Skip to content

Commit

Permalink
Merge branch 'oscal-compass:develop' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@austinsonger
austinsonger authored Nov 13, 2024
2 parents 0dd7655 + 7f18be2 commit cdd0149
Show file tree
Hide file tree
Showing 371 changed files with 16,121 additions and 13,964 deletions.
22 changes: 22 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: build
include: scope
reviewers:
- "oscal-compass/compliance-trestle-maintainers"

- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: build
include: scope
reviewers:
- "oscal-compass/compliance-trestle-maintainers"
open-pull-requests-limit: 10
52 changes: 43 additions & 9 deletions .github/workflows/python-push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ on:
branches:
- main

permissions: {}

jobs:
set-versions:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -88,6 +90,10 @@ jobs:
continue-on-error: true
run: |
make code-typing
- name: Install documenation dependencies
if: steps.core-version.outputs.core == 'true'
run: |
make docs-ubuntu-deps
- name: Validate website content (mkdocs)
if: steps.core-version.outputs.core == 'true'
run: |
Expand All @@ -110,11 +116,16 @@ jobs:
url: https://pypi.org/p/compliance-trestle
if: github.ref == 'refs/heads/main' && github.repository == 'oscal-compass/compliance-trestle'
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
token: ${{ secrets.ADMIN_PAT }}
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python ${{ needs.set-versions.outputs.max }}
uses: actions/setup-python@v5
with:
Expand All @@ -126,9 +137,9 @@ jobs:
# This action uses Python Semantic Release v8
- name: Python Semantic Release
id: release
uses: python-semantic-release/python-semantic-release@v9.8.0
uses: python-semantic-release/python-semantic-release@v9.8.8
with:
github_token: ${{ secrets.ADMIN_PAT }}
github_token: ${{ steps.app-token.outputs.token }}

- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
Expand All @@ -137,10 +148,10 @@ jobs:
if: steps.release.outputs.released == 'true'

- name: Publish package distributions to GitHub Releases
uses: python-semantic-release/upload-to-gh-release@v9.8.0
uses: python-semantic-release/upload-to-gh-release@v9.8.9
if: steps.release.outputs.released == 'true'
with:
github_token: ${{ secrets.ADMIN_PAT }}
github_token: ${{ steps.app-token.outputs.token }}

deploy-docs:
runs-on: ubuntu-latest
Expand All @@ -151,11 +162,16 @@ jobs:
# Temporary hack: allow develop as well as master to deploy docs.
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
token: ${{ secrets.ADMIN_PAT }}
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python ${{ needs.set-versions.outputs.max }}
uses: actions/setup-python@v5
# This is deliberately not using a custom credential as it relies on native github actions token to have push rights.
Expand All @@ -164,6 +180,9 @@ jobs:
- name: Install build tools
run: |
make develop
- name: Install documenation dependencies
run: |
make docs-ubuntu-deps
- name: Create release
shell: bash
run: |
Expand All @@ -178,16 +197,31 @@ jobs:
cancel-in-progress: true
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
submodules: true
ref: main
fetch-depth: 0
token: ${{ secrets.ADMIN_PAT }}
token: ${{ steps.app-token.outputs.token }}
- name: Get GitHub App User ID
id: get-user-id
run: echo "user-id=$(gh api "/users/${{ env.SLUG }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
SLUG: ${{ steps.app-token.outputs.app-slug }}
- name: Configure Git
run: |
git config user.name "Vikas Agarwal"
git config user.email "<>"
git config --global user.name '${{ env.SLUG }}[bot]'
git config --global user.email '${{ env.ID }}+${{ env.SLUG }}[bot]@users.noreply.github.com'
env:
SLUG: ${{ steps.app-token.outputs.app-slug }}
ID: ${{ steps.get-user-id.outputs.user-id }}
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
- name: Merge Main to Develop
run: |
git checkout develop
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/python-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ jobs:
continue-on-error: true
run: |
make code-typing
- name: Install documenation dependencies
run: |
make docs-ubuntu-deps
- name: Validate website content (mkdocs)
run: |
make docs-validate
Expand Down Expand Up @@ -151,13 +154,13 @@ jobs:
- name: Upload artifact
if: steps.core-version.outputs.core == 'true'
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage.xml

sonar:
if: ${{ github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url }}
if: ${{ (github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url && github.triggering_actor != 'dependabot[bot]' ) }}
runs-on: ubuntu-latest
needs: [ test, set-versions]
steps:
Expand All @@ -184,7 +187,7 @@ jobs:
run: |
make develop
- name: Get coverage
uses: actions/download-artifact@v2
uses: actions/download-artifact@v4
with:
name: coverage
- name: SonarCloud Scan
Expand Down
38 changes: 38 additions & 0 deletions .github/workflows/stale.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Stale Issues and PRs
on:
schedule:
- cron: '17 1 * * *'
workflow_dispatch:

permissions:
contents: read

jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
env:
STALE_WARNING_DAYS: 90
STALE_CLOSURE_DAYS: 30
steps:
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9
with:
stale-issue-label: stale
exempt-issue-labels: good-first-issue, help-wanted, exempt-from-stale
stale-issue-message: >
This issue has been automatically marked as stale because it has not had activity within ${{ env.STALE_WARNING_DAYS }} days.
It will be automatically closed if no further activity occurs within ${{ env.STALE_CLOSURE_DAYS }} days.
close-issue-message: >
This issue has been automatically closed due to inactivity.
days-before-issue-stale: ${{ env.STALE_WARNING_DAYS }}
days-before-issue-close: ${{ env.STALE_CLOSURE_DAYS }}
stale-pr-label: stale
stale-pr-message: >
This pull request has been automatically marked as stale because it has not had activity within ${{ env.STALE_WARNING_DAYS }} days.
It will be automatically closed if no further activity occurs within ${{ env.STALE_CLOSURE_DAYS }} days.
close-pr-message: >
This pull request has been automatically closed due to inactivity. Please reopen if this PR is still being worked on.
days-before-pr-stale: ${{ env.STALE_WARNING_DAYS }}
days-before-pr-close: ${{ env.STALE_CLOSURE_DAYS }}
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,5 @@ tmp_bin_test

/venv.trestle/

# mkdocs
.cache/
22 changes: 11 additions & 11 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@

repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0 # Use the ref you want to point at
rev: v5.0.0 # Use the ref you want to point at
hooks:
- id: check-merge-conflict
- id: check-yaml
Expand All @@ -13,13 +14,13 @@ repos:
- id: yapf
args: [--in-place, --parallel, --recursive, --style, .yapf-config]
files: "^(trestle|tests|scripts)"
stages: [commit]
stages: [pre-commit]
additional_dependencies: [toml]
- repo: https://github.com/PyCQA/flake8
rev: 5.0.4
rev: 7.1.1
hooks:
- id: flake8
args: [--extend-ignore, "P1,C812,C813,C814,C815,C816,W503,W605,B017,B028", "--illegal-import-packages=filecmp"]
args: [--extend-ignore, "P1,C812,C813,C814,C815,C816,W503,W605,B017,B028"]
additional_dependencies:
[
flake8-2020,
Expand All @@ -37,14 +38,13 @@ repos:
flake8-quotes,
flake8-string-format,
flake8-use-fstring,
flake8-illegal-import,
pep8-naming,
]
files: "^(tests|scripts)"
exclude: "(oscal/|third_party)"
stages: [commit]
stages: [pre-commit]
- id: flake8
args: [--extend-ignore, "P1,C812,C813,C814,C815,C816,W503,W605,B017,B028", "--illegal-import-packages=filecmp"]
args: [--extend-ignore, "P1,C812,C813,C814,C815,C816,W503,W605,B017,B028"]
additional_dependencies:
[
flake8-2020,
Expand All @@ -62,21 +62,21 @@ repos:
flake8-quotes,
flake8-string-format,
flake8-use-fstring,
flake8-illegal-import,
pep8-naming,
flake8-bandit,
dlint
]
files: "^(trestle)"
exclude: "(oscal/)"
stages: [commit]
stages: [pre-commit]
- repo: https://github.com/executablebooks/mdformat
rev: 0.7.16
rev: 0.7.17
hooks:
- id: mdformat
exclude: "CHANGELOG.md|docs/mkdocs_code_of_conduct.md|docs/maintainers.md|docs/api_reference|tests/data/author|docs/contributing/mkdocs_contributing.md|tests/data/jinja_markdown_include|tests/data/jinja_cmd/number_captions_data.md|tests/data/jinja_cmd/number_captions_expected_output.md"
exclude: "CHANGELOG.md|docs/contributing/maintainers.md|docs/reference/API|tests/data/author|docs/contributing/index.md|tests/data/jinja_markdown_include|tests/data/jinja_cmd/number_captions_data.md|tests/data/jinja_cmd/number_captions_expected_output.md"
additional_dependencies:
- mdformat-tables
- mdformat-config
- mdformat-frontmatter
- mdformat-gfm

Loading

0 comments on commit cdd0149

Please sign in to comment.