v0.11.0

0.11.0 (2024-09-25)

⚠ BREAKING CHANGES

• default module entrypoint is now the init command
• Modifies the existing behavior of the rules transform entrypoint

Features

• adding init command to entrypoints (#326) (868c1fa)
• adds markdown generation to the rules transform entrypoint (#282) (84dec70)
• removes provider from init and moves CI templates (#344) (21b4043)
• tutorial for GitHub and init command (#333) (6334c1f)
• update module default to use init entrypoint (#329) (d1490cb)
• updates SSP generation to include all parts (#348) (18c6600)

Bug Fixes

• add markdown-include package to workflow and poetry (#339) (c7a05ee)
• updates dependabot prefix for conventional commits (#308) (ee86f5c)
• updates e2e tests checkout ref during image publishing (#334) (5439b91)

Maintenance

• change dependabot frequency to weekly (#290) (3da37f7)
• deps: adds compliance-trestle-fedramp dependency (#349) (aeb6e0c), closes #318
• deps: bump trestle to version v3.3.0 (#269) (a2a2db6)

v0.10.1

What's Changed

• ⬆️ bump actions/setup-python from 4 to 5 in /.github/actions/setup-poetry by @dependabot in #224
• ⬆️ bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #227
• ⬆️ bump authlib from 1.3.0 to 1.3.1 by @dependabot in #252
• ⬆️ bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #253
• ci: pins all reference GitHub actions to a hash value by @jpower432 in #242
• fix: updates GitHub Actions runner image and restart policy by @jpower432 in #255

Full Changelog: v0.10.0...v0.10.1

v0.10.0

What's Changed

• PSCE-408 refactor: replaces regex with urllib for repo URL parsing by @jpower432 in #215
• PSCE-408 feat: adds flags to set git provider information when interacting with the API by @jpower432 in #217
• ci: updates publish.yml image releasing process by @jpower432 in #220
• PSCE-420: ci: updates e2e testing workflow to test before image publishing by @jpower432 in #221
• ⬆️ Bump python-dateutil from 2.8.2 to 2.9.0.post0 by @dependabot in #188
• ⬆️ Bump pydantic from 1.10.14 to 1.10.15 by @dependabot in #209
• [Issue-230] Set default values to None instead of empty strings by @gvauter in #233
• ⬆️ bump requests from 2.31.0 to 2.32.2 by @dependabot in #232
• docs: add release process to contributing doc by @jpower432 in #229
• docs: updates table of contents with release process by @jpower432 in #236

New Contributors

• @gvauter made their first contribution in #233

Full Changelog: v0.9.0...v0.10.0

v0.9.0

Maintainer Notes

These release has a breaking change. Updating to this version will require code changes - see #195 more more information.

Migration Notes

If you were using the check_only input in the autosync action, please see the example below on how to achieve this with the dry_run input:

   steps:
      - uses: actions/checkout@v3
      - name: Run trestlebot
        id: check
        uses: RedHatProductSecurity/trestle-bot/actions/[email protected]
        with:
          markdown_path: "markdown/profiles"
          oscal_model: "profile"
          dry_run: true
      # Optional - Set the action to failed if changes are detected.
      - name: Fail for changes
        if: ${{ steps.check.outputs.changes == 'true' }}
        uses: actions/github-script@v7
        with:
          script: |
              core.setFailed('Changes detected. Manual intervention required.')

What's Changed

• ⬆️ Bump idna from 3.6 to 3.7 by @dependabot in #210
• ⬆️ Bump safety from 3.0.1 to 3.1.0 by @dependabot in #203
• feat: replaces 'check_only' with 'dry_run' option by @jpower432 in #195
• ⬆️ Bump email-validator from 2.1.0.post1 to 2.1.1 by @dependabot in #180
• refactor: migrates rule validation to pydantic by @jpower432 in #207

Full Changelog: v0.8.1...v0.9.0

v0.8.1

What's Changed

• fix: removes default version in GitHub action by @jpower432 in #194
• chore: update logging format by @jpower432 in #196
• docs: update README under actions directory by @jpower432 in #192
• fix: prevent extra log messages in stdout by @jpower432 in #199
• refactor: improves readability of the SSP end to end tests by @jpower432 in #198
• ⬆️ Bump black from 23.12.1 to 24.3.0 by @dependabot in #202
• ⬆️ Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in #201
• ⬆️ Bump responses from 0.24.1 to 0.25.0 by @dependabot in #174

Full Changelog: v0.8.0...v0.8.1

v0.8.0

What's Changed

• refactor: adds a E2ETestRunner for E2E tests by @jpower432 in #177
• ⬆️ Bump flake8 from 6.1.0 to 7.0.0 by @dependabot in #146
• chore: updates descriptions on actions inputs to be more precise by @jpower432 in #184
• chore: removes input repository from the safe workspace by @jpower432 in #185
• feat: adds version flag to autosync command for assembly task by @jpower432 in #187
• fix: adds OSCAL validated component definition types to create-cd by @jpower432 in #191

Full Changelog: v0.7.2...v0.8.0

v0.7.2

What's Changed

• ⬆️ Bump orjson from 3.9.14 to 3.9.15 by @dependabot in #176
• docs: adds README updates for compliance-trestle org move by @jpower432 in #175
• ⬆️ Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #178
• ⬆️ Bump pydantic from 1.10.13 to 1.10.14 by @dependabot in #161
• feat: adds main_comp_only to create_new_with_filter in ssp.py by @jpower432 in #179
• fix: updates CSVTransformer to separate controls with spaces instead of commas by @jpower432 in #183

Note: The feature added is for an internal method only which is why this is a patch version bump

Full Changelog: v0.7.1...v0.7.2

v0.7.1

What's Changed

• chore: updates CSVBuilder to handle updates to the compliance-trestle CSVColumns class by @jpower432 in #172

Full Changelog: v0.7.0...v0.7.1

v0.7.0

What's Changed

• fix: fixes typos in the TrestleBot class in bot.py by @jpower432 in #153
• chore: updates source file header and adds corresponding documentation by @jpower432 in #154
• ⬆️ Bump safety from 2.4.0b2 to 3.0.1 by @dependabot in #155
• docs: updates README.md and sync-upstreams README.md by @jpower432 in #160
• chore: removes markdown creation from create_new_with_filter by @jpower432 in #159
• PSCE-321-P1: Adds yaml header path to ssp index by @jpower432 in #157
• ⬆️ Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #162
• PSCE-299: Adds create-ssp entrypoint by @jpower432 in #158
• ⬆️ Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #164
• docs: updates README for create-ssp by @jpower432 in #167
• ⬆️ Bump marshmallow from 3.20.1 to 3.20.2 by @dependabot in #145
• docs: fixes typos in the README.md file by @jpower432 in #168
• chore(deps): updates compliance-trestle to 2.5.1 by @jpower432 in #170
• feat: adds check to TrestleRule to match compliance-trestle CSV fields by @jpower432 in #173

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• ⬆️ Bump sigstore/cosign-installer from 3.1.1 to 3.3.0 by @dependabot in #122
• ⬆️ Bump isort from 5.12.0 to 5.13.2 by @dependabot in #121
• docs: adds badges to README.md by @jpower432 in #120
• ⬆️ Bump actions/download-artifact from 3 to 4 by @dependabot in #125
• ⬆️ Bump actions/upload-artifact from 3 to 4 by @dependabot in #124
• ⬆️ Bump SonarSource/sonarcloud-github-action from 2.1.0 to 2.1.1 by @dependabot in #117
• test: add unit tests for missed code paths by @jpower432 in #126
• ⬆️ Bump typing-extensions from 4.8.0 to 4.9.0 by @dependabot in #113
• ⬆️ Bump paramiko from 3.3.1 to 3.4.0 by @dependabot in #129
• docs: fixes links in badges on README.md by @jpower432 in #127
• chore: docs and config maintenance by @jpower432 in #105
• fix: fixes table of contents in CONTRIBUTING.md by @jpower432 in #132
• fix: updates language for linting pre-commit to system by @jpower432 in #133
• ⬆️ Bump distlib from 0.3.7 to 0.3.8 by @dependabot in #114
• docs: updates CONTRIBUTING.md with minor fixes by @jpower432 in #135
• chore(deps): bumps the default poetry version used in image and the environment to 1.7.1 by @jpower432 in #119
• ⬆️ Bump argcomplete from 3.1.6 to 3.2.1 by @dependabot in #110
• ⬆️ Bump pathspec from 0.11.2 to 0.12.1 by @dependabot in #111
• chore(deps): bump compliance-trestle to version 2.5.0 by @jpower432 in #140
• chore: adds automation to update action README.md files by @jpower432 in #123
• ⬆️ Bump gitpython from 3.1.40 to 3.1.41 by @dependabot in #143
• PSCE-302 feat: adds a task to sync third party content to a local trestle workspace by @jpower432 in #137
• ⬆️ Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #131
• chore: adds E2E tests to ci.yml by @jpower432 in #141
• ⬆️ Bump jinja2 from 3.1.2 to 3.1.3 by @dependabot in #147
• chore(deps): updates Dockerfile to upgrade setuptools during build by @jpower432 in #144
• PSCE-303 feat: adds trestlebot-sync-upstreams command by @jpower432 in #142
• PSCE-309 - Adds sync-upstreams GitHub Action and usage documentation by @jpower432 in #148

Full Changelog: v0.5.0...v0.6.0