diff --git a/TEMPLATES/github/trestlebot-autosync-catalog.yml b/TEMPLATES/github/trestlebot-autosync-catalog.yml index dfee2050..a78aa6ef 100644 --- a/TEMPLATES/github/trestlebot-autosync-catalog.yml +++ b/TEMPLATES/github/trestlebot-autosync-catalog.yml @@ -9,6 +9,10 @@ on: - 'catalogs/**' - 'markdown/catalogs/**' +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + jobs: autosync: name: Autosync catalog content diff --git a/TEMPLATES/github/trestlebot-autosync-profile.yml b/TEMPLATES/github/trestlebot-autosync-profile.yml index 04188eb2..dfeff2ba 100644 --- a/TEMPLATES/github/trestlebot-autosync-profile.yml +++ b/TEMPLATES/github/trestlebot-autosync-profile.yml @@ -9,6 +9,10 @@ on: - 'profiles/**' - 'markdown/profiles/**' +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + jobs: autosync: name: Autosync profile content diff --git a/TEMPLATES/github/trestlebot-autosync-ssp.yml b/TEMPLATES/github/trestlebot-autosync-ssp.yml new file mode 100644 index 00000000..71aa4fba --- /dev/null +++ b/TEMPLATES/github/trestlebot-autosync-ssp.yml @@ -0,0 +1,32 @@ +name: Trestle-bot autosync ssp updates +on: + push: + branches: + - main + paths: + - 'profiles/**' + - 'catalogs/**' + - 'component-definitions/**' + - 'system-security-plans/**' + - 'markdown/**' + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + autosync: + name: Autosync ssp content + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Run autosync + id: autosync + uses: RedHatProductSecurity/trestle-bot/actions/autosync@main + with: + markdown_path: "markdown/system-security-plans" + oscal_model: "ssp" + file_pattern: "*.json,markdown/*" \ No newline at end of file diff --git a/TEMPLATES/github/trestlebot-create-component-definition.yml b/TEMPLATES/github/trestlebot-create-component-definition.yml index e6090c17..4c4bf0f7 100644 --- a/TEMPLATES/github/trestlebot-create-component-definition.yml +++ b/TEMPLATES/github/trestlebot-create-component-definition.yml @@ -40,7 +40,7 @@ jobs: component_title: ${{ github.event.inputs.component_title }} component_type: ${{ github.event.inputs.component_type }} component_description: ${{ github.event.inputs.component_description }} - markdown_path: "markdown/components" + markdown_path: "markdown/component-definitions" branch: "create-component-definition-${{ github.run_id }}" target_branch: "main" file_pattern: "*.json,markdown/*,rules/*" diff --git a/TEMPLATES/github/trestlebot-rules-transform.yml b/TEMPLATES/github/trestlebot-rules-transform.yml index d363565d..2e835a9b 100644 --- a/TEMPLATES/github/trestlebot-rules-transform.yml +++ b/TEMPLATES/github/trestlebot-rules-transform.yml @@ -20,6 +20,8 @@ jobs: rules-transform-and-autosync: name: Rules Transform and AutoSync runs-on: ubuntu-latest + permissions: + content: write steps: - name: Checkout repository uses: actions/checkout@v4 @@ -27,7 +29,7 @@ jobs: id: autosync uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/components" + markdown_path: "markdown/component-definitions" oscal_model: "compdef" file_pattern: "*.json,markdown/*" - name: Check if rules changed @@ -41,5 +43,5 @@ jobs: if: steps.changes.outputs.rules == 'true' uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main with: - markdown_path: "markdown" + markdown_path: "markdown/component-definitions" commit_message: "Auto-transform rules [skip ci]" \ No newline at end of file diff --git a/docs/tutorials/github.md b/docs/tutorials/github.md index 5ab2db15..493cc4a9 100644 --- a/docs/tutorials/github.md +++ b/docs/tutorials/github.md @@ -50,13 +50,10 @@ You should now see the following directories in your repo. ├── markdown ├── profiles ├── rules -├── .github ├── .trestle └── .trestlebot ``` -You will notice several files within the `.github/workflows` directory. These are the trestlebot actions that will run as we make changes to the repo contents. - You can now add any catalog or profile content needed for you authoring process. For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory. ``` @@ -77,6 +74,14 @@ Our `profile.json` file contains a reference to our `catalog.json` file. By def sed -i 's/NIST_SP-800-53_rev5_catalog.json/trestle:\/\/catalogs\/nist_rev5_800_53\/catalog.json/g' profiles/nist_rev5_800_53/profile.json ``` +Finally you can copy ready-made CI/CD workflows from the `TEMPLATES` directory into your workspace. These are the trestlebot actions that will run as we make changes to the repo contents. + +**For example Component Definition authoring in GitHub Actions** +``` +cp TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows +cp TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows +``` + Now that we have the initial content needed to begin authoring, go ahead and commit and push to the remote GitHub repo. @@ -100,4 +105,4 @@ Now it's time to run our first trestlebot action! We will go ahead and create o Once the workflow has completed you should have a new Pull Request containing the files trestlebot generated for the component definition. After reviewing the files you can go ahead and merge the PR! -Congrats, you have sucessfully created a new trestlebot workspace and now have an authoring environment! \ No newline at end of file +Congrats, you have successfully created a new trestlebot workspace and now have an authoring environment! \ No newline at end of file