From e0c8cc95989610e58b28349feae7f7916ba0be25 Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Fri, 21 Jul 2023 15:29:23 -0400 Subject: [PATCH] feat: adds GitHub Action to create a new profile with inputs Signed-off-by: Jennifer Power --- .github/workflows/create-new.yml | 65 +++++++++ .github/workflows/update-upstream.yml | 2 +- Makefile | 6 +- requirements.in | 1 + requirements.txt | 193 ++++++++++++++++++++++++++ scripts/set_default_profile.py | 46 ++++++ 6 files changed, 311 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/create-new.yml create mode 100644 requirements.in create mode 100644 requirements.txt create mode 100644 scripts/set_default_profile.py diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml new file mode 100644 index 0000000..f8364c1 --- /dev/null +++ b/.github/workflows/create-new.yml @@ -0,0 +1,65 @@ +name: Profile Create +on: + workflow_dispatch: + inputs: + import_type: + type: choice + description: Import type + options: + - catalog + - profile + import_name: + required: true + description: Name of profile or catalog in trestle workspace to be imported + output: + required: true + description: Name of the profile to create + + +jobs: + create-profile: + name: Create profile + runs-on: ubuntu-latest + steps: + - name: Generate app token + uses: tibdex/github-app-token@v1 + id: get_installation_token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.PRIVATE_KEY }} + permissions: >- + {"contents": "write", "pull_requests": "write"} + - name: Clone + uses: actions/checkout@v3 + with: + token: ${{ steps.get_installation_token.outputs.token }} + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: 3.8 + - name: Install Trestlebot + run: make trestlebot-install + - name: Create new profile with imports + run: | + python3 scripts/set_default_profile.py --import_path "${IMPORT_TYPE}s/${IMPORT_NAME}/${IMPORT_TYPE}.json" \ + --profile_name "${OUTPUT}" --trestle_root . + env: + OUTPUT: ${{ github.event.inputs.output }} + IMPORT_NAME: ${{ github.event.inputs.import_name }} + IMPORT_TYPE: ${{ github.event.inputs.import_type }} + - name: Generate and PR new profile + id: generate-profile + uses: RedHatProductSecurity/trestle-bot@main + with: + markdown_path: "markdown/profiles" + oscal_model: "profile" + branch: "profile-create-${{ github.run_id }}" + target_branch: "main" + file_pattern: "*.json,markdown/*" + skip_items: "fedramp_rev5_high" + skip_assemble: true + commit_user_name: "trestle-bot[bot]" + commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" + commit_message: "adds profile ${{ github.event.inputs.output }}" + pull_request_title: "Add profile ${{ github.event.inputs.output }}" + github_token: ${{ steps.get_installation_token.outputs.token }} \ No newline at end of file diff --git a/.github/workflows/update-upstream.yml b/.github/workflows/update-upstream.yml index 7bc72ff..5d8926d 100644 --- a/.github/workflows/update-upstream.yml +++ b/.github/workflows/update-upstream.yml @@ -27,7 +27,7 @@ jobs: with: token: ${{ steps.get_installation_token.outputs.token }} - name: Set up Python 3.8 - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 - name: Install Trestle diff --git a/Makefile b/Makefile index 60e668a..08c49a2 100644 --- a/Makefile +++ b/Makefile @@ -22,4 +22,8 @@ update-subtree: import-nist: @source $(SCRIPTS_DIR)/import.sh && import_nist_rev5_catalog -.PHONY: import-nist \ No newline at end of file +.PHONY: import-nist + +trestlebot-install: + @python3 -m pip install --upgrade pip setuptools && python3 -m pip install -r requirements.txt +.PHONY: trestlebot-install \ No newline at end of file diff --git a/requirements.in b/requirements.in new file mode 100644 index 0000000..e2dce4c --- /dev/null +++ b/requirements.in @@ -0,0 +1 @@ +trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@main \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e7d00b6 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,193 @@ +# +# This file is autogenerated by pip-compile with Python 3.9 +# by the following command: +# +# pip-compile requirements.in +# +anyio==3.7.1 + # via httpcore +argcomplete==3.1.1 + # via datamodel-code-generator +attrs==23.1.0 + # via + # compliance-trestle + # jsonschema +bcrypt==4.0.1 + # via paramiko +black==23.7.0 + # via datamodel-code-generator +certifi==2023.5.7 + # via + # httpcore + # httpx + # requests +cffi==1.15.1 + # via + # cmarkgfm + # cryptography + # pynacl +chardet==5.1.0 + # via prance +charset-normalizer==3.2.0 + # via requests +click==8.1.6 + # via black +cmarkgfm==0.6.0 + # via compliance-trestle +compliance-trestle==2.2.1 + # via trestlebot +cryptography==41.0.2 + # via + # compliance-trestle + # paramiko + # pyjwt +datamodel-code-generator[http]==0.21.1 + # via compliance-trestle +defusedxml==0.7.1 + # via compliance-trestle +dnspython==2.4.0 + # via email-validator +email-validator==2.0.0.post2 + # via pydantic +et-xmlfile==1.1.0 + # via openpyxl +exceptiongroup==1.1.2 + # via anyio +furl==2.1.3 + # via compliance-trestle +genson==1.2.2 + # via datamodel-code-generator +gitdb==4.0.10 + # via gitpython +github3-py==4.0.1 + # via trestlebot +gitpython==3.1.32 + # via trestlebot +h11==0.14.0 + # via httpcore +httpcore==0.17.3 + # via + # dnspython + # httpx +httpx==0.24.1 + # via datamodel-code-generator +idna==3.4 + # via + # anyio + # email-validator + # httpx + # requests +ilcli==0.3.2 + # via compliance-trestle +inflect==5.6.2 + # via datamodel-code-generator +isort==5.12.0 + # via datamodel-code-generator +jinja2==3.1.2 + # via + # compliance-trestle + # datamodel-code-generator +jsonschema==4.17.3 + # via + # jsonschema-spec + # openapi-schema-validator + # openapi-spec-validator +jsonschema-spec==0.1.6 + # via openapi-spec-validator +lazy-object-proxy==1.9.0 + # via openapi-spec-validator +markupsafe==2.1.3 + # via jinja2 +mypy-extensions==1.0.0 + # via black +openapi-schema-validator==0.4.4 + # via openapi-spec-validator +openapi-spec-validator==0.5.2 + # via datamodel-code-generator +openpyxl==3.1.2 + # via compliance-trestle +orderedmultidict==1.0.1 + # via furl +orjson==3.9.2 + # via compliance-trestle +packaging==23.1 + # via + # black + # datamodel-code-generator + # prance +paramiko==3.2.0 + # via compliance-trestle +pathable==0.4.3 + # via jsonschema-spec +pathspec==0.11.1 + # via black +platformdirs==3.9.1 + # via black +prance==23.6.21.0 + # via datamodel-code-generator +pycparser==2.21 + # via cffi +pydantic[email]==1.10.11 + # via + # compliance-trestle + # datamodel-code-generator +pyjwt[crypto]==2.8.0 + # via github3-py +pynacl==1.5.0 + # via paramiko +pyrsistent==0.19.3 + # via jsonschema +pysnooper==1.2.0 + # via datamodel-code-generator +python-dateutil==2.8.2 + # via github3-py +python-dotenv==1.0.0 + # via compliance-trestle +python-frontmatter==1.0.0 + # via compliance-trestle +pyyaml==6.0.1 + # via + # jsonschema-spec + # python-frontmatter +requests==2.31.0 + # via + # github3-py + # jsonschema-spec + # prance +rfc3339-validator==0.1.4 + # via openapi-schema-validator +ruamel-yaml==0.17.32 + # via + # compliance-trestle + # prance +ruamel-yaml-clib==0.2.7 + # via ruamel-yaml +six==1.16.0 + # via + # furl + # orderedmultidict + # prance + # python-dateutil + # rfc3339-validator +smmap==5.0.0 + # via gitdb +sniffio==1.3.0 + # via + # anyio + # dnspython + # httpcore + # httpx +toml==0.10.2 + # via datamodel-code-generator +tomli==2.0.1 + # via black +trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@main + # via -r requirements.in +typing-extensions==4.7.1 + # via + # black + # pydantic +uritemplate==4.1.1 + # via github3-py +urllib3==2.0.4 + # via requests diff --git a/scripts/set_default_profile.py b/scripts/set_default_profile.py new file mode 100644 index 0000000..3cc83c9 --- /dev/null +++ b/scripts/set_default_profile.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +# set_default_profile.py + +# Copyright 2023 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +Read in a profile created by trestle and set up default profile fields + +Author: Jenn Power +""" + +import argparse + +from trestlebot.tasks.authored.profile import AuthoredProfile + + +def main(): + p = argparse.ArgumentParser(description="Set default component fields") + p.add_argument("--profile_name", required=True) + p.add_argument("--import_path", required=True) + p.add_argument("--trestle_root", required=True) + args = p.parse_args() + + authored_profile = AuthoredProfile(args.trestle_root) + + authored_profile.create_new_default( + args.import_path, + args.profile_name, + ) + + +if __name__ == "__main__": + main() +