diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml index 8360967..91baaf3 100644 --- a/.github/workflows/create-new.yml +++ b/.github/workflows/create-new.yml @@ -21,6 +21,8 @@ jobs: create-profile: name: Create profile runs-on: ubuntu-latest + container: + image: quay.io/continuouscompliance/trestle-bot:v0.5.0 steps: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 @@ -34,12 +36,6 @@ jobs: uses: actions/checkout@v4 with: token: ${{ steps.get_installation_token.outputs.token }} - - name: Set up Python 3.8 - uses: actions/setup-python@v5 - with: - python-version: 3.8 - - name: Install Trestlebot - run: python3 -m pip install --upgrade pip setuptools && python3 -m pip install -r requirements.txt - name: Create new profile with imports run: | python3 scripts/set_default_profile.py --import_path "${IMPORT_TYPE}s/${IMPORT_NAME}/${IMPORT_TYPE}.json" \ @@ -48,19 +44,27 @@ jobs: OUTPUT: ${{ github.event.inputs.output }} IMPORT_NAME: ${{ github.event.inputs.import_name }} IMPORT_TYPE: ${{ github.event.inputs.import_type }} + - name: Configure git to trust the github workspace + run: | + git config --global --add safe.directory "${GITHUB_WORKSPACE}" - name: Generate and PR new profile id: generate-profile - uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.5.0 - with: - markdown_path: "markdown/profiles" - oscal_model: "profile" - branch: "profile-create-${{ github.run_id }}" - target_branch: "main" - file_pattern: "*.json,markdown/*" - skip_items: "fedramp_rev5_high" - skip_assemble: true - commit_user_name: "trestle-bot[bot]" - commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" - commit_message: "adds profile ${{ github.event.inputs.output }}" - pull_request_title: "Add profile ${{ github.event.inputs.output }}" - github_token: ${{ steps.get_installation_token.outputs.token }} \ No newline at end of file + run: | + trestlebot-autosync \ + --markdown-path="markdown/profiles" \ + --oscal-model="profile" \ + --commit-message="adds profile ${OUTPUT}" \ + --pull-request-title="Add profile ${OUTPUT}" \ + --branch="profile-create-${{ github.run_id }}" \ + --file-patterns="*.json,markdown/*" \ + --committer-name="trestle-bot[bot]" \ + --committer-email="136850459+trestle-bot[bot]@users.noreply.github.com" \ + --author-name="${{ github.actor }}" \ + --author-email="${{ github.actor }}@users.noreply.github.com" \ + --target-branch="main" \ + --skip-items="fedramp_rev5_high" \ + --skip-assemble \ + --with-token - <<<"${GITHUB_TOKEN}" + env: + GITHUB_TOKEN: ${{ steps.get_installation_token.outputs.token }} + OUTPUT: ${{ github.event.inputs.output }} \ No newline at end of file diff --git a/.github/workflows/update-upstream.yml b/.github/workflows/update-upstream.yml index d966c73..7787b93 100644 --- a/.github/workflows/update-upstream.yml +++ b/.github/workflows/update-upstream.yml @@ -12,6 +12,8 @@ jobs: update: name: Update content runs-on: ubuntu-latest + container: + image: quay.io/continuouscompliance/trestle-bot:v0.5.0 steps: - name: Generate app token uses: tibdex/github-app-token@v2.1.0 @@ -25,12 +27,6 @@ jobs: uses: actions/checkout@v4 with: token: ${{ steps.get_installation_token.outputs.token }} - - name: Set up Python 3.8 - uses: actions/setup-python@v5 - with: - python-version: 3.8 - - name: Install Trestle - run: python3 -m pip install --upgrade pip setuptools && python3 -m pip install -r requirements.txt - name: Update catalogs run: | rm -rf "catalogs/${NIST_CATALOG_NAME}" @@ -40,16 +36,24 @@ jobs: rm -rf "profiles/${FEDRAMP_PROFILE_NAME}" trestle import -f "https://raw.githubusercontent.com/GSA/fedramp-automation/${FEDRAMP_REPO_REF}/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json" -o "${FEDRAMP_PROFILE_NAME}" trestle href --name "${FEDRAMP_PROFILE_NAME}" -hr "trestle://catalogs/${NIST_CATALOG_NAME}/catalog.json" + - name: Configure git to trust the github workspace + run: | + git config --global --add safe.directory "${GITHUB_WORKSPACE}" - name: Update content - uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.5.0 + uses: peter-evans/create-pull-request@v5.0.2 with: - markdown_path: "markdown/profiles" - oscal_model: "profile" - file_pattern: "*.json" - branch: "autoupdate-${{ github.run_id }}" - target_branch: "main" - skip_assemble: true - skip_regenerate: true - commit_user_name: "trestle-bot[bot]" - commit_user_email: "136850459+trestle-bot[bot]@users.noreply.github.com" - github_token: ${{ steps.get_installation_token.outputs.token }} \ No newline at end of file + base: main + branch: "oscal-update-${{ github.run_id }}" + delete-branch: true + commit-message: "Update OSCAL content from upstream" + title: "Update upstream OSCAL content from usnistogv and GSA" + token: ${{ steps.get_installation_token.outputs.token }} + body: | + Updates upstream OSCAL content + - usnistgov NIST 800-53 + - GSA FedRAMP OSCAL profiles + + Auto-generated by the `update-upstream` workflow. + add-paths: | + "catalogs/${NIST_CATALOG_NAME}" + "profiles/${FEDRAMP_PROFILE_NAME}" \ No newline at end of file diff --git a/requirements.in b/requirements.in deleted file mode 100644 index 10b346e..0000000 --- a/requirements.in +++ /dev/null @@ -1 +0,0 @@ -trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@v0.4.2 \ No newline at end of file diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 3e57e54..0000000 --- a/requirements.txt +++ /dev/null @@ -1,202 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.9 -# by the following command: -# -# pip-compile --output-file=requirements.txt requirements.in -# -anyio==3.7.1 - # via httpcore -argcomplete==3.1.1 - # via datamodel-code-generator -attrs==23.1.0 - # via - # compliance-trestle - # jsonschema -bcrypt==4.0.1 - # via paramiko -black==23.7.0 - # via datamodel-code-generator -certifi==2023.7.22 - # via - # httpcore - # httpx - # requests -cffi==1.15.1 - # via - # cmarkgfm - # cryptography - # pynacl -chardet==5.1.0 - # via prance -charset-normalizer==3.2.0 - # via requests -click==8.1.6 - # via black -cmarkgfm==0.6.0 - # via compliance-trestle -compliance-trestle @ git+https://github.com/IBM/compliance-trestle.git@725f6980f83b040fec4145cfebd4c80af2f7196f - # via trestlebot -cryptography==41.0.3 - # via - # compliance-trestle - # paramiko - # pyjwt -datamodel-code-generator[http]==0.21.1 - # via - # compliance-trestle - # datamodel-code-generator -defusedxml==0.7.1 - # via compliance-trestle -dnspython==2.4.2 - # via email-validator -email-validator==2.0.0.post2 - # via pydantic -et-xmlfile==1.1.0 - # via openpyxl -exceptiongroup==1.1.2 - # via anyio -furl==2.1.3 - # via compliance-trestle -genson==1.2.2 - # via datamodel-code-generator -gitdb==4.0.10 - # via gitpython -github3-py==4.0.1 - # via trestlebot -gitpython==3.1.35 - # via trestlebot -h11==0.14.0 - # via httpcore -httpcore==0.17.3 - # via httpx -httpx==0.24.1 - # via datamodel-code-generator -idna==3.4 - # via - # anyio - # email-validator - # httpx - # requests -ilcli==0.3.2 - # via compliance-trestle -inflect==5.6.2 - # via datamodel-code-generator -isort==5.12.0 - # via datamodel-code-generator -jinja2==3.1.2 - # via - # compliance-trestle - # datamodel-code-generator -jsonschema==4.17.3 - # via - # jsonschema-spec - # openapi-schema-validator - # openapi-spec-validator -jsonschema-spec==0.1.6 - # via openapi-spec-validator -lazy-object-proxy==1.9.0 - # via openapi-spec-validator -markupsafe==2.1.3 - # via jinja2 -mypy-extensions==1.0.0 - # via black -openapi-schema-validator==0.4.4 - # via openapi-spec-validator -openapi-spec-validator==0.5.2 - # via datamodel-code-generator -openpyxl==3.1.2 - # via compliance-trestle -orderedmultidict==1.0.1 - # via furl -orjson==3.9.2 - # via compliance-trestle -packaging==23.1 - # via - # black - # datamodel-code-generator - # prance -paramiko==3.2.0 - # via compliance-trestle -pathable==0.4.3 - # via jsonschema-spec -pathspec==0.11.1 - # via black -platformdirs==3.9.1 - # via black -prance==23.6.21.0 - # via datamodel-code-generator -pycparser==2.21 - # via cffi -pydantic[email]==1.10.13 - # via - # compliance-trestle - # datamodel-code-generator - # trestlebot -pyjwt[crypto]==2.8.0 - # via - # github3-py - # pyjwt -pynacl==1.5.0 - # via paramiko -pyrsistent==0.19.3 - # via jsonschema -pysnooper==1.2.0 - # via datamodel-code-generator -python-dateutil==2.8.2 - # via github3-py -python-dotenv==1.0.0 - # via compliance-trestle -python-frontmatter==1.0.0 - # via compliance-trestle -python-gitlab==3.15.0 - # via trestlebot -pyyaml==6.0.1 - # via - # jsonschema-spec - # python-frontmatter -requests==2.31.0 - # via - # github3-py - # jsonschema-spec - # prance - # python-gitlab - # requests-toolbelt -requests-toolbelt==1.0.0 - # via python-gitlab -rfc3339-validator==0.1.4 - # via openapi-schema-validator -ruamel-yaml==0.17.32 - # via - # compliance-trestle - # prance - # trestlebot -ruamel-yaml-clib==0.2.7 - # via ruamel-yaml -six==1.16.0 - # via - # furl - # orderedmultidict - # prance - # python-dateutil - # rfc3339-validator -smmap==5.0.0 - # via gitdb -sniffio==1.3.0 - # via - # anyio - # httpcore - # httpx -toml==0.10.2 - # via datamodel-code-generator -tomli==2.0.1 - # via black -trestlebot @ git+https://github.com/RedHatProductSecurity/trestle-bot@v0.4.2 - # via -r requirements.in -typing-extensions==4.7.1 - # via - # black - # pydantic -uritemplate==4.1.1 - # via github3-py -urllib3==2.0.4 - # via requests