usnistgov · david-waltermire · Dec 9, 2021 · Jan 31, 2022 · Feb 4, 2022 · Feb 28, 2022
@@ -65,7 +65,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3
       with:
         java-version: 11
         distribution: 'temurin'
@@ -76,7 +76,7 @@ jobs:
         mkdir -p "${JAVA_CLASSPATH}"
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
     - name: Set up NodeJS
-      uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+      uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
       with:
         node-version-file: '${{ env.CHECKOUT_PATH }}/build/.nvmrc'
         cache: 'npm'
@@ -129,7 +129,7 @@ jobs:
     - name: Publish Schemas and Converters
       # only do this on master
       if: github.event.inputs.commit_resources == 'true' || inputs.commit_resources == true
-      uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b
+      uses: stefanzweifel/git-auto-commit-action@49620cd3ed21ee620a48530e81dba0d139c9cb80
       with:
         repository: ${{ env.CHECKOUT_PATH }}
         file_pattern: xml json

@@ -81,7 +81,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3
       with:
         java-version: 11
         distribution: 'temurin'
@@ -93,7 +93,7 @@ jobs:
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
     # Install Hugo
     - name: Store Hugo Executable in Cache
-      uses: actions/cache@0865c47f36e68161719c5b124609996bb5c40129
+      uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
       with:
         path: /home/runner/go/bin/hugo
         key: ${{ runner.os }}-hugo-${{ hashFiles(format('{0}/build/go.sum', env.BRANCH_PATH)) }}
@@ -114,6 +114,11 @@ jobs:
       run: |
         cd "${{ env.BRANCH_PATH }}/build"
         go install -tags "extended" github.com/gohugoio/hugo
+    - name: Setup Swap Space
+      # Since Hugo is requiring more memory
+      uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
+      with:
+        swap-size-gb: 10
     # Build Artifacts
     # ---------------
     - name: Generate Model Reference Documentation
@@ -152,7 +157,7 @@ jobs:
     - name: Publish Generated Pages
       # only do this on master
       if: github.event.inputs.commit_resources == 'true' || inputs.commit_resources == true
-      uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b
+      uses: stefanzweifel/git-auto-commit-action@49620cd3ed21ee620a48530e81dba0d139c9cb80
       with:
         repository: ${{ env.MAIN_PATH }}
         file_pattern: docs

@@ -76,7 +76,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3
       with:
         java-version: 11
         distribution: 'temurin'
@@ -86,6 +86,11 @@ jobs:
         cd "${BUILD_PATH}"
         mkdir -p "${JAVA_CLASSPATH}"
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
+    - name: Setup Swap Space
+      # Since Hugo is requiring more memory
+      uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
+      with:
+        swap-size-gb: 10
     # Build Artifacts
     # ---------------
     - name: Generate specification documentation
@@ -99,7 +104,7 @@ jobs:
         retention-days: 5
     # Install Hugo
     - name: Store Hugo Executable in Cache
-      uses: actions/cache@0865c47f36e68161719c5b124609996bb5c40129
+      uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
       with:
         path: /home/runner/go/bin/hugo
         key: ${{ runner.os }}-hugo-${{ hashFiles(format('{0}/go.sum', env.BUILD_PATH)) }}
@@ -136,7 +141,7 @@ jobs:
         retention-days: 5
     - name: Link Checker
       id: linkchecker
-      uses: lycheeverse/lychee-action@76ab977fedbeaeb32029313724a2e56a8a393548
+      uses: lycheeverse/lychee-action@4a5af7cd2958a2282cefbd9c10f63bdb89982d76
       with:
         args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress './docs/public/**/*.html' --accept 200,206,429
         format: markdown
@@ -148,12 +153,12 @@ jobs:
         name: html-link-report
         path: html-link-report.md
         retention-days: 5
-    - uses: actions/github-script@7a5c598405937d486b0331594b5da2b14db670da
+    - uses: actions/github-script@d50f485531ba88479582bc2da03ff424389af5c1
       if: steps.linkchecker.outputs.exit_code != 0
       with:
         script: |
           core.setFailed('Link checker detected broken or invalid links, read attached report.')
-    - uses: actions/github-script@7a5c598405937d486b0331594b5da2b14db670da
+    - uses: actions/github-script@d50f485531ba88479582bc2da03ff424389af5c1
       if: steps.linkchecker.outputs.exit_code != 0 && (github.event.inputs.bad_links_fail_build == 'true' || inputs.bad_links_fail_build == true)
       with:
         script: |

@@ -29,7 +29,7 @@ jobs:
     # Setup runtime environment
     # -------------------------
     - name: Set up NodeJS
-      uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+      uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
       with:
         node-version-file: 'build/.nvmrc'
         cache: 'npm'
@@ -61,7 +61,7 @@ jobs:
       id: linkchecker
     - name: Create issue if bad links detected in repo
       if: failure() && inputs.create_issue == true
-      uses: peter-evans/create-issue-from-file@97e6f902a416aac38834e23fa52e166aad0437d2 # v3.0.0
+      uses: peter-evans/create-issue-from-file@99b87c35610e986ad2034a7b0518a9b3ebea541b # v3.0.0
       with:
         title: Scheduled Check of Markdown Documents Found Bad Hyperlinks
         content-filepath: mlc_report.log

@@ -33,14 +33,14 @@ jobs:
         path: ${{ inputs.site_git_ref_path }}
     - name: Check website HTML content links
       id: linkchecker
-      uses: lycheeverse/lychee-action@76ab977fedbeaeb32029313724a2e56a8a393548
+      uses: lycheeverse/lychee-action@4a5af7cd2958a2282cefbd9c10f63bdb89982d76
       with:
         args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './published/**/*.html'
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Create issue if bad links detected
       if: steps.linkchecker.outputs.exit_code != 0 && inputs.create_issue
-      uses: peter-evans/create-issue-from-file@97e6f902a416aac38834e23fa52e166aad0437d2
+      uses: peter-evans/create-issue-from-file@99b87c35610e986ad2034a7b0518a9b3ebea541b
       with:
         title: Scheduled Check of Website Content Found Bad Hyperlinks
         content-filepath: ./lychee/out.md

@@ -11,7 +11,7 @@ RUN apt-get install -y \
     apt-utils build-essential git jq libxml2-utils maven nodejs npm python3-pip unzip wget && \
     apt-get clean
 
-FROM golang:1.18.3-bullseye as oscal-hugo-build
+FROM golang:1.19.0-bullseye as oscal-hugo-build
 
 RUN mkdir -p /go/src/github.com/usnistgov/OSCAL/build
 

@@ -7,3 +7,4 @@ src/metaschema/oscal_ssp_metaschema.xml|xml,json|xml,json|xml,json
 src/metaschema/oscal_poam_metaschema.xml|xml,json|xml,json|xml,json
 src/metaschema/oscal_assessment-plan_metaschema.xml|xml,json|xml,json|xml,json
 src/metaschema/oscal_assessment-results_metaschema.xml|xml,json|xml,json|xml,json
+src/metaschema/oscal_mapping_metaschema.xml|xml,json|xml,json|xml,json
@@ -7,3 +7,4 @@ src/metaschema/oscal_component_metaschema.xml|model-reference|component-definiti
 src/metaschema/oscal_assessment-plan_metaschema.xml|model-reference|assessment-plan|Assessment Plan|assessment|assessment-plan
 src/metaschema/oscal_assessment-results_metaschema.xml|model-reference|assessment-results|Assessment Results|assessment|assessment-results
 src/metaschema/oscal_poam_metaschema.xml|model-reference|plan-of-action-and-milestones|Plan of Action and Milestones|assessment|poam
+src/metaschema/oscal_mapping_metaschema.xml|model-reference|mapping|Control Mapping|control|mapping
@@ -98,7 +98,7 @@ fi
 metaschema_toolchain="${OSCALDIR}/build/metaschema/toolchains/xslt-M4"
 schematron="${metaschema_toolchain}/validate/metaschema-composition-check.sch"
 compiled_schematron="${metaschema_toolchain}/validate/metaschema-composition-check-compiled.xsl"
-metaschema_xsd="${metaschema_toolchain}/validate/metaschema.xsd"
+metaschema_xsd="${OSCALDIR}/build/metaschema/schema/xml/metaschema.xsd"
 
 build_schematron "$schematron" "$compiled_schematron"
 cmd_exitcode=$?

@@ -13,3 +13,4 @@ https://csrc.nist.gov/projects/cryptographic-module-validation-program/certifica
 https://cdn.telos.com/wp-content/uploads/2021/06/22150746/Xacta-360-EULA-US.pdf
 https://search.usa.gov/search
 https://example.com/.*
+https://www.mirantis.com/blog/automating-compliance-for-highly-regulated-industries-with-docker-enterprise-edition-and-oscal.*
@@ -2,7 +2,7 @@ module github.com/usnistgov/OSCAL/build
 
 go 1.18
 
-require github.com/gohugoio/hugo v0.83.1
+require github.com/gohugoio/hugo v0.101.0
 
 require (
 	cloud.google.com/go v0.101.0 // indirect
@@ -18,11 +18,9 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/locker v0.0.0-20171006230638-a6e239ea1c69 // indirect
-	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
-	github.com/alecthomas/chroma v0.9.1 // indirect
-	github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae // indirect
+	github.com/alecthomas/chroma/v2 v2.2.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/aws/aws-sdk-go v1.43.5 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.9.0 // indirect
@@ -34,19 +32,23 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.4.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.7.0 // indirect
 	github.com/aws/smithy-go v1.8.0 // indirect
+	github.com/bep/clock v0.3.0 // indirect
 	github.com/bep/debounce v1.2.0 // indirect
 	github.com/bep/gitmap v1.1.2 // indirect
+	github.com/bep/goat v0.5.0 // indirect
 	github.com/bep/godartsass v0.14.0 // indirect
 	github.com/bep/golibsass v1.1.0 // indirect
 	github.com/bep/gowebp v0.1.0 // indirect
+	github.com/bep/overlayfs v0.6.0 // indirect
 	github.com/bep/tmc v0.5.1 // indirect
+	github.com/clbanning/mxj/v2 v2.5.6 // indirect
 	github.com/cli/safeexec v1.0.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
-	github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
 	github.com/disintegration/gift v1.2.1 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/evanw/esbuild v0.14.43 // indirect
+	github.com/frankban/quicktest v1.14.3 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/getkin/kin-openapi v0.97.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
@@ -55,6 +57,8 @@ require (
 	github.com/gobuffalo/flect v0.2.5 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gohugoio/go-i18n/v2 v2.1.3-0.20210430103248-4c28c89f8013 // indirect
+	github.com/gohugoio/locales v0.14.0 // indirect
+	github.com/gohugoio/localescompressed v1.0.1 // indirect
 	github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
@@ -64,28 +68,26 @@ require (
 	github.com/googleapis/gax-go/v2 v2.3.0 // indirect
 	github.com/googleapis/go-type-adapters v1.0.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hairyhenderson/go-codeowners v0.2.3-0.20201026200250-cdc7c0759690 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/invopop/yaml v0.1.0 // indirect
 	github.com/jdkato/prose v1.2.1 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/kyokomi/emoji/v2 v2.2.9 // indirect
 	github.com/magefile/mage v1.13.0 // indirect
-	github.com/magiconair/properties v1.8.1 // indirect
 	github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e // indirect
 	github.com/mattn/go-ieproxy v0.0.1 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
-	github.com/miekg/mmark v1.3.6 // indirect
 	github.com/mitchellh/hashstructure v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/muesli/smartcrop v0.3.0 // indirect
 	github.com/niklasfasching/go-org v1.6.5 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/pelletier/go-toml v1.9.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
 	github.com/rogpeppe/go-internal v1.8.1 // indirect
-	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd // indirect
 	github.com/sanity-io/litter v1.5.5 // indirect
@@ -95,14 +97,11 @@ require (
 	github.com/spf13/fsync v0.9.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.7.1 // indirect
-	github.com/stretchr/testify v1.7.2 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/tdewolff/minify/v2 v2.11.10 // indirect
 	github.com/tdewolff/parse/v2 v2.6.0 // indirect
 	github.com/yuin/goldmark v1.4.12 // indirect
-	github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 // indirect
 	go.opencensus.io v0.23.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
 	gocloud.dev v0.24.0 // indirect
 	golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa // indirect
 	golang.org/x/image v0.0.0-20211028202545-6944b10bf410 // indirect
@@ -111,13 +110,13 @@ require (
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.11 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/api v0.76.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46 // indirect
 	google.golang.org/grpc v1.46.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
-	gopkg.in/ini.v1 v1.51.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )