fix(controls): fix package_control_validate to resolve inconsistencies in validate/evaluate
General MR
Summary
In response to an issue with Lula and disabling evaluation this MR focuses on re-introducing the workflow given new updates to Lula.
Lula validate and evaluate have been updated to resolve a bug previously seen with evaluate and an invalid oscal file. This is already available in the current CI image 2.19.3.
The new workflow no longer needs to check for an assessment before running evaluate as Lula will produce the assessment - prepending a result in accordance with the NIST assessment results model if the oscal-assessment-results.yaml file exists - otherwise creating the file.
The updates also include adding the modified or newly created oscal-assessment-results.yaml file as a job artifact available for download. Making the update of thresholds automatic.
Testing
Review the package validation pipeline pipelines for the updated package_control_validate execution.
Example of a non-existent assessment results execution: https://repo1.dso.mil/big-bang/pipeline-templates/package-validation/-/jobs/37115520
Example of an existing assessment results execution: https://repo1.dso.mil/big-bang/pipeline-templates/package-validation/-/jobs/37115527
Linked Issue
Upgrade Notices
No notice required - re-enabling intended workflows and optimizing.