diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9eb30e1b..d9c7ea13 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -111,7 +111,7 @@ To generate a pin for a third party action, there should be a full length commit This approach is used for authoring CI workflows that utilize versioned actions to produce frequent updates from dependabot for python and GitHub Actions. -### License Text in Files +### License Text in Files Please use the SPDX license identifier in all source files. @@ -160,11 +160,11 @@ make test-e2e #### Run with poetry ``` make develop -poetry run trestlebot-autosync -poetry run trestlebot-rules-transform -poetry run trestlebot-create-cd -poetry run trestlebot-sync-upstreams -poetry run trestlebot-create-ssp +poetry run trestlebot autosync +poetry run trestlebot rules-transform +poetry run trestlebot create compdef +poetry run trestlebot sync-upstreams +poetry run trestlebot create ssp ``` #### Local testing @@ -192,15 +192,15 @@ INPUT_SKIP_ITEMS= INPUT_DRY_RUN=true INPUT_SKIP_ASSEMBLE=false INPUT_SKIP_REGENERATE=false -INPUT_REPOSITORY=. +INPUT_REPO_PATH=. INPUT_BRANCH=test -INPUT_MARKDOWN_PATH=markdown/profiles +INPUT_MARKDOWN_DIR=markdown/profiles INPUT_OSCAL_MODEL=profile -INPUT_SSP_INDEX_PATH= +INPUT_SSP_INDEX_FILE= INPUT_COMMIT_MESSAGE= INPUT_COMMIT_USER_NAME=testuser INPUT_COMMIT_USER_EMAIL=test@example.com -INPUT_FILE_PATTERN=*.md,*.json +INPUT_FILE_PATTERNS=*.md,*.json INPUT_COMMIT_AUTHOR_NAME= INPUT_COMMIT_AUTHOR_EMAIL= INPUT_TARGET_BRANCH= @@ -230,4 +230,4 @@ Once work on a release has been completed: - Initial releases will have a `major` tag (if stable), `major`.`minor`, and the full version. - The latest release will be rebuilt every thirty days to pull in base image updates. The same tags will be published with the addition of `full-version`.`date` tag. -- Images can be built adhoc for testing purposes with the `workflow_dispatch` trigger. \ No newline at end of file +- Images can be built adhoc for testing purposes with the `workflow_dispatch` trigger. diff --git a/actions/README.md b/actions/README.md index 592b1df6..5c27222f 100644 --- a/actions/README.md +++ b/actions/README.md @@ -7,13 +7,13 @@ This document provides instructions and examples for creating and using GitHub A ## Directory Structure - Actions related to trestle-bot are located in the `actions` directory. -- Actions should correlate an entrypoint under the `trestlebot/entrypoints` directory. +- Actions should correlate a command under the `trestlebot/cli/commands` directory. ## Adding a New Action Contributors should scope trestle-bot actions to workspace management and checks. To add a new action: -> Prerequisite: An entrypoint was created under the `trestlebot/entrypoints` directory and added to the `pyproject.toml` under `[tool.poetry.scripts]` +> Prerequisite: An entrypoint was created under the `trestlebot/cli` directory and added to the `pyproject.toml` under `[tool.poetry.scripts]` 1. Create a new directory in the `actions` directory. 2. In the new directory, create an `action.yml` file that references the Dockerfile in the root of the repository. @@ -48,7 +48,7 @@ jobs: - uses: actions/checkout@v4 - uses: RedHatProductSecurity/trestle-bot/actions/create-cd@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" profile_name: "my-profile" component_definition_name: "my-component-definition" component_title: "my-component" @@ -96,7 +96,7 @@ jobs: id: autosync uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "md_comp" + markdown_dir: "md_comp" oscal_model: "compdef" commit_message: "Autosync component definition content [skip ci]" # Rule transformation is not idempotent, so you may only want to run this @@ -115,7 +115,7 @@ jobs: id: transform uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main with: - markdown_path: "md_comp" + markdown_dir: "md_comp" commit_message: "Auto-transform rules [skip ci]" ``` @@ -148,7 +148,7 @@ jobs: id: autosync uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "md_comp" + markdown_dir: "md_comp" oscal_model: "compdef" dry_run: true - uses: dorny/paths-filter@v3 @@ -162,7 +162,7 @@ jobs: id: transform uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main with: - markdown_path: "md_comp" + markdown_dir: "md_comp" dry_run: true ``` @@ -210,7 +210,7 @@ jobs: if: steps.trestlebot.outputs.changes == 'true' uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" oscal_model: "compdef" branch: "sync-upstream-${{ github.run_id }}" skip_assemble: true @@ -244,7 +244,7 @@ jobs: - name: Autosync uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "md_comp" + markdown_dir: "md_comp" oscal_model: "compdef" commit_message: "Update content for release [skip ci]" version: ${{ github.event.inputs.version }} diff --git a/actions/autosync/README.md b/actions/autosync/README.md index 7f6d3b80..5c86a823 100644 --- a/actions/autosync/README.md +++ b/actions/autosync/README.md @@ -14,7 +14,7 @@ name: Example Workflow id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/profiles" + markdown_dir: "markdown/profiles" oscal_model: "profile" ``` @@ -23,7 +23,7 @@ name: Example Workflow | Name | Description | Default | Required | | --- | --- | --- | --- | -| markdown_path | Path relative to the repository path where the Trestle markdown files are located. See action README.md for more information. | None | True | +| markdown_dir | Path relative to the repository path where the Trestle markdown files are located. See action README.md for more information. | None | True | | oscal_model | OSCAL Model type to assemble. Values can be catalog, profile, compdef, or ssp. | None | True | | dry_run | Runs tasks without pushing changes to the repository. | false | False | | github_token | "GitHub token used to make authenticated API requests. Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." | None | False | @@ -31,18 +31,18 @@ name: Example Workflow | skip_assemble | Skip assembly task. Defaults to false | false | False | | skip_regenerate | Skip regenerate task. Defaults to false. | false | False | | skip_items | Comma-separated glob patterns list of content by trestle name to skip during task execution. For example `profile_x,profile_y*,`. | None | False | -| ssp_index_path | Path relative to the repository path where the ssp index is located. See action README.md for information about the ssp index. | ssp-index.json | False | +| ssp_index_file | JSON file relative to the repository path where the ssp index is located. See action README.md for information about the ssp index. | ssp-index.json | False | | commit_message | Custom commit message | Sync automatic updates | False | -| pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | | branch | Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. | ${{ github.ref_name }} | False | | target_branch | Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. | None | False | -| file_pattern | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | -| repository | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. | . | False | +| file_patterns | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | +| repo_path | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. | . | False | | commit_user_name | Name used for the commit user. | github-actions[bot] | False | | commit_user_email | Email address used for the commit user | 41898282+github-actions[bot]@users.noreply.github.com | False | | commit_author_name | Name used for the commit author. Defaults to the username of whoever triggered this workflow run. | ${{ github.actor }} | False | | commit_author_email | Email address used for the commit author. | ${{ github.actor }}@users.noreply.github.com | False | -| verbose | Enable verbose logging | false | False | +| debug | Enable debug logging messages. | false | False | +| config | Path to trestlebot configuration file. | .trestlebot/config.yml | False | @@ -59,8 +59,8 @@ name: Example Workflow ### Additional information on workflow inputs -- `markdown_path`: This is the location for Markdown generated by the `trestle author -generate` commands -- `ssp_index_path`: This is a text file that stores the component definition information by name in trestle with the ssp name. Example below +- `markdown_dir`: This is the location for Markdown generated by the `trestle author -generate` commands +- `ssp_index_file`: This is a JSON file that stores the component definition information by name in trestle with the ssp name. Example below ```json "ssp1": { @@ -85,7 +85,7 @@ The purpose of this action is to sync JSON and Markdown data with `compliance-tr id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/profiles" + markdown_dir: "markdown/profiles" oscal_model: "profile" branch: "another-branch" ``` @@ -99,7 +99,7 @@ The purpose of this action is to sync JSON and Markdown data with `compliance-tr id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/profiles" + markdown_dir: "markdown/profiles" oscal_model: "profile" branch: "autoupdate-${{ github.run_id }}" target_branch: "main" @@ -117,7 +117,7 @@ This can be helpful if you want to enforce that the content is in sync before it id: check uses: RedHatProductSecurity/trestle-bot/actions/autosync@main with: - markdown_path: "markdown/profiles" + markdown_dir: "markdown/profiles" oscal_model: "profile" dry_run: true # Optional - Set the action to failed if changes are detected. @@ -127,7 +127,7 @@ This can be helpful if you want to enforce that the content is in sync before it with: script: | core.setFailed('Changes detected. Manual intervention required.') - + ``` -> Note: Trestle `assemble` or `regenerate` tasks may be skipped if desired using `skip_assemble: true` or `skip_regenerate: true`, respectively. \ No newline at end of file +> Note: Trestle `assemble` or `regenerate` tasks may be skipped if desired using `skip_assemble: true` or `skip_regenerate: true`, respectively. diff --git a/actions/autosync/action.yml b/actions/autosync/action.yml index 9a12bd4b..87699a92 100644 --- a/actions/autosync/action.yml +++ b/actions/autosync/action.yml @@ -3,13 +3,13 @@ author: "Red Hat Product Security" description: "An action to perform automatic synchronization of Trestle markdown files to OSCAL." inputs: - markdown_path: + markdown_dir: description: Path relative to the repository path where the Trestle markdown files are located. See action README.md for more information. required: true oscal_model: description: OSCAL Model type to assemble. Values can be catalog, profile, compdef, or ssp. required: true - dry_run: + dry_run: description: "Runs tasks without pushing changes to the repository." required: false default: "false" @@ -32,18 +32,14 @@ inputs: skip_items: description: "Comma-separated glob patterns list of content by trestle name to skip during task execution. For example `profile_x,profile_y*,`." required: false - ssp_index_path: - description: Path relative to the repository path where the ssp index is located. See action README.md for information about the ssp index. + ssp_index_file: + description: JSON file relative to the repository path where the ssp index is located. See action README.md for information about the ssp index. required: false default: "ssp-index.json" commit_message: description: Custom commit message required: false default: "Sync automatic updates" - pull_request_title: - description: Custom pull request title - required: false - default: "Automatic updates from trestlebot" branch: description: Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. required: false @@ -51,11 +47,11 @@ inputs: target_branch: description: Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. required: false - file_pattern: + file_patterns: description: Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) required: false default: '.' - repository: + repo_path: description: Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. required: false default: '.' @@ -75,10 +71,14 @@ inputs: description: Email address used for the commit author. required: false default: ${{ github.actor }}@users.noreply.github.com - verbose: - description: Enable verbose logging + debug: + description: Enable debug logging messages. required: false default: "false" + config: + description: Path to trestlebot configuration file. + required: false + default: ".trestlebot/config.yml" outputs: changes: diff --git a/actions/autosync/auto-sync-entrypoint.sh b/actions/autosync/auto-sync-entrypoint.sh index 7e084134..fc28d0df 100644 --- a/actions/autosync/auto-sync-entrypoint.sh +++ b/actions/autosync/auto-sync-entrypoint.sh @@ -8,22 +8,22 @@ source /common.sh set_git_safe_directory # Initialize the command variable -command="trestlebot-autosync \ - --markdown-path=\"${INPUT_MARKDOWN_PATH}\" \ +command="trestlebot autosync \ + --markdown-dir=\"${INPUT_MARKDOWN_DIR}\" \ --oscal-model=\"${INPUT_OSCAL_MODEL}\" \ - --ssp-index-path=\"${INPUT_SSP_INDEX_PATH}\" \ + --ssp-index-file=\"${INPUT_SSP_INDEX_FILE}\" \ --commit-message=\"${INPUT_COMMIT_MESSAGE}\" \ - --pull-request-title=\"${INPUT_PULL_REQUEST_TITLE}\" \ --branch=\"${INPUT_BRANCH}\" \ - --file-patterns=\"${INPUT_FILE_PATTERN}\" \ + --file-patterns=\"${INPUT_FILE_PATTERNS}\" \ --committer-name=\"${INPUT_COMMIT_USER_NAME}\" \ --committer-email=\"${INPUT_COMMIT_USER_EMAIL}\" \ --author-name=\"${INPUT_COMMIT_AUTHOR_NAME}\" \ --author-email=\"${INPUT_COMMIT_AUTHOR_EMAIL}\" \ - --working-dir=\"${INPUT_REPOSITORY}\" \ + --repo-path=\"${INPUT_REPO_PATH}\" \ --target-branch=\"${INPUT_TARGET_BRANCH}\" \ --skip-items=\"${INPUT_SKIP_ITEMS}\" \ - --version=\"${INPUT_VERSION}\"" + --version=\"${INPUT_VERSION}\" + --config=\"${INPUT_CONFIG}\"" # Conditionally include flags if [[ ${INPUT_SKIP_ASSEMBLE} == true ]]; then @@ -38,8 +38,8 @@ if [[ ${INPUT_DRY_RUN} == true ]]; then command+=" --dry-run" fi -if [[ ${INPUT_VERBOSE} == true ]]; then - command+=" --verbose" +if [[ ${INPUT_DEBUG} == true ]]; then + command+=" --debug" fi -eval "${command}" \ No newline at end of file +eval "${command}" diff --git a/actions/create-cd/README.md b/actions/create-cd/README.md index 98ed8567..df448a64 100644 --- a/actions/create-cd/README.md +++ b/actions/create-cd/README.md @@ -13,7 +13,7 @@ name: Example Workflow id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/create-cd@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" profile_name: "profile" component_definition_name: "component-definition" component_title: "My Component Title" @@ -25,7 +25,7 @@ name: Example Workflow | Name | Description | Default | Required | | --- | --- | --- | --- | -| markdown_path | Path relative to the repository path to create markdown files. See action README.md for more information. | None | True | +| markdown_dir | Path relative to the repository path to create markdown files. See action README.md for more information. | None | True | | profile_name | Name of the Trestle profile to use for the component definition | None | True | | component_definition_name | Name of the component definition to create | None | True | | component_title | Name of the component to create | None | True | @@ -35,16 +35,16 @@ name: Example Workflow | dry_run | Runs tasks without pushing changes to the repository. | false | False | | github_token | "GitHub token used to make authenticated API requests. Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." | None | False | | commit_message | Commit message | Sync automatic updates | False | -| pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | | branch | Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. | ${{ github.ref_name }} | False | | target_branch | Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. | None | False | -| file_pattern | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | -| repository | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | +| file_patterns | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | +| repo_path | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | | commit_user_name | Name used for the commit user | github-actions[bot] | False | | commit_user_email | Email address used for the commit user | 41898282+github-actions[bot]@users.noreply.github.com | False | | commit_author_name | Name used for the commit author. Defaults to the username of whoever triggered this workflow run. | ${{ github.actor }} | False | | commit_author_email | Email address used for the commit author. | ${{ github.actor }}@users.noreply.github.com | False | -| verbose | Enable verbose logging | false | False | +| debug | Enable debug logging messages. | false | False | +| config | Path to trestlebot configuration file. | .trestlebot/config.yml | False | @@ -61,7 +61,7 @@ name: Example Workflow ### Additional information on workflow inputs -- `markdown_path`: This is the location for Markdown generated by the `trestle author -generate` commands. +- `markdown_dir`: This is the location for Markdown generated by the `trestle author -generate` commands. ## Action Behavior @@ -76,7 +76,7 @@ The purpose of this action is to create a new component definition and commit ch id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/create-cd@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" profile_name: "profile" component_definition_name: "component-definition" component_title: "My Component Title" @@ -93,7 +93,7 @@ The purpose of this action is to create a new component definition and commit ch id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/create-cd@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" profile_name: "profile" component_definition_name: "component-definition" component_title: "My Component Title" @@ -101,4 +101,4 @@ The purpose of this action is to create a new component definition and commit ch branch: "create-cd-${{ github.run_id }}" target_branch: "main" github_token: ${{ secret.GITHUB_TOKEN }} -``` \ No newline at end of file +``` diff --git a/actions/create-cd/action.yml b/actions/create-cd/action.yml index 2471f319..b15f8f1b 100644 --- a/actions/create-cd/action.yml +++ b/actions/create-cd/action.yml @@ -3,7 +3,7 @@ author: "Red Hat Product Security" description: "An action for component definition bootstrapping" inputs: - markdown_path: + markdown_dir: description: Path relative to the repository path to create markdown files. See action README.md for more information. required: true profile_name: @@ -38,10 +38,6 @@ inputs: description: Commit message required: false default: "Sync automatic updates" - pull_request_title: - description: Custom pull request title - required: false - default: "Automatic updates from trestlebot" branch: description: Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. required: false @@ -49,11 +45,11 @@ inputs: target_branch: description: Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. required: false - file_pattern: + file_patterns: description: Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) required: false default: '.' - repository: + repo_path: description: Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) required: false default: '.' @@ -73,10 +69,14 @@ inputs: description: Email address used for the commit author. required: false default: ${{ github.actor }}@users.noreply.github.com - verbose: - description: Enable verbose logging + debug: + description: Enable debug logging messages. required: false default: "false" + config: + description: Path to trestlebot configuration file. + required: false + default: ".trestlebot/config.yml" outputs: changes: diff --git a/actions/create-cd/create-cd-entrypoint.sh b/actions/create-cd/create-cd-entrypoint.sh index e051bb12..daa1e94d 100644 --- a/actions/create-cd/create-cd-entrypoint.sh +++ b/actions/create-cd/create-cd-entrypoint.sh @@ -8,32 +8,32 @@ source /common.sh set_git_safe_directory # Initialize the command variable -command="trestlebot-create-cd \ +command="trestlebot create compdef \ --profile-name=\"${INPUT_PROFILE_NAME}\" \ --compdef-name=\"${INPUT_COMPONENT_DEFINITION_NAME}\" \ --component-title=\"${INPUT_COMPONENT_TITLE}\" \ --component-description=\"${INPUT_COMPONENT_DESCRIPTION}\" \ --component-definition-type=\"${INPUT_COMPONENT_TYPE}\" \ - --markdown-path=\"${INPUT_MARKDOWN_PATH}\" \ + --markdown-dir=\"${INPUT_MARKDOWN_DIR}\" \ --commit-message=\"${INPUT_COMMIT_MESSAGE}\" \ --filter-by-profile=\"${INPUT_FILTER_BY_PROFILE}\" \ - --pull-request-title=\"${INPUT_PULL_REQUEST_TITLE}\" \ --branch=\"${INPUT_BRANCH}\" \ - --file-patterns=\"${INPUT_FILE_PATTERN}\" \ + --file-patterns=\"${INPUT_FILE_PATTERNS}\" \ --committer-name=\"${INPUT_COMMIT_USER_NAME}\" \ --committer-email=\"${INPUT_COMMIT_USER_EMAIL}\" \ --author-name=\"${INPUT_COMMIT_AUTHOR_NAME}\" \ --author-email=\"${INPUT_COMMIT_AUTHOR_EMAIL}\" \ - --working-dir=\"${INPUT_REPOSITORY}\" \ - --target-branch=\"${INPUT_TARGET_BRANCH}\"" + --repo-path=\"${INPUT_REPO_PATH}\" \ + --target-branch=\"${INPUT_TARGET_BRANCH}\" + --config=\"${INPUT_CONFIG}\"" # Conditionally include flags -if [[ ${INPUT_VERBOSE} == true ]]; then - command+=" --verbose" -fi - if [[ ${INPUT_DRY_RUN} == true ]]; then command+=" --dry-run" fi -eval "${command}" \ No newline at end of file +if [[ ${INPUT_DEBUG} == true ]]; then + command+=" --debug" +fi + +eval "${command}" diff --git a/actions/rules-transform/README.md b/actions/rules-transform/README.md index b5860a01..7838199a 100644 --- a/actions/rules-transform/README.md +++ b/actions/rules-transform/README.md @@ -14,7 +14,7 @@ name: Example Workflow id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main with: - markdown_path: "markdown/components" + markdown_dir: "markdown/components" ``` @@ -27,8 +27,8 @@ With custom rules directory: id: trestlebot uses: RedHatProductSecurity/trestle-bot/actions/rules-transform@main with: - markdown_path: "markdown/components" - rules_view_path: "custom-rules-dir/" + markdown_dir: "markdown/components" + rules_view_dir: "custom-rules-dir/" ``` ## Action Inputs @@ -36,22 +36,22 @@ With custom rules directory: | Name | Description | Default | Required | | --- | --- | --- | --- | -| markdown_path | Path relative to the repository path to create markdown files. See action README.md for more information. | None | True | -| rules_view_path | Path relative to the repository path where the Trestle rules view files are located. Defaults to `rules/`. | rules/ | False | +| markdown_dir | Path relative to the repository path to create markdown files. See action README.md for more information. | None | True | +| rules_view_dir | Path relative to the repository path where the Trestle rules view files are located. Defaults to `rules/`. | rules/ | False | | dry_run | Runs tasks without pushing changes to the repository. | false | False | | github_token | "GitHub token used to make authenticated API requests. Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." | None | False | | skip_items | Comma-separated glob patterns list of content by Trestle name to skip during task execution. For example `compdef_x,compdef_y*,`. | None | False | | commit_message | Commit message | Sync automatic updates | False | -| pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | | branch | Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. | ${{ github.ref_name }} | False | | target_branch | Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. | None | False | -| file_pattern | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | -| repository | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | +| file_patterns | Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | +| repo_path | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | | commit_user_name | Name used for the commit user | github-actions[bot] | False | | commit_user_email | Email address used for the commit user | 41898282+github-actions[bot]@users.noreply.github.com | False | | commit_author_name | Name used for the commit author. Defaults to the username of whoever triggered this workflow run. | ${{ github.actor }} | False | | commit_author_email | Email address used for the commit author. | ${{ github.actor }}@users.noreply.github.com | False | -| verbose | Enable verbose logging | false | False | +| debug | Enable debug logging messages. | false | False | +| config | Path to trestlebot configuration file. | .trestlebot/config.yml | False | @@ -94,4 +94,4 @@ The purpose of this action is to sync the rules view data in YAML to OSCAL with branch: "transform-${{ github.run_id }}" target_branch: "main" github_token: ${{ secret.GITHUB_TOKEN }} -``` \ No newline at end of file +``` diff --git a/actions/rules-transform/action.yml b/actions/rules-transform/action.yml index 9d815963..e21381bb 100644 --- a/actions/rules-transform/action.yml +++ b/actions/rules-transform/action.yml @@ -3,14 +3,14 @@ author: "Red Hat Product Security" description: "A rules transform action to convert trestle rules in YAML format to OSCAL and propagates changes to Markdown." inputs: - markdown_path: + markdown_dir: description: Path relative to the repository path to create markdown files. See action README.md for more information. required: true - rules_view_path: + rules_view_dir: description: Path relative to the repository path where the Trestle rules view files are located. Defaults to `rules/`. required: false default: "rules/" - dry_run: + dry_run: description: "Runs tasks without pushing changes to the repository." required: false default: "false" @@ -26,10 +26,6 @@ inputs: description: Commit message required: false default: "Sync automatic updates" - pull_request_title: - description: Custom pull request title - required: false - default: "Automatic updates from trestlebot" branch: description: Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. required: false @@ -37,11 +33,11 @@ inputs: target_branch: description: Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. required: false - file_pattern: + file_patterns: description: Comma separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) required: false default: '.' - repository: + repo_path: description: Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) required: false default: '.' @@ -61,10 +57,14 @@ inputs: description: Email address used for the commit author. required: false default: ${{ github.actor }}@users.noreply.github.com - verbose: - description: Enable verbose logging + debug: + description: Enable debug logging messages. required: false default: "false" + config: + description: Path to trestlebot configuration file. + required: false + default: ".trestlebot/config.yml" outputs: changes: diff --git a/actions/rules-transform/rules-transform-entrypoint.sh b/actions/rules-transform/rules-transform-entrypoint.sh index 22c18b99..0e928c23 100644 --- a/actions/rules-transform/rules-transform-entrypoint.sh +++ b/actions/rules-transform/rules-transform-entrypoint.sh @@ -8,28 +8,29 @@ source /common.sh set_git_safe_directory # Initialize the command variable -command="trestlebot-rules-transform \ - --markdown-path=\"${INPUT_MARKDOWN_PATH}\" \ - --rules-view-path=\"${INPUT_RULES_VIEW_PATH}\" \ +command="trestlebot rules-transform \ + --markdown-dir=\"${INPUT_MARKDOWN_DIR}\" \ + --rules-view-dir=\"${INPUT_RULES_VIEW_DIR}\" \ --commit-message=\"${INPUT_COMMIT_MESSAGE}\" \ - --pull-request-title=\"${INPUT_PULL_REQUEST_TITLE}\" \ --branch=\"${INPUT_BRANCH}\" \ - --file-patterns=\"${INPUT_FILE_PATTERN}\" \ + --file-patterns=\"${INPUT_FILE_PATTERNS}\" \ --committer-name=\"${INPUT_COMMIT_USER_NAME}\" \ --committer-email=\"${INPUT_COMMIT_USER_EMAIL}\" \ --author-name=\"${INPUT_COMMIT_AUTHOR_NAME}\" \ --author-email=\"${INPUT_COMMIT_AUTHOR_EMAIL}\" \ - --working-dir=\"${INPUT_REPOSITORY}\" \ + --repo-path=\"${INPUT_REPO_PATH}\" \ --target-branch=\"${INPUT_TARGET_BRANCH}\" \ - --skip-items=\"${INPUT_SKIP_ITEMS}\"" + --skip-items=\"${INPUT_SKIP_ITEMS}\" + --version=\"${INPUT_VERSION}\" + --config=\"${INPUT_CONFIG}\"" # Conditionally include flags -if [[ ${INPUT_VERBOSE} == true ]]; then - command+=" --verbose" -fi - if [[ ${INPUT_DRY_RUN} == true ]]; then command+=" --dry-run" fi -eval "${command}" \ No newline at end of file +if [[ ${INPUT_DEBUG} == true ]]; then + command+=" --debug" +fi + +eval "${command}" diff --git a/actions/sync-upstreams/README.md b/actions/sync-upstreams/README.md index 7641f513..baa65fa4 100644 --- a/actions/sync-upstreams/README.md +++ b/actions/sync-upstreams/README.md @@ -25,20 +25,20 @@ name: Example Workflow | sources | A newline separated list of upstream sources to sync with a repo@branch format. For example, `https://github.com/myorg/myprofiles@main` | None | True | | dry_run | Runs tasks without pushing changes to the repository. | false | False | | github_token | "GitHub token used to make authenticated API requests. Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." | None | False | -| include_model_names | Comma-separated glob pattern list of model names (i.e. trestle directory name) to include in the sync. For example, `*framework-v2`. Defaults to include all model names. | None | False | -| exclude_model_names | Comma-separated glob pattern of model names (i.e. trestle directory name) to exclude from the sync. For example, `*framework-v1`. Defaults to skip no model names. | None | False | +| include_models | Comma-separated glob pattern list of model names (i.e. trestle directory name) to include in the sync. For example, `*framework-v2`. Defaults to include all model names. | None | False | +| exclude_models | Comma-separated glob pattern of model names (i.e. trestle directory name) to exclude from the sync. For example, `*framework-v1`. Defaults to skip no model names. | None | False | | skip_validation | Skip validation of the upstream OSCAL content. Defaults to false | false | False | | commit_message | Commit message | Sync automatic updates | False | -| pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | | branch | Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. | ${{ github.ref_name }} | False | | target_branch | Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. | None | False | -| file_pattern | Comma-separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | -| repository | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | +| file_patterns | Comma-separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) | . | False | +| repo_path | Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) | . | False | | commit_user_name | Name used for the commit user | github-actions[bot] | False | | commit_user_email | Email address used for the commit user | 41898282+github-actions[bot]@users.noreply.github.com | False | | commit_author_name | Name used for the commit author. Defaults to the username of whoever triggered this workflow run. | ${{ github.actor }} | False | | commit_author_email | Email address used for the commit author. | ${{ github.actor }}@users.noreply.github.com | False | -| verbose | Enable verbose logging | false | False | +| debug | Enable debug logging messages. | false | False | +| config | Path to trestlebot configuration file. | .trestlebot/config.yml | False | diff --git a/actions/sync-upstreams/action.yml b/actions/sync-upstreams/action.yml index b6057684..ac69d393 100644 --- a/actions/sync-upstreams/action.yml +++ b/actions/sync-upstreams/action.yml @@ -15,10 +15,10 @@ inputs: "GitHub token used to make authenticated API requests. Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." required: false - include_model_names: + include_models: description: "Comma-separated glob pattern list of model names (i.e. trestle directory name) to include in the sync. For example, `*framework-v2`. Defaults to include all model names." required: false - exclude_model_names: + exclude_models: description: "Comma-separated glob pattern of model names (i.e. trestle directory name) to exclude from the sync. For example, `*framework-v1`. Defaults to skip no model names." required: false skip_validation: @@ -29,10 +29,6 @@ inputs: description: Commit message required: false default: "Sync automatic updates" - pull_request_title: - description: Custom pull request title - required: false - default: "Automatic updates from trestlebot" branch: description: Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. required: false @@ -40,11 +36,11 @@ inputs: target_branch: description: Target branch (or base branch) to create a pull request against. If unset, no pull request will be created. If set, a pull request will be created using the `branch` field as the head branch. required: false - file_pattern: + file_patterns: description: Comma-separated file pattern list used for `git add`. For example `component-definitions/*,*json`. Defaults to (`.`) required: false default: '.' - repository: + repo_path: description: Local file path to the git repository with a valid trestle project root relative to the GitHub workspace. Defaults to the current directory (`.`) required: false default: '.' @@ -64,10 +60,14 @@ inputs: description: Email address used for the commit author. required: false default: ${{ github.actor }}@users.noreply.github.com - verbose: - description: Enable verbose logging + debug: + description: Enable debug logging messages. required: false default: "false" + config: + description: Path to trestlebot configuration file. + required: false + default: ".trestlebot/config.yml" outputs: changes: diff --git a/actions/sync-upstreams/sync-upstreams-entrypoint.sh b/actions/sync-upstreams/sync-upstreams-entrypoint.sh index 8c38a84c..2f0f2e0f 100644 --- a/actions/sync-upstreams/sync-upstreams-entrypoint.sh +++ b/actions/sync-upstreams/sync-upstreams-entrypoint.sh @@ -11,32 +11,32 @@ set_git_safe_directory INPUT_SOURCES=$(echo "${INPUT_SOURCES}" | tr '\n' ' ' | tr -s ' ' | sed 's/ *$//' | tr ' ' ',') # Initialize the command variable -command="trestlebot-sync-upstreams \ +command="trestlebot sync-upstreams \ --sources=\"${INPUT_SOURCES}\" \ - --include-model-names=\"${INPUT_INCLUDE_MODEL_NAMES}\" \ - --exclude-model-names=\"${INPUT_EXCLUDE_MODEL_NAMES}\" \ + --include-models=\"${INPUT_INCLUDE_MODELS}\" \ + --exclude-models=\"${INPUT_EXCLUDE_MODELS}\" \ --commit-message=\"${INPUT_COMMIT_MESSAGE}\" \ - --pull-request-title=\"${INPUT_PULL_REQUEST_TITLE}\" \ --branch=\"${INPUT_BRANCH}\" \ - --file-patterns=\"${INPUT_FILE_PATTERN}\" \ + --file-patterns=\"${INPUT_FILE_PATTERNS}\" \ --committer-name=\"${INPUT_COMMIT_USER_NAME}\" \ --committer-email=\"${INPUT_COMMIT_USER_EMAIL}\" \ --author-name=\"${INPUT_COMMIT_AUTHOR_NAME}\" \ --author-email=\"${INPUT_COMMIT_AUTHOR_EMAIL}\" \ - --working-dir=\"${INPUT_REPOSITORY}\" \ - --target-branch=\"${INPUT_TARGET_BRANCH}\"" + --repo-path=\"${INPUT_REPO_PATH}\" \ + --target-branch=\"${INPUT_TARGET_BRANCH}\" + --config=\"${INPUT_CONFIG}\"" # Conditionally include flags -if [[ ${INPUT_VERBOSE} == true ]]; then - command+=" --verbose" +if [[ ${INPUT_SKIP_VALIDATION} == true ]]; then + command+=" --skip-validation" fi if [[ ${INPUT_DRY_RUN} == true ]]; then command+=" --dry-run" fi -if [[ ${INPUT_SKIP_VALIDATION} == true ]]; then - command+=" --skip-validation" +if [[ ${INPUT_DEBUG} == true ]]; then + command+=" --debug" fi -eval "${command}" \ No newline at end of file +eval "${command}"