Update vendored OSCAL content #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update vendored OSCAL content | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Run weekly at 05:00 on Sunday | |
| - cron: "0 5 * * 0" | |
| jobs: | |
| update-oscal: | |
| name: Update content | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| strategy: | |
| matrix: | |
| variables: | |
| - catalog-source: "https://raw.githubusercontent.com/usnistgov/oscal-content/690f517daaf3a6cbb4056d3cde6eae2756765620/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json" | |
| profile-source: "https://raw.githubusercontent.com/GSA/fedramp-automation/master/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json" | |
| profile-name: "fedramp_rev5_high" | |
| catalog-name: "nist_rev5_800_53" | |
| - catalog-source: "https://raw.githubusercontent.com/usnistgov/oscal-content/690f517daaf3a6cbb4056d3cde6eae2756765620/nist.gov/SP800-53/rev4/json/NIST_SP-800-53_rev4_catalog.json" | |
| profile-source: "https://raw.githubusercontent.com/GSA/fedramp-automation/master/dist/content/rev4/baselines/json/FedRAMP_rev4_HIGH-baseline_profile.json" | |
| profile-name: "fedramp_rev4_high" | |
| catalog-name: "nist_rev4_800_53" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Install Python | |
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 | |
| with: | |
| python-version: '3.9' | |
| - name: Install python deps | |
| run: pip3 install requests compliance-trestle==2.4.0 | |
| - name: Update catalogs | |
| run: | | |
| rm -rf "catalogs/${{ matrix.variables.catalog-name }}" | |
| trestle import -f "${{ matrix.variables.catalog-source }}" -o "${{ matrix.variables.catalog-name }}" | |
| working-directory: ./shared/references/oscal | |
| - name: Update profiles | |
| run: | | |
| rm -rf "profiles/${{ matrix.variables.profile-name }}" | |
| trestle import -f "${{ matrix.variables.profile-source }}" -o "${{ matrix.variables.profile-name }}" | |
| trestle href --name "${{ matrix.variables.profile-name }}" -hr "trestle://catalogs/${{ matrix.variables.catalog-name }}/catalog.json" | |
| working-directory: ./shared/references/oscal | |
| - name: Update content | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 | |
| with: | |
| base: master | |
| branch: "oscal-update-${{ github.run_id }}" | |
| delete-branch: true | |
| commit-message: "Update OSCAL content in shared/references/oscal" | |
| title: "Update upstream OSCAL content from usnistogv and GSA" | |
| body: | | |
| Updates upstream OSCAL content | |
| - usnistgov NIST 800-53 from "${{ matrix.variables.catalog-source }}" | |
| - GSA FedRAMP OSCAL profiles from "${{ matrix.variables.profile-source }}" | |
| Auto-generated by the [update-oscal](https://github.com/ComplianceAsCode/content/blob/master/.github/workflows/update-oscal.yml) workflow. | |
| add-paths: | | |
| shared/references/oscal/ |