Bump docs/themes/uswds from 631e114 to ac7915f

.github/workflows/issue-triage.yml

@@ -11,15 +11,15 @@ jobs:
     if: github.event.action == 'opened'
     steps:
       - name: Add New Issues to Issue Triage Board
-        uses: peter-evans/create-or-update-project-card@866533e2ae61f13c35fd1d374049713fab43c729
+        uses: peter-evans/create-or-update-project-card@5eacbbd224b7814354861b555cc18a8359e2cebe
         with:
           project-name: Issue Triage
           column-name: Needs Triage
   removeCard:
     runs-on: ubuntu-20.04
     if: github.event.action == 'closed'
     steps:
-      - uses: alex-page/github-project-automation-plus@bb266ff4dde9242060e2d5418e120a133586d488
+      - uses: alex-page/github-project-automation-plus@1f8873e97e3c8f58161a323b7c568c1f623a1c4d
         with:
           project: Issue Triage
           column: Done

.github/workflows/package-release.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       # use this for main repo master builds
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
         with:
           path: ${{ env.OSCAL_HOME }}
           submodules: recursive
@@ -38,14 +38,14 @@ jobs:
           bash "${OSCAL_CICD_PATH}/package-release.sh" "${OSCAL_WORKING_PATH}"
           tar -jcvf "${OSCAL_WORKING_PATH}/${RELEASE_NAME}.tar.bz2" -C "${OSCAL_WORKING_PATH}/archive" .
           (cd "${OSCAL_WORKING_PATH}/archive" && zip -r "../${RELEASE_NAME}.zip" .)
-      - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
         with:
           name: release-artifacts
           path: |
             ${{ env.OSCAL_WORKING_PATH }}/${{ env.RELEASE_NAME }}.tar.bz2
             ${{ env.OSCAL_WORKING_PATH }}/${{ env.RELEASE_NAME }}.zip
           retention-days: 5
-      - uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37
+      - uses: ncipollo/release-action@18eadf9c9b0f226f47f164f5373c6a44f0aae169
         with:
           name: OSCAL ${{ env.RELEASE_VERSION }} Release
           allowUpdates: false

.github/workflows/workflow-generate-metaschema-resources.yml

@@ -36,7 +36,7 @@ jobs:
     # use this for builds triggered from the UI on protected branches
     - name: Checkout Latest (using COMMIT_TOKEN)
       if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.CHECKOUT_PATH }}
         token: ${{ secrets.COMMIT_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
     # use this for builds triggered from other workflows on protected branches
     - name: Checkout Latest (using access_token)
       if: github.event_name == 'push' && inputs.commit_resources == true
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.CHECKOUT_PATH }}
         token: ${{ secrets.access_token }}
@@ -54,7 +54,7 @@ jobs:
     # use this for overything else (i.e., pull requests) where publication is not needed
     - name: Checkout Latest
       if: steps.checkout_latest_workflow.conclusion == 'skipped' && steps.checkout_latest_push.conclusion == 'skipped'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.CHECKOUT_PATH }}
         submodules: recursive
@@ -66,7 +66,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c
       with:
         java-version: 11
         distribution: 'temurin'
@@ -77,7 +77,7 @@ jobs:
         mkdir -p "${JAVA_CLASSPATH}"
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
     - name: Set up NodeJS
-      uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
       with:
         node-version-file: '${{ env.CHECKOUT_PATH }}/build/.nvmrc'
         cache: 'npm'
@@ -119,18 +119,30 @@ jobs:
       run: |
         zip ${{ runner.temp }}/metaschema-artifacts.zip -r xml/schema/*.xsd json/schema/*.json xml/convert/*.xsl json/convert/*.xsl
       working-directory: ${{ env.CHECKOUT_PATH }}
-    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+    - name: Zip Schematron Validation Results for Debugging
+      if: always()
+      run: |
+        zip ${{ runner.temp }}/schematron-validations.zip -r ${{ runner.temp }} build/metaschema/toolchains/xslt-M4/validate/metaschema-composition-check-compiled.xsl
+      working-directory: ${{ env.CHECKOUT_PATH }}
+    - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
       with:
         name: schemas-and-converters
         path: |
           ${{ runner.temp }}/metaschema-artifacts.zip
         retention-days: 5
+    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+      if: always()
+      with:
+        name: schematron-validation-reports
+        path: |
+          ${{ runner.temp }}/schematron-validations.zip
+        retention-days: 5
     # Store Built Artifacts
     # ---------------
     - name: Publish Schemas and Converters
       # only do this on master
       if: github.event.inputs.commit_resources == 'true' || inputs.commit_resources == true
-      uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b
+      uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a
       with:
         repository: ${{ env.CHECKOUT_PATH }}
         file_pattern: xml json

.github/workflows/workflow-generate-website-reference.yml

@@ -41,15 +41,15 @@ jobs:
     # 2) The target branch where the metaschemas exist that are the basis of reference information.
     # Checkout the current branch for reading
     - name: Checkout Latest
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.BRANCH_PATH }}
         submodules: recursive
         fetch-depth: 0 # this ensures that the tag and commit history are available
     # use this for builds triggered from the UI on protected branches
     - name: Checkout Main (using COMMIT_TOKEN)
       if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.MAIN_PATH }}
         ref: ${{ env.MAIN_BRANCH_REF }}
@@ -59,7 +59,7 @@ jobs:
     # use this for builds triggered from other workflows on protected branches
     - name: Checkout Main (using access_token)
       if: github.event_name == 'push' && inputs.commit_resources == true
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.MAIN_PATH }}
         ref: ${{ env.MAIN_BRANCH_REF }}
@@ -69,7 +69,7 @@ jobs:
     # use this for overything else (i.e., pull requests) where publication is not needed
     - name: Checkout Main
       if: steps.checkout_main_workflow.conclusion == 'skipped' && steps.checkout_main_push.conclusion == 'skipped'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         path: ${{ env.MAIN_PATH }}
         ref: ${{ env.MAIN_BRANCH_REF }}
@@ -82,7 +82,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c
       with:
         java-version: 11
         distribution: 'temurin'
@@ -94,7 +94,7 @@ jobs:
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
     # Install Hugo
     - name: Store Hugo Executable in Cache
-      uses: actions/cache@0865c47f36e68161719c5b124609996bb5c40129
+      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
       with:
         path: /home/runner/go/bin/hugo
         key: ${{ runner.os }}-hugo-${{ hashFiles(format('{0}/build/go.sum', env.BRANCH_PATH)) }}
@@ -105,7 +105,7 @@ jobs:
         echo "/home/runner/go/bin" >> $GITHUB_PATH
     - name: Setup Golang
       if: steps.cache-hugo.outputs.cache-hit != 'true'
-      uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
+      uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
       with:
         go-version-file: '${{ env.BRANCH_PATH }}/build/go.mod'
         cache: true
@@ -115,6 +115,11 @@ jobs:
       run: |
         cd "${{ env.BRANCH_PATH }}/build"
         go install -tags "extended" github.com/gohugoio/hugo
+    - name: Setup Swap Space
+      # Since Hugo is requiring more memory
+      uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
+      with:
+        swap-size-gb: 10
     # Build Artifacts
     # ---------------
     - name: Generate Model Reference Documentation
@@ -144,7 +149,7 @@ jobs:
       run: |
         zip ${{ runner.temp }}/metaschema-website.zip -r public/
       working-directory: ${{ env.MAIN_PATH }}/docs
-    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+    - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
       with:
         name: website
         path: |
@@ -153,7 +158,7 @@ jobs:
     - name: Publish Generated Pages
       # only do this on master
       if: github.event.inputs.commit_resources == 'true' || inputs.commit_resources == true
-      uses: stefanzweifel/git-auto-commit-action@be7095c202abcf573b09f20541e0ee2f6a3a9d9b
+      uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a
       with:
         repository: ${{ env.MAIN_PATH }}
         file_pattern: docs

.github/workflows/workflow-generate-website.yml

@@ -49,23 +49,23 @@ jobs:
     # use this for builds triggered from the UI on protected branches
     - name: Checkout Latest (using COMMIT_TOKEN)
       if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         token: ${{ secrets.COMMIT_TOKEN }}
         submodules: recursive
       id: checkout_latest_workflow
     # use this for builds triggered from other workflows on protected branches
     - name: Checkout Latest (using access_token)
       if: github.event_name == 'push' && inputs.commit_resources == true
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         token: ${{ secrets.access_token }}
         submodules: recursive
       id: checkout_latest_push
     # use this for overything else (i.e., pull requests) where publication is not needed
     - name: Checkout Latest
       if: steps.checkout_latest_workflow.conclusion == 'skipped' && steps.checkout_latest_push.conclusion == 'skipped'
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: recursive
     - name: Set env
@@ -76,7 +76,7 @@ jobs:
     # -------------------------
     # Java JDK 11
     - name: Set up JDK
-      uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf
+      uses: actions/setup-java@c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c
       with:
         java-version: 11
         distribution: 'temurin'
@@ -86,20 +86,25 @@ jobs:
         cd "${BUILD_PATH}"
         mkdir -p "${JAVA_CLASSPATH}"
         mvn dependency:copy-dependencies -DoutputDirectory="${JAVA_CLASSPATH}"
+    - name: Setup Swap Space
+      # Since Hugo is requiring more memory
+      uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c
+      with:
+        swap-size-gb: 10
     # Build Artifacts
     # ---------------
     - name: Generate specification documentation
       run: |
         bash "${CICD_PATH}/generate-specification-documentation.sh"
-    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+    - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
       with:
         name: specification-docs
         path: |
           docs/content/concepts/processing/profile-resolution.html
         retention-days: 5
     # Install Hugo
     - name: Store Hugo Executable in Cache
-      uses: actions/cache@0865c47f36e68161719c5b124609996bb5c40129
+      uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
       with:
         path: /home/runner/go/bin/hugo
         key: ${{ runner.os }}-hugo-${{ hashFiles(format('{0}/go.sum', env.BUILD_PATH)) }}
@@ -110,7 +115,7 @@ jobs:
         echo "/home/runner/go/bin" >> $GITHUB_PATH
     - name: Setup Golang
       if: steps.cache-hugo.outputs.cache-hit != 'true'
-      uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
+      uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
       with:
         go-version-file: '${{ env.BUILD_PATH }}/go.mod'
         cache: true
@@ -128,38 +133,38 @@ jobs:
       run: |
         zip ${{ runner.temp }}/metaschema-website.zip -r public/
       working-directory: ${{ github.workspace }}/docs
-    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+    - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
       with:
         name: website
         path: |
           ${{ runner.temp }}/metaschema-website.zip
         retention-days: 5
     - name: Link Checker
       id: linkchecker
-      uses: lycheeverse/lychee-action@76ab977fedbeaeb32029313724a2e56a8a393548
+      uses: lycheeverse/lychee-action@4dcb8bee2a0a4531cba1a1f392c54e8375d6dd81
       with:
-        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress './docs/public/**/*.html' --accept 200,206,429
+        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './docs/public/**/*.html' --remap "https://pages.nist.gov/OSCAL/ file://${GITHUB_WORKSPACE}/docs/public/" --exclude-mail
         format: markdown
         output: html-link-report.md
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+    - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
       with:
         name: html-link-report
         path: html-link-report.md
         retention-days: 5
-    - uses: actions/github-script@7a5c598405937d486b0331594b5da2b14db670da
+    - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0
       if: steps.linkchecker.outputs.exit_code != 0
       with:
         script: |
           core.setFailed('Link checker detected broken or invalid links, read attached report.')
-    - uses: actions/github-script@7a5c598405937d486b0331594b5da2b14db670da
+    - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0
       if: steps.linkchecker.outputs.exit_code != 0 && (github.event.inputs.bad_links_fail_build == 'true' || inputs.bad_links_fail_build == true)
       with:
         script: |
           core.setFailed('Link checker detected broken or invalid links, read attached report.')
     - name: Deploy Website (using access_token)
-      uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
+      uses: peaceiris/actions-gh-pages@de7ea6f8efb354206b205ef54722213d99067935
       if: github.event_name == 'push' && inputs.commit_resources == true && github.ref_name == 'main'
       with:
         github_token: ${{ secrets.access_token }}
@@ -168,7 +173,7 @@ jobs:
         publish_branch: nist-pages
         commit_message: Deploying website [ci deploy skip]
     - name: Deploy Website (using COMMIT_TOKEN)
-      uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
+      uses: peaceiris/actions-gh-pages@de7ea6f8efb354206b205ef54722213d99067935
       if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true' && github.ref_name == 'main'
       with:
         github_token: ${{ secrets.COMMIT_TOKEN }}

.github/workflows/workflow-validate-repo-markdown.yml

@@ -23,13 +23,13 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     # use this for pulls where checkout is anonymous
-    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: recursive
     # Setup runtime environment
     # -------------------------
     - name: Set up NodeJS
-      uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561
+      uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
       with:
         node-version-file: 'build/.nvmrc'
         cache: 'npm'
@@ -61,7 +61,7 @@ jobs:
       id: linkchecker
     - name: Create issue if bad links detected in repo
       if: failure() && inputs.create_issue == true
-      uses: peter-evans/create-issue-from-file@97e6f902a416aac38834e23fa52e166aad0437d2 # v3.0.0
+      uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v3.0.0
       with:
         title: Scheduled Check of Markdown Documents Found Bad Hyperlinks
         content-filepath: mlc_report.log

.github/workflows/workflow-validate-website-content.yml

@@ -23,24 +23,24 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - name: Checkout Latest
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         fetch-depth: 0 # this ensures that the tag and commit history are available
     - name: Checkout git ref of published website content
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         ref: ${{ inputs.site_git_ref }}
         path: ${{ inputs.site_git_ref_path }}
     - name: Check website HTML content links
       id: linkchecker
-      uses: lycheeverse/lychee-action@76ab977fedbeaeb32029313724a2e56a8a393548
+      uses: lycheeverse/lychee-action@4dcb8bee2a0a4531cba1a1f392c54e8375d6dd81
       with:
-        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './published/**/*.html' --exclude-mail
+        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 "./${INPUT_SITE_GIT_REF}/**/*.html" --remap "https://pages.nist.gov/OSCAL/ file://${GITHUB_WORKSPACE}/${INPUT_SITE_GIT_REF}/" --exclude-mail
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Create issue if bad links detected
       if: steps.linkchecker.outputs.exit_code != 0 && inputs.create_issue
-      uses: peter-evans/create-issue-from-file@97e6f902a416aac38834e23fa52e166aad0437d2
+      uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f
       with:
         title: Scheduled Check of Website Content Found Bad Hyperlinks
         content-filepath: ./lychee/out.md