diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9092663..db0d101 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -53,12 +53,17 @@ jobs: file: Dockerfile platforms: linux/amd64,linux/arm64 tags: wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }},wurstbrot/dsomm-yaml-generation:latest - - name: Extract generated.yaml + - name: Extract generated.yaml and activities.yaml run: | docker run -d --name=yaml --entrypoint="/bin/sleep" wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }} 60 - docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml - # Commit all changed files back to the repository - - uses: planetscale/ghcommit-action@v0.1.6 + docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml # TODO: Remove + docker cp yaml:/var/www/html/src/assets/YAML/activities.yaml src/assets/YAML/activities.yaml + + - name: Replace version placeholder in activities.yaml + run: | + sed -i "s/__VERSION_PLACEHOLDER__/${{ steps.get-version.outputs.version }}/g" src/assets/YAML/activities.yaml + - name: Commit all changed files back to the repository + uses: planetscale/ghcommit-action@v0.1.6 with: commit_message: "🤖 fmt" repo: ${{ github.repository }} diff --git a/.gitignore b/.gitignore index 70387d7..6c64515 100644 --- a/.gitignore +++ b/.gitignore @@ -43,5 +43,11 @@ testem.log .DS_Store Thumbs.db /yaml-generation/vendor/ -# Generated YAML + +/src/assets/YAML/teams.yaml +/src/assets/YAML/meta.yaml + +# Generated /src/assets/YAML/generated/generated.yaml +/src/assets/YAML/activities.yaml +src/assets/YAML/generated/dependency-tree.md \ No newline at end of file diff --git a/README.md b/README.md index 5a3d944..c46d81b 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ docker run -ti -v $(pwd)/src/assets/YAML/default:/var/www/html/src/assets/YAML/d docker run -v $(pwd)/src/assets/YAML/generated/generated.yaml:/srv/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm ``` +## Development +cd yaml-generation +docker run --rm -v $(pwd):/app composer install +cd .. +docker run -ti -v $(pwd)/yaml-generation:/var/www/html/yaml-generation -v $(pwd)/src/assets/YAML/:/var/www/html/src/assets/YAML/ wurstbrot/dsomm-yaml-generation + ## Credits * The dimension _Test and Verification_ is based on Christian Schneiders [Security DevOps Maturity Model (SDOMM)](https://www.christian-schneider.net/SecurityDevOpsMaturityModel.html). _Application tests_ and _Infrastructure tests_ are added by Timo Pagel. Also, the sub-dimension _Static depth_ has been evaluated by security experts at [OWASP Stammtisch Hamburg](https://www.owasp.org/index.php/OWASP_German_Chapter_Stammtisch_Initiative/Hamburg). diff --git a/yaml-generation/generateDimensions.php b/yaml-generation/generateDimensions.php index 71d5c20..263d466 100644 --- a/yaml-generation/generateDimensions.php +++ b/yaml-generation/generateDimensions.php @@ -4,16 +4,6 @@ $errorMsg = array(); $implementationReferenceFile = "src/assets/YAML/default/implementations.yaml"; -$metadata = readYaml("src/assets/YAML/meta.yaml"); - -$teams = $metadata["teams"]; -if (sizeof($teams) == 0) { - echo "Warning: No teams defined"; -} -$teamsImplemented = array(); -foreach ($teams as $team) { - $teamsImplemented[$team] = false; -} $files = glob("src/assets/YAML/default/*/*.yaml"); $dimensions = array(); @@ -89,29 +79,6 @@ if (!array_key_exists("tags", $activity)) { $dimensionsAggregated[$dimension][$subdimension][$activityName]["tags"] = ["none"]; } - if (!array_key_exists("teamsImplemented", $activity)) { - $dimensionsAggregated[$dimension][$subdimension][$activityName]["teamsImplemented"] = array(); - } - $evidenceImplemented = array(); - if (array_key_exists("teamsEvidence", $activity) && is_array($activity["teamsEvidence"]) && IS_IMPLEMENTED_WHEN_EVIDENCE) { - foreach ($activity["teamsEvidence"] as $team => $evidenceForTeam) { - if(!is_string($activity["teamsEvidence"][$team])) { - echo "teamsEvidence for team $team in $activityName is not a string, ignoring"; - continue; - } - if (strlen($activity["teamsEvidence"][$team]) > 0) { - $evidenceImplemented[$team] = true; - } else { - echo "Warning: '$activityName -> evidence -> $team' has no evidence set but should have"; - } - } - } - $dimensionsAggregated[$dimension][$subdimension][$activityName]["teamsImplemented"] = - array_merge( - $teamsImplemented, - $dimensionsAggregated[$dimension][$subdimension][$activityName]["teamsImplemented"], - $evidenceImplemented - ); if (!array_key_exists("openCRE", $activity["references"])) { $dimensionsAggregated[$dimension][$subdimension][$activityName]["references"]["openCRE"] = array(); $dimensionsAggregated[$dimension][$subdimension][$activityName]["references"]["openCRE"][] = "https://www.opencre.org/rest/v1/standard/DevSecOps+Maturity+Model+(DSOMM)/" . $subdimension . "/" . $dimensionsAggregated[$dimension][$subdimension][$activityName]["uuid"]; @@ -193,12 +160,33 @@ } -// Store generated data +// Store generated data with meta document first +$metaDocument = array( + 'meta' => array( + 'version' => '__VERSION_PLACEHOLDER__', + 'released' => date('Y-m-d'), + 'publisher' => 'https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/' + ) +); + +$metaString = yaml_emit($metaDocument); $dimensionsString = yaml_emit($dimensionsAggregated); + +// Combine both documents with proper YAML document separators +// Remove trailing ... from meta document and add proper separator +$metaString = rtrim($metaString); +if (substr($metaString, -3) === '...') { + $metaString = substr($metaString, 0, -3); +} + $targetGeneratedFile = getcwd() . "/src/assets/YAML/generated/generated.yaml"; echo "\nStoring to $targetGeneratedFile\n"; file_put_contents($targetGeneratedFile, $dimensionsString); +$combinedYaml = $metaString . $dimensionsString; +$targetGeneratedFile = getcwd() . "/src/assets/YAML/activities.yaml"; +echo "\nStoring to $targetGeneratedFile\n"; +file_put_contents($targetGeneratedFile, $combinedYaml); // Store dependency graph $graphFilename = getcwd() . "/src/assets/YAML/generated/dependency-tree.md";