Skip to content

Commit 6537a72

Browse files
huiwangredhathuiwangredhat
committed
add the oscal pr link to the cac pr comment body
Signed-off-by: Sophia Wang <huiwang@redhat.com>
1 parent 7215917 commit 6537a72

1 file changed

Lines changed: 13 additions & 22 deletions

File tree

.github/workflows/sync-oscal-cac.yml

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -107,59 +107,49 @@ jobs:
107107
- name: Check if the CAC content branch exists
108108
if: ${{ env.CHANGE_FOUND == 'true' }}
109109
run: |
110-
pr_number="${{ github.event.pull_request.number }}"
111-
BRANCH_NAME="sync_oscal_pr$pr_number"
110+
BRANCH_NAME="sync_oscal_pr${{ env.PR_NUMBER }}"
112111
cd cac-content
113-
branches=$(git branch -r | grep 'origin/sync_oscal' | sed 's/origin\///')
114-
exist="false"
115-
for branch in $branches; do
116-
echo $branch
117-
if [[ "$branch" == "$BRANCH_NAME" ]]; then
118-
echo "CAC content branch $BRANCH_NAME exists"
119-
git fetch --all
120-
git checkout -b "sync_oscal_pr$pr_number" origin/sync_oscal_pr$pr_number
121-
exist="true"
122-
break
123-
fi
124-
done
125-
if [[ "$exist" == "false" ]]; then
112+
git fetch --all
113+
if git show-ref --verify --quiet refs/remotes/origin/"$BRANCH_NAME"; then
114+
git checkout -b "sync_oscal_pr${{ env.PR_NUMBER }}" origin/sync_oscal_pr${{ env.PR_NUMBER }}
115+
else
126116
echo "CAC content branch $BRANCH_NAME doesn't exist"
127117
fi
128118
# Step 9: Sync OSCAL content to CAC content
129119
- name: Sync OSCAL content to CAC content
130120
if: ${{ env.CHANGE_FOUND == 'true' }}
131121
run: |
132-
pr_number="${{ github.event.pull_request.number }}"
133122
cat filenames.txt
134123
cd complyscribe && source venv/bin/activate
135124
while IFS= read -r line; do
136125
if [[ "$line" == *catalogs* ]]; then
137126
echo "sync oscal catalogs according to update of $line ..."
138127
policy_id=$(echo "$line" | cut -f2 -d"/")
139128
echo "The policy_id is $policy_id"
140-
poetry run complyscribe sync-oscal-content catalog --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr$pr_number" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --cac-policy-id "$policy_id"
129+
poetry run complyscribe sync-oscal-content catalog --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr${{ env.PR_NUMBER }}" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --cac-policy-id "$policy_id"
141130
elif [[ "$line" == "profiles"* ]]; then
142131
echo "sync oscal profiles according to update of $line ..."
143132
policy_id=$(echo $line | cut -f2 -d"/" | cut -f2 -d"-")
144133
product=$(echo "$line" | cut -f2 -d"/" | cut -f1 -d"-")
145134
echo "The policy_id is $policy_id, the product is $product"
146-
poetry run complyscribe sync-oscal-content profile --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr$pr_number" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --cac-policy-id "$policy_id" --product "$product"
135+
poetry run complyscribe sync-oscal-content profile --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr${{ env.PR_NUMBER }}" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --cac-policy-id "$policy_id" --product "$product"
147136
elif [[ "$line" == "component-definitions"* ]]; then
148137
echo "sync oscal component-definitions according to update of $line ..."
149138
product=$(echo "$line" | cut -f2 -d"/")
150139
profile=$(echo "$line" | cut -f3 -d"/")
151140
echo "The product is $product, the profile is $profile"
152-
poetry run complyscribe sync-oscal-content component-definition --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr$pr_number" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --product "$product" --oscal-profile "$profile"
141+
poetry run complyscribe sync-oscal-content component-definition --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_oscal_pr${{ env.PR_NUMBER }}" --cac-content-root "$GITHUB_WORKSPACE/cac-content" --product "$product" --oscal-profile "$profile"
153142
fi
154143
done < ../filenames.txt
155-
# Step 10: Create PR to CAC content
156-
- name: Create a Pull Request to OSCAL content
144+
# Step 10: Create PR in CAC content
145+
- name: Create a Pull Request in CAC content
157146
if: ${{ env.CHANGE_FOUND == 'true' }}
158147
run: |
159148
cd cac-content
160149
BRANCH_NAME="sync_oscal_pr${{ env.PR_NUMBER }}"
161150
OWNER="ComplianceAsCode"
162151
REPO="content"
152+
OSCAL_PR_URL="https://github.com/$OWNER/oscal-content/pull/${{ env.PR_NUMBER }}"
163153
if [[ "$(git branch --show-current)" == "$BRANCH_NAME" ]]; then
164154
# Check if the PR exists
165155
PR_EXISTS=$(gh pr list --repo $OWNER/$REPO \
@@ -175,11 +165,12 @@ jobs:
175165
echo "No commits between main and $BRANCH_NAME. Skipping PR creation."
176166
else
177167
echo "Creating PR for new branch: $BRANCH_NAME"
168+
PR_BODY="This is an auto-generated PR from OSCAL PR [${{ env.PR_NUMBER }}]("$OSCAL_PR_URL")"
178169
gh pr create --repo $OWNER/$REPO \
179170
--title "Auto-generated PR from OSCAL ${{ env.PR_NUMBER }}" \
180171
--head "$BRANCH_NAME" \
181172
--base "master" \
182-
--body "This is an auto-generated PR from OSCAL ${{ env.PR_NUMBER }} updates"
173+
--body "${PR_BODY}"
183174
fi
184175
else
185176
echo "No branch $BRANCH_NAME. Skipping PR creation."

0 commit comments

Comments
 (0)