Skip to content

Fix RSA

Fix RSA #228

name: Run Tests and generate output files
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
pull_request:
branches:
- master
paths:
- 'source/**'
- 'scripts/convert**'
- 'resources/templates/**'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
permissions:
contents: read
jobs:
hardening:
uses: ./.github/workflows/hardening.yaml
runtests:
needs: hardening
uses: ./.github/workflows/run-tests.yaml
# If Tests pass, generate new output files
uploadoutputfiles:
name: Upload Output Files
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
needs: runtests
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create tmp branch for artifacts and get parent and object ref
id: find-target
env:
PR_NUMBER: ${{ github.event.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
run: |
echo "parent=`git rev-parse HEAD`" >> "$GITHUB_ENV"
echo "object_tree=`git write-tree`" >> "$GITHUB_ENV"
git switch --orphan "tmp-$BRANCH_NAME-artifacts"
- name: Commit empty commit to the tmp artifact branch
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
TARGET_BRANCH: ${{ github.event.pull_request.head.ref }}
with:
script: |
const { TARGET_BRANCH } = process.env
const commit_msg = "Upload artifacts"
const parent = "${{ env.parent}}";
const object_tree = "${{ env.object_tree}}";
const { data: commit } = await github.rest.git.createCommit({
owner: context.repo.owner,
repo: context.repo.repo,
message: commit_msg,
tree: object_tree,
parents: [parent]
});
try {
const { data: ref } = await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/heads/tmp-${TARGET_BRANCH}-artifacts`,
sha: commit.sha
})
} catch (e) {
//The branch already exists
}
- name: Checkout branch for pull request
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.ref }}
# Set the pip environment up
- name: Get Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: '3.11'
cache: 'pipenv' # caching pip dependencies
- name: Install dependencies
run: |
pip install -r requirements.txt --require-hashes
pipenv install -d
- name: Generate new output files
run: |
#
# Building EoP
mkdir -p output/eop || echo "Ignore error"
mkdir -p output/eop/Links || echo "Ignore error"
mkdir -p output/eop/Fonts || echo "Ignore error"
cp -rf ./resources/templates/Links/eop output/eop/Links/
cp -rf ./resources/templates/Fonts/Selawik/* output/eop/Fonts/
cp -rf ./resources/templates/Fonts/OpenSans/* output/eop/Fonts/
pipenv run python scripts/convert.py -t tarot -l en -lt deck -v 1.0 -e eop -i ./resources/templates/eop_ver_deck_tarot_lang.idml -o ./output/eop/eop-1.0-deck-en.idml
pipenv run python scripts/convert.py -t tarot -l es -lt deck -v 1.0 -e eop -i ./resources/templates/eop_ver_deck_tarot_lang.idml -o ./output/eop/eop-1.0-deck-es.idml
pipenv run python scripts/convert.py -t tarot -l en -lt instructions1 -v 1.0 -e eop -i ./resources/templates/eop_ver_instructions1_tarot_lang.idml -o ./output/eop/1_instructionCard1.idml
pipenv run python scripts/convert.py -t tarot -l en -lt instructions2 -v 1.0 -e eop -i ./resources/templates/eop_ver_instructions2_tarot_lang.idml -o ./output/eop/1_instructionCard2.idml
pipenv run python scripts/convert.py -t tarot -l en -lt strategy-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_strategy-cards_tarot_lang.idml -o ./output/eop/2_StrategyCard.idml
pipenv run python scripts/convert.py -t tarot -l en -lt cards -v 1.0 -e eop -i ./resources/templates/eop_ver_cards_tarot_lang.idml -o ./output/eop/3_PlayingCards.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-spoofing-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-spoofing-cards_tarot_lang.idml -o ./output/eop/4_1THREATCARD-Spoofing.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-tampering-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-tampering-cards_tarot_lang.idml -o ./output/eop/4_2THREATCARD-Tampering.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-repudation-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-repudation-cards_tarot_lang.idml -o ./output/eop/4_3THREATCARD-Repudiation.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-infodisclosure-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-infodisclosure-cards_tarot_lang.idml -o ./output/eop/4_4THREATCARD-InfoDisclosure.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-denialofsvc-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-denialofsvc-cards_tarot_lang.idml -o ./output/eop/4_5THREATCARD-DenialofSvc.idml
pipenv run python scripts/convert.py -t tarot -l en -lt threat-elevofpriv-cards -v 1.0 -e eop -i ./resources/templates/eop_ver_threat-elevofpriv-cards_tarot_lang.idml -o ./output/eop/4_6THREATCARD-ElevofPriv.idml
pipenv run python scripts/convert.py -t tarot -l en -lt about -v 1.0 -e eop -i ./resources/templates/eop_ver_about_tarot_lang.idml -o ./output/eop/5_AboutCard.idml
zip -r output/eop-1.0.zip output/eop
#
# Building Cornucopia WebApp Edition
mkdir -p output/cornucopia_webapp || echo "Ignore error"
mkdir -p output/cornucopia_webapp/Links || echo "Ignore error"
mkdir -p output/cornucopia_webapp/Fonts || echo "Ignore error"
cp -rf ./resources/templates/Links/cornucopia_webapp output/cornucopia_webapp/Links/
cp -rf ./resources/templates/Fonts/NotoSans/* output/cornucopia_webapp/Fonts/
cp -rf ./resources/templates/Fonts/FivoSans/* output/cornucopia_webapp/Fonts/
cp -rf ./resources/templates/Fonts/Atkinson-Hyperlegible/* output/cornucopia_webapp/Fonts/
#
# Building Cornucopia MobileApp Edition
mkdir -p output/cornucopia_mobileapp || echo "Ignore error"
mkdir -p output/cornucopia_mobileapp/Links || echo "Ignore error"
mkdir -p output/cornucopia_mobileapp/Fonts || echo "Ignore error"
cp -rf ./resources/templates/Links/cornucopia_mobileapp output/cornucopia_mobileapp/Links/
cp -rf ./resources/templates/Fonts/NotoSans/* output/cornucopia_mobileapp/Fonts/
cp -rf ./resources/templates/Fonts/FivoSans/* output/cornucopia_mobileapp/Fonts/
cp -rf ./resources/templates/Fonts/Atkinson-Hyperlegible/* output/cornucopia_mobileapp/Fonts/
#
pipenv run python scripts/convert.py -l all -lt guide -t bridge -v 1.22 -e webapp
pipenv run python scripts/convert.py -l all -lt guide -t bridge -v 2.00 -e webapp
pipenv run python scripts/convert.py -l en -lt all -t all -v 1.22 -e webapp
pipenv run python scripts/convert.py -l en -lt all -t all -v 2.00 -e webapp
pipenv run python scripts/convert.py -l en -lt all -t all -v 1.00 -e mobileapp
cp output/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_bridge_qr_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/owasp_cornucopia_mobileapp_1.00_cards_tarot_qr_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml output/cornucopia_mobileapp/
cp output/owasp_cornucopia_webapp_1.22_cards_bridge_en.idml output/owasp_cornucopia_webapp_1.22_cards_bridge_qr_en.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_en.idml output/owasp_cornucopia_webapp_1.22_cards_tarot_qr_en.idml output/owasp_cornucopia_webapp_1.22_leaflet_bridge_en.idml output/owasp_cornucopia_webapp_1.22_leaflet_tarot_en.idml output/cornucopia_webapp/
cp output/owasp_cornucopia_webapp_2.00_cards_bridge_en.idml output/owasp_cornucopia_webapp_2.00_cards_bridge_qr_en.idml output/owasp_cornucopia_webapp_2.00_cards_tarot_en.idml output/owasp_cornucopia_webapp_2.00_cards_tarot_qr_en.idml output/owasp_cornucopia_webapp_2.00_leaflet_bridge_en.idml output/owasp_cornucopia_webapp_2.00_leaflet_tarot_en.idml output/cornucopia_webapp/
zip output/owasp_cornucopia_mobileapp_1.00_en.zip -r output/cornucopia_mobileapp/Links/* output/cornucopia_mobileapp/Fonts/* output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_bridge_qr_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_tarot_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_cards_tarot_qr_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_bridge_en.idml output/cornucopia_mobileapp/owasp_cornucopia_mobileapp_1.00_leaflet_tarot_en.idml ./resources/templates/owasp_cornucopia_mobileapp_scoresheet.pdf
zip output/owasp_cornucopia_webapp_1.22_en.zip -r output/cornucopia_webapp/Links/* output/cornucopia_webapp/Fonts/* output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_cards_bridge_qr_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_cards_bridge_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_cards_tarot_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_cards_tarot_qr_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_leaflet_bridge_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_1.22_leaflet_tarot_en.idml ./resources/templates/owasp_cornucopia_webapp_scoresheet.pdf
zip output/owasp_cornucopia_webapp_2.00_en.zip -r output/cornucopia_webapp/Links/* output/cornucopia_webapp/Fonts/* output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_cards_bridge_qr_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_cards_bridge_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_cards_tarot_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_cards_tarot_qr_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_leaflet_bridge_en.idml output/cornucopia_webapp/owasp_cornucopia_webapp_2.00_leaflet_tarot_en.idml ./resources/templates/owasp_cornucopia_webapp_scoresheet.pdf
- name: Create pull request artifacts
uses: gavv/pull-request-artifacts@93f32f061d1fabdb41104db2493f2260c7db774f # v2.1
with:
commit: ${{ github.event.pull_request.head.sha }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
comment-message: "The generated Cornucopia cards in this pull request."
artifacts-branch: tmp-${{ github.event.pull_request.head.ref }}-artifacts
artifacts: |
output/eop-1.0.zip
output/owasp_cornucopia_mobileapp_1.00_en.zip
output/owasp_cornucopia_webapp_1.22_en.zip
output/owasp_cornucopia_webapp_2.00_en.zip
output/owasp_cornucopia_webapp_1.22_guide_bridge_es.docx
output/owasp_cornucopia_webapp_1.22_guide_bridge_fr.docx
output/owasp_cornucopia_webapp_1.22_guide_bridge_nl.docx
output/owasp_cornucopia_webapp_1.22_guide_bridge_no-nb.docx
output/owasp_cornucopia_webapp_1.22_guide_bridge_pt-br.docx
output/owasp_cornucopia_webapp_1.22_guide_bridge_qr_en.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_en.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_es.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_fr.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_nl.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_no-nb.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_pt-br.docx
output/owasp_cornucopia_webapp_2.00_guide_bridge_qr_en.docx