Merge branch 'main' into 321-docs-brew-install

defenseunicorns · Oct 9, 2024 · 346e6c9 · 346e6c9
2 parents ff009e2 + bd4f577
commit 346e6c9
Show file tree

Hide file tree

Showing 107 changed files with 3,681 additions and 886 deletions.
diff --git a/.github/workflows/goreleaser-check.yaml b/.github/workflows/goreleaser-check.yaml
@@ -0,0 +1,29 @@
+name: GoReleaser Check
+
+on:
+  push:
+    paths:
+      - '.goreleaser.yaml'
+  pull_request:
+    paths:
+      - '.goreleaser.yaml'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        with:
+          fetch-depth: 0
+
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        with:
+          install-only: true
+
+      - name: Run GoReleaser Check
+        run: goreleaser check
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -92,12 +92,22 @@ jobs:
           name: build-artifacts
           path: bin/
 
+      - name: Get Brew tap repo token
+        id: brew-tap-token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        with:
+          app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
+          private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
+          owner: defenseunicorns
+          repositories: homebrew-tap
+
       # Create the GitHub release notes
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
           distribution: goreleaser
           version: latest
-          args: release --clean --verbose
+          args: release --clean --verbose --config .goreleaser.yaml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - go mod tidy
@@ -36,12 +38,47 @@ sboms:
       - "sbom_{{ .ProjectName }}_{{ .Tag }}_{{- title .Os }}_{{ .Arch }}.sbom"
 
 snapshot:
-  name_template: "{{ incpatch .Version }}-snapshot"
+  version_template: "{{ incpatch .Version }}-snapshot"
 
 # Use the auto-generated changelog github provides
 changelog:
   use: github-native
 
+brews:
+  - name: lula
+    repository:
+      owner: defenseunicorns
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+    commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}"
+    homepage: "https://lula.dev"
+    description: "The Compliance Validator"
+
+  # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to
+  #       install versioned releases that has a `v` character before the version number.
+  - name: "lula@{{ .Version }}"
+    repository:
+      owner: defenseunicorns
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+    commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}"
+    homepage: "https://lula.dev"
+    description: "The Compliance Validator"
+
 # Generate a GitHub release and publish the release for the tag
 release:
   github:

diff --git a/docs/cli-commands/lula_tools_compose.md b/docs/cli-commands/lula_tools_compose.md
@@ -9,8 +9,15 @@ compose an OSCAL component definition
 
 ### Synopsis
 
+
 Lula Composition of an OSCAL component definition. Used to compose remote validations within a component definition in order to resolve any references for portability.
 
+Supports templating of the composed component definition with the following configuration options:
+- To compose with templating applied, specify '--render, -r' with values of 'all', 'non-sensitive', 'constants', or 'masked' (choice will depend on the use case for the composed content)
+- To render Lula Validations include '--render-validations'
+- To perform any manual overrides to the template data, specify '--set, -s' with the format '.const.key=value' or '.var.key=value'
+
+
 ```
 lula tools compose [flags]
 ```
@@ -33,6 +40,9 @@ To indicate a specific output file:
   -h, --help                    help for compose
   -f, --input-file string       the path to the target OSCAL component definition
   -o, --output-file -composed   the path to the output file. If not specified, the output file will be the original filename with -composed appended
+  -r, --render string           values to render the template with, options are: masked, constants, non-sensitive, all
+      --render-validations      extend render to remote Lula Validations
+  -s, --set strings             set value overrides for templated data
 ```
 
 ### Options inherited from parent commands

diff --git a/docs/community-and-contribution/release-process.md b/docs/community-and-contribution/release-process.md
@@ -20,7 +20,8 @@ The most important prefixes you should have in mind are:
 
 ### How can I influence the version number for a release?
 
-PR titles should also follow this pattern and are linted using [commitlint](https://commitlint.js.org/). The PR title will determine the version bump. When a PR is merged (squashed) release-please will kick off a release PR. When that release PR is approved and merged, release-please will create a draft release. Once that draft release is published go-releaser with build and publish the assets.  
+PR titles should also follow this pattern and are linted using [commitlint](https://commitlint.js.org/). The PR title will determine the version bump. When a PR is merged (squashed) release-please will kick off a release PR. When that release PR is approved and merged, release-please will create a draft release. Once that draft release is published go-releaser with build and publish the assets, including creating a release in our Homebrew tap repository: [https://github.com/defenseunicorns/homebrew-tap](https://github.com/defenseunicorns/homebrew-tap)
+
 - Pre-v1.0.0 release-please is configured to bump minors on breaking changes and patches otherwise. per [release-please-config](https://github.com/defenseunicorns/lula/blob/main/release-please-config.json)
 
 ### How do I fix a release issue?
@@ -42,8 +43,10 @@ The CHANGELOG is not required to be updated, only the release notes must be upda
 
 #### Other issues and helpful tips
 
-- Confirm that the goreleaser configuration is valid by using the [goreleaser cli](https://goreleaser.com/cmd/goreleaser_check/?h=valid)
+- Manual approach: Confirm that the goreleaser configuration is valid by using the [goreleaser cli](https://goreleaser.com/cmd/goreleaser_check/?h=valid).
 
 ```sh
 goreleaser check .goreleaser.yaml [flags]
 ```
+
+- Automated approach: On Push and Pull Request the [GoReleaserGitHub Action Workflow](./github/workflows/goreleaser-check.yaml) will run the `goreleaser check` command
diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md
@@ -118,6 +118,9 @@ provider:
 
 The constant's keys should be in the format `.const.<key>` and should not contain any '-' or '.' characters, as this will not respect the go text/template format. 
 
+> [!IMPORTANT]
+> Due to viper limitations, all constants should be referenced in the template as lowercase values.
+
 #### Variables
 
 A sample `variables` section of a `lula-config.yaml` file is as follows: