feat: adds GitHub Action to create a new profile with inputs

Signed-off-by: Jennifer Power <[email protected]>
RedHatProductSecurity · Jul 21, 2023 · e0c8cc9 · e0c8cc9
1 parent 733c12e
commit e0c8cc9
Show file tree

Hide file tree

Showing 6 changed files with 311 additions and 2 deletions.
diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml
@@ -0,0 +1,65 @@
+name: Profile Create
+on:
+  workflow_dispatch:
+   inputs:
+      import_type:
+        type: choice
+        description: Import type
+        options:
+        - catalog
+        - profile
+      import_name:
+        required: true
+        description: Name of profile or catalog in trestle workspace to be imported
+      output:
+        required: true
+        description: Name of the profile to create
+
+
+jobs:
+  create-profile:
+    name: Create profile
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate app token
+        uses: tibdex/github-app-token@v1
+        id: get_installation_token
+        with: 
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.PRIVATE_KEY }}
+          permissions: >-
+            {"contents": "write", "pull_requests": "write"}
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          token: ${{ steps.get_installation_token.outputs.token }}
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.8
+      - name: Install Trestlebot
+        run: make trestlebot-install
+      - name: Create new profile with imports
+        run: |
+          python3 scripts/set_default_profile.py --import_path "${IMPORT_TYPE}s/${IMPORT_NAME}/${IMPORT_TYPE}.json" \
+          --profile_name "${OUTPUT}" --trestle_root .
+        env:
+          OUTPUT:  ${{ github.event.inputs.output }}
+          IMPORT_NAME: ${{ github.event.inputs.import_name }}
+          IMPORT_TYPE: ${{ github.event.inputs.import_type }}
+      - name: Generate and PR new profile
+        id: generate-profile
+        uses: RedHatProductSecurity/trestle-bot@main
+        with:
+          markdown_path: "markdown/profiles"
+          oscal_model: "profile"
+          branch: "profile-create-${{ github.run_id }}"
+          target_branch: "main"
+          file_pattern: "*.json,markdown/*"
+          skip_items: "fedramp_rev5_high"
+          skip_assemble: true
+          commit_user_name: "trestle-bot[bot]"
+          commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com"
+          commit_message: "adds profile ${{ github.event.inputs.output }}"
+          pull_request_title: "Add profile ${{ github.event.inputs.output }}"
+          github_token: ${{ steps.get_installation_token.outputs.token }}
diff --git a/.github/workflows/update-upstream.yml b/.github/workflows/update-upstream.yml
@@ -27,7 +27,7 @@ jobs:
         with:
           token: ${{ steps.get_installation_token.outputs.token }}
       - name: Set up Python 3.8
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: 3.8
       - name: Install Trestle

diff --git a/Makefile b/Makefile
@@ -22,4 +22,8 @@ update-subtree:
 
 import-nist:
 	@source $(SCRIPTS_DIR)/import.sh && import_nist_rev5_catalog
-.PHONY: import-nist
+.PHONY: import-nist
+
+trestlebot-install:
+	@python3 -m pip install --upgrade pip setuptools && python3 -m pip install -r requirements.txt
+.PHONY: trestlebot-install
diff --git a/requirements.in b/requirements.in
@@ -0,0 +1 @@
+trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@main
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,193 @@
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+#    pip-compile requirements.in
+#
+anyio==3.7.1
+    # via httpcore
+argcomplete==3.1.1
+    # via datamodel-code-generator
+attrs==23.1.0
+    # via
+    #   compliance-trestle
+    #   jsonschema
+bcrypt==4.0.1
+    # via paramiko
+black==23.7.0
+    # via datamodel-code-generator
+certifi==2023.5.7
+    # via
+    #   httpcore
+    #   httpx
+    #   requests
+cffi==1.15.1
+    # via
+    #   cmarkgfm
+    #   cryptography
+    #   pynacl
+chardet==5.1.0
+    # via prance
+charset-normalizer==3.2.0
+    # via requests
+click==8.1.6
+    # via black
+cmarkgfm==0.6.0
+    # via compliance-trestle
+compliance-trestle==2.2.1
+    # via trestlebot
+cryptography==41.0.2
+    # via
+    #   compliance-trestle
+    #   paramiko
+    #   pyjwt
+datamodel-code-generator[http]==0.21.1
+    # via compliance-trestle
+defusedxml==0.7.1
+    # via compliance-trestle
+dnspython==2.4.0
+    # via email-validator
+email-validator==2.0.0.post2
+    # via pydantic
+et-xmlfile==1.1.0
+    # via openpyxl
+exceptiongroup==1.1.2
+    # via anyio
+furl==2.1.3
+    # via compliance-trestle
+genson==1.2.2
+    # via datamodel-code-generator
+gitdb==4.0.10
+    # via gitpython
+github3-py==4.0.1
+    # via trestlebot
+gitpython==3.1.32
+    # via trestlebot
+h11==0.14.0
+    # via httpcore
+httpcore==0.17.3
+    # via
+    #   dnspython
+    #   httpx
+httpx==0.24.1
+    # via datamodel-code-generator
+idna==3.4
+    # via
+    #   anyio
+    #   email-validator
+    #   httpx
+    #   requests
+ilcli==0.3.2
+    # via compliance-trestle
+inflect==5.6.2
+    # via datamodel-code-generator
+isort==5.12.0
+    # via datamodel-code-generator
+jinja2==3.1.2
+    # via
+    #   compliance-trestle
+    #   datamodel-code-generator
+jsonschema==4.17.3
+    # via
+    #   jsonschema-spec
+    #   openapi-schema-validator
+    #   openapi-spec-validator
+jsonschema-spec==0.1.6
+    # via openapi-spec-validator
+lazy-object-proxy==1.9.0
+    # via openapi-spec-validator
+markupsafe==2.1.3
+    # via jinja2
+mypy-extensions==1.0.0
+    # via black
+openapi-schema-validator==0.4.4
+    # via openapi-spec-validator
+openapi-spec-validator==0.5.2
+    # via datamodel-code-generator
+openpyxl==3.1.2
+    # via compliance-trestle
+orderedmultidict==1.0.1
+    # via furl
+orjson==3.9.2
+    # via compliance-trestle
+packaging==23.1
+    # via
+    #   black
+    #   datamodel-code-generator
+    #   prance
+paramiko==3.2.0
+    # via compliance-trestle
+pathable==0.4.3
+    # via jsonschema-spec
+pathspec==0.11.1
+    # via black
+platformdirs==3.9.1
+    # via black
+prance==23.6.21.0
+    # via datamodel-code-generator
+pycparser==2.21
+    # via cffi
+pydantic[email]==1.10.11
+    # via
+    #   compliance-trestle
+    #   datamodel-code-generator
+pyjwt[crypto]==2.8.0
+    # via github3-py
+pynacl==1.5.0
+    # via paramiko
+pyrsistent==0.19.3
+    # via jsonschema
+pysnooper==1.2.0
+    # via datamodel-code-generator
+python-dateutil==2.8.2
+    # via github3-py
+python-dotenv==1.0.0
+    # via compliance-trestle
+python-frontmatter==1.0.0
+    # via compliance-trestle
+pyyaml==6.0.1
+    # via
+    #   jsonschema-spec
+    #   python-frontmatter
+requests==2.31.0
+    # via
+    #   github3-py
+    #   jsonschema-spec
+    #   prance
+rfc3339-validator==0.1.4
+    # via openapi-schema-validator
+ruamel-yaml==0.17.32
+    # via
+    #   compliance-trestle
+    #   prance
+ruamel-yaml-clib==0.2.7
+    # via ruamel-yaml
+six==1.16.0
+    # via
+    #   furl
+    #   orderedmultidict
+    #   prance
+    #   python-dateutil
+    #   rfc3339-validator
+smmap==5.0.0
+    # via gitdb
+sniffio==1.3.0
+    # via
+    #   anyio
+    #   dnspython
+    #   httpcore
+    #   httpx
+toml==0.10.2
+    # via datamodel-code-generator
+tomli==2.0.1
+    # via black
+trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@main
+    # via -r requirements.in
+typing-extensions==4.7.1
+    # via
+    #   black
+    #   pydantic
+uritemplate==4.1.1
+    # via github3-py
+urllib3==2.0.4
+    # via requests
diff --git a/scripts/set_default_profile.py b/scripts/set_default_profile.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# set_default_profile.py
+
+#    Copyright 2023 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""
+Read in a profile created by trestle and set up default profile fields
+
+Author: Jenn Power <[email protected]>
+"""
+
+import argparse
+
+from trestlebot.tasks.authored.profile import AuthoredProfile
+
+
+def main():
+    p = argparse.ArgumentParser(description="Set default component fields")
+    p.add_argument("--profile_name", required=True)
+    p.add_argument("--import_path", required=True)
+    p.add_argument("--trestle_root", required=True)
+    args = p.parse_args()
+
+    authored_profile = AuthoredProfile(args.trestle_root)
+
+    authored_profile.create_new_default(
+        args.import_path,
+        args.profile_name,
+    )
+
+
+if __name__ == "__main__":
+    main()
+