add oscal CLI validation to the pipeline

.gitignore

@@ -4,3 +4,4 @@ generated/
 yq
 jq
 .DS_Store
+build/oscal-cli/

build/Makefile

@@ -17,7 +17,7 @@ all: artifacts checks ## Run all steps for content preparation
 artifacts: copy-readmes copy-xml-content resolve-xml-profiles convert-min-json-content reformat-json-content convert-yaml-content ## Generate all artifacts
 
 .PHONY: checks
-checks: validate-xml-content validate-json-content validate-yaml-content ## Check all content with schema and other validation methods
+checks: validate-xml-content validate-json-content validate-yaml-content validate-xml-by-cli ## Check all content with schema and other validation methods
 
 .PHONY: clean
 clean: clean-core-artifacts clean-readmes clean-json-content clean-xml-content clean-yaml-content ## Clean all generated content
@@ -26,6 +26,10 @@ clean: clean-core-artifacts clean-readmes clean-json-content clean-xml-content c
 # Dependencies
 #
 
+
+
+
+
 CURL_INSTALL_OPTS:=--silent --location
 
 # Used to automatically install certain executables
@@ -62,8 +66,25 @@ NPM_PKGS_DIR:=node_modules
 $(NPM_PKGS_DIR):
 	$(MAKE) -C $(OSCAL_CORE_DIR) dependencies
 
+OSCAL_CLI_VERSION=`curl -s https://api.github.com/repos/usnistgov/oscal-cli/releases/latest | jq -r '.name[1:]'`
+OSCAL_CLI_BIN:=oscal-cli
+OSCAL_CLI_INSTALL_URL:=https://repo1.maven.org/maven2/gov/nist/secauto/oscal/tools/oscal-cli/cli-core/$(OSCAL_CLI_VERSION)/cli-core-$(OSCAL_CLI_VERSION)-oscal-cli.zip
+OSCAL_CLI_INSTALL_PATH := $(shell which oscal-cli 2>/dev/null)
+ifeq ($(OSCAL_CLI_INSTALL_PATH),)
+OSCAL_CLI_INSTALL_PATH := ./oscal-cli/
+$(OSCAL_CLI_INSTALL_PATH):	
+	@echo "Downloading OSCAL CLI version $(OSCAL_CLI_VERSION)..."; \
+	mkdir -p $(OSCAL_CLI_INSTALL_PATH); \
+	curl $(CURL_INSTALL_OPTS) -o $(OSCAL_CLI_INSTALL_PATH)/oscal-cli.zip $(OSCAL_CLI_INSTALL_URL); \
+	unzip -o $(OSCAL_CLI_INSTALL_PATH)/oscal-cli.zip -d $(OSCAL_CLI_INSTALL_PATH); \
+	chmod +x $(OSCAL_CLI_INSTALL_PATH)/bin/$(OSCAL_CLI_BIN)
+else
+OSCAL_CLI_INSTALL_PATH := $(shell dirname $$(dirname $$(which oscal-cli)))
+endif
+
+
 .PHONY: dependencies
-dependencies: $(JQ_PATH) $(XMLLINT_PATH) $(YQ_PATH) $(NPM_PKGS_DIR) ## Install needed jq and yq binaries, and download needed downstream dependencies
+dependencies: $(JQ_PATH) $(XMLLINT_PATH) $(YQ_PATH) $(NPM_PKGS_DIR) $(OSCAL_CLI_INSTALL_PATH) ## Install needed jq and yq binaries, and download needed downstream dependencies
 
 # By default we install xmllint with operating system package manager, so
 # to be sensible, we will not uninstall or delete it even with the package
@@ -157,6 +178,25 @@ validate-xml-content: $(GEN_XML_FILES) ## Validate XML files
 	$(MAKE) -C $(OSCAL_CORE_DIR) $(subst $(OSCAL_CORE_DIR)/,,$(OSCAL_COMPLETE_XML_SCHEMA))
 	$(XMLLINT_PATH) --schema $(OSCAL_COMPLETE_XML_SCHEMA) --noout $(GEN_XML_FILES)
 
+
+#
+# Validate XML with oscal-cli
+#
+.PHONY: validate-xml-by-cli
+validate-xml-by-cli: $(OSCAL_CLI_INSTALL_PATH) ## Validate XML files by directory using OSCAL CLI Tool
+	@echo "Validating XML files by directory using OSCAL CLI Tool"
+	@$(OSCAL_CLI_INSTALL_PATH)/bin/$(OSCAL_CLI_BIN) --version
+	@echo "latest oscal-cli version is $(OSCAL_CLI_VERSION)"
+	@echo "Validating OSCAL content with $(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli version $(OSCAL_CLI_VERSION)"
+	@find $(SRC_DIR)/examples -mindepth 1 -maxdepth 1 -type d | while read example_dir; do \
+		example_type=$$(basename "$$example_dir"); \
+		echo "Processing example type: $$example_type"; \
+		find "$$example_dir" -name '*.xml' | while read xml_file; do \
+			echo "Validating $$xml_file with OSCAL CLI as $$example_type"; \
+			$(OSCAL_CLI_INSTALL_PATH)/bin/oscal-cli "$$example_type" validate "$$xml_file"; \
+		done \
+	done
+
 .PHONY: clean-xml-content
 clean-xml-content: ## Clean generated XML content
 	@echo Cleaning XML content