Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade GitHub CI/CD Workflows to Current Stable Version #116

Closed
6 tasks done
aj-stein-nist opened this issue Jul 12, 2022 · 15 comments · Fixed by #144, #156, #204 or usnistgov/OSCAL#1947
Closed
6 tasks done

Upgrade GitHub CI/CD Workflows to Current Stable Version #116

aj-stein-nist opened this issue Jul 12, 2022 · 15 comments · Fixed by #144, #156, #204 or usnistgov/OSCAL#1947
Assignees
@aj-stein-nist
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. Scope: CI/CD A task issue to modify the repo's continuous integration and continuous deployment capability. User Story The issue is a user story for a development task.

Comments

@aj-stein-nist
Copy link
Contributor

aj-stein-nist commented Jul 12, 2022
edited
Loading

User Story:

As an OSCAL tool developer, in order to make sure CI/CD is properly developed and integrated in relevant OSCAL projects, I want the current version of GitHub Actions CI/CD workflows updated to current stable.

Goals:

The NIST OSCAL Team will complete cleaning, deduplification, and misc improvements to the GitHub Actions in usnistgov/OSCAL for improved maintenance, stability, and resiliency.

Dependencies:

Acceptance Criteria

  • All readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
@aj-stein-nist aj-stein-nist added enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task. labels Jul 12, 2022
@aj-stein-nist aj-stein-nist added the Scope: CI/CD A task issue to modify the repo's continuous integration and continuous deployment capability. label Jul 12, 2022
@aj-stein-nist aj-stein-nist mentioned this issue Jul 14, 2022
Merged
5 tasks
@aj-stein-nist aj-stein-nist mentioned this issue Sep 9, 2022
Open
@aj-stein-nist aj-stein-nist moved this from Todo to In Progress in NIST OSCAL Work Board Sep 9, 2022
@aj-stein-nist
Copy link
Contributor Author

Earlier in the week I spent I looked deeply into this and noticed that very little of the updated between the main OSCAL CI/CD and oscal-content because the different outcomes desired from the repository (oscal-content only converts content). If anything, this means maybe only the steps for setting up Java and Saxon and/or Calabash matter here. That means at this point simple copy-paste.

I did some experiment with cleanup of this and had a think, or quick diversionary spike to think of how we can finish the modularization here better than copy-pasting, and that would mean beginning the move to reusable workflows. The alternative, composite actions, are not able to access tokens, so flat out could not commit back content (this is a very important stumbling block and the final step in pipeline processing for this repo). So here are the spike experiments.

https://github.com/aj-stein-nist/test-gha-reusable-workflows/tree/main/.github/workflows

I am worried because of token management from forks and other things from testing this likely will not work particularly well is token management around this committing documents issue. Tokens are determined in the checkout step, in the default action provided by the GHA team. I am struggling to get around actions/checkout#298 which means this spike might be wrapping up with a "meh, this is not going to work either" result.

@aj-stein-nist aj-stein-nist moved this from In Progress to Todo in NIST OSCAL Work Board Sep 20, 2022
@aj-stein-nist aj-stein-nist mentioned this issue Sep 23, 2022
Open
6 tasks
@aj-stein-nist
Copy link
Contributor Author

Ok, #1470 created to tie off the spike work and return back to the AC here of just upgrading things to a stable version. New PR incoming.

@aj-stein-nist aj-stein-nist mentioned this issue Sep 23, 2022
Merged
8 tasks
@aj-stein-nist aj-stein-nist moved this from Todo to In Progress in NIST OSCAL Work Board Sep 23, 2022
@aj-stein-nist
Copy link
Contributor Author

@david-waltermire-nist I will also wrap this up for current sprint post-haste. We had discussed in last weekly status meeting that I fix this this up and defer other work, I started working in it and will finish soon, but I did forget to add it to the current sprint. Apologies! Will ping you again when it is ready for review.

@aj-stein-nist aj-stein-nist moved this from In Progress to Under Review in NIST OSCAL Work Board Sep 27, 2022
@aj-stein-nist aj-stein-nist mentioned this issue Sep 29, 2022
Closed
6 tasks
Repository owner moved this from Under Review to Done in NIST OSCAL Work Board Nov 1, 2022
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Nov 1, 2022
@aj-stein-nist
Update OSCAL submodule to current main as after-action item for usnis…
c6241e1 
…tgov#116.
@aj-stein-nist aj-stein-nist mentioned this issue Nov 1, 2022
Merged
4 tasks
This was linked to pull requests Nov 2, 2022
Update main branch submodule to OSCAL main #156
Merged
Update develop branch submodule to OSCAL develop #157
Closed
david-waltermire pushed a commit that referenced this issue Nov 2, 2022
@aj-stein-nist @david-waltermire
Update OSCAL submodule to current main as after-action item for #116.
1b4b553
Repository owner moved this from Done to In Progress in NIST OSCAL Work Board Nov 22, 2022
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Explain $(@d) make alias usage in usnistgov#116
55ffc56 
Per PR review with Nikita, cite documentation for `make` and `Makefile`
on how `$(@d)` is an alias to show to the the target wildcard file
without the filename, useful for creating nested directories of content
before copying.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Update conversion targets for concurrency in usnistgov#116
603f3f1 
After debugging with @nikitawootten-nist, we determined during pairing
that the SECONDEXPANSION calls, that are necessary to avoid some more
hacky kludges with macros and functions. As it stands, when running with
concurrent jobs (`-jN` with N>=2) it fails. We determined the cause of
the failures for `convert-min-json-content` and `convert-yaml-content`
targets are because those target prerequisites are flawed.

This change will be greedy and presume all respective XML files for JSON
targets and all JSON files for YAML targets. This will limit the upper
bound of concurrent jobs for these targets, but makes it correct and
safe.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Restructure repo and build process for usnistgov#116.
02c744c 
There are a number of changes we need to make to the structure and the
organization of example documents in the repository to improve the
maintainability and stability of building examples.

1. We need to remove now invalid docs, e.g. usnistgov#208.
1. Remove JSON examples in src and convert them to XML first.
1. Remove old draft and FedRAMP directories, warning has been up for
long enough.
1. Remove old notes in src/examples/ssp/xml directory that are not
examples.
1. Relocate oscal submodule to build/oscal to match style of other
repositories in the project.
1. Update for OSCAL v1.1.1 release of models.
1. Align SP 800-53 Rev 5 catalog version with guidance in ADR in
usnistgov/OSCAL#1947, make version correctly 5.1.2.
1. Update last-modified, published, and version metadata as applicable.
1. Add jq and yq dependency install.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Have GHA workflow use new build for usnistgov#116.
3ed680a
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
No git-content directory in GHA clone in usnistgov#116.
6bc05c3 
This makes it more clear what is going on as it is like default.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Add in xmllint install for usnistgov#116.
2e93985
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Clean up longer all Makefile target for usnistgov#116.
e07e956
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Build concurrent make tasks to 2 for usnistgov#116.
d9c00fb
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Cache oscal build deps and generated files for usnistgov#116.
4d00b6b
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Artifact upload to have only new generated content for usnistgov#116.
760210c
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Update actions and correct alt checkout for usnistgov#116.
d04ccf3
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Disable source profile URI scrubbing in usnistgov#116.
ccbb00c 
During testing, it became clear this URI scrubbing for the source-profile
prop in the resuling catalog is useful, but it scrubs the full path,
including the filename, not just the path itself. This behavior seems to
be divergent from previous behavior from the transforms, obsolete shell
scripting, or the combination of both. Local testing by changing calling
paths and other environmental changes did not seem to alter the behavior.

For now, I will leave the full path and during code review we can discuss
the merits of prioritizing the work in the backlog, using a workaround
in the Makefile and/or support shell scripting temporarily, or both
until the issue is resolved.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Cleanup obsolete GHA workflow comments for usnistgov#116.
45e279b
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Remove obsolete XML comment PIs for usnistgov#116.
122d197
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Add or switch to xml-model for validation in usnistgov#116.
f4326da
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Fix clean targets and reorganize Makefile for usnistgov#116.
86b8909
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Update top-level README and include it in archive for usnistgov#116.
eb4bb12
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Add build instructions README for usnistgov#116.
98fc192
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Include missing catalogs for conversions for usnistgov#116.
001b335 
As picked up in review with Nikita, we are converting the source XML
files to JSON and YAML, but not all. We need to adjust the make vars
that collect the source files for conversion to minified JSON to Include
the resolved catalogs from profiles from the previous step. Reviewing
the auto-committed test content confirm these files were being missed in
conversion to JSON and YAML and we obviously need those.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Do not multi-line all and clean targets for usnistgov#116.
a25df7d
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
New jq/yq approach; defer xmllint install for usnistgov#116
eaa2408 
Per discussion with Nikita during PR review and pairing, we should try
to adjust the jq and yq dep install and management approach to be a
little more ergonomic. As for xmllint, it was requested we align that
to work like the dep mgmt in the usnistgov/OSCAL repo, since that is a
compiled dep that is not offered statically and is best handled as a
concern by the developer in their operating system, or by a dedicated
install step in GHA workflows.

Additionally, for these reasons, the clean wrapper target will not
include deleting it as a default, but can be added later by a developer
by explicitly requesting it.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Update targets and docs for usnistgov#116
44dbcfc 
Per PR review and consultation from Nikita, add in additional wrapper
targets for artifacts and checks for better organization and to make a
cleaner hierarchy for the make all target.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Trim source-profile link for usnistgov#116.
cc51eb9 
As discussed in the branch under review in usnistgov#204, we now have absolute
paths in the resolved catalogs based on the full paths to the profile,
which is less than idea for published catalogs.

Comment with explanation:
usnistgov#204 (comment)

Example:
https://github.com/aj-stein-nist/oscal-content/blob/dc5500ed9371b485fc21cb095d2fb9db6e2a1fd3/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_LOW-baseline-resolved-profile_catalog.xml#L11

To work around this for the time being, we are using sed in the Makefile
to clean up once profile resolution is done and before the XML source is
converted to the target JSON and YAML.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Explain $(@d) make alias usage in usnistgov#116
83bac10 
Per PR review with Nikita, cite documentation for `make` and `Makefile`
on how `$(@d)` is an alias to show to the the target wildcard file
without the filename, useful for creating nested directories of content
before copying.
aj-stein-nist added a commit to aj-stein-nist/oscal-content-forked that referenced this issue Oct 27, 2023
@aj-stein-nist
Update conversion targets for concurrency in usnistgov#116
e4e1bb0 
After debugging with @nikitawootten-nist, we determined during pairing
that the SECONDEXPANSION calls, that are necessary to avoid some more
hacky kludges with macros and functions. As it stands, when running with
concurrent jobs (`-jN` with N>=2) it fails. We determined the cause of
the failures for `convert-min-json-content` and `convert-yaml-content`
targets are because those target prerequisites are flawed.

This change will be greedy and presume all respective XML files for JSON
targets and all JSON files for YAML targets. This will limit the upper
bound of concurrent jobs for these targets, but makes it correct and
safe.
aj-stein-nist added a commit to usnistgov/OSCAL that referenced this issue Nov 9, 2023
@aj-stein-nist
[skip ci] Add ADR-0008 for usnistgov/oscal-content#116.
042cb3e
aj-stein-nist added a commit to usnistgov/OSCAL that referenced this issue Nov 9, 2023
@aj-stein-nist
[skip ci] Add ADR-0008 for usnistgov/oscal-content#116.
e309dd5
Compton-US pushed a commit to usnistgov/OSCAL that referenced this issue Dec 6, 2023
@aj-stein-nist
[skip ci] Add ADR-0008 for usnistgov/oscal-content#116.
c048d29
@github-actions github-actions bot mentioned this issue Dec 21, 2023
Closed
@github-actions github-actions bot mentioned this issue Feb 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aj-stein-nist aj-stein-nist

Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. Scope: CI/CD A task issue to modify the repo's continuous integration and continuous deployment capability. User Story The issue is a user story for a development task.
Projects
NIST OSCAL Work Board
Status: Done
Milestone
No milestone
2 participants
@david-waltermire @aj-stein-nist