ci: add OSCAL artifact checks in CI

jpower432 · jpower432 · commit ae74d5d1c330 · 2025-12-05T16:10:11.000-05:00
Signed-off-by: Jennifer Power &lt;barnabei.jennifer@gmail.com&gt;
diff --git a/.github/workflows/oscal-test.yml b/.github/workflows/oscal-test.yml
@@ -0,0 +1,44 @@
+name: OSCAL Testing
+
+permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "oscal/**"
+      - "cmd/oscal_export/**"
+
+jobs:
+  OSCAL-Test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v6.0.1
+        with:
+          persist-credentials: false
+      - uses: actions/setup-go@v6
+        with:
+          go-version: stable
+      - name: Generate OSCAL artifacts
+        run: make oscalgenerate
+      - name: Setup Java # this is here because oscal-cli-action below needs a java runtime
+        uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e
+        id: setup-java
+        with:
+          distribution: adopt
+          java-version: 11
+      - name: Validate OSCAL catalog
+        uses: oscal-club/oscal-cli-action@1a210b84bc1fd6adf15c9cf0d46a51d15a3d8301 # v2.0.1
+        with:
+          args: validate ./artifacts/catalog.json
+      - name: Validate OSCAL profile
+        uses: oscal-club/oscal-cli-action@1a210b84bc1fd6adf15c9cf0d46a51d15a3d8301 # v2.0.1
+        with:
+          args: validate ./artifacts/profile.json
+      - name: Validate OSCAL guidance catalog
+        uses: oscal-club/oscal-cli-action@1a210b84bc1fd6adf15c9cf0d46a51d15a3d8301 # v2.0.1
+        with:
+          args: validate ./artifacts/guidance.json
diff --git a/cmd/oscal_export/export/export.go b/cmd/oscal_export/export/export.go
@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
+	"path/filepath"
 
 	oscalTypes "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-3"
 
@@ -31,7 +32,22 @@ func Guidance(path string, args []string) error {
 		return err
 	}
 
-	oscalProfile, err := oscal.ProfileFromGuidanceDocument(&guidanceDocument, fmt.Sprintf("file://%s", *catalogOutputFile))
+	profileDir := filepath.Dir(*profileOutputFile)
+	catalogAbsPath, err := filepath.Abs(*catalogOutputFile)
+	if err != nil {
+		return fmt.Errorf("error resolving absolute path for catalog output: %w", err)
+	}
+	profileAbsDir, err := filepath.Abs(profileDir)
+	if err != nil {
+		return fmt.Errorf("error resolving absolute path for profile directory: %w", err)
+	}
+	relativeCatalogPath, err := filepath.Rel(profileAbsDir, catalogAbsPath)
+	if err != nil {
+		return fmt.Errorf("error calculating relative path: %w", err)
+	}
+	relativeCatalogPath = filepath.ToSlash(relativeCatalogPath)
+
+	oscalProfile, err := oscal.ProfileFromGuidanceDocument(&guidanceDocument, relativeCatalogPath)
 	if err != nil {
 		return err
 	}
diff --git a/test-data/good-aigf.yaml b/test-data/good-aigf.yaml
@@ -68,4 +68,26 @@ categories:
         see-also:
           - AIR-DET-015
           - AIR-DET-004
-          - AIR-PREV-005
+          - AIR-PREV-005
+      - id: AIR-DET-004
+        title: Example Detective Control 004
+        objective: Placeholder control for testing references.
+        rationale:
+          risks: []
+          outcomes: []
+      - id: AIR-DET-015
+        title: Example Detective Control 015
+        objective: Placeholder control for testing references.
+        rationale:
+          risks: []
+          outcomes: []
+  - id: PREV
+    title: Preventive
+    description: Prevention and Risk Mitigation
+    guidelines:
+      - id: AIR-PREV-005
+        title: Example Preventive Control 005
+        objective: Placeholder control for testing references.
+        rationale:
+          risks: []
+          outcomes: []
