1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
name: Gate Fedora
on:
merge_group:
branches: [ 'master' ]
push:
branches: ['*', '!stabilization*', '!stable*', 'master' ]
pull_request:
branches: [ 'master', 'stabilization*', 'oscal-update-*' ]
concurrency:
group: ${{ github.workflow }}-fedora-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
validate-fedora:
name: Build, Test on Fedora Latest (Container)
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel python3-setuptools gawk
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
- name: Install deps python
run: pip install pcre2==0.4.0 -r requirements.txt -r test-requirements.txt
- name: Build
run: |-
./build_product -j2 \
al2023 \
alinux2 \
alinux3 \
almalinux9 \
anolis23 \
anolis8 \
eks \
example \
fedora \
firefox \
ocp4 \
ol7 \
ol8 \
ol9 \
openembedded \
openeuler2203 \
rhcos4 \
rhel8 \
rhel9 \
rhel10 \
rhv4
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON -DSSG_SCAP_VALIDATION_ENABLED:BOOL=OFF -DENABLE_CHECK_RULE_REMOVAL:BOOL=ON -DOLD_RELEASE_DIR=/__w/content/content/old_release -DENABLE_PYTHON_COVERAGE:BOOL=ON"
- name: Get Latest Release
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const fs = require('fs');
const release = await github.rest.repos.getLatestRelease({owner: 'ComplianceAsCode', repo: 'content'})
const tag = release.data.tag_name;
const version = tag.substring(1)
const builtUrl = `https://github.com/ComplianceAsCode/content/releases/download/${tag}/scap-security-guide-${version}.zip`
const downloadedResponse = await fetch(builtUrl);
if (!downloadedResponse.ok) {
throw new Error(`Failed to download: ${downloadedResponse.statusText}`);
}
const buffer = await downloadedResponse.arrayBuffer();
const artifactName = "/__w/content/content/old_release.zip"
fs.writeFileSync(artifactName, Buffer.from(buffer));
- name: Extract old release
run: |-
unzip /__w/content/content/old_release.zip -d /__w/content/content/old_release
mv /__w/content/content/old_release/*/* /__w/content/content/old_release/
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
- name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760"
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Validate gitmailmap
run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin
|
