Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First commits #1

Merged
merged 10 commits into from
Feb 25, 2025
Merged

First commits #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
789b6ed
Add action to disable AppArmor on the runner
jsf9k Feb 20, 2025
0d67494
Add versioning script and version file
jsf9k Feb 21, 2025
f5392ac
Bump version from 0.0.1 to 1.0.0
jsf9k Feb 21, 2025
2141307
Bump version from 1.0.0 to 1.0.0-rc.1
jsf9k Feb 21, 2025
61bf079
Update README.md boilerplate
jsf9k Feb 21, 2025
6371fbe
Use the official agency name
jsf9k Feb 21, 2025
cce9f66
Ensure that all steps have an id
jsf9k Feb 23, 2025
df00389
Finalize version from 1.0.0-rc.1 to 1.0.0
jsf9k Feb 24, 2025
1427003
Use the v1 tag in sample workflow
jsf9k Feb 24, 2025
c34369f
Revert link
jsf9k Feb 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ jobs:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
# TODO: https://github.com/cisagov/action-disable-apparmor/issues/165
# TODO: https://github.com/cisagov/skeleton-generic/issues/165
# We are temporarily using @mcdonnnj's forked branch of terraform-docs
# until his PR: https://github.com/terraform-docs/terraform-docs/pull/745
# is approved. This temporary fix will allow for ATX header support when
Expand Down
60 changes: 44 additions & 16 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,50 @@

[![GitHub Build Status](https://github.com/cisagov/action-disable-apparmor/workflows/build/badge.svg)](https://github.com/cisagov/action-disable-apparmor/actions)

This is a generic skeleton project that can be used to quickly get a
new [cisagov](https://github.com/cisagov) GitHub project started.
This skeleton project contains [licensing information](LICENSE), as
well as [pre-commit hooks](https://pre-commit.com) and
[GitHub Actions](https://github.com/features/actions) configurations
appropriate for the major languages that we use.

In many cases you will instead want to use one of the more specific
skeleton projects derived from this one.

## New Repositories from a Skeleton ##

Please see our [Project Setup guide](https://github.com/cisagov/development-guide/tree/develop/project_setup)
for step-by-step instructions on how to start a new repository from
a skeleton. This will save you time and effort when configuring a
new repository!
A GitHub Action to disable AppArmor on the GitHub runner.

## Usage ##

### Inputs ###

None.
<!--
| Name | Description | Interpreted Type | Default | Required |
|------|-------------|------------------|---------|:--------:|
| input_name | The input's description. | `string` | n/a | yes |
-->

### Outputs ###

None.
<!--
| Name | Description | Output Type |
|------|-------------|-------------|
| output_name | The output's description. | `output_type` |
-->

### Sample GitHub Actions workflow ###

This GitHub Action only makes changes to the runner and therefore
requires no permissions.

```yml
---
name: The workflow

on:
pull_request:
push:

jobs:
my_job:
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
- name: Disable AppArmor on the GitHub runner
uses: cisagov/action-disable-apparmor@v1
```

## Contributing ##

Expand Down
24 changes: 24 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
author: Cybersecurity and Infrastructure Security Agency
branding:
color: blue
icon: shield-off
description: Disables AppArmor on the GitHub Actions runner.
name: Disable AppArmor

runs:
using: composite
steps:
- id: unload-apparmor-profiles
name: Unload all AppArmor profiles
# The || true is currently necessary because of a bug in
# aa-teardown. See
# https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2093797
# for more details.
run: sudo aa-teardown || true
shell: bash

- id: disable-apparmor
name: Disable and stop AppArmor systemd service
run: sudo systemctl disable --now apparmor.service
shell: bash
172 changes: 172 additions & 0 deletions bump-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
#!/usr/bin/env bash

# bump-version [--push] [--label LABEL] (major | minor | patch | prerelease | build | finalize | show)
# bump-version --list-files

set -o nounset
set -o errexit
set -o pipefail

# Stores the canonical version for the project.
VERSION_FILE=version.txt
# Files that should be updated with the new version.
VERSION_FILES=("$VERSION_FILE")

USAGE=$(
cat << END_OF_LINE
Update the version of the project.

Usage:
${0##*/} [--push] [--label LABEL] (major | minor | patch | prerelease | build | finalize | show)
${0##*/} --list-files
${0##*/} (-h | --help)

Options:
-h | --help Show this message.
--push Perform a \`git push\` after updating the version.
--label LABEL Specify the label to use when updating the build or prerelease version.
--list-files List the files that will be updated when the version is bumped.
END_OF_LINE
)

old_version=$(< "$VERSION_FILE")
# Comment out periods so they are interpreted as periods and don't
# just match any character
old_version_regex=${old_version//\./\\\.}
new_version="$old_version"

bump_part=""
label=""
commit_prefix="Bump"
with_push=false
commands_with_label=("build" "prerelease")
commands_with_prerelease=("major" "minor" "patch")
with_prerelease=false

#######################################
# Display an error message, the help information, and exit with a non-zero status.
# Arguments:
# Error message.
#######################################
function invalid_option() {
echo "$1"
echo "$USAGE"
exit 1
}

#######################################
# Bump the version using the provided command.
# Arguments:
# The version to bump.
# The command to bump the version.
# Returns:
# The new version.
#######################################
function bump_version() {
local temp_version
temp_version=$(python -c "import semver; print(semver.parse_version_info('$1').${2})")
echo "$temp_version"
}

if [ $# -eq 0 ]; then
echo "$USAGE"
exit 1
else
while [ $# -gt 0 ]; do
case $1 in
--push)
if [ "$with_push" = true ]; then
invalid_option "Push has already been set."
fi

with_push=true
shift
;;
--label)
if [ -n "$label" ]; then
invalid_option "Label has already been set."
fi

label="$2"
shift 2
;;
build | finalize | major | minor | patch)
if [ -n "$bump_part" ]; then
invalid_option "Only one version part should be bumped at a time."
fi

bump_part="$1"
shift
;;
prerelease)
with_prerelease=true
shift
;;
show)
echo "$old_version"
exit 0
;;
-h | --help)
echo "$USAGE"
exit 0
;;
--list-files)
printf '%s\n' "${VERSION_FILES[@]}"
exit 0
;;
*)
invalid_option "Invalid option: $1"
;;
esac
done
fi

if [ -n "$label" ] && [ "$with_prerelease" = false ] && [[ ! " ${commands_with_label[*]} " =~ [[:space:]]${bump_part}[[:space:]] ]]; then
invalid_option "Setting the label is only allowed for the following commands: ${commands_with_label[*]}"
fi

if [ "$with_prerelease" = true ] && [ -n "$bump_part" ] && [[ ! " ${commands_with_prerelease[*]} " =~ [[:space:]]${bump_part}[[:space:]] ]]; then
invalid_option "Changing the prerelease is only allowed in conjunction with the following commands: ${commands_with_prerelease[*]}"
fi

label_option=""
if [ -n "$label" ]; then
label_option="token='$label'"
fi

if [ -n "$bump_part" ]; then
if [ "$bump_part" = "finalize" ]; then
commit_prefix="Finalize"
bump_command="finalize_version()"
elif [ "$bump_part" = "build" ]; then
bump_command="bump_${bump_part}($label_option)"
else
bump_command="bump_${bump_part}()"
fi
new_version=$(bump_version "$old_version" "$bump_command")
echo Changing version from "$old_version" to "$new_version"
fi

if [ "$with_prerelease" = true ]; then
bump_command="bump_prerelease($label_option)"
temp_version=$(bump_version "$new_version" "$bump_command")
echo Changing version from "$new_version" to "$temp_version"
new_version="$temp_version"
fi

tmp_file=/tmp/version.$$
for version_file in "${VERSION_FILES[@]}"; do
if [ ! -f "$version_file" ]; then
echo Missing expected file: "$version_file"
exit 1
fi
sed "s/$old_version_regex/$new_version/" "$version_file" > $tmp_file
mv $tmp_file "$version_file"
done

git add "${VERSION_FILES[@]}"
git commit --message "$commit_prefix version from $old_version to $new_version"

if [ "$with_push" = true ]; then
git push
fi
2 changes: 2 additions & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
# The bump-version script requires at least version 3 of semver.
semver>=3
setuptools
wheel
1 change: 1 addition & 0 deletions version.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.0.0