Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EPIC] CI/CD Enhancements #1180

Open
7 tasks
aj-stein-nist opened this issue Mar 16, 2022 · 4 comments
Open
7 tasks

[EPIC] CI/CD Enhancements #1180

aj-stein-nist opened this issue Mar 16, 2022 · 4 comments
Labels
Aged A label for issues older than 2023-01-01 Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts Discussion Needed This issues needs to be reviewed by the OSCAL development team. enhancement Epic A collection of issues to be worked on over a series of sprints Scope: CI/CD Enhancements to the project's Continuous Integration and Continuous Delivery pipeline.

Comments

@aj-stein-nist
Copy link
Contributor

aj-stein-nist commented Mar 16, 2022
edited
Loading

User Story:

As an OSCAL developer, in order to have a quick and seamless experience with development and testing of the official OSCAL repos' content and software, I would like enhancements to the OSCAL CI/CD systems to: simplify the build process with a single command, facilitate automated releases, and improve the modularity of different build steps.

Goals:

  • New functionality to auto-increment versions for all OSCAL artifacts and automate as much as possible for steps to create a new release
    • Reach consensus or spike for discussion with team to apply that same tooling for new Metaschema releases as well
  • Officially publish docker containers in DockerHub and/or GH registry before standardizing how we use it locally and/or in GHA (Build and Publish Docker Image for NIST and Community Developers #1008)
  • Reach consensus and implement a tool to unify all build steps (i.e. make)
    • Potentially unify and clean up the different usages of XProc for local dev, but not for CI/CD pipelines for a lot of tooling that is in the hot-path of building artifacts in CD (Metaschema bootstrapping, OSCAL schema generation, content generation, et cetera)
  • Update tooling, documentation, and maybe team workflow to use docker within GitHub Actions like we should be doing with docker-compose on our laptops; without this, we have two very similar but different execution pipelines (with shell scripts in local workstation testing but separate YAML declaration for the GitHub Actions job)
  • Spike and determine the viability of packaging up the CI/CD functionality we enhance and publish reusable GitHub Actions for NIST and the larger community to use.

Dependencies:

None at the epic level.
@aj-stein-nist aj-stein-nist added enhancement Epic A collection of issues to be worked on over a series of sprints labels Mar 16, 2022
@aj-stein-nist aj-stein-nist added Discussion Needed This issues needs to be reviewed by the OSCAL development team. Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts Scope: CI/CD Enhancements to the project's Continuous Integration and Continuous Delivery pipeline. and removed Discussion Needed This issues needs to be reviewed by the OSCAL development team. Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts labels Mar 16, 2022
@aj-stein-nist aj-stein-nist mentioned this issue Mar 17, 2022
Closed
5 tasks
@aj-stein-nist
Copy link
Contributor Author

Also for consideration:

  • Adding, changing, or removing how certain steps in GitHub Actions to increase performance the CI/CD process (i.e. uploader action steps take sometimes minutes for uploading artifacts).
  • Exposing all dependency management manifests to ensure everything is checked and vulnerable packages reported (as part of Build and Publish Docker Image for NIST and Community Developers #1008)

@aj-stein-nist
Copy link
Contributor Author

Interesting opportunity for improved tooling. Not part of the list yet, but for potential inclusion: #1183.

@aj-stein-nist
Copy link
Contributor Author

Also, given discussion today with release ZIP archive JSON Schema files and source code pulls not working as planned, consider some integration-level tests around sanity-checking released contents and warning when they do not work as expected? Talk to Dave about this for future releases.

@aj-stein-nist aj-stein-nist mentioned this issue May 3, 2022
Closed
@aj-stein-nist
Copy link
Contributor Author

@aj-stein-nist needs to review the list of work items in this epic for those that are obsolete, change and remove the applicable ones. Some still appear to have value and worth considering (specifically: how do we auto-increment models for release).

@aj-stein-nist aj-stein-nist moved this from Todo to Needs Triage in NIST OSCAL Work Board Sep 20, 2023
@aj-stein-nist aj-stein-nist moved this from Needs Triage to Needs Refinement in NIST OSCAL Work Board Sep 21, 2023
@Compton-US Compton-US added the Aged A label for issues older than 2023-01-01 label Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Aged A label for issues older than 2023-01-01 Developer Experience Issues around enhancing and optimizing work for development of NIST OSCAL artifacts Discussion Needed This issues needs to be reviewed by the OSCAL development team. enhancement Epic A collection of issues to be worked on over a series of sprints Scope: CI/CD Enhancements to the project's Continuous Integration and Continuous Delivery pipeline.
Projects
NIST OSCAL Work Board
Status: Needs Refinement
Milestone
No milestone
Development

No branches or pull requests
3 participants
@david-waltermire @aj-stein-nist @Compton-US