usnistgov · khanssen · Nov 5, 2025 · Nov 5, 2025 · Nov 5, 2025 · Nov 5, 2025
@@ -0,0 +1,94 @@
+name: OSCAL Validation
+
+on:
+  push:
+    branches: [ main, add-171a-plan ]
+
+jobs:
+  validate-oscal:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        submodules: false
+
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: '17'
+
+    - name: Setup OSCAL CLI
+      uses: oscal-club/[email protected]
+      with:
+        args: --version
+
+    - name: Validate Catalogs
+      run: |
+        for file in $(find . -name "*catalog*.json" 2>/dev/null); do
+          if [ -f "$file" ]; then
+            echo "Validating: $file"
+            oscal-cli catalog validate "$file"
+          fi
+        done
+      continue-on-error: true
+
+    - name: Validate Profiles
+      run: |
+        for file in $(find . -name "*profile*.json" 2>/dev/null); do
+          if [ -f "$file" ]; then
+            echo "Validating: $file"
+            oscal-cli profile validate "$file"
+          fi
+        done
+      continue-on-error: true
+
+    - name: Validate Assessment Plans
+      shell: bash
+      run: |
+        set -euo pipefail
+        shopt -s nullglob
+        files=( $(git ls-files '*assessment-plan*.json') )
+        if ((${#files[@]} == 0)); then
+          echo "No assessment-plan JSON files found. Skipping."
+          exit 0
+        fi
+        for file in "${files[@]}"; do
+          echo "Validating: $file"
+          oscal-cli validate "$file"
+        done
+      continue-on-error: true
+
+    - name: Validate Assessment Results
+      shell: bash
+      run: |
+        set -euo pipefail
+        shopt -s nullglob
+        files=( $(git ls-files '*assessment-results*.json') )
+        if ((${#files[@]} == 0)); then
+          echo "No assessment-results JSON files found. Skipping."
+          exit 0
+        fi
+        for file in "${files[@]}"; do
+          echo "Validating: $file"
+          oscal-cli validate "$file"
+        done
+      continue-on-error: true
+
+    - name: Validate POAMs
+      shell: bash
+      run: |
+        set -euo pipefail
+        shopt -s nullglob
+        files=( $(git ls-files '*poam*.json') )
+        if ((${#files[@]} == 0)); then
+          echo "No POAM JSON files found. Skipping."
+          exit 0
+        fi
+        for file in "${files[@]}"; do
+          echo "Validating: $file"
+          oscal-cli validate "$file"
+        done
+      continue-on-error: true
@@ -0,0 +1,65 @@
+name: Validate Metaschemas
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'src/metaschema/**/*.xml'
+
+jobs:
+  validate-metaschemas:
+    name: Validate metaschemas
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        file:
+          - ./src/metaschema/oscal_component_metaschema.xml
+          - ./src/metaschema/oscal_assessment-common_metaschema.xml
+          - ./src/metaschema/oscal_assessment-plan_metaschema.xml
+          - ./src/metaschema/oscal_assessment-results_metaschema.xml
+          - ./src/metaschema/oscal_catalog_metaschema.xml
+          - ./src/metaschema/oscal_complete_metaschema.xml
+          - ./src/metaschema/oscal_control-common_metaschema.xml
+          - ./src/metaschema/oscal_implementation-common_metaschema.xml
+          - ./src/metaschema/oscal_metadata_metaschema.xml
+          - ./src/metaschema/oscal_poam_metaschema.xml
+    steps:
+      - name: Checkout (no submodules)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: "false"
+          lfs: "false"
+          persist-credentials: "false"
+
+      - name: Setup Java (required for CLI)
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: "17"
+
+      - name: oscal-cli --version
+        uses: oscal-club/[email protected]
+        with:
+          args: --version
+
+      - name: Sanity-check ${{ matrix.file }}
+        shell: bash
+        run: |
+          set -e
+          echo "Validating presence of: ${{ matrix.file }}"
+          if [ ! -f "${{ matrix.file }}" ]; then
+            echo "❌ File not found: ${{ matrix.file }}"
+            echo "Listing ./src/metaschema:"
+            ls -la ./src/metaschema || true
+            echo "Tree (top-level):"
+            ls -la .
+            exit 66
+          else
+            echo "✅ Found ${{ matrix.file }}"
+          fi
+
+      - name: Validate ${{ matrix.file }}
+        uses: oscal-club/[email protected]
+        with:
+          args: validate metaschema ${{ matrix.file }}