Skip to content

Update admx and adml templates #1198

Update admx and adml templates

Update admx and adml templates #1198

Workflow file for this run

name: Update admx and adml templates
on:
push:
branches:
- '**' # Ignore tag push, but take any branch
paths:
- 'cmd/admxgen/**'
- 'internal/ad/admxgen/**'
- '.github/workflows/adm-builds.yaml'
schedule:
- cron: '42 0 * * *'
jobs:
build-admxgen:
name: Build admxgen static binary
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
- run: |
mkdir /tmp/adsys
CGO_ENABLED=0 go build ./cmd/admxgen/
- name: Upload admxgen
uses: actions/upload-artifact@v3
with:
name: admxgen
path: |
admxgen
./cmd/admxgen/defs/*
if-no-files-found: error
supported-releases:
name: Build matrix for supported ADSys, Ubuntu, and docker releases
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-supported-releases.outputs.matrix }}
needs: build-admxgen
steps:
- name: Install needed binaries
run: |
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install -y distro-info jq
- name: Build matrix for supported ADSys, Ubuntu, and docker releases
id: set-supported-releases
run: |
set -eu
function releaseDockerExists() {
local codename="${1}"
exists=1
curl "https://registry.hub.docker.com/api/content/v1/repositories/public/library/ubuntu/tags?page_size=3000" 2>/dev/null | \
jq -r '.results[].name' | grep -q "${codename}" && exists=0
echo "${exists}"
}
all="$(distro-info --supported-esm) $(distro-info --supported)"
all="$(echo $all | tr ' ' '\n' | sort -u)"
releases=""
for r in ${all}; do
# Filter out unsupported LTS releases
if [ "${r}" = "trusty" -o "${r}" = "xenial" -o "${r}" = "bionic" ]; then
continue
fi
exists=$(releaseDockerExists ${r})
if [ ${exists} != 0 ]; then
continue
fi
if [ -n "${releases}" ]; then
releases="${releases}, "
fi
releases="${releases}'ubuntu:${r}'"
done
echo "matrix={\"releases\":[${releases}]}" >> $GITHUB_OUTPUT
collect-releases:
name: Collect supported keys on each releases
runs-on: ubuntu-latest
needs:
- build-admxgen
- supported-releases
strategy:
matrix: ${{fromJson(needs.supported-releases.outputs.matrix)}}
container:
image: ${{ matrix.releases }}
steps:
- name: Download admxgen and definition files
uses: actions/download-artifact@v3
with:
name: admxgen
- name: Install desktop with all default package in container
run: |
export DEBIAN_FRONTEND=noninteractive
apt update
apt -y install ubuntu-desktop
- name: Collect support keys
run: |
chmod 755 ./admxgen
./admxgen expand --current-session ubuntu ./cmd/admxgen/defs/ ./out/
- name: Prepare artefact name variable
shell: bash
run: |
set -eu
artifacts_name=${{ matrix.releases }}
artifacts_name=${artifacts_name/:/-}
echo "artifacts_name=${artifacts_name}" >> $GITHUB_ENV
- name: Generated definition files
uses: actions/upload-artifact@v3
with:
name: policies-${{ env.artifacts_name }}
path: out/*
if-no-files-found: error
generate-ad:
name: Merge keys to generated admx/adml
runs-on: ubuntu-latest
needs: collect-releases
strategy:
matrix:
releases: ['LTS', 'ALL']
steps:
- name: Install needed binaries
run: |
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install -y distro-info
- name: Download all available artifacts
uses: actions/download-artifact@v3
with:
path: artifacts
- name: Display structure of downloaded files
run: |
set -eu
allowflag="--allow-missing-keys"
target=$(ubuntu-distro-info -r --supported-esm | cut -d" " -f1)
if [ ${{ matrix.releases }} = "ALL" ]; then
target=$(ubuntu-distro-info -r --supported | cut -d" " -f1)
allowflag=""
fi
mkdir wanted/
for f in $(find artifacts/policies-*/ -type f); do
for wanted in ${target}; do
if [ $(basename $f) != ${wanted}.yaml ]; then
continue
fi
cp $f wanted/
done
done
chmod +x artifacts/admxgen/admxgen
artifacts/admxgen/admxgen admx --auto-detect-releases ${allowflag} artifacts/admxgen/cmd/admxgen/defs/categories.yaml wanted/ .
ls -R
- name: Upload adm template files
uses: actions/upload-artifact@v3
with:
name: adm-${{ matrix.releases }}
path: Ubuntu.adm*
if-no-files-found: error
integrate-ad:
name: Integrate AD in current git tree
runs-on: ubuntu-latest
needs: generate-ad
steps:
- uses: actions/checkout@v4
- name: Download adm template files for "all"
uses: actions/download-artifact@v3
with:
name: adm-ALL
path: policies/Ubuntu/all
- name: Download adm template files for lts only
uses: actions/download-artifact@v3
with:
name: adm-LTS
path: policies/Ubuntu/lts-only
- name: Copy admx and adml to git
run: |
git add policies/
- name: Get output branch for branch name
id: get-branch-name
shell: bash
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
- name: Create Pull Request
uses: peter-evans/create-pull-request@v5
with:
commit-message: Refresh policy definition files
title: Refresh policy definition files
labels: policies, automated pr
body: "[Auto-generated pull request](https://github.com/ubuntu/adsys/actions/workflows/adm-builds.yaml) by GitHub Action"
branch: auto-update-policydefinitions-${{ steps.get-branch-name.outputs.branch }}
token: ${{ secrets.GITHUB_TOKEN }}
delete-branch: true
open-issue-on-fail:
name: Open issue on failure
runs-on: ubuntu-latest
needs: integrate-ad
if: ${{ failure() }}
steps:
- uses: actions/checkout@v4
- name: Create issue if build failed
uses: JasonEtco/create-an-issue@v2
env:
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
filename: .github/workflows/adm-builds-fail.md
search_existing: open
update_existing: true