refactor: trestle-bot migration from check_only (#90)

* ⬆️ bump RedHatProductSecurity/trestle-bot from 0.8.0 to 0.9.0 Bumps [RedHatProductSecurity/trestle-bot](https://github.com/redhatproductsecurity/trestle-bot) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/redhatproductsecurity/trestle-bot/releases) - [Commits](RedHatProductSecurity/trestle-bot@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: RedHatProductSecurity/trestle-bot dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * refactor: updates validate.yml for trestlebot migration from check_only Signed-off-by: Jennifer Power <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Jennifer Power <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
RedHatProductSecurity · May 23, 2024 · 0e1de9d · 0e1de9d
1 parent 0969fd9
commit 0e1de9d
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 7 deletions.
diff --git a/.github/workflows/autosync-profile.yml b/.github/workflows/autosync-profile.yml
@@ -31,7 +31,7 @@ jobs:
           token: ${{ steps.get_installation_token.outputs.token }}
       - name: autosync profile
         id: autosync-profile
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"

diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml
@@ -22,7 +22,7 @@ jobs:
     name: Create profile
     runs-on: ubuntu-latest
     container:
-      image: quay.io/continuouscompliance/trestle-bot:v0.8.0
+      image: quay.io/continuouscompliance/trestle-bot:v0.9.0
     steps:
       - name: Generate app token
         uses: tibdex/[email protected]

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
         with:
           token: ${{ steps.get_installation_token.outputs.token }}
       - name: Autosync
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"

diff --git a/.github/workflows/update-upstream.yml b/.github/workflows/update-upstream.yml
@@ -79,7 +79,7 @@ jobs:
             "profiles/${FEDRAMP_PROFILE_NAME}"
       - name: Regenerate profiles
         if: ${{ steps.updates.outputs.pull-request-number }}
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -22,13 +22,19 @@ jobs:
       - name: Clone
         uses: actions/checkout@v4
       - name: Check profile
-        id: check-profile
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        id: check
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
-          check_only: true
           skip_items: "fedramp_rev5_high"
+          dry_run: true
+      - name: Fail
+        if: ${{ steps.check.outputs.changes == 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+              core.setFailed('Changes detected. Manual intervention may be required.')
     
   call-autosync:
     needs: [test]