feat: removes provider from init and moves CI templates (#344)

* fix(init): updates mismatches between init and the initial workflow files Signed-off-by: Jennifer Power <[email protected]> * feat: removes provider from init entrypoint To simplfy this feature, the provider workflows will be available in the repo under TEMPLATES to copy manually. Signed-off-by: Jennifer Power <[email protected]> * docs: updates tutorial and corrects workflows Signed-off-by: Jennifer Power <[email protected]> * test: adds back unit tests for directory validation Signed-off-by: Jennifer Power <[email protected]> * test: adds back tests for trestlebot keep file Signed-off-by: Jennifer Power <[email protected]> * fix: addresses PR feedback Signed-off-by: Jennifer Power <[email protected]> * chore(deps): removes extra dependency for importlib Signed-off-by: Jennifer Power <[email protected]> * docs: fixes GitHub tutorial steps Signed-off-by: Jennifer Power <[email protected]> * fix: updates unit tests for trestle API breaking change Signed-off-by: Jennifer Power <[email protected]> --------- Signed-off-by: Jennifer Power <[email protected]>
RedHatProductSecurity · Sep 16, 2024 · 21b4043 · 21b4043
1 parent 5439b91
commit 21b4043
Show file tree

Hide file tree

Showing 13 changed files with 792 additions and 731 deletions.
diff --git a/TEMPLATES/README.md b/TEMPLATES/README.md
@@ -0,0 +1,8 @@
+# Templates
+
+
+This directory contains workflow templates using `trestle-bot` to facilitate an editing workflow for different OSCAL models and integration with CI/CD providers.
+
+`trestle-bot` provides a ready-made integrations for GitLab CI/CD and GitHub Actions though it can be used in multiple contexts using additional flags.
+
+> Adding GitLab CI/CD workflows is on the ROADMAP
diff --git a/...es/github/trestlebot-autosync-catalog.yml → ...ES/github/trestlebot-autosync-catalog.yml b/...es/github/trestlebot-autosync-catalog.yml → ...ES/github/trestlebot-autosync-catalog.yml
@@ -9,6 +9,10 @@ on:
       - 'catalogs/**'
       - 'markdown/catalogs/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync catalog content

diff --git a/...es/github/trestlebot-autosync-profile.yml → ...ES/github/trestlebot-autosync-profile.yml b/...es/github/trestlebot-autosync-profile.yml → ...ES/github/trestlebot-autosync-profile.yml
@@ -9,6 +9,10 @@ on:
       - 'profiles/**'
       - 'markdown/profiles/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync profile content

diff --git a/TEMPLATES/github/trestlebot-autosync-ssp.yml b/TEMPLATES/github/trestlebot-autosync-ssp.yml
@@ -0,0 +1,32 @@
+name: Trestle-bot autosync ssp updates
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'profiles/**'
+      - 'catalogs/**'
+      - 'component-definitions/**'
+      - 'system-security-plans/**'
+      - 'markdown/**'
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  autosync:
+    name: Autosync ssp content
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Run autosync
+        id: autosync
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
+        with:
+          markdown_path: "markdown/system-security-plans"
+          oscal_model: "ssp"
+          file_pattern: "*.json,markdown/*"
diff --git a/...restlebot-create-component-definition.yml → ...restlebot-create-component-definition.yml b/...restlebot-create-component-definition.yml → ...restlebot-create-component-definition.yml
@@ -40,7 +40,7 @@ jobs:
           component_title: ${{ github.event.inputs.component_title }}
           component_type: ${{ github.event.inputs.component_type }}
           component_description: ${{ github.event.inputs.component_description }}
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           branch: "create-component-definition-${{ github.run_id }}"
           target_branch: "main"
           file_pattern: "*.json,markdown/*,rules/*"

diff --git a/...tes/github/trestlebot-rules-transform.yml → ...TES/github/trestlebot-rules-transform.yml b/...tes/github/trestlebot-rules-transform.yml → ...TES/github/trestlebot-rules-transform.yml
@@ -20,14 +20,16 @@ jobs:
   rules-transform-and-autosync:
     name: Rules Transform and AutoSync
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
       - name: AutoSync
         id: autosync
         uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
         with:
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           oscal_model: "compdef"
           file_pattern: "*.json,markdown/*"
       - name: Check if rules changed
@@ -37,9 +39,9 @@ jobs:
           filters: |
             rules:
               - 'rules/**'
-      - name: Rules Tranform
+      - name: Rules Transform
         if: steps.changes.outputs.rules == 'true'
         uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main
         with:
-          markdown_path: "markdown"
+          markdown_path: "markdown/component-definitions"
           commit_message: "Auto-transform rules [skip ci]"
diff --git a/docs/tutorials/github.md b/docs/tutorials/github.md
@@ -50,13 +50,10 @@ You should now see the following directories in your repo.
 ├── markdown 
 ├── profiles
 ├── rules
-├── .github
 ├── .trestle
 └── .trestlebot
 ```
 
-You will notice several files within the `.github/workflows` directory.  These are the trestlebot actions that will run as we make changes to the repo contents.
-
 You can now add any catalog or profile content needed for you authoring process.  For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory.
 
 ```
@@ -77,6 +74,15 @@ Our `profile.json` file contains a reference to our `catalog.json` file.  By def
 sed -i 's/NIST_SP-800-53_rev5_catalog.json/trestle:\/\/catalogs\/nist_rev5_800_53\/catalog.json/g' profiles/nist_rev5_800_53/profile.json
 ```
 
+Finally you can copy ready-made CI/CD workflows from the `TEMPLATES` directory into your workspace. These are the trestlebot actions that will run as we make changes to the repo contents.
+
+**For example Component Definition authoring in GitHub Actions**
+```
+mkdir -p .github/workflows
+cp TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows
+cp TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows
+```
+
 Now that we have the initial content needed to begin authoring, go ahead and commit and push to the remote GitHub repo.
 
 
@@ -100,4 +106,4 @@ Now it's time to run our first trestlebot action!  We will go ahead and create o
 
 Once the workflow has completed you should have a new Pull Request containing the files trestlebot generated for the component definition.  After reviewing the files you can go ahead and merge the PR!
 
-Congrats, you have sucessfully created a new trestlebot workspace and now have an authoring environment!
+Congrats, you have successfully created a new trestlebot workspace and now have an authoring environment!