|
1 | 1 | name: Build Documents |
2 | 2 |
|
| 3 | +# BSD 3-Clause License |
| 4 | + |
| 5 | +# Copyright (c) 2025, Tetsuo Seto |
| 6 | + |
| 7 | +# Redistribution and use in source and binary forms, with or without |
| 8 | +# modification, are permitted provided that the following conditions are met: |
| 9 | + |
| 10 | +# 1. Redistributions of source code must retain the above copyright notice, this |
| 11 | +# list of conditions and the following disclaimer. |
| 12 | + |
| 13 | +# 2. Redistributions in binary form must reproduce the above copyright notice, |
| 14 | +# this list of conditions and the following disclaimer in the documentation |
| 15 | +# and/or other materials provided with the distribution. |
| 16 | + |
| 17 | +# 3. Neither the name of the copyright holder nor the names of its |
| 18 | +# contributors may be used to endorse or promote products derived from |
| 19 | +# this software without specific prior written permission. |
| 20 | + |
| 21 | +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
| 22 | +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 23 | +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| 24 | +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE |
| 25 | +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 26 | +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 27 | +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
| 28 | +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| 29 | +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | + |
3 | 32 | on: |
4 | | - workflow_dispatch: |
5 | | - pull_request: |
6 | | - push: |
7 | | - branches: |
8 | | - - main |
| 33 | + issue_comment: |
| 34 | + types: [created, edited] |
| 35 | + # push: |
| 36 | + # branches: |
| 37 | + # - main |
| 38 | + # paths: |
| 39 | + # - '1.0/en/*.md' |
9 | 40 |
|
10 | | -concurrency: |
11 | | - group: ${{ github.workflow }}-${{ github.ref }} |
12 | | - cancel-in-progress: true |
| 41 | +permissions: |
| 42 | + contents: write # needed to push commit the generated PDF |
| 43 | + pull-requests: write # needed to PR the generated PDF |
13 | 44 |
|
14 | 45 | jobs: |
15 | | - filters: |
16 | | - runs-on: ubuntu-latest |
| 46 | + build_pdf: |
| 47 | + name: Build PDF |
| 48 | + if: ${{ startsWith(github.event.issue.title, 'Document Build Request') || github.event_name == 'push' }} |
| 49 | + runs-on: ubuntu-24.04 |
17 | 50 | steps: |
18 | | - |
19 | | - |
20 | | - id: filter |
21 | | - with: |
22 | | - filters: | |
23 | | - docker: |
24 | | - - 'docker/**/*' |
25 | | - v1: |
26 | | - - '5.0/**/*' |
27 | | - outputs: |
28 | | - docker: ${{ steps.filter.outputs.docker }} |
29 | | - v1: ${{ steps.filter.outputs.v1 }} |
30 | | - |
31 | | - build-image: |
32 | | - if: needs.filters.outputs.docker == 'true' |
33 | | - needs: filters |
34 | | - uses: owasp/aisvs/.github/workflows/build-and-publish-docker-image.yml@main |
35 | | - |
36 | | - build-v1: |
37 | | - if: ${{ always() && needs.filters.outputs.v1 == 'true' }} |
38 | | - needs: |
39 | | - - build-image |
40 | | - - filters |
41 | | - uses: owasp/aisvs/.github/workflows/create-1.0-outputs.yml@main |
| 51 | + |
| 52 | + # STEP 0: Define LANG, MT_X, owasp_pdf parameters |
| 53 | + - name: Read owasp_pdf parameters |
| 54 | + if: ${{ startsWith(github.event.issue.title, 'Document Build Request') }} |
| 55 | + env: |
| 56 | + EVENT_COMMENT_BODY: ${{ github.event.comment.body }} |
| 57 | + run: | |
| 58 | + IFS=',' read -ra PARAMS <<< $EVENT_COMMENT_BODY |
| 59 | + if echo ${PARAMS[0]}; then |
| 60 | + echo "LANG=${PARAMS[0]}" | tr -d " " >> $GITHUB_ENV |
| 61 | + else |
| 62 | + echo "LANG=" >> $GITHUB_ENV; |
| 63 | + fi |
| 64 | + if echo ${PARAMS[1]}; then |
| 65 | + echo "MT_X=${PARAMS[1]}" | tr -d " " >> $GITHUB_ENV |
| 66 | + else |
| 67 | + echo "MT_X=" >> $GITHUB_ENV; |
| 68 | + fi |
| 69 | + - name: Define LANG for 'push' event |
| 70 | + if: ${{ github.event_name == 'push' }} |
| 71 | + run: | |
| 72 | + echo "LANG=en-US" >> $GITHUB_ENV |
| 73 | + echo "MT_X=" >> $GITHUB_ENV |
| 74 | + - name: Adjust LANG (default en-US) |
| 75 | + run: | |
| 76 | + if [[ ${{ env.LANG }} =~ ^[a-z]{2}-[A-Z]{2}$ ]]; then |
| 77 | + : |
| 78 | + else |
| 79 | + echo "LANG=" >> $GITHUB_ENV |
| 80 | + fi |
| 81 | + - name: Adjust MT_X |
| 82 | + if: ${{ env.LANG != '' && env.MT_X != '' && !contains(fromJSON('["mt", "x", "b"]'), env.MT_X) }} |
| 83 | + run: echo "LANG=" >> $GITHUB_ENV |
| 84 | + - name: Invalid Command |
| 85 | + env: |
| 86 | + EVENT_COMMENT_BODY: ${{ github.event.comment.body }} |
| 87 | + TRANSLATE_ACCESS_KEY: ${{ secrets.TRANSLATE_ACCESS_KEY }} |
| 88 | + run: | |
| 89 | + if ${{ env.LANG == '' }}; then |
| 90 | + echo "The command '$EVENT_COMMENT_BODY' is invalid." |
| 91 | + exit 1 |
| 92 | + fi |
| 93 | + if ${{ env.TRANSLATE_ACCESS_KEY == '' }}; then |
| 94 | + echo "MT is disabled. Pls consult with the repo maintener." |
| 95 | + exit 1 |
| 96 | + fi |
| 97 | + if ${{ env.MT_X == 'mt' && ( |
| 98 | + github.event.comment.author_association != 'OWNER' && |
| 99 | + github.event.comment.author_association != 'COLLABORATOR' && |
| 100 | + github.event.comment.author_association != 'MEMBER') |
| 101 | + }}; then |
| 102 | + echo "MT is not allowed. Pls consult with the repo maintener." |
| 103 | + exit 1 |
| 104 | + fi |
| 105 | + if ${{ env.MT_X == 'b' && ( |
| 106 | + github.event.comment.author_association != 'OWNER' && |
| 107 | + github.event.comment.author_association != 'COLLABORATOR' && |
| 108 | + github.event.comment.author_association != 'MEMBER') |
| 109 | + }}; then |
| 110 | + echo "B is not allowed. Pls consult with the repo maintener." |
| 111 | + exit 1 |
| 112 | + fi |
| 113 | +
|
| 114 | + # STEP 1: Check out the repository code; we'll commit bld result/PR to it |
| 115 | + # We'll download the Tenzing tool on to it. |
| 116 | + - name: Check out repository code |
| 117 | + if: ${{ env.LANG != '' }} |
| 118 | + uses: actions/checkout@v4 |
| 119 | + with: |
| 120 | + # test bed |
| 121 | + repository: tetsuoseto/AISVS |
| 122 | + # production |
| 123 | + # repository: OWASP/AISVS |
| 124 | + ref: main |
| 125 | + - name: Check if owasp_pdf executable exists |
| 126 | + if: ${{ env.LANG != '' }} |
| 127 | + run: | |
| 128 | + if [ -f ${{ github.workspace }}/1.0/blddoc/owasp_pdf ]; then |
| 129 | + echo "EXECUTABLE_EXISTS=yes" >> $GITHUB_ENV; |
| 130 | + mkdir ${{ github.workspace }}/SAVED; |
| 131 | + cp ${{ github.workspace }}/1.0/blddoc/owasp_pdf ${{ github.workspace }}/SAVED; |
| 132 | + cp -r ${{ github.workspace }}/1.0/blddoc/owasp_pdf_data_ASV ${{ github.workspace }}/SAVED; |
| 133 | + cp ${{ github.workspace }}/1.0/blddoc/owasp_pdf_register_ASV_plugin.py ${{ github.workspace }}/SAVED; |
| 134 | + cp -r ${{ github.workspace }}/1.0/blddoc/owasp_pdf_data_ZZZ ${{ github.workspace }}/SAVED; |
| 135 | + cp ${{ github.workspace }}/1.0/blddoc/owasp_pdf_register_ZZZ_plugin.py ${{ github.workspace }}/SAVED; |
| 136 | + else |
| 137 | + echo "EXECUTABLE_EXISTS=no" >> $GITHUB_ENV; |
| 138 | + fi |
| 139 | +
|
| 140 | + # STEP 2: Define target branch name |
| 141 | + - name: Define target branch name with MT_X |
| 142 | + if: ${{ env.LANG != '' && env.MT_X != '' }} |
| 143 | + run: | |
| 144 | + MAIN_SHA="PDF_${{ env.LANG }}_${{ env.MT_X }}_${{ github.sha }}" |
| 145 | + echo "TARGET_BRANCH_NAME=$MAIN_SHA" >> $GITHUB_ENV |
| 146 | + - name: Define target branch name without MT_X |
| 147 | + if: ${{ env.LANG != '' && env.MT_X == '' }} |
| 148 | + run: | |
| 149 | + MAIN_SHA="PDF_${{ env.LANG }}_${{ github.sha }}" |
| 150 | + echo "TARGET_BRANCH_NAME=$MAIN_SHA" >> $GITHUB_ENV |
| 151 | +
|
| 152 | + # STEP 3: Check if the target branch exists |
| 153 | + - name: Check if the target branch exists |
| 154 | + if: ${{ env.LANG != '' }} |
| 155 | + run: | |
| 156 | + BRANCH_NAME=${{ env.TARGET_BRANCH_NAME }} |
| 157 | + git config user.name "github-actions[bot]" |
| 158 | + git config user.email "github-actions[bot]@users.noreply.github.com" |
| 159 | + if git ls-remote --heads origin | grep "${BRANCH_NAME}"; then |
| 160 | + echo "BRANCH_EXISTS=yes" >> $GITHUB_ENV; |
| 161 | + else |
| 162 | + echo "BRANCH_EXISTS=no" >> $GITHUB_ENV; |
| 163 | + fi |
| 164 | +
|
| 165 | + # STEP 4: Prep for build |
| 166 | + - name: Download the tool as a zip file |
| 167 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 168 | + run: | |
| 169 | + # test bed |
| 170 | + curl -L -o main.zip "https://github.com/tetsuoseto/Tenzing/archive/refs/heads/main.zip" |
| 171 | + # production |
| 172 | + # curl -L -o main.zip "https://github.com/OWASP/pdf5/archive/refs/heads/main.zip" |
| 173 | + - name: Unzip the tool zip file |
| 174 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 175 | + run: | |
| 176 | + unzip main.zip -d UNZIPPED |
| 177 | + - name: List the tool files checked out to the build workspace |
| 178 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 179 | + run: | |
| 180 | + ls -la ${{ github.workspace }} |
| 181 | + - name: Copy owasp_pdf and plug-in module |
| 182 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 183 | + run: | |
| 184 | + # test bed |
| 185 | + cd UNZIPPED/Tenzing-main/ |
| 186 | + # production |
| 187 | + # cd UNZIPPED/pdf5-main/ |
| 188 | + unzip linux.zip -d BldEnv20241124 |
| 189 | + cd BldEnv20241124/linux |
| 190 | + cp owasp_pdf ${{ github.workspace }}/1.0/blddoc/owasp_pdf |
| 191 | + cd .. |
| 192 | + cp -rf owasp_pdf_data_ASV ${{ github.workspace }}/1.0/blddoc |
| 193 | + cp -f owasp_pdf_register_ASV_plugin.py ${{ github.workspace }}/1.0/blddoc |
| 194 | + cp -rf owasp_pdf_data_ZZZ ${{ github.workspace }}/1.0/blddoc |
| 195 | + cp -f owasp_pdf_register_ZZZ_plugin.py ${{ github.workspace }}/1.0/blddoc |
| 196 | +
|
| 197 | + - name: List files under 1.0/blddoc |
| 198 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 199 | + run: | |
| 200 | + cd ${{ github.workspace }}/1.0/blddoc |
| 201 | + ls -la |
| 202 | + - name: List files under 1.0/blddoc/asv |
| 203 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 204 | + run: | |
| 205 | + cd ${{ github.workspace }}/1.0/blddoc/asv |
| 206 | + ls -la |
| 207 | +
|
| 208 | + # STEP 5: Build |
| 209 | + - name: Call ./owasp_pdf with ${{ env.LANG }} |
| 210 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' && env.MT_X == '' }} |
| 211 | + run: | |
| 212 | + cd ${{ github.workspace }}/1.0/blddoc |
| 213 | + ./owasp_pdf -s -y -l ASV_${{ env.LANG }} --hdr '${{ github.sha }}' |
| 214 | + - name: Call ./owasp_pdf with ${{ env.LANG }} and 'mt' |
| 215 | + env: |
| 216 | + TRANSLATE_ACCESS_KEY: ${{ secrets.TRANSLATE_ACCESS_KEY }} |
| 217 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' && env.MT_X == 'mt' }} |
| 218 | + run: | |
| 219 | + cd ${{ github.workspace }}/1.0/blddoc |
| 220 | + ./owasp_pdf -s --mt gpt-4.1-mini -y -l ASV_${{ env.LANG }} --hdr '${{ github.sha }} MACHINE TRANSLATED' |
| 221 | + - name: Call ./owasp_pdf with ${{ env.LANG }} and 'x' |
| 222 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' && env.MT_X == 'x' }} |
| 223 | + run: | |
| 224 | + cd ${{ github.workspace }}/1.0/blddoc |
| 225 | + ./owasp_pdf -s -x -y -l ASV_${{ env.LANG }} --hdr '${{ github.sha }} MACHINE TRANSLATED' |
| 226 | + - name: Call ./owasp_pdf with ${{ env.LANG }} and 'b' |
| 227 | + env: |
| 228 | + WATERMARK_SECRET_KEY: ${{ secrets.WATERMARK_SECRET_KEY }} |
| 229 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' && env.MT_X == 'b' }} |
| 230 | + run: | |
| 231 | + cd ${{ github.workspace }}/1.0/blddoc |
| 232 | + ./owasp_pdf -s -y -l ASV_${{ env.LANG }} |
| 233 | +
|
| 234 | + # STEP 6: Delete used files |
| 235 | + - name: Delete used files |
| 236 | + if: ${{ always() && env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 237 | + run: | |
| 238 | + rm -f ${{ github.workspace }}/1.0/blddoc/owasp_pdf |
| 239 | + rm -rf ${{ github.workspace }}/1.0/blddoc/owasp_pdf_data_ASV |
| 240 | + rm -f ${{ github.workspace }}/1.0/blddoc/owasp_pdf_register_ASV_plugin.py |
| 241 | + rm -rf ${{ github.workspace }}/1.0/blddoc/owasp_pdf_data_ZZZ |
| 242 | + rm -f ${{ github.workspace }}/1.0/blddoc/owasp_pdf_register_ZZZ_plugin.py |
| 243 | + - name: Recover the original owasp_pdf |
| 244 | + if: ${{ always() && env.LANG != '' && env.BRANCH_EXISTS == 'no' && env.EXECUTABLE_EXISTS == 'yes' }} |
| 245 | + run: | |
| 246 | + cp ${{ github.workspace }}/SAVED/owasp_pdf ${{ github.workspace }}/1.0/blddoc; |
| 247 | + cp -r ${{ github.workspace }}/SAVED/owasp_pdf_data_ASV ${{ github.workspace }}/1.0/blddoc; |
| 248 | + cp ${{ github.workspace }}/SAVED/owasp_pdf_register_ASV_plugin.py ${{ github.workspace }}/1.0/blddoc; |
| 249 | + cp -r ${{ github.workspace }}/SAVED/owasp_pdf_data_ZZZ ${{ github.workspace }}/1.0/blddoc; |
| 250 | + cp ${{ github.workspace }}/SAVED/owasp_pdf_register_ZZZ_plugin.py ${{ github.workspace }}/1.0/blddoc; |
| 251 | + rm -rf ${{ github.workspace }}/SAVED |
| 252 | +
|
| 253 | + # STEP 7: Clean up |
| 254 | + - name: Clean up |
| 255 | + if: ${{ always() && env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 256 | + run: | |
| 257 | + rm -rf ${{ github.workspace }}/1.0/blddoc/asv/en-ZZ |
| 258 | + rm -rf UNZIPPED |
| 259 | + rm -f main.zip |
| 260 | +
|
| 261 | + # STEP 8: Commit and PR |
| 262 | + - name: Commit the changes |
| 263 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 264 | + env: |
| 265 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 266 | + run: | |
| 267 | + git config user.name "github-actions[bot]" |
| 268 | + git config user.email "github-actions[bot]@users.noreply.github.com" |
| 269 | + git checkout -b '${{ env.TARGET_BRANCH_NAME }}' |
| 270 | + git add . |
| 271 | + git commit -m "PDF created for ${{ env.LANG }} with the commit ${{ github.sha }}" |
| 272 | + git push --set-upstream origin '${{ env.TARGET_BRANCH_NAME }}' |
| 273 | + - name: Create Pull Request with the generated PDF |
| 274 | + if: ${{ env.LANG != '' && env.BRANCH_EXISTS == 'no' }} |
| 275 | + env: |
| 276 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 277 | + run: | |
| 278 | + gh pr create --base 'main' --head '${{ env.TARGET_BRANCH_NAME }}' --title 'Automated PR with ${{ env.TARGET_BRANCH_NAME }}' --body 'PDF generated for ${{ env.LANG }} with the commit ${{ github.sha }}' |
0 commit comments