Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial proof of concept for lula actions #2

Merged
merged 1 commit into from
Jan 11, 2024
+165 −2
Merged

Initial proof of concept for lula actions #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,34 @@
# lula-action
Lula GitHub action
# Lula GitHub Action

Make [Lula](https://github.com/defenseunicorns/lula) available to your GitHub Actions workflows.

## Usage

### Linting OSCAL file against schema
```yaml
- name: Setup Lula
uses: defenseunicorns/lula/setup@v1
with:
version: v0.0.1

- name: Lint OSCAL file
uses: defenseunicorns/lula/lint@v1
with:
oscal-target: oscal-component.yaml
```

### Validation and Evaluation

```yaml
- name: Setup Lula
uses: defenseunicorns/lula/setup@v1
with:
version: v0.0.1

- name: Perform Validation of OSCAL
uses: defenseunicorns/lula/validate@v1
with:
oscal-target: oscal-component.yaml
threshold: assessment-results.yaml
```

27 changes: 27 additions & 0 deletions lint/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: "Lint"
description: "Lints targeted OSCAL files for schema compliance"

inputs:
oscal-target:
description: "The target file to be linted"

runs:
using: "composite"
steps:
- shell: bash
run: |
#!/bin/bash
# Base url for zarf release artifacts
target="${{ inputs.oscal-target }}"

# Check if the file exists
if [! -f "$target" ]; then
echo "File $target does not exist"
exit 1
fi

# Lint the file with Lula
lula tools lint -f "$target"



63 changes: 63 additions & 0 deletions setup/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: "Setup"
description: "Installs Lula and includes the Lula CLI in the PATH"

inputs:
version:
description: "The version of Lula to install. Uses the latest version if not specified."

runs:
using: "composite"
steps:
- shell: bash
run: |
#!/bin/bash
# Base url for lula release artifacts
target_dir="${HOME}/.lula-cache"
version="${{ inputs.version }}"

# Use latest version if not specified
if [ "${version}" == "" ]; then
version=$(curl -sIX HEAD https://github.com/defenseunicorns/lula/releases/latest | grep -i ^location: | grep -Eo 'v[0-9]+.[0-9]+.[0-9]+')
fi

release_path="https://github.com/defenseunicorns/lula/releases/download/${version}"

mkdir -p $target_dir

# Set the architecture variable
case ${{ runner.arch }} in
X64)
arch="amd64"
;;
ARM64)
arch="arm64"
;;
*)
echo "Unsupported architecture, only X64 and ARM64 are supported."
exit 1
;;
esac

# Set the filename variable
case ${{ runner.os }} in
Linux)
filename="Linux_${arch}"
;;
macOS)
filename="Darwin_${arch}"
;;
*)
echo "Unsupported OS type, only Linux, and macOS are supported."
exit 1
;;
esac

echo "Downloading Lula ${version} for ${{ runner.os }} ${arch}"
curl -sL "${release_path}/lula_${version}_${filename}" -o "${target_dir}/lula${suffix}"

# Make the file executable if it's not a Windows binary
chmod +x "${target_dir}/lula"

- if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}
run: echo "${HOME}/.lula-cache" >> $GITHUB_PATH
shell: bash
41 changes: 41 additions & 0 deletions validate/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "Validate"
description: "Performs the Lula validation and evaluation"

inputs:
oscal-target:
description: "The target file to be validated"
threshold:
description: "The assessment result file to compare against. Attempts to find assessment-results.yaml if not specified"

runs:
using: "composite"
steps:
- shell: bash
run: |
#!/bin/bash
# Base url for lula artifacts
target_dir="${HOME}/.lula-cache"
threshold="${{ inputs.threshold }}"
target="{{ inputs.oscal-target }}"

# Check if the target file exists
if [! -f "$target" ]; then
echo "File $target does not exist"
exit 1
fi

# Check if the threshold variable is empty - otherwise use the threshold
if [ -z "$threshold" ]; then
lula validate -f "$target" -a "$target_dir/assessment-results.yaml"
# Check if default assessment results file exists
if [ -f "assessment-results.yaml" ]; then
lula evaluate -f assessment-results.yaml -f "$target_dir/assessment-results.yaml"
else
echo "No threshold exists - will not perform evaluation"
# exiting zero here currently - could be worth exiting non-zero
exit 0
fi
else
lula validate -f "$target" -a "$target_dir/assessment-results.yaml"
lula evaluate -f "$threshold" -f "$target_dir/assessment-results.yaml"
fi