Releases: RedHatProductSecurity/trestle-bot
Releases · RedHatProductSecurity/trestle-bot
v0.11.0
0.11.0 (2024-09-25)
⚠ BREAKING CHANGES
- default module entrypoint is now the init command
- Modifies the existing behavior of the rules transform entrypoint
Features
- adding init command to entrypoints (#326) (868c1fa)
- adds markdown generation to the rules transform entrypoint (#282) (84dec70)
- removes provider from init and moves CI templates (#344) (21b4043)
- tutorial for GitHub and init command (#333) (6334c1f)
- update module default to use init entrypoint (#329) (d1490cb)
- updates SSP generation to include all parts (#348) (18c6600)
Bug Fixes
- add markdown-include package to workflow and poetry (#339) (c7a05ee)
- updates dependabot prefix for conventional commits (#308) (ee86f5c)
- updates e2e tests checkout ref during image publishing (#334) (5439b91)
Maintenance
v0.10.1
What's Changed
- ⬆️ bump actions/setup-python from 4 to 5 in /.github/actions/setup-poetry by @dependabot in #224
- ⬆️ bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #227
- ⬆️ bump authlib from 1.3.0 to 1.3.1 by @dependabot in #252
- ⬆️ bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #253
- ci: pins all reference GitHub actions to a hash value by @jpower432 in #242
- fix: updates GitHub Actions runner image and restart policy by @jpower432 in #255
Full Changelog: v0.10.0...v0.10.1
v0.10.0
What's Changed
- PSCE-408 refactor: replaces regex with urllib for repo URL parsing by @jpower432 in #215
- PSCE-408 feat: adds flags to set git provider information when interacting with the API by @jpower432 in #217
- ci: updates publish.yml image releasing process by @jpower432 in #220
- PSCE-420: ci: updates e2e testing workflow to test before image publishing by @jpower432 in #221
- ⬆️ Bump python-dateutil from 2.8.2 to 2.9.0.post0 by @dependabot in #188
- ⬆️ Bump pydantic from 1.10.14 to 1.10.15 by @dependabot in #209
- [Issue-230] Set default values to None instead of empty strings by @gvauter in #233
- ⬆️ bump requests from 2.31.0 to 2.32.2 by @dependabot in #232
- docs: add release process to contributing doc by @jpower432 in #229
- docs: updates table of contents with release process by @jpower432 in #236
New Contributors
Full Changelog: v0.9.0...v0.10.0
v0.9.0
Maintainer Notes
These release has a breaking change. Updating to this version will require code changes - see #195 more more information.
Migration Notes
If you were using the check_only
input in the autosync
action, please see the example below on how to achieve this with the dry_run
input:
steps:
- uses: actions/checkout@v3
- name: Run trestlebot
id: check
uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
with:
markdown_path: "markdown/profiles"
oscal_model: "profile"
dry_run: true
# Optional - Set the action to failed if changes are detected.
- name: Fail for changes
if: ${{ steps.check.outputs.changes == 'true' }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Changes detected. Manual intervention required.')
What's Changed
- ⬆️ Bump idna from 3.6 to 3.7 by @dependabot in #210
- ⬆️ Bump safety from 3.0.1 to 3.1.0 by @dependabot in #203
- feat: replaces 'check_only' with 'dry_run' option by @jpower432 in #195
- ⬆️ Bump email-validator from 2.1.0.post1 to 2.1.1 by @dependabot in #180
- refactor: migrates rule validation to pydantic by @jpower432 in #207
Full Changelog: v0.8.1...v0.9.0
v0.8.1
What's Changed
- fix: removes default version in GitHub action by @jpower432 in #194
- chore: update logging format by @jpower432 in #196
- docs: update README under actions directory by @jpower432 in #192
- fix: prevent extra log messages in stdout by @jpower432 in #199
- refactor: improves readability of the SSP end to end tests by @jpower432 in #198
- ⬆️ Bump black from 23.12.1 to 24.3.0 by @dependabot in #202
- ⬆️ Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in #201
- ⬆️ Bump responses from 0.24.1 to 0.25.0 by @dependabot in #174
Full Changelog: v0.8.0...v0.8.1
v0.8.0
What's Changed
- refactor: adds a E2ETestRunner for E2E tests by @jpower432 in #177
- ⬆️ Bump flake8 from 6.1.0 to 7.0.0 by @dependabot in #146
- chore: updates descriptions on actions inputs to be more precise by @jpower432 in #184
- chore: removes input repository from the safe workspace by @jpower432 in #185
- feat: adds version flag to autosync command for assembly task by @jpower432 in #187
- fix: adds OSCAL validated component definition types to create-cd by @jpower432 in #191
Full Changelog: v0.7.2...v0.8.0
v0.7.2
What's Changed
- ⬆️ Bump orjson from 3.9.14 to 3.9.15 by @dependabot in #176
- docs: adds README updates for compliance-trestle org move by @jpower432 in #175
- ⬆️ Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #178
- ⬆️ Bump pydantic from 1.10.13 to 1.10.14 by @dependabot in #161
- feat: adds main_comp_only to create_new_with_filter in ssp.py by @jpower432 in #179
- fix: updates CSVTransformer to separate controls with spaces instead of commas by @jpower432 in #183
Note: The feature added is for an internal method only which is why this is a patch version bump
Full Changelog: v0.7.1...v0.7.2
v0.7.1
What's Changed
- chore: updates CSVBuilder to handle updates to the compliance-trestle CSVColumns class by @jpower432 in #172
Full Changelog: v0.7.0...v0.7.1
v0.7.0
What's Changed
- fix: fixes typos in the TrestleBot class in bot.py by @jpower432 in #153
- chore: updates source file header and adds corresponding documentation by @jpower432 in #154
- ⬆️ Bump safety from 2.4.0b2 to 3.0.1 by @dependabot in #155
- docs: updates README.md and sync-upstreams README.md by @jpower432 in #160
- chore: removes markdown creation from create_new_with_filter by @jpower432 in #159
- PSCE-321-P1: Adds yaml header path to ssp index by @jpower432 in #157
- ⬆️ Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #162
- PSCE-299: Adds create-ssp entrypoint by @jpower432 in #158
- ⬆️ Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #164
- docs: updates README for create-ssp by @jpower432 in #167
- ⬆️ Bump marshmallow from 3.20.1 to 3.20.2 by @dependabot in #145
- docs: fixes typos in the README.md file by @jpower432 in #168
- chore(deps): updates compliance-trestle to 2.5.1 by @jpower432 in #170
- feat: adds check to TrestleRule to match compliance-trestle CSV fields by @jpower432 in #173
Full Changelog: v0.6.0...v0.7.0
v0.6.0
What's Changed
- ⬆️ Bump sigstore/cosign-installer from 3.1.1 to 3.3.0 by @dependabot in #122
- ⬆️ Bump isort from 5.12.0 to 5.13.2 by @dependabot in #121
- docs: adds badges to README.md by @jpower432 in #120
- ⬆️ Bump actions/download-artifact from 3 to 4 by @dependabot in #125
- ⬆️ Bump actions/upload-artifact from 3 to 4 by @dependabot in #124
- ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.0 to 2.1.1 by @dependabot in #117
- test: add unit tests for missed code paths by @jpower432 in #126
- ⬆️ Bump typing-extensions from 4.8.0 to 4.9.0 by @dependabot in #113
- ⬆️ Bump paramiko from 3.3.1 to 3.4.0 by @dependabot in #129
- docs: fixes links in badges on README.md by @jpower432 in #127
- chore: docs and config maintenance by @jpower432 in #105
- fix: fixes table of contents in CONTRIBUTING.md by @jpower432 in #132
- fix: updates language for linting pre-commit to system by @jpower432 in #133
- ⬆️ Bump distlib from 0.3.7 to 0.3.8 by @dependabot in #114
- docs: updates CONTRIBUTING.md with minor fixes by @jpower432 in #135
- chore(deps): bumps the default poetry version used in image and the environment to 1.7.1 by @jpower432 in #119
- ⬆️ Bump argcomplete from 3.1.6 to 3.2.1 by @dependabot in #110
- ⬆️ Bump pathspec from 0.11.2 to 0.12.1 by @dependabot in #111
- chore(deps): bump compliance-trestle to version 2.5.0 by @jpower432 in #140
- chore: adds automation to update action README.md files by @jpower432 in #123
- ⬆️ Bump gitpython from 3.1.40 to 3.1.41 by @dependabot in #143
- PSCE-302 feat: adds a task to sync third party content to a local trestle workspace by @jpower432 in #137
- ⬆️ Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #131
- chore: adds E2E tests to ci.yml by @jpower432 in #141
- ⬆️ Bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #147
- chore(deps): updates Dockerfile to upgrade setuptools during build by @jpower432 in #144
- PSCE-303 feat: adds trestlebot-sync-upstreams command by @jpower432 in #142
- PSCE-309 - Adds sync-upstreams GitHub Action and usage documentation by @jpower432 in #148
Full Changelog: v0.5.0...v0.6.0