Skip to content

Releases: RedHatProductSecurity/trestle-bot

v0.11.0

25 Sep 21:06
5158116
Compare
Choose a tag to compare

0.11.0 (2024-09-25)

⚠ BREAKING CHANGES

  • default module entrypoint is now the init command
  • Modifies the existing behavior of the rules transform entrypoint

Features

  • adding init command to entrypoints (#326) (868c1fa)
  • adds markdown generation to the rules transform entrypoint (#282) (84dec70)
  • removes provider from init and moves CI templates (#344) (21b4043)
  • tutorial for GitHub and init command (#333) (6334c1f)
  • update module default to use init entrypoint (#329) (d1490cb)
  • updates SSP generation to include all parts (#348) (18c6600)

Bug Fixes

  • add markdown-include package to workflow and poetry (#339) (c7a05ee)
  • updates dependabot prefix for conventional commits (#308) (ee86f5c)
  • updates e2e tests checkout ref during image publishing (#334) (5439b91)

Maintenance

  • change dependabot frequency to weekly (#290) (3da37f7)
  • deps: adds compliance-trestle-fedramp dependency (#349) (aeb6e0c), closes #318
  • deps: bump trestle to version v3.3.0 (#269) (a2a2db6)

v0.10.1

12 Jul 16:01
7fd64e0
Compare
Choose a tag to compare

What's Changed

  • ⬆️ bump actions/setup-python from 4 to 5 in /.github/actions/setup-poetry by @dependabot in #224
  • ⬆️ bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #227
  • ⬆️ bump authlib from 1.3.0 to 1.3.1 by @dependabot in #252
  • ⬆️ bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #253
  • ci: pins all reference GitHub actions to a hash value by @jpower432 in #242
  • fix: updates GitHub Actions runner image and restart policy by @jpower432 in #255

Full Changelog: v0.10.0...v0.10.1

v0.10.0

29 May 19:30
ca86495
Compare
Choose a tag to compare

What's Changed

  • PSCE-408 refactor: replaces regex with urllib for repo URL parsing by @jpower432 in #215
  • PSCE-408 feat: adds flags to set git provider information when interacting with the API by @jpower432 in #217
  • ci: updates publish.yml image releasing process by @jpower432 in #220
  • PSCE-420: ci: updates e2e testing workflow to test before image publishing by @jpower432 in #221
  • ⬆️ Bump python-dateutil from 2.8.2 to 2.9.0.post0 by @dependabot in #188
  • ⬆️ Bump pydantic from 1.10.14 to 1.10.15 by @dependabot in #209
  • [Issue-230] Set default values to None instead of empty strings by @gvauter in #233
  • ⬆️ bump requests from 2.31.0 to 2.32.2 by @dependabot in #232
  • docs: add release process to contributing doc by @jpower432 in #229
  • docs: updates table of contents with release process by @jpower432 in #236

New Contributors

Full Changelog: v0.9.0...v0.10.0

v0.9.0

30 Apr 13:58
10421a3
Compare
Choose a tag to compare

Maintainer Notes

These release has a breaking change. Updating to this version will require code changes - see #195 more more information.

Migration Notes

If you were using the check_only input in the autosync action, please see the example below on how to achieve this with the dry_run input:

   steps:
      - uses: actions/checkout@v3
      - name: Run trestlebot
        id: check
        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
        with:
          markdown_path: "markdown/profiles"
          oscal_model: "profile"
          dry_run: true
      # Optional - Set the action to failed if changes are detected.
      - name: Fail for changes
        if: ${{ steps.check.outputs.changes == 'true' }}
        uses: actions/github-script@v7
        with:
          script: |
              core.setFailed('Changes detected. Manual intervention required.')

What's Changed

Full Changelog: v0.8.1...v0.9.0

v0.8.1

12 Apr 18:14
8279d6f
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.8.0...v0.8.1

v0.8.0

21 Mar 16:38
393fd85
Compare
Choose a tag to compare

What's Changed

  • refactor: adds a E2ETestRunner for E2E tests by @jpower432 in #177
  • ⬆️ Bump flake8 from 6.1.0 to 7.0.0 by @dependabot in #146
  • chore: updates descriptions on actions inputs to be more precise by @jpower432 in #184
  • chore: removes input repository from the safe workspace by @jpower432 in #185
  • feat: adds version flag to autosync command for assembly task by @jpower432 in #187
  • fix: adds OSCAL validated component definition types to create-cd by @jpower432 in #191

Full Changelog: v0.7.2...v0.8.0

v0.7.2

05 Mar 15:03
30d601a
Compare
Choose a tag to compare

What's Changed

  • ⬆️ Bump orjson from 3.9.14 to 3.9.15 by @dependabot in #176
  • docs: adds README updates for compliance-trestle org move by @jpower432 in #175
  • ⬆️ Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #178
  • ⬆️ Bump pydantic from 1.10.13 to 1.10.14 by @dependabot in #161
  • feat: adds main_comp_only to create_new_with_filter in ssp.py by @jpower432 in #179
  • fix: updates CSVTransformer to separate controls with spaces instead of commas by @jpower432 in #183

Note: The feature added is for an internal method only which is why this is a patch version bump

Full Changelog: v0.7.1...v0.7.2

v0.7.1

26 Feb 17:30
bfdd94f
Compare
Choose a tag to compare

What's Changed

  • chore: updates CSVBuilder to handle updates to the compliance-trestle CSVColumns class by @jpower432 in #172

Full Changelog: v0.7.0...v0.7.1

v0.7.0

16 Feb 18:20
5e64a4a
Compare
Choose a tag to compare

What's Changed

  • fix: fixes typos in the TrestleBot class in bot.py by @jpower432 in #153
  • chore: updates source file header and adds corresponding documentation by @jpower432 in #154
  • ⬆️ Bump safety from 2.4.0b2 to 3.0.1 by @dependabot in #155
  • docs: updates README.md and sync-upstreams README.md by @jpower432 in #160
  • chore: removes markdown creation from create_new_with_filter by @jpower432 in #159
  • PSCE-321-P1: Adds yaml header path to ssp index by @jpower432 in #157
  • ⬆️ Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #162
  • PSCE-299: Adds create-ssp entrypoint by @jpower432 in #158
  • ⬆️ Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #164
  • docs: updates README for create-ssp by @jpower432 in #167
  • ⬆️ Bump marshmallow from 3.20.1 to 3.20.2 by @dependabot in #145
  • docs: fixes typos in the README.md file by @jpower432 in #168
  • chore(deps): updates compliance-trestle to 2.5.1 by @jpower432 in #170
  • feat: adds check to TrestleRule to match compliance-trestle CSV fields by @jpower432 in #173

Full Changelog: v0.6.0...v0.7.0

v0.6.0

17 Jan 17:06
f0ce981
Compare
Choose a tag to compare

What's Changed

  • ⬆️ Bump sigstore/cosign-installer from 3.1.1 to 3.3.0 by @dependabot in #122
  • ⬆️ Bump isort from 5.12.0 to 5.13.2 by @dependabot in #121
  • docs: adds badges to README.md by @jpower432 in #120
  • ⬆️ Bump actions/download-artifact from 3 to 4 by @dependabot in #125
  • ⬆️ Bump actions/upload-artifact from 3 to 4 by @dependabot in #124
  • ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.0 to 2.1.1 by @dependabot in #117
  • test: add unit tests for missed code paths by @jpower432 in #126
  • ⬆️ Bump typing-extensions from 4.8.0 to 4.9.0 by @dependabot in #113
  • ⬆️ Bump paramiko from 3.3.1 to 3.4.0 by @dependabot in #129
  • docs: fixes links in badges on README.md by @jpower432 in #127
  • chore: docs and config maintenance by @jpower432 in #105
  • fix: fixes table of contents in CONTRIBUTING.md by @jpower432 in #132
  • fix: updates language for linting pre-commit to system by @jpower432 in #133
  • ⬆️ Bump distlib from 0.3.7 to 0.3.8 by @dependabot in #114
  • docs: updates CONTRIBUTING.md with minor fixes by @jpower432 in #135
  • chore(deps): bumps the default poetry version used in image and the environment to 1.7.1 by @jpower432 in #119
  • ⬆️ Bump argcomplete from 3.1.6 to 3.2.1 by @dependabot in #110
  • ⬆️ Bump pathspec from 0.11.2 to 0.12.1 by @dependabot in #111
  • chore(deps): bump compliance-trestle to version 2.5.0 by @jpower432 in #140
  • chore: adds automation to update action README.md files by @jpower432 in #123
  • ⬆️ Bump gitpython from 3.1.40 to 3.1.41 by @dependabot in #143
  • PSCE-302 feat: adds a task to sync third party content to a local trestle workspace by @jpower432 in #137
  • ⬆️ Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #131
  • chore: adds E2E tests to ci.yml by @jpower432 in #141
  • ⬆️ Bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #147
  • chore(deps): updates Dockerfile to upgrade setuptools during build by @jpower432 in #144
  • PSCE-303 feat: adds trestlebot-sync-upstreams command by @jpower432 in #142
  • PSCE-309 - Adds sync-upstreams GitHub Action and usage documentation by @jpower432 in #148

Full Changelog: v0.5.0...v0.6.0