-
Notifications
You must be signed in to change notification settings - Fork 3
181 lines (145 loc) · 7.59 KB
/
export_badges_private.yml
File metadata and controls
181 lines (145 loc) · 7.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
---
name: Export Private Repo Badges IaC
on:
workflow_call:
inputs:
repo_name:
required: true
type: string
secrets:
BADGE_PUSH_TOKEN:
required: true
jobs:
export:
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'schedule' && startsWith(inputs.repo_name, 'ansible-lockdown/Private-')) || (github.event_name == 'push' && github.ref_name == 'latest')
runs-on: ubuntu-latest
steps:
- name: Create output directory
run: |
repo_short=$(basename "${{ inputs.repo_name }}")
mkdir -p output/badges/$repo_short
##################################################
# Generate Badge Files #
##################################################
- name: Generate badge JSON files
env:
GH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}
run: |
repo_short=$(basename "${{ inputs.repo_name }}")
OUT_DIR=output/badges/$repo_short
# Release branch badge
default_branch=$(gh repo view "${{ inputs.repo_name }}" --json defaultBranchRef --jq '.defaultBranchRef.name')
echo '{ "schemaVersion": 1, "label": "Release Branch", "message": "'"$default_branch"'", "color": "brightgreen" }' > $OUT_DIR/release-branch.json
##################################################
# Windows / Linux Private Pipeline Badges #
##################################################
# Windows Remediate Pipeline Badge
status=$(gh run list -R "${{ inputs.repo_name }}" --workflow="main_pipeline_validation.yml" --json status,conclusion --jq '.[0] | .status + ":" + .conclusion' || echo "unknown:unknown")
if [[ "$status" == "completed:success" ]]; then
color=brightgreen; msg=Passing
elif [[ "$status" == "completed:failure" ]]; then
color=red; msg=Failing
else
color=lightgrey; msg=Unknown
fi
echo '{ "schemaVersion": 1, "label": "Remediate Pipeline", "message": "'"$msg"'", "color": "'"$color"'" }' > $OUT_DIR/remediate.json
##################################################
# Windows GPO Pipeline Badges Only #
##################################################
# Windows GPO Pipeline Badge
echo "Checking repo_short: $repo_short" # Debugging step
if [[ "$repo_short" == Private-Windows-* ]]; then
echo "Repo matches Private-Windows-* pattern" # Debugging step
# Fetch the status of the pipeline run
status=$(gh run list -R "${{ inputs.repo_name }}" --workflow="main_pipeline_validation_gpo.yml" --json status,conclusion --jq '.[0] | .status + ":" + .conclusion' || echo "unknown:unknown")
echo "Fetched status: $status" # Debugging step
# Set the badge color based on the status
if [[ "$status" == "completed:success" ]]; then
color=brightgreen
msg=Passing
elif [[ "$status" == "completed:failure" ]]; then
color=red
msg=Failing
else
color=lightgrey
msg=Unknown
fi
# Output the badge JSON
echo '{ "schemaVersion": 1, "label": "GPO Pipeline", "message": "'"$msg"'", "color": "'"$color"'" }' > $OUT_DIR/gpo.json
else
echo "Skipping GPO Pipeline badge — not a Windows repo"
fi
##################################################
# Repo Metadata Badges #
##################################################
# Pull requests
prs=$(gh pr list -R "${{ inputs.repo_name }}" --json number --jq 'length')
echo '{ "schemaVersion": 1, "label": "Pull Requests", "message": "'"$prs"'", "color": "blue" }' > $OUT_DIR/prs.json
# Closed issues
closed=$(gh issue list -R "${{ inputs.repo_name }}" --state closed --json number --jq 'length')
echo '{ "schemaVersion": 1, "label": "Closed Issues", "message": "'"$closed"'", "color": "success" }' > $OUT_DIR/issues-closed.json
# Benchmark version badge
echo "Cloning latest branch of ${{ inputs.repo_name }} to extract version..."
git clone --depth 1 --branch latest https://x-access-token:${{ secrets.BADGE_PUSH_TOKEN }}@github.com/${{ inputs.repo_name }}.git tmp_repo
if [ ! -f tmp_repo/README.md ]; then
version="Unknown"
echo "README.md not found"
else
cd tmp_repo
version=$(grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+' README.md | head -n1)
if [ -z "$version" ]; then
version=$(grep -Eo 'Version [0-9]+, Rel [0-9]+' README.md | head -n1)
fi
cd ..
fi
rm -rf tmp_repo
if [ -z "$version" ]; then version="Unknown"; fi
echo "Extracted Benchmark Version: $version"
echo '{ "schemaVersion": 1, "label": "Benchmark Version", "message": "'"$version"'", "color": "blue" }' > $OUT_DIR/benchmark-version.json
# Last updated badge
date_str=$(date -u +"%Y-%m-%dT%H:%MZ")
echo '{ "schemaVersion": 1, "label": "Last Updated", "message": "'"$date_str"'", "color": "blue" }' > $OUT_DIR/last-updated.json
##################################################
# GitHub Pages Output Prep #
##################################################
- name: Add .nojekyll to prevent GitHub Pages filtering
run: touch output/.nojekyll
- name: Clone and prepare badge folder
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
echo "Cloning self_hosted branch of github_windows_IaC..."
git clone --branch self_hosted https://x-access-token:${{ secrets.BADGE_PUSH_TOKEN }}@github.com/ansible-lockdown/github_windows_IaC.git target
repo_short=$(basename "${{ inputs.repo_name }}")
echo "Preparing badge directory: target/badges/$repo_short"
mkdir -p target/badges/$repo_short
echo "Syncing badge files with rsync (only updated ones will be copied)..."
if [ -d "output/badges/$repo_short" ]; then
rsync -a --delete --checksum output/badges/$repo_short/ target/badges/$repo_short/ | tee sync_log.txt
else
echo "Warning: No badge output found in output/badges/$repo_short"
fi
echo "Files that were updated/copied/removed:"
cat sync_log.txt || echo "No rsync output available"
echo "Final contents of target/badges/$repo_short:"
ls -al target/badges/$repo_short || echo "Folder does not exist or is empty"
##################################################
# Commit and Push Changes #
##################################################
- name: Commit and push to self_hosted branch
run: |
repo_short=$(basename "${{ inputs.repo_name }}")
cd target
echo "Running git status before commit:"
git status
echo "Adding changes to staging:"
git add badges/$repo_short
echo "Showing staged changes:"
git diff --cached || true
if git diff --cached --quiet; then
echo "No changes detected – skipping commit."
else
echo "Changes detected – committing and pushing..."
git commit -m "Update PRIVATE badges for $repo_short"
git push origin self_hosted
fi