Merge remote-tracking branch 'origin/main' into 652-console-assessmen…

…t-results-generation
defenseunicorns · Oct 10, 2024 · 3140fb5 · 3140fb5
2 parents 075e34d + 26c3f8d
commit 3140fb5
Show file tree

Hide file tree

Showing 107 changed files with 3,436 additions and 838 deletions.
diff --git a/.github/workflows/goreleaser-check.yaml b/.github/workflows/goreleaser-check.yaml
@@ -0,0 +1,29 @@
+name: GoReleaser Check
+
+on:
+  push:
+    paths:
+      - '.goreleaser.yaml'
+  pull_request:
+    paths:
+      - '.goreleaser.yaml'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        with:
+          fetch-depth: 0
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        with:
+          install-only: true
+
+      - name: Run GoReleaser Check
+        run: goreleaser check
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -92,12 +92,22 @@ jobs:
           name: build-artifacts
           path: bin/
 
+      - name: Get Brew tap repo token
+        id: brew-tap-token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        with:
+          app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
+          private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
+          owner: defenseunicorns
+          repositories: homebrew-tap
+
       # Create the GitHub release notes
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
           distribution: goreleaser
           version: latest
-          args: release --clean --verbose
+          args: release --clean --verbose --config .goreleaser.yaml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - go mod tidy
@@ -36,12 +38,47 @@ sboms:
       - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom"
 
 snapshot:
-  name_template: "{{ incpatch .Version }}-snapshot"
+  version_template: "{{ incpatch .Version }}-snapshot"
 
 # Use the auto-generated changelog github provides
 changelog:
   use: github-native
 
+brews:
+  - name: lula
+    repository:
+      owner: defenseunicorns
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+    commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}"
+    homepage: "https://lula.dev"
+    description: "The Compliance Validator"
+
+  # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to
+  #       install versioned releases that has a `v` character before the version number.
+  - name: "lula@{{ .Version }}"
+    repository:
+      owner: defenseunicorns
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+    commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}"
+    homepage: "https://lula.dev"
+    description: "The Compliance Validator"
+
 # Generate a GitHub release and publish the release for the tag
 release:
   github:

diff --git a/docs/cli-commands/lula_tools_compose.md b/docs/cli-commands/lula_tools_compose.md
@@ -9,8 +9,15 @@ compose an OSCAL component definition
 
 ### Synopsis
 
+
 Lula Composition of an OSCAL component definition. Used to compose remote validations within a component definition in order to resolve any references for portability.
 
+Supports templating of the composed component definition with the following configuration options:
+- To compose with templating applied, specify '--render, -r' with values of 'all', 'non-sensitive', 'constants', or 'masked' (choice will depend on the use case for the composed content)
+- To render Lula Validations include '--render-validations'
+- To perform any manual overrides to the template data, specify '--set, -s' with the format '.const.key=value' or '.var.key=value'
+
+
 ```
 lula tools compose [flags]
 ```
@@ -33,6 +40,9 @@ To indicate a specific output file:
   -h, --help                    help for compose
   -f, --input-file string       the path to the target OSCAL component definition
   -o, --output-file -composed   the path to the output file. If not specified, the output file will be the original filename with -composed appended
+  -r, --render string           values to render the template with, options are: masked, constants, non-sensitive, all
+      --render-validations      extend render to remote Lula Validations
+  -s, --set strings             set value overrides for templated data
 ```
 
 ### Options inherited from parent commands

diff --git a/docs/community-and-contribution/release-process.md b/docs/community-and-contribution/release-process.md
@@ -20,7 +20,8 @@ The most important prefixes you should have in mind are:
 
 ### How can I influence the version number for a release?
 
-PR titles should also follow this pattern and are linted using [commitlint](https://commitlint.js.org/). The PR title will determine the version bump. When a PR is merged (squashed) release-please will kick off a release PR. When that release PR is approved and merged, release-please will create a draft release. Once that draft release is published go-releaser with build and publish the assets.  
+PR titles should also follow this pattern and are linted using [commitlint](https://commitlint.js.org/). The PR title will determine the version bump. When a PR is merged (squashed) release-please will kick off a release PR. When that release PR is approved and merged, release-please will create a draft release. Once that draft release is published go-releaser with build and publish the assets, including creating a release in our Homebrew tap repository: [https://github.com/defenseunicorns/homebrew-tap](https://github.com/defenseunicorns/homebrew-tap)
+
 - Pre-v1.0.0 release-please is configured to bump minors on breaking changes and patches otherwise. per [release-please-config](https://github.com/defenseunicorns/lula/blob/main/release-please-config.json)
 
 ### How do I fix a release issue?
@@ -42,8 +43,10 @@ The CHANGELOG is not required to be updated, only the release notes must be upda
 
 #### Other issues and helpful tips
 
-- Confirm that the goreleaser configuration is valid by using the [goreleaser cli](https://goreleaser.com/cmd/goreleaser_check/?h=valid)
+- Manual approach: Confirm that the goreleaser configuration is valid by using the [goreleaser cli](https://goreleaser.com/cmd/goreleaser_check/?h=valid).
 
 ```sh
 goreleaser check .goreleaser.yaml [flags]
 ```
+
+- Automated approach: On Push and Pull Request the [GoReleaserGitHub Action Workflow](./github/workflows/goreleaser-check.yaml) will run the `goreleaser check` command
diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md
@@ -2,57 +2,72 @@
 
 ## Installation
 
-Currently you can install Lula a couple different ways. A brew formulae is in the plan, but not currently implemented. Lula is currently only compatible with Linux/MacOS distributions.
+Currently, you can install Lula from Repository Releases, Homebrew, or by building from source. Lula is compatible only with Linux and macOS distributions.
+
+### Repository Release
+
+1. Navigate to the Latest Release Page:
+   Open your web browser and go to the following URL to access the latest release of Lula:
+
+   [https://github.com/defenseunicorns/lula/releases/latest](https://github.com/defenseunicorns/lula/releases/latest)
+
+2. Download the Binary:
+   On the latest release page, find and download the appropriate binary for your operating system. E.g., `lula_<version>_Linux_amd64`
+
+3. Download the checksums.txt:
+   In the list of assets on the release page, locate and download the checksums.txt file. This file contains the checksums for all the binaries in the release.
+
+4. Verify the Download:
+   After downloading the binary and checksums.txt, you should verify the integrity of the binary using the checksum provided:
+    * Open a terminal and navigate to the directory where you downloaded the binary and checksums.txt.
+    * Run the following command to verify the checksum if using Linux:
+
+      ```shell
+      sha256sum -c checksums.txt --ignore-missing
+      ```
+
+    * Run the following command to verify the checksum if using MacOS:
+
+      ```shell
+      shasum -a 256 -c checksums.txt --ignore-missing
+      ```
+
+5. On most Linux distributions, install the binary onto your $PATH by moving the downloaded binary to the /usr/local/bin directory:
+
+   ```shell
+   sudo mv ./download/path/lula_<version>_Linux_amd64 /usr/local/bin/lula
+
+### Homebrew
+
+1) [Homebrew](https://brew.sh/) is a package manager for macOS and Linux. You can install Lula with Homebrew by running the following:
+
+    ```shell
+    brew tap defenseunicorns/tap && brew install lula
+    ```
 
 ### From Source
 
 1) Clone the repository to your local machine and change into the `lula` directory
+
     ```shell
     git clone https://github.com/defenseunicorns/lula.git && cd lula
     ```
 
 2) While in the `lula` directory, compile the tool into an executable binary. This outputs the `lula` binary to the `bin` directory.
+
     ```shell
     make build
     ```
 
 3) On most Linux distributions, install the binary onto your $PATH by moving the downloaded binary to the /usr/local/bin directory:
-    ```shell
-    sudo mv ./bin/lula /usr/local/bin/lula
-    ```
-
-### Download
 
-1) Navigate to the Latest Release Page:
-Open your web browser and go to the following URL to access the latest release of Lula:
-https://github.com/defenseunicorns/lula/releases/latest
-
-2) Download the Binary:
-On the latest release page, find and download the appropriate binary for your operating system. E.g., `lula_<version>_Linux_amd64`
-
-3) Download the checksums.txt:
-In the list of assets on the release page, locate and download the checksums.txt file. This file contains the checksums for all the binaries in the release.
-
-4) Verify the Download:
-After downloading the binary and checksums.txt, you should verify the integrity of the binary using the checksum provided:
-    * Open a terminal and navigate to the directory where you downloaded the binary and checksums.txt.
-    * Run the following command to verify the checksum if using Linux:
-        ```shell
-        sha256sum -c checksums.txt --ignore-missing
-        ```
-    * Run the following command to verify the checksum if using MacOS:
-        ```shell
-        shasum -a 256 -c checksums.txt --ignore-missing
-        ```
-
-5) On most Linux distributions, install the binary onto your $PATH by moving the downloaded binary to the /usr/local/bin directory:
     ```shell
-    sudo mv ./download/path/lula_<version>_Linux_amd64 /usr/local/bin/lula
+    sudo mv ./bin/lula /usr/local/bin/lula
     ```
 
 ## Quick Start
 
-See the following tutorials for some introductory lessons on how to use Lula. If you are unfamiliar with Lula, the best place to start is the "Simple Demo". 
+See the following tutorials for some introductory lessons on how to use Lula. If you are unfamiliar with Lula, the best place to start is the "Simple Demo".
 
 ### Tutorials
 
@@ -67,4 +82,4 @@ Developing Lula Validations can sometimes be more art than science, but generall
 
 ### Configuration
 
-Lula supports the addition of a configuration file for specifying CLI flags and templating values. See our [configuration](./configuration.md) guide for more information.
+Lula supports the addition of a configuration file for specifying CLI flags and templating values. See our [configuration](./configuration.md) guide for more information.
diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md
@@ -118,6 +118,9 @@ provider:
 
 The constant's keys should be in the format `.const.<key>` and should not contain any '-' or '.' characters, as this will not respect the go text/template format. 
 
+> [!IMPORTANT]
+> Due to viper limitations, all constants should be referenced in the template as lowercase values.
+
 #### Variables
 
 A sample `variables` section of a `lula-config.yaml` file is as follows: