Merge pull request #4 from IBM/develop

Test release
oscal-compass · Nov 11, 2021 · e8fa012 · e8fa012
2 parents 44298fe + 58ade78
commit e8fa012
Show file tree

Hide file tree

Showing 28 changed files with 1,123 additions and 109 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,34 @@
+---
+about: Create a report to help us improve
+assignees: ''
+labels: ''
+name: Bug report
+title: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To Reproduce
+
+Steps to reproduce the behavior:
+
+1. Go to '...'
+1. Click on '....'
+1. Scroll down to '....'
+1. See error
+
+## Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+## Screenshots / Logs.
+
+If applicable, add screenshots to help explain your problem.
+
+## Environment
+
+- OS: \[e.g. iOS\]
+- Python version:
+- Installed packages:
diff --git a/.github/ISSUE_TEMPLATE/new_collaborator.md b/.github/ISSUE_TEMPLATE/new_collaborator.md
@@ -0,0 +1,17 @@
+---
+about: Request collaborator access
+assignees: ''
+labels: ''
+name: New Collaborator
+title: ''
+---
+
+I would like collaborator (write) access to this repository.
+
+- [ ] I have read the [contributing guidelines][contributing]
+- [ ] I understand the responsibilities of a collaborator are to:
+  - help review contributions to the compliance-trestle tool
+  - help make & test releases
+  - help promote the project
+
+[contributing]: https://github.com/IBM/compliance-trestle/blob/main/CONTRIBUTING.md
diff --git a/.github/ISSUE_TEMPLATE/proposed_change.md b/.github/ISSUE_TEMPLATE/proposed_change.md
@@ -0,0 +1,13 @@
+---
+about: Propose a change to the trestle project
+assignees: ''
+labels: ''
+name: Proposed change
+title: ''
+---
+
+## Issue description / feature objectives
+
+## Caveats / Assumptions
+
+## Completion Criteria
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,19 @@
+## Types of changes
+
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] My code follows the code style of this project.
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.
+- [ ] I have added tests to cover my changes.
+- [ ] All new and existing tests passed.
+- [ ] All commits are signed-off.
+
+## Summary
+
+## Key links:
+
+- [Sonar coverage](https://sonarcloud.io/dashboard?id=compliance-trestle)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop, main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '44 7 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/conventional-pr.yml b/.github/workflows/conventional-pr.yml
@@ -0,0 +1,51 @@
+name: "Lint PR"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branch:
+      - 'develop'
+jobs:
+  lint:
+    if: ${{ github.head_ref != 'develop' }}
+    concurrency: 
+      group: ${{ github.head_ref }}-${{ github.workflow }}
+      cancel-in-progress: true
+    runs-on: ubuntu-latest
+    steps:
+      # Please look up the latest version from
+      # https://github.com/amannn/action-semantic-pull-request/releases
+      - uses: amannn/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # Configure which types are allowed.
+          # Default: https://github.com/commitizen/conventional-commit-types
+          # Configure which scopes are allowed.
+          scopes: |
+            core
+            models
+            transformers
+            docs
+            cicd
+            author
+            cli
+          # Configure that a scope must always be provided.
+          requireScope: false
+          # Configure additional validation for the subject based on a regex.
+          # This example ensures the subject doesn't start with an uppercase character.
+          # For work-in-progress PRs you can typically use draft pull requests 
+          # from Github. However, private repositories on the free plan don't have 
+          # this option and therefore this action allows you to opt-in to using the 
+          # special "[WIP]" prefix to indicate this state. This will avoid the 
+          # validation of the PR title and the pull request checks remain pending.
+          # Note that a second check will be reported if this is enabled.
+          wip: true
+          # When using "Squash and merge" on a PR with only one commit, GitHub
+          # will suggest using that commit message instead of the PR title for the
+          # merge commit, and it's easy to commit this by mistake. Enable this option
+          # to also validate the commit
+          validateSingleCommit: true
diff --git a/.github/workflows/python-push.yml b/.github/workflows/python-push.yml
@@ -0,0 +1,125 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+name: Trestle Fedramp Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        include:
+        - os: ubuntu-latest
+          path: ~/.cache/pip
+        - os: macos-latest
+          path: ~/Library/Caches/pip
+        - os: windows-latest
+          path: ~\AppData\Local\pip\Cache
+        python-version: [3.7, 3.8, 3.9]
+
+    steps:
+    - name: Don't mess with  line endings
+      run: |
+        git config --global core.autocrlf false
+    - uses: actions/checkout@v2
+      with:
+        submodules: true
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - uses: actions/cache@v2
+      with:
+        path: ${{ matrix.path }}
+        key: ${{ matrix.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('setup.cfg') }}
+        restore-keys: |
+         ${{ matrix.os }}-${{ matrix.python-version }}-pip-
+
+    - name: Install build tools
+      run: |
+        make develop
+    - name: Setup pre-commit
+      if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      run: |
+        make pre-commit
+    - name: Install dependencies
+      run: |
+        make install
+    - name: Run md document formatting (mdformat)
+      if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      run: |
+        make mdformat
+    - name: Run code formatting (yapf)
+      if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      run: |
+        make code-format
+    - name: Run code linting (flake8)
+      if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      run: |
+        make code-lint
+    - name: Run code typing check (mypy)
+      if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      continue-on-error: true 
+      run: |
+        make code-typing
+    - name: Pytest Fast
+      if: ${{ !(matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      run: |
+        make test
+    - name: Pytest Cov
+      if: ${{ matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7' }}
+      run: |
+        make test-cov
+    - name: Push code-cov
+      if: ${{ !(matrix.os == 'ubuntu-latest' && matrix.python-version == '3.7') }}
+      uses: codecov/codecov-action@v1
+      with: 
+        token: ${{ secrets.CODECOV_TOKEN }}
+        file: ./coverage.xml
+  deploy:
+
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main' && github.repository == 'IBM/compliance-trestle-fedramp'
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        submodules: true
+        fetch-depth: 0
+        token: ${{ secrets.ADMIN_PAT }} 
+    - name: Set up Python 3.7
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.7
+    - name: Install build tools
+      run: |
+        make develop
+    - name: Create release
+      shell: bash
+      env:
+        PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+        GH_TOKEN: ${{ secrets.ADMIN_PAT }}
+      run: |
+        make release
+
+  merge-main-to-develop:
+    name: Merge main -> develop
+    runs-on: ubuntu-latest
+    needs: deploy
+    concurrency: 
+      group: ${{ github.ref }}-${{ github.workflow }}-${{ github.job }}-main
+      cancel-in-progress: true
+    if: github.ref == 'refs/heads/main'
+    steps:
+    - uses: tukasz/direct-merge-action@master
+      with:
+        GITHUB_TOKEN: ${{ secrets.ADMIN_PAT }}
+        source-branch: main
+        target-branch: develop
+        commit-message: "chore: Merge back version tags and changelog into develop."
+