Update ol8 stig benchmark #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gate | |
| on: | |
| merge_group: | |
| branches: [ 'master' ] | |
| push: | |
| branches: ['*', '!stabilization*', '!stable*', 'master' ] | |
| pull_request: | |
| branches: [ 'master', 'stabilization*', 'oscal-update-*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-fedora-${{ github.event.number || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| validate-fedora: | |
| name: Build, Test on Fedora Latest (Container) | |
| runs-on: ubuntu-latest | |
| container: | |
| image: fedora:latest | |
| steps: | |
| - name: Install Deps | |
| run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel python3-setuptools | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Install deps python | |
| run: pip install pcre2==0.4.0 -r requirements.txt -r test-requirements.txt | |
| - name: Build | |
| run: |- | |
| ./build_product -j2 \ | |
| al2023 \ | |
| alinux2 \ | |
| alinux3 \ | |
| almalinux9 \ | |
| anolis23 \ | |
| anolis8 \ | |
| chromium \ | |
| eks \ | |
| example \ | |
| fedora \ | |
| firefox \ | |
| ocp4 \ | |
| ol7 \ | |
| ol8 \ | |
| ol9 \ | |
| openembedded \ | |
| openeuler2203 \ | |
| rhcos4 \ | |
| rhel8 \ | |
| rhel9 \ | |
| rhel10 \ | |
| rhv4 \ | |
| env: | |
| ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON -DSSG_SCAP_VALIDATION_ENABLED:BOOL=OFF -DENABLE_CHECK_RULE_REMOVAL:BOOL=ON -DOLD_RELEASE_DIR=/__w/content/content/old_release" | |
| - name: Get Latest Release | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const release = await github.rest.repos.getLatestRelease({owner: 'ComplianceAsCode', repo: 'content'}) | |
| const tag = release.data.tag_name; | |
| const version = tag.substring(1) | |
| const builtUrl = `https://github.com/ComplianceAsCode/content/releases/download/${tag}/scap-security-guide-${version}.zip` | |
| const downloadedResponse = await fetch(builtUrl); | |
| if (!downloadedResponse.ok) { | |
| throw new Error(`Failed to download: ${downloadedResponse.statusText}`); | |
| } | |
| const buffer = await downloadedResponse.arrayBuffer(); | |
| const artifactName = "/__w/content/content/old_release.zip" | |
| fs.writeFileSync(artifactName, Buffer.from(buffer)); | |
| - name: Extract old release | |
| run: |- | |
| unzip /__w/content/content/old_release.zip -d /__w/content/content/old_release | |
| mv /__w/content/content/old_release/*/* /__w/content/content/old_release/ | |
| - name: Test | |
| run: ctest -j2 --output-on-failure -E unique-stigids | |
| working-directory: ./build | |
| - name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760" | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Upload coverage to Code Climate # Requires: git package | |
| if: ${{ github.repository == 'ComplianceAsCode/content' }} | |
| uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0 | |
| env: | |
| CC_TEST_REPORTER_ID: e67e068471d32b63f8e9561dba8f6a3f84dcc76b05ebfd98e44ced1a91cff854 | |
| with: | |
| coverageLocations: build/tests/coverage.xml:coverage.py | |
| - name: Validate gitmailmap | |
| run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin |