Updated GitHub workflows (#386)

* Update powershell.yml The workflow runs too many times unnecessarily on sub-branches. Signed-off-by: Violet Hansen <[email protected]> * Renamed workflow to match its name in yaml file Renamed workflow to match its name in yaml file * Renamed workflow to match its name in yaml file Renamed workflow to match its name in yaml file * Update Build AppControl Manager MSIX Package.yml Added new step to update the AppControl Manager download link * Update Build AppControl Manager MSIX Package.yml * Update Build AppControl Manager MSIX Package.yml --------- Signed-off-by: Violet Hansen <[email protected]>
HotCakeX · Nov 2, 2024 · fee3061 · fee3061
1 parent 735fb3c
commit fee3061
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 8 deletions.
diff --git a/.github/workflows/Build AppControl Manager MSIX Package.yml b/.github/workflows/Build AppControl Manager MSIX Package.yml
@@ -4,6 +4,7 @@ permissions:
   id-token: write
   actions: read
   contents: write
+  pull-requests: write
   attestations: write
 
 on:
@@ -13,7 +14,6 @@ jobs:
   build:
     runs-on: windows-latest
     steps:
-
       - name: Check out the repository code
         uses: actions/checkout@v4
 
@@ -94,6 +94,7 @@ jobs:
 
       - name: Finding the Latest Draft Release
         id: find_draft_release
+        shell: pwsh
         run: |
           # Find the latest draft release via GitHub REST API
           $Response = Invoke-RestMethod -Uri "https://api.github.com/repos/${{ github.repository }}/releases" -Headers @{ Authorization = "token ${{ secrets.GITHUB_TOKEN }}" }
@@ -102,12 +103,20 @@ jobs:
           if (!$DraftRelease) {
             throw "No draft release found"
           }
+
+          # Capture the draft release ID and tag
           $DRAFT_RELEASE_ID = $DraftRelease.id
+          $DRAFT_RELEASE_TAG = $DraftRelease.tag_name
+
+          # Save both the release ID and tag to environment variables for later steps
           Write-Output -InputObject "DRAFT_RELEASE_ID=$DRAFT_RELEASE_ID" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Force
-          Write-host -Object "GitHub Draft ID: $DRAFT_RELEASE_ID"
-        shell: pwsh
+          Write-Output -InputObject "DRAFT_RELEASE_TAG=$DRAFT_RELEASE_TAG" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Force
+
+          Write-Host -Object "GitHub Draft ID: $DRAFT_RELEASE_ID"
+          Write-Host -Object "GitHub Draft Tag: $DRAFT_RELEASE_TAG"
 
       - name: Uploading the MSIX Package to the Draft Release
+        shell: pwsh
         run: |
           $DraftReleaseId = $env:DRAFT_RELEASE_ID
           $FilePath = "${{ env.MSIX_PATH }}"
@@ -120,9 +129,9 @@ jobs:
             "Content-Type" = "application/octet-stream"
           }
           Write-Host -Object "Uploaded package to draft release: $Response.name"
-        shell: pwsh
 
       - name: Uploading the SBOM file to the Draft Release
+        shell: pwsh
         run: |
           $DraftReleaseId = $env:DRAFT_RELEASE_ID
           $FilePath = "HardenWindowsSecurityRepoSBOM.spdx"
@@ -134,4 +143,38 @@ jobs:
             "Content-Type" = "application/octet-stream"
           }
           Write-Host -Object "Uploaded the SBOM file to the draft release: $Response.name"
+
+      - name: Updating The MSIX Download Link and Creating Pull Request
         shell: pwsh
+        run: |
+          # Construct the download URL using the draft release tag and MSIX file name
+          [string]$DownloadURL = "https://github.com/${{ github.repository }}/releases/download/${{ env.DRAFT_RELEASE_TAG }}/${{ env.MSIX_NAME }}"
+
+          # Path to the file that will be updated
+          [string]$FilePath = ".\AppControl Manager\DownloadURL.txt"
+
+          # Update the file content with the new URL
+          Set-Content -Path $FilePath -Value $DownloadURL -Force
+          Write-Host -Object "Updated DownloadURL.txt with download URL: $DownloadURL"
+
+          # Configure Git for committing changes
+          git config --global user.email '[email protected]'
+          git config --global user.name 'HotCakeX'
+
+          # Create a new branch for the pull request
+          [string]$NewBranch = "update-download-url-$([System.Guid]::NewGuid().ToString() -replace '-', '')"
+          git checkout -b $NewBranch
+
+          # Stage and commit the change
+          git add $FilePath
+          git commit -m "Update DownloadURL.txt with MSIX download link"
+
+          # Manual review of the PR for now
+          # git push -u origin $NewBranch
+
+          # Create the pull request with a label and assignee
+          gh pr create --title "AppControl Manager download link update" `
+                       --body "This PR updates DownloadURL.txt with the latest MSIX download link for version ${{ env.MSIX_NAME }}." `
+                       --base main `
+                       --label "Automated 🤖" `
+                       --assignee HotCakeX
diff --git a/.github/workflows/powershell.yml → .github/workflows/PSScriptAnalyzer.yml b/.github/workflows/powershell.yml → .github/workflows/PSScriptAnalyzer.yml
@@ -11,21 +11,19 @@ name: PSScriptAnalyzer
 
 on:
   push:
-    branches: ["main", Sub-branch]
+    branches: ["main"]
     paths:
       - "**.ps1"
       - "**.psm1"
       - "**.psd1"
   pull_request:
-    branches: ["main", Sub-branch]
+    branches: ["main"]
     paths:
       - "**.ps1"
       - "**.psm1"
       - "**.psd1"
   workflow_dispatch:
 
-
-
 permissions:
   contents: read
 

diff --git a/.github/workflows/VirusTotal.yml → ...itory And Package Scan on Virus Total.yml b/.github/workflows/VirusTotal.yml → ...itory And Package Scan on Virus Total.yml