Configured GITHUB_TOKEN permissions.

Added workflow-related configurations.
Fixed broken markdown and website links.

.github/issue_template.md

@@ -0,0 +1 @@
+{Please describe the nature of your issue}

.github/workflows/config/.env

@@ -0,0 +1 @@
+HUGO_VERSION=0.118.2

.github/workflows/config/.lycheeignore

@@ -0,0 +1,2 @@
+https://search.usa.gov/search
+https://github.com/usnistgov/vulntology/tree/master/website/content/*

.github/workflows/config/.markdown-link-check/config.json

@@ -0,0 +1,34 @@
+{
+  "ignorePatterns": [
+        {
+            "pattern": "https://docs.github.com"
+        },
+        {
+            "pattern": "https://guides.github.com"
+        },
+        {
+            "pattern": "https://help.github.com"
+        },
+        {
+            "pattern": "https://www.bottlecaps.de/rex/"
+        }
+  ],
+  "replacementPatterns": [
+        {
+            "pattern": "^../../issues",
+            "replacement": "https://github.com/usnistgov/metaschema/issues"
+        },
+        {
+            "pattern": "^../../projects",
+            "replacement": "https://github.com/usnistgov/metaschema/projects"
+        },
+        {
+            "pattern": "^../../releases",
+            "replacement": "https://github.com/usnistgov/metaschema/releases"
+        },
+        {
+            "pattern": "^../../tree",
+            "replacement": "https://github.com/usnistgov/metaschema/tree"
+        }
+    ]
+}

.github/workflows/config/.nvmrc

@@ -0,0 +1 @@
+v16

.github/workflows/link-check.yml

@@ -26,7 +26,7 @@ on:
         required: true
         default: 'published'
         type: string
-      create_issue:
+      linkcheck_create_issue:
         description: 'create new GitHub issue if broken links found'
         required: false
         default: true
@@ -38,25 +38,25 @@ jobs:
     with:
       ignorePattern: '^website/'
       markdownLinkCheckConfig: 'build/config/.markdown-link-check/config.json'
-      create_issue: true
+      linkcheck_create_issue: true
   schedule-validate-repo-markdown-links-debug:
     uses: ./.github/workflows/workflow-validate-repo-markdown.yml
     if: github.event_name == 'workflow_dispatch'
     with:
       ignorePattern: ${{ github.event.inputs.ignorePattern }}
       markdownLinkCheckConfig: ${{ github.event.inputs.markdownLinkCheckConfig }}
-      create_issue: ${{ contains('true', github.event.inputs.create_issue) }}
+      linkcheck_create_issue: ${{ contains('true', github.event.inputs.linkcheck_create_issue) }}
   schedule-validate-website-links:
     uses: ./.github/workflows/workflow-validate-website-content.yml
     if: github.event_name != 'workflow_dispatch'
     with:
       site_git_ref: 'nist-pages'
       site_git_ref_path: 'published'
-      create_issue: true
+      linkcheck_create_issue: true
   schedule-validate-website-links-debug:
     uses: ./.github/workflows/workflow-validate-website-content.yml
     if: github.event_name == 'workflow_dispatch'
     with:
       site_git_ref: ${{ github.event.inputs.site_git_ref }}
       site_git_ref_path: ${{ github.event.inputs.site_git_ref_path }}
-      create_issue: ${{ contains('true', github.event.inputs.create_issue) }}
+      linkcheck_create_issue: ${{ contains('true', github.event.inputs.linkcheck_create_issue) }}

.github/workflows/status-ci-cd.yml

@@ -26,5 +26,3 @@ jobs:
     uses: ./.github/workflows/workflow-generate-website.yml
     with:
       commit_resources: true
-    secrets:
-      access_token: ${{ secrets.COMMIT_TOKEN }}

.github/workflows/workflow-generate-website.yml

@@ -7,15 +7,11 @@ on:
         required: false
         default: false
         type: boolean
-      bad_links_fail_build:
+      linkcheck_fail_on_error:
         description: 'a boolean flag that determines if bad links found by the link checker fail fast and stop a complete build'
         required: false
         default: true
         type: boolean
-    secrets:
-      access_token:
-        description: 'the access token to use for commits'
-        required: false
   workflow_dispatch:
     branches:
     - main
@@ -27,12 +23,12 @@ on:
         required: true
         default: false
         type: boolean
-      bad_links_fail_build:
+      linkcheck_fail_on_error:
         description: 'a boolean flag that determines if bad links found by the link checker fail fast and stop a complete build'
         required: false
         default: true
         type: boolean
-      create_issue:
+      linkcheck_create_issue:
         description: 'create new GitHub issue if broken links found'
         required: false
         default: false
@@ -43,26 +39,20 @@ jobs:
     runs-on: ubuntu-20.04
     env:
       BUILD_PATH: ./build
+    permissions:
+      contents: write
     steps:
-    # use this for builds triggered from the UI on protected branches
-    - name: Checkout Latest (using COMMIT_TOKEN)
-      if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true'
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
-      with:
-        token: ${{ secrets.COMMIT_TOKEN }}
-        submodules: recursive
-      id: checkout_latest_workflow
-    # use this for builds triggered from other workflows on protected branches
-    - name: Checkout Latest (using access_token)
-      if: github.event_name == 'push' && inputs.commit_resources == true
+    # use this for builds triggered from the UI and from workflows on protected branches
+    - id: checkout_latest_workflow
+      name: Checkout Latest
+      if: (github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true') || (github.event_name == 'push' && inputs.commit_resources == true)
       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
       with:
-        token: ${{ secrets.access_token }}
+        token: ${{ secrets.GITHUB_TOKEN  }}
         submodules: recursive
-      id: checkout_latest_push
     # use this for overything else (i.e., pull requests) where publication is not needed
     - name: Checkout Latest
-      if: steps.checkout_latest_workflow.conclusion == 'skipped' && steps.checkout_latest_push.conclusion == 'skipped'
+      if: steps.checkout_latest_workflow.conclusion == 'skipped'
       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
       with:
         submodules: recursive
@@ -75,7 +65,7 @@ jobs:
     - name: Read .env
       id: hugo-version
       run: |
-        . ./.env
+        . .github/workflows/config/.env
         echo "HUGO_VERSION=${HUGO_VERSION}" >> "${GITHUB_OUTPUT}"
     - name: Setup Hugo
       uses: peaceiris/actions-hugo@v2
@@ -85,7 +75,7 @@ jobs:
     - name: Set up NodeJS
       uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
       with:
-        node-version-file: 'build/.nvmrc'
+        node-version-file: '.github/workflows/config/.nvmrc'
         cache: 'npm'
         cache-dependency-path: package-lock.json
     - name: Setup Dependencies
@@ -118,50 +108,51 @@ jobs:
       run: |
         zip ${{ runner.temp }}/metaschema-website.zip -r public/
       working-directory: ${{ github.workspace }}/website
-    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+    - name: Upload generated site
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
       with:
         name: website
         path: |
           ${{ runner.temp }}/metaschema-website.zip
         retention-days: 5
-    - name: Link Checker
-      id: linkchecker
+    - id: linkchecker
+      name: Link Checker
       uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421
       with:
-        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './website/public/**/*.html' --remap "https://pages.nist.gov/metaschema/ file://${GITHUB_WORKSPACE}/website/public/" --exclude-mail
+        args: --exclude-file .github/workflows/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './website/public/**/*.html' --remap "https://pages.nist.gov/vulntology/ file://${GITHUB_WORKSPACE}/website/public/" --exclude-mail
         format: markdown
         output: html-link-report.md
+        debug: true
+        fail: true
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+      continue-on-error: true
+    - name: Upload link check report
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
       with:
         name: html-link-report
         path: html-link-report.md
         retention-days: 5
-    - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
-      if: steps.linkchecker.outputs.exit_code != 0
+    - name: Create issue if bad links detected
+      if: ${{ !cancelled() && env.lychee_exit_code != 0 && inputs.linkcheck_create_issue }}
+      uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f
       with:
-        script: |
-          core.setFailed('Link checker detected broken or invalid links, read attached report.')
-    - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
-      if: steps.linkchecker.outputs.exit_code != 0 && (github.event.inputs.bad_links_fail_build == 'true' || inputs.bad_links_fail_build == true)
+        title: Scheduled Check of Website Content Found Bad Hyperlinks
+        content-filepath: ./lychee/out.md
+        labels: |
+          bug
+          documentation
+    - name: Fail on link check error
+      if: ${{ !cancelled() && env.lychee_exit_code != 0 && (github.event.inputs.linkcheck_fail_on_error == 'true' || inputs.linkcheck_fail_on_error == true) }}
+      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
       with:
         script: |
           core.setFailed('Link checker detected broken or invalid links, read attached report.')
-    - name: Deploy Website (using access_token)
-      uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847
-      if: github.event_name == 'push' && inputs.commit_resources == true && github.ref_name == 'main'
-      with:
-        github_token: ${{ secrets.access_token }}
-        enable_jekyll: false
-        publish_dir: ./website/public
-        publish_branch: nist-pages
-        commit_message: Deploying website [ci deploy skip]
-    - name: Deploy Website (using COMMIT_TOKEN)
+    - name: Deploy Website
       uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847
-      if: github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true' && github.ref_name == 'main'
+      if: github.ref_name == 'main' && ((github.event_name == 'push' && inputs.commit_resources == true) || (github.event_name == 'workflow_dispatch' && github.event.inputs.commit_resources == 'true'))
       with:
-        github_token: ${{ secrets.COMMIT_TOKEN }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
         enable_jekyll: false
         publish_dir: ./website/public
         publish_branch: nist-pages

.github/workflows/workflow-validate-repo-markdown.yml

@@ -10,9 +10,9 @@ on:
       markdownLinkCheckConfig:
         description: 'the path to the markdown link check config file'
         required: false
-        default: 'build/config/.markdown-link-check/config.json'
+        default: '.github/workflows/config/.markdown-link-check/config.json'
         type: string
-      create_issue:
+      linkcheck_create_issue:
         description: 'create new GitHub issue if broken links found'
         required: false
         default: false
@@ -21,6 +21,9 @@ jobs:
   validate-repo-markdown:
     name: Validate Repo Markdown
     runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+      issues: write
     steps:
     # use this for pulls where checkout is anonymous
     - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
@@ -31,7 +34,7 @@ jobs:
     - name: Set up NodeJS
       uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
       with:
-        node-version-file: 'build/.nvmrc'
+        node-version-file: '.github/workflows/config/.nvmrc'
         cache: 'npm'
         cache-dependency-path: 'package-lock.json'
     - name: Setup Dependencies
@@ -59,11 +62,11 @@ jobs:
         exit ${PIPESTATUS[2]}
       id: linkchecker
     - name: Create issue if bad links detected in repo
-      if: failure() && inputs.create_issue == true
+      if: failure() && inputs.linkcheck_create_issue == true
       uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v3.0.0
       with:
         title: Scheduled Check of Markdown Documents Found Bad Hyperlinks
         content-filepath: mlc_report.log
         labels: |
           bug
-          Scope: Documentation
+          documentation

.github/workflows/workflow-validate-website-content.yml

@@ -1,5 +1,4 @@
 name: Validate Website Content
-
 on:
   workflow_call:
     inputs:
@@ -13,14 +12,22 @@ on:
         required: true
         default: 'published'
         type: string
-      create_issue:
+      linkcheck_create_issue:
+        description: 'create new GitHub issue if broken links found'
+        required: false
+        default: false
+        type: boolean
+      linkcheck_fail_on_error:
         description: 'create new GitHub issue if broken links found'
         required: false
         default: false
         type: boolean
 jobs:
   schedule-validate-website-links:
     runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+      issues: write
     steps:
     - name: Checkout Latest
       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
@@ -35,16 +42,23 @@ jobs:
       id: linkchecker
       uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421
       with:
-        args: --exclude-file ./build/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './${{ inputs.site_git_ref_path }}/**/*.html' --exclude-mail
+        args: --exclude-file .github/workflows/config/.lycheeignore --verbose --no-progress --accept 200,206,429 './${{ inputs.site_git_ref_path }}/**/*.html' --exclude-mail
+        fail: true
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      continue-on-error: true
     - name: Create issue if bad links detected
-      if: steps.linkchecker.outputs.exit_code != 0 && inputs.create_issue
+      if: ${{ !cancelled() && env.lychee_exit_code != 0 && inputs.linkcheck_create_issue }}
       uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f
       with:
         title: Scheduled Check of Website Content Found Bad Hyperlinks
         content-filepath: ./lychee/out.md
         labels: |
           bug
-          Scope: Documentation
-          Scope: Website
+          documentation
+    - name: Check coverage tolerance
+      if: ${{ env.lychee_exit_code != 0 && inputs.linkcheck_fail_on_error }}
+      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
+      with:
+        script: |
+          core.setFailed('Link checker detected broken or invalid links, read attached report.')

.gitignore

@@ -4,4 +4,3 @@
 /website/public
 /website/resources
 /website/_vendor
-

CONTRIBUTING.md

@@ -23,9 +23,9 @@ For more information on the project's current needs and priorities, see the proj
 ## Issue reporting and handling
 
 All requests for changes and enhancements to the repository are initiated through the project's [GitHub issue tracker](https://github.com/usnistgov/vulntology/issues). To initiate a request, please [create a new issue](https://help.github.com/articles/creating-an-issue/). The following issue templates exist for creating a new issue:
-* [User Story](https://github.com/usnistgov/vulntology/issues/new?template=feature_request.md&labels=enhancement%2C+User+Story): Use to describe a new feature or capability to be added to the project.
-* [Defect Report](https://github.com/usnistgov/vulntology/issues/new?template=bug_report.md&labels=bug): Use to report a problem with an existing feature or capability.
-* [Question](https://github.com/usnistgov/vulntology/issues/new?labels=question&template=question.md): Use to ask a question about the project or the contents of the repository.
+* [User Story](https://github.com/usnistgov/vulntology/issues/new?template=feature_request.yaml&labels=enhancement%2C+user+story): Use to describe a new feature or capability to be added to the project.
+* [Defect Report](https://github.com/usnistgov/vulntology/issues/new?template=bug_report.yaml&labels=bug): Use to report a problem with an existing feature or capability.
+* [Question](https://github.com/usnistgov/vulntology/issues/new?labels=question&template=question.yaml): Use to ask a question about the project or the contents of the repository.
 
 The project team regularly reviews the open issues, prioritizes their handling, and updates the issue statuses, proving comments on the current status as needed.
 
@@ -45,7 +45,8 @@ This project uses a typical GitHub fork and pull request [workflow](https://guid
 This repository consists of the following directories and files pertaining to the Vulntology project:
 
 - [.github](.github): Contains GitHub issue and pull request templates for the project.
-- [specification](specification): The current Vulntology specification, described in a collection of Markdown pages.- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md): This file contains a code of conduct for the Vulntology project contributors.
+- [website](website): The current Vulntology specification website, described as a collection of Markdown pages to be generated as HTML.
+- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md): This file contains a code of conduct for the Vulntology project contributors.
 - [CONTRIBUTING.md](CONTRIBUTING.md): This file is for potential contributors to the project. It provides basic information on the project, describes the main ways people can make contributions, explains how to report issues, and lists pointers to additional sources of information. It also has instructions on establishing a development environment for contributing to the project and using GitHub project cards to track development sprints.
 - [LICENSE.md](LICENSE.md): This file contains license information for the files in this GitHub repository.
 - [USERS.md](USERS.md): This file explains which types of users are most likely to benefit from use of this project and its artifacts.

LICENSE.md

@@ -2,9 +2,9 @@
 
 As a work of the United States government, this project is in the public domain within the United States.
 
-Additionally, we waive copyright and related rights in the work worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+Copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
 
-As a work of the United States government, this project is in the public domain within the United States under the [National Institute of Standards and Technology License](#national-institute-of-standards-and-technology-license). Additionally, we waive copyright and related rights in the work worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+As a work of the United States government, this project is in the public domain within the United States under the [National Institute of Standards and Technology License](https://www.nist.gov/open/license)).
 
 ### CC0 1.0 Universal Summary