From 51581169a383e676f6392d3216f466cb0ed03bfc Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 20:58:01 +0000
Subject: [PATCH 1/3] chore(main): release 0.11.0 (#307)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 .release-please-manifest.json |  2 +-
 CHANGELOG.md                  | 32 ++++++++++++++++++++++++++++++++
 pyproject.toml                |  2 +-
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 CHANGELOG.md

diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 04e745b4..8ed0e8b8 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-    ".": "0.10.1"
+    ".": "0.11.0"
 }
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 00000000..1af6f41c
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,32 @@
+# Changelog
+
+## [0.11.0](https://github.com/RedHatProductSecurity/trestle-bot/compare/v0.10.1...v0.11.0) (2024-09-25)
+
+
+### ⚠ BREAKING CHANGES
+
+* default module entrypoint is now the init command
+* Modifies the existing behavior of the rules transform entrypoint
+
+### Features
+
+* adding init command to entrypoints ([#326](https://github.com/RedHatProductSecurity/trestle-bot/issues/326)) ([868c1fa](https://github.com/RedHatProductSecurity/trestle-bot/commit/868c1fae3bb2fa85df734905aa38b33dc37c9b47))
+* adds markdown generation to the rules transform entrypoint ([#282](https://github.com/RedHatProductSecurity/trestle-bot/issues/282)) ([84dec70](https://github.com/RedHatProductSecurity/trestle-bot/commit/84dec70d7810abf7306b708104b4c7bf682a49ad))
+* removes provider from init and moves CI templates ([#344](https://github.com/RedHatProductSecurity/trestle-bot/issues/344)) ([21b4043](https://github.com/RedHatProductSecurity/trestle-bot/commit/21b40432f446323ded883c248feaa064ea1cabd6))
+* tutorial for GitHub and init command ([#333](https://github.com/RedHatProductSecurity/trestle-bot/issues/333)) ([6334c1f](https://github.com/RedHatProductSecurity/trestle-bot/commit/6334c1f16fffa94bacbb250c95f754ed80abff9b))
+* update module default to use init entrypoint ([#329](https://github.com/RedHatProductSecurity/trestle-bot/issues/329)) ([d1490cb](https://github.com/RedHatProductSecurity/trestle-bot/commit/d1490cbde72b204875260cd210f61760e9f3c056))
+* updates SSP generation to include all parts ([#348](https://github.com/RedHatProductSecurity/trestle-bot/issues/348)) ([18c6600](https://github.com/RedHatProductSecurity/trestle-bot/commit/18c6600a47d9833811a045fa60e167608f06a180))
+
+
+### Bug Fixes
+
+* add markdown-include package to workflow and poetry ([#339](https://github.com/RedHatProductSecurity/trestle-bot/issues/339)) ([c7a05ee](https://github.com/RedHatProductSecurity/trestle-bot/commit/c7a05eebe87f853a435b31abadba8db05d2458a2))
+* updates dependabot prefix for conventional commits ([#308](https://github.com/RedHatProductSecurity/trestle-bot/issues/308)) ([ee86f5c](https://github.com/RedHatProductSecurity/trestle-bot/commit/ee86f5c35755686d3fc3adf6ca94e1c4ac8d873e))
+* updates e2e tests checkout ref during image publishing ([#334](https://github.com/RedHatProductSecurity/trestle-bot/issues/334)) ([5439b91](https://github.com/RedHatProductSecurity/trestle-bot/commit/5439b91c7b0ed1d75c7a5ec3f2b3f4e94ea5968a))
+
+
+### Maintenance
+
+* change dependabot frequency to weekly ([#290](https://github.com/RedHatProductSecurity/trestle-bot/issues/290)) ([3da37f7](https://github.com/RedHatProductSecurity/trestle-bot/commit/3da37f7b69538e157b5b48b461140d0f9bfd6d9d))
+* **deps:** adds compliance-trestle-fedramp dependency ([#349](https://github.com/RedHatProductSecurity/trestle-bot/issues/349)) ([aeb6e0c](https://github.com/RedHatProductSecurity/trestle-bot/commit/aeb6e0c59bb0e09ee2142f886e9682a8f8e118e6)), closes [#318](https://github.com/RedHatProductSecurity/trestle-bot/issues/318)
+* **deps:** bump trestle to version v3.3.0 ([#269](https://github.com/RedHatProductSecurity/trestle-bot/issues/269)) ([a2a2db6](https://github.com/RedHatProductSecurity/trestle-bot/commit/a2a2db6bbbcac2bec23b9fe520a0958afc488616))
diff --git a/pyproject.toml b/pyproject.toml
index a07993a4..3d2d5ea3 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = 'poetry.core.masonry.api'
 
 [tool.poetry]
 name = 'trestlebot'
-version = '0.1.0'
+version = "0.11.0"
 description = "trestle-bot assists users in leveraging Compliance-Trestle in automated workflows of for OSCAL formatted compliance content management."
 
 authors = ["Jennifer Power <jpower@redhat.com>",]

From 812ae9acdc9741fc83e20cc219ecbb681e3bf6c4 Mon Sep 17 00:00:00 2001
From: Hannah Braswell <135030802+hbraswelrh@users.noreply.github.com>
Date: Mon, 14 Oct 2024 13:39:50 -0400
Subject: [PATCH 2/3] feat(bot): change for configuring trestle-bot PR body
 update (#363)

---
 Makefile                     | 2 +-
 tests/trestlebot/test_bot.py | 4 ++--
 trestlebot/bot.py            | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 264007a8..aff6cb42 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ all: develop lint test
 .PHONY: all
 
 develop: pre-commit
-	@poetry install
+	@poetry install --with tests,dev
 	@poetry shell
 .PHONY: develop
 
diff --git a/tests/trestlebot/test_bot.py b/tests/trestlebot/test_bot.py
index 7a2c678a..29250b34 100644
--- a/tests/trestlebot/test_bot.py
+++ b/tests/trestlebot/test_bot.py
@@ -347,7 +347,7 @@ def test_run_with_provider(tmp_repo: Tuple[str, Repo]) -> None:
             head_branch="test",
             base_branch="main",
             title="Automatic updates from bot",
-            body="",
+            body="Authored by trestle-bot.",
         )
         mock_push.assert_called_once_with(refspec="HEAD:test")
 
@@ -396,6 +396,6 @@ def test_run_with_provider_with_custom_pr_title(tmp_repo: Tuple[str, Repo]) -> N
             head_branch="test",
             base_branch="main",
             title="Test",
-            body="",
+            body="Authored by trestle-bot.",
         )
         mock_push.assert_called_once_with(refspec="HEAD:test")
diff --git a/trestlebot/bot.py b/trestlebot/bot.py
index 23aeaddb..955ded32 100644
--- a/trestlebot/bot.py
+++ b/trestlebot/bot.py
@@ -120,7 +120,7 @@ def _create_pull_request(
             head_branch=self.branch,
             base_branch=self.target_branch,
             title=pull_request_title,
-            body="",
+            body="Authored by trestle-bot.",
         )
         return pr_number
 

From b9a8caf57222821f66cc3738ba0f733c7c9d1b35 Mon Sep 17 00:00:00 2001
From: Ben Roose <benroose@redhat.com>
Date: Thu, 17 Oct 2024 07:16:14 -0500
Subject: [PATCH 3/3] docs: updates after user testing to github.md (#362)

* Update github tutorial after user testing

Edited GitHub Tutorial for required command changes, clarity, and formalizing of language.

* fix: renumbering section in github.md

* fix: minor wording changes to github.md

Minor documentation changes for clarity.

---------

Co-authored-by: George Vauter <gvauter@redhat.com>
---
 docs/tutorials/github.md | 68 +++++++++++++++++++++++++++-------------
 1 file changed, 47 insertions(+), 21 deletions(-)

diff --git a/docs/tutorials/github.md b/docs/tutorials/github.md
index 1eebc142..5c08868e 100644
--- a/docs/tutorials/github.md
+++ b/docs/tutorials/github.md
@@ -1,16 +1,16 @@
 # GitHub Tutorial
 
-This tutorial provides an introduction to using `trestlebot` with GitHub.  We will be using a single GitHub repository for our trestle authoring workspace and executing the `trestlebot` commands as GitHub actions.  Note, each repo is intended to support authoring a single OSCAL model type (SSP, component definition, etc.).  If authoring more than one, then a dedeicated repository should be used for each model.
+This tutorial provides an introduction to using `trestlebot` with GitHub.  We will be using a single GitHub repository for our trestle authoring workspace and executing the `trestlebot` commands as GitHub actions.  Note, each repo is intended to support authoring a single OSCAL model type (SSP, component definition, etc.).  If authoring more than one OSCAL model type, then a dedicated repository should be used for each model.
 
 
 ### 1. Prerequisites
 
-Before moving on, please ensure you have completed the following:
+Before moving on, please ensure the following is completed:
 
 1. Create a new (or use an existing) empty GitHub repository
-2. Clone the repo to your local workstation
+2. Clone the repo to a local workstation
 3. Install trestlebot
-    * Option 1: Clone the [trestle-bot](https://github.com/RedHatProductSecurity/trestle-bot/tree/main) repo to your local workstation and run `poetry install`
+    * Option 1: Clone the [trestle-bot](https://github.com/RedHatProductSecurity/trestle-bot/tree/main) repo to a local workstation and run `poetry install`
     * Option 2: Use the [trestlebot container image](https://github.com/RedHatProductSecurity/trestle-bot?tab=readme-ov-file#run-as-a-container)
 
 
@@ -18,7 +18,7 @@ Before moving on, please ensure you have completed the following:
 
 The `trestlebot` commands will be run inside of GitHub actions.  These commands often perform `write` level operations against the repo contents.  The GitHub workflows generated in this tutorial make use of [automatic token authentication.](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication)  To ensure this is configured correct the following repo settings need to be in place.
 
-*Note: If you choose an alternative method to provide repo access such as personal access tokens or GitHub apps you can skip these steps.*
+*Note: If an alternative method is choosen to provide repo access, such as personal access tokens or GitHub apps, the following steps can be skipped.*
 
 1. Click the `Settings` tab for your GitHub repo 
 2. Select `Actions` -> `General` from the left-hand menu
@@ -26,22 +26,33 @@ The `trestlebot` commands will be run inside of GitHub actions.  These commands
 4. Ensure `Read repository contents and packages permissions` is selected
 5. Ensure `Allow GitHub Actions to create and approve pull requests` is checked
 
+
 ### 3. Initialize trestlebot Workspace
 
-We will now use the `trestlebot init` command to initialize our emtpy GitHub repository.  Unlike the other trestlebot commands, this command is run on your local workstation.  The trestlebot commands can be installed by cloning the [trestle-bot](https://github.com/RedHatProductSecurity/trestle-bot/tree/main) repo and running `poetry install`.  Alternatively these commands can be run using the [trestlebot container image](https://github.com/RedHatProductSecurity/trestle-bot?tab=readme-ov-file#run-as-a-container). For this tutorial we will be authoring a component-definition.
+The `trestlebot init` command will initialize the empty GitHub repository.  Unlike other trestlebot commands, this command is run on the local workstation.  The trestlebot commands can be installed by cloning the [trestle-bot](https://github.com/RedHatProductSecurity/trestle-bot/tree/main) repo and running `poetry install`. Alternatively these commands can be run using the [trestlebot container image](https://github.com/RedHatProductSecurity/trestle-bot?tab=readme-ov-file#run-as-a-container).
+
+For this tutorial example, we will be authoring a component-definition.
+
+1a. Running trestlebot init using a locally installed trestlebot:
 
 ```
 trestlebot-init --oscal-model compdef --working-dir <path-to-your-repo>
 ```
 
-Using container image:
+1b. Running trestlebot init using a trestle-bot container image:
+
+ * *Note: latest image version tag can be found in the [continuouscompliance repo on quay.io](https://quay.io/repository/continuouscompliance/trestle-bot?tab=tags).*
 
 ```
-podman run -v <path-to-your-repo>:/data:rw  trestle-bot:latest --oscal-model compdef --working-dir /data
+podman run -v <path-to-your-repo>:/data:rw  trestle-bot:<tag> --oscal-model compdef --working-dir /data
 ```
 
-You should now see the following directories in your repo.
+ * If the local workstation is in SELinux enforcing mode and a permissions error occurs, then the following command should be used instead:
+```
+podman run -v <path-to-your-repo>:/data:Z  trestle-bot:<tag> --oscal-model compdef --working-dir /data
+```
 
+ * Once the initiatization runs successfully, the following directories will be created within the local copy of the repository.
 
 ```bash
 .
@@ -54,43 +65,58 @@ You should now see the following directories in your repo.
 └── .trestlebot
 ```
 
-You can now add any catalog or profile content needed for you authoring process.  For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory.
+2. Any catalog or profile content needed for the authoring process can now be added.
+
+ * For this example, we will add the NIST SP 800-53 Rev. 5 catalog to our `/catalogs` directory.
 
 ```
 mkdir catalogs/nist_rev5_800_53
 wget https://raw.githubusercontent.com/usnistgov/oscal-content/release-v1.0.5-update/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json -O catalogs/nist_rev5_800_53/catalog.json
 ```
 
-Now we will add the NIST SP 800-53 Rev. 5 High Baseline profile to our `profiles/` directory.
+ * We will also add the NIST SP 800-53 Rev. 5 High Baseline profile to our `profiles/` directory.
 
 ```
 mkdir profiles/nist_rev5_800_53
 wget https://raw.githubusercontent.com/usnistgov/oscal-content/release-v1.0.5-update/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_HIGH-baseline_profile.json -O profiles/nist_rev5_800_53/profile.json
 ```
 
-Our `profile.json` file contains a reference to our `catalog.json` file.  By default, this path is not resolvable by compliance-trestle, so we need to run the following command to update the `href` value in the JSON.
+3. Our `profile.json` file contains a reference to our `catalog.json` file.  By default, this path is not resolvable by compliance-trestle, so we need to run the following command to update the `href` value in the JSON.
 
 ```
 sed -i 's/NIST_SP-800-53_rev5_catalog.json/trestle:\/\/catalogs\/nist_rev5_800_53\/catalog.json/g' profiles/nist_rev5_800_53/profile.json
 ```
 
-Finally you can copy ready-made CI/CD workflows from the `TEMPLATES` directory into your workspace. These are the trestlebot actions that will run as we make changes to the repo contents.
+4. Ready-made CI/CD workflows can be copied from the `TEMPLATES` directory within the upstream `trestle-bot` repository into the local trestle workspace. These are the trestlebot actions that will run as changes are made to the repo contents.
+
+ * If trestlebot init was run earlier using a trestle-bot container image, then the upstream trestle-bot repository will first need to be cloned locally into a separate directory.
+```
+cd ..
+git clone https://github.com/RedHatProductSecurity/trestle-bot.git
+cd ../<trestle_workspace_repo>
+```
 
-**For example Component Definition authoring in GitHub Actions**
+ * Copy the required template workflows from the separate `trestle-bot` repository into the new workspace repository.
 ```
 mkdir -p .github/workflows
-cp TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows
-cp TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows
+cp ../trestle-bot/TEMPLATES/github/trestlebot-create-component-definition.yml .github/workflows
+cp ../trestle-bot/TEMPLATES/github/trestlebot-rules-transform.yml .github/workflows
 ```
 
-Now that we have the initial content needed to begin authoring, go ahead and commit and push to the remote GitHub repo.
+5. Trestle-bot initial content is now created locally within the new trestle authoring workspace. This content can now be pushed to the remote GitHub repository.
+```
+git add .
+git commit -m "added example NIST SP 800-53 profile and component definition authoring workflow"
+git push
+```
+  *Note: if this is the first git push to the remote GitHub repository, then use `git push -u origin main` rather than `git push`.*
 
 
 ### 4. Create a New Component Definition
 
-Now it's time to run our first trestlebot action!  We will go ahead and create our first component definition.
+Now it's time to run our first trestlebot action within GitHub!  We will go ahead and create our first component definition.
 
-1. Open to your GitHub repo in a web browser.
+1. Open the new remote GitHub repository in a web browser.
 2. Click to the `Actions` tab from the top menu.
 3. Click the `Trestle-bot create component definition` action from the left-hand menu.
 4. Click `Run Workflow` which will open up a dialog box.
@@ -104,6 +130,6 @@ Now it's time to run our first trestlebot action!  We will go ahead and create o
 
 6. Click `Run Workflow`
 
-Once the workflow has completed you should have a new Pull Request containing the files trestlebot generated for the component definition.  After reviewing the files you can go ahead and merge the PR!
+Once the workflow job has completed, there will be a new Pull Request containing the files trestlebot generated for the component definition.  After reviewing the committed changes, the Pull Request can then be merged into the main branch!
 
-Congrats, you have successfully created a new trestlebot workspace and now have an authoring environment!
\ No newline at end of file
+**Congratulations! We have successfully created a new trestlebot workspace and have an authoring environment!**