Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: removes provider from init and moves CI templates #344

Merged
merged 9 commits into from
Sep 16, 2024
8 changes: 8 additions & 0 deletions TEMPLATES/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Templates


This directory contains workflow templates using `trestle-bot` to facilitate an editing workflow for different OSCAL models and integration with CI/CD providers.

`trestle-bot` provides a ready-made integrations for GitLab CI/CD and GitHub Actions though it can be used in multiple contexts using additional flags.

> Adding GitLab CI/CD workflows is on the ROADMAP
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
- 'catalogs/**'
- 'markdown/catalogs/**'

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
autosync:
name: Autosync catalog content
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
- 'profiles/**'
- 'markdown/profiles/**'

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
autosync:
name: Autosync profile content
Expand Down
32 changes: 32 additions & 0 deletions TEMPLATES/github/trestlebot-autosync-ssp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Trestle-bot autosync ssp updates
on:
push:
branches:
- main
paths:
- 'profiles/**'
- 'catalogs/**'
- 'component-definitions/**'
- 'system-security-plans/**'
- 'markdown/**'

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
autosync:
name: Autosync ssp content
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run autosync
id: autosync
uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
with:
markdown_path: "markdown/system-security-plans"
oscal_model: "ssp"
file_pattern: "*.json,markdown/*"
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
component_title: ${{ github.event.inputs.component_title }}
component_type: ${{ github.event.inputs.component_type }}
component_description: ${{ github.event.inputs.component_description }}
markdown_path: "markdown/components"
markdown_path: "markdown/component-definitions"
branch: "create-component-definition-${{ github.run_id }}"
target_branch: "main"
file_pattern: "*.json,markdown/*,rules/*"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,16 @@ jobs:
rules-transform-and-autosync:
name: Rules Transform and AutoSync
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: AutoSync
id: autosync
uses: RedHatProductSecurity/trestle-bot/actions/autosync@main
with:
markdown_path: "markdown/components"
markdown_path: "markdown/component-definitions"
oscal_model: "compdef"
file_pattern: "*.json,markdown/*"
- name: Check if rules changed
Expand All @@ -37,9 +39,9 @@ jobs:
filters: |
rules:
- 'rules/**'
- name: Rules Tranform
- name: Rules Transform
if: steps.changes.outputs.rules == 'true'
uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main
with:
markdown_path: "markdown"
markdown_path: "markdown/component-definitions"
commit_message: "Auto-transform rules [skip ci]"
14 changes: 10 additions & 4 deletions docs/tutorials/github.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,10 @@ You should now see the following directories in your repo.
├── markdown
├── profiles
├── rules
├── .github
├── .trestle
└── .trestlebot
```

You will notice several files within the `.github/workflows` directory. These are the trestlebot actions that will run as we make changes to the repo contents.

You can now add any catalog or profile content needed for you authoring process. For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory.

```
Expand All @@ -77,6 +74,15 @@ Our `profile.json` file contains a reference to our `catalog.json` file. By def
sed -i 's/NIST_SP-800-53_rev5_catalog.json/trestle:\/\/catalogs\/nist_rev5_800_53\/catalog.json/g' profiles/nist_rev5_800_53/profile.json
```

Finally you can copy ready-made CI/CD workflows from the `TEMPLATES` directory into your workspace. These are the trestlebot actions that will run as we make changes to the repo contents.

**For example Component Definition authoring in GitHub Actions**
```
mkdir -p .github/workflows
cp TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows
Copy link
Member

@huiwangredhat huiwangredhat Sep 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The .github dir won't be generated after the trestlebot init and has been removed on line 53. So .github needs to be created manually. Is that the expected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. The .github/workflows directory would need to be created. Thanks for pointing that out. I could include a mkdir line.

cp TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows
```

Now that we have the initial content needed to begin authoring, go ahead and commit and push to the remote GitHub repo.


Expand All @@ -100,4 +106,4 @@ Now it's time to run our first trestlebot action! We will go ahead and create o

Once the workflow has completed you should have a new Pull Request containing the files trestlebot generated for the component definition. After reviewing the files you can go ahead and merge the PR!

Congrats, you have sucessfully created a new trestlebot workspace and now have an authoring environment!
Congrats, you have successfully created a new trestlebot workspace and now have an authoring environment!
Loading