From b063d5293141b596880aee695b46b25d6ab32b63 Mon Sep 17 00:00:00 2001
From: Ryan Ahearn <ryan.ahearn@gsa.gov>
Date: Thu, 3 Oct 2024 10:57:18 -0400
Subject: [PATCH] Add github action for validating proper oscal assembly

---
 .github/actions/trestle-cmd/action.yml | 16 +++++++++
 .github/workflows/validate-oscal.yml   | 49 ++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 .github/actions/trestle-cmd/action.yml
 create mode 100644 .github/workflows/validate-oscal.yml

diff --git a/.github/actions/trestle-cmd/action.yml b/.github/actions/trestle-cmd/action.yml
new file mode 100644
index 0000000..f8c8a5f
--- /dev/null
+++ b/.github/actions/trestle-cmd/action.yml
@@ -0,0 +1,16 @@
+name: "Run a docker-trestle command"
+description: "Sets up workspace for running a single command in docker-trestle"
+inputs:
+  tag:
+    description: docker-trestle tag to use.
+    required: false
+    default: 20240930
+  cmd:
+    description: Command to run within docker-trestle
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Run cmd
+      shell: bash
+      run: docker run -u "$(id -u):$(id -g)" -v $GITHUB_WORKSPACE:/app/docs:rw ghcr.io/gsa-tts/trestle:${{ inputs.tag }} ${{ inputs.cmd }}
diff --git a/.github/workflows/validate-oscal.yml b/.github/workflows/validate-oscal.yml
new file mode 100644
index 0000000..6a9900e
--- /dev/null
+++ b/.github/workflows/validate-oscal.yml
@@ -0,0 +1,49 @@
+name: Validate OSCAL Assembly
+
+on: [pull_request]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  validate_cd:
+    name: Validate component definition format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate Component
+        uses: ./.github/actions/trestle-cmd
+        with:
+          cmd: trestle validate -f component-definitions/cg-egress-proxy/component-definition.json
+
+  check_cd:
+    name: Check assembly is current
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check assembly
+        uses: ./.github/actions/trestle-cmd
+        with:
+          cmd: bin/assemble-cgep-json
+
+      - name: Check no changes exist
+        run: git diff --quiet
+
+      - name: Comment on pull request
+        if: failure()
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const output = `OSCAL assembly detected changes that aren't checked in.
+
+            Run \`bin/assemble-cgep-json\` within trestle to ensure markdown changes are reflected in the CD`;
+
+            github.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            });