --git a/.github/workflows/functionnal-tests.yml b/.github/workflows/functionnal-tests.yml new file mode 100644 index 0000000..9de5301 --- /dev/null +++ b/.github/workflows/functionnal-tests.yml @@ -0,0 +1,19 @@ +--- +name: Run functionnal tests +on: + - pull_request +jobs: + functionnal-tests-docker-debian9: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v2 + - name: Run the tests debian9 + run: ./tests/docker_build_and_run_tests.sh debian9 + functionnal-tests-docker-debian10: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v2 + - name: Run the tests debian10 + run: ./tests/docker_build_and_run_tests.sh debian10 diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml new file mode 100644 index 0000000..7d51aff --- /dev/null +++ b/.github/workflows/pre-release.yml @@ -0,0 +1,64 @@ +--- +name: Create Pre-Release +on: + push: + branches: + - master +jobs: + build: + name: Create Pre-Release + runs-on: ubuntu-latest + steps: + # CHECKOUT CODE + - name: Checkout code + uses: actions/checkout@v2 + # BUILD THE .DEB PACKAGE + - name: Build + run: | + sudo apt-get update + sudo apt-get install -y build-essential devscripts debhelper + sudo debuild -us -uc + find ../ -name "*.deb" -exec mv {} cis-hardening.deb \; + # DELETE THE TAG NAMED LATEST AND THE CORRESPONDING RELEASE + - name: Delete the tag latest and the release latest + uses: dev-drprasad/delete-tag-and-release@v0.1.2 + with: + delete_release: true + tag_name: latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # GET LATEST VERSION TAG + - name: Get latest version tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + # GENERATE CHANGELOG CORRESPONDING TO COMMIT BETWEEN HEAD AND COMPUTED LAST TAG + - name: Generate changelog + id: changelog + uses: metcalfc/changelog-generator@v0.4.4 + with: + myToken: ${{ secrets.GITHUB_TOKEN }} + head-ref: ${{ github.sha }} + base-ref: ${{ steps.get-latest-tag.outputs.tag }} + # CREATE RELEASE NAMED LATEST + - name: Create Release + id: create_release + uses: actions/create-release@v1.1.4 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: latest + release_name: Pre-release + body: ${{ steps.changelog.outputs.changelog }} + draft: false + prerelease: true + # UPLOAD PACKAGE .DEB + - name: Upload Release deb + id: upload-release-asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./cis-hardening.deb + asset_name: cis-hardening.deb + asset_content_type: application/vnd.debian.binary-package diff --git a/.github/workflows/shellcheck_and_shellfmt.yml b/.github/workflows/shellcheck_and_shellfmt.yml new file mode 100644 index 0000000..355d0ca --- /dev/null +++ b/.github/workflows/shellcheck_and_shellfmt.yml @@ -0,0 +1,22 @@ +--- +name: Run shell-linter +on: + - push + - pull_request +jobs: + sh-checker: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v2 + - name: Run the sh-checker + uses: luizm/action-sh-checker@v0.1.8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Optional if sh_checker_comment is false. + SHELLCHECK_OPTS: --color=always --shell=bash -x --source-path=SCRIPTDIR # Optional: exclude some shellcheck warnings. + SHFMT_OPTS: -l -i 4 -w # Optional: pass arguments to shfmt. + with: + sh_checker_comment: true + sh_checker_exclude: | + src/ + debian/postrm diff --git a/.github/workflows/tagged-release.yml b/.github/workflows/tagged-release.yml new file mode 100644 index 0000000..df1f10f --- /dev/null +++ b/.github/workflows/tagged-release.yml @@ -0,0 +1,56 @@ +--- +name: Create Release +on: + push: + tags: + - 'v*' +jobs: + build: + name: Create Release + # only runs on master + if: github.event.base_ref == 'refs/heads/master' + runs-on: ubuntu-latest + steps: + - name: Get latest version number + id: vars + run: echo ::set-output name=tag::${GITHUB_REF#refs/*/} + # CHECKOUT CODE + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ steps.vars.outputs.tag }} + # BUILD THE .DEB PACKAGE + - name: Build + run: | + sudo apt-get update + sudo apt-get install -y build-essential devscripts debhelper + sudo debuild -us -uc + find ../ -name "*.deb" -exec mv {} cis-hardening.deb \; + #GENERATE CHANGELOG CORRESPONDING TO ENTRY IN DEBIAN/CHANGELOG + - name: Generate changelog + run: sed -n -e "/cis-hardening ($(echo ${{ steps.vars.outputs.tag }} | tr -d 'v'))/,/ -- / p" debian/changelog | tail -n +3 | head -n -2 > changelog.md + - name: debug + run: cat changelog.md + # CREATE RELEASE + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + body_path: changelog.md + draft: false + prerelease: false + # UPLOAD PACKAGE .DEB + - name: Upload Release deb + id: upload-release-asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./cis-hardening.deb + asset_name: cis-hardening.deb + asset_content_type: application/vnd.debian.binary-package