docs: updates tutorial and corrects workflows

Signed-off-by: Jennifer Power <[email protected]>
RedHatProductSecurity · Sep 12, 2024 · 23db548 · 23db548
1 parent b52fdb5
commit 23db548
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 7 deletions.
diff --git a/TEMPLATES/github/trestlebot-autosync-catalog.yml b/TEMPLATES/github/trestlebot-autosync-catalog.yml
@@ -9,6 +9,10 @@ on:
       - 'catalogs/**'
       - 'markdown/catalogs/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync catalog content

diff --git a/TEMPLATES/github/trestlebot-autosync-profile.yml b/TEMPLATES/github/trestlebot-autosync-profile.yml
@@ -9,6 +9,10 @@ on:
       - 'profiles/**'
       - 'markdown/profiles/**'
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   autosync:
     name: Autosync profile content

diff --git a/TEMPLATES/github/trestlebot-autosync-ssp.yml b/TEMPLATES/github/trestlebot-autosync-ssp.yml
@@ -0,0 +1,32 @@
+name: Trestle-bot autosync ssp updates
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'profiles/**'
+      - 'catalogs/**'
+      - 'component-definitions/**'
+      - 'system-security-plans/**'
+      - 'markdown/**'
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  autosync:
+    name: Autosync ssp content
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Run autosync
+        id: autosync
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
+        with:
+          markdown_path: "markdown/system-security-plans"
+          oscal_model: "ssp"
+          file_pattern: "*.json,markdown/*"
diff --git a/TEMPLATES/github/trestlebot-create-component-definition.yml b/TEMPLATES/github/trestlebot-create-component-definition.yml
@@ -40,7 +40,7 @@ jobs:
           component_title: ${{ github.event.inputs.component_title }}
           component_type: ${{ github.event.inputs.component_type }}
           component_description: ${{ github.event.inputs.component_description }}
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           branch: "create-component-definition-${{ github.run_id }}"
           target_branch: "main"
           file_pattern: "*.json,markdown/*,rules/*"

diff --git a/TEMPLATES/github/trestlebot-rules-transform.yml b/TEMPLATES/github/trestlebot-rules-transform.yml
@@ -20,14 +20,16 @@ jobs:
   rules-transform-and-autosync:
     name: Rules Transform and AutoSync
     runs-on: ubuntu-latest
+    permissions:
+      content: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
       - name: AutoSync
         id: autosync
         uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
         with:
-          markdown_path: "markdown/components"
+          markdown_path: "markdown/component-definitions"
           oscal_model: "compdef"
           file_pattern: "*.json,markdown/*"
       - name: Check if rules changed
@@ -41,5 +43,5 @@ jobs:
         if: steps.changes.outputs.rules == 'true'
         uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main
         with:
-          markdown_path: "markdown"
+          markdown_path: "markdown/component-definitions"
           commit_message: "Auto-transform rules [skip ci]"
diff --git a/docs/tutorials/github.md b/docs/tutorials/github.md
@@ -50,13 +50,10 @@ You should now see the following directories in your repo.
 ├── markdown 
 ├── profiles
 ├── rules
-├── .github
 ├── .trestle
 └── .trestlebot
 ```
 
-You will notice several files within the `.github/workflows` directory.  These are the trestlebot actions that will run as we make changes to the repo contents.
-
 You can now add any catalog or profile content needed for you authoring process.  For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory.
 
 ```
@@ -77,6 +74,14 @@ Our `profile.json` file contains a reference to our `catalog.json` file.  By def
 sed -i 's/NIST_SP-800-53_rev5_catalog.json/trestle:\/\/catalogs\/nist_rev5_800_53\/catalog.json/g' profiles/nist_rev5_800_53/profile.json
 ```
 
+Finally you can copy ready-made CI/CD workflows from the `TEMPLATES` directory into your workspace. These are the trestlebot actions that will run as we make changes to the repo contents.
+
+**For example Component Definition authoring in GitHub Actions**
+```
+cp TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows
+cp TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows
+```
+
 Now that we have the initial content needed to begin authoring, go ahead and commit and push to the remote GitHub repo.
 
 
@@ -100,4 +105,4 @@ Now it's time to run our first trestlebot action!  We will go ahead and create o
 
 Once the workflow has completed you should have a new Pull Request containing the files trestlebot generated for the component definition.  After reviewing the files you can go ahead and merge the PR!
 
-Congrats, you have sucessfully created a new trestlebot workspace and now have an authoring environment!
+Congrats, you have successfully created a new trestlebot workspace and now have an authoring environment!