Merge pull request #13987 from rhmdnd/CMP-3540-remove-sdn-assertions-… #7391
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gate Fedora | |
| on: | |
| merge_group: | |
| branches: [ 'master' ] | |
| push: | |
| branches: ['*', '!stabilization*', '!stable*', 'master' ] | |
| pull_request: | |
| branches: [ 'master', 'stabilization*', 'oscal-update-*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-fedora-${{ github.event.number || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| validate-fedora: | |
| name: Build, Test on Fedora Latest (Container) | |
| runs-on: ubuntu-latest | |
| container: | |
| image: fedora:latest | |
| steps: | |
| - name: Install Deps | |
| run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel python3-setuptools gawk | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 | |
| - name: Install deps python | |
| run: pip install pcre2==0.4.0 -r requirements.txt -r test-requirements.txt | |
| - name: Build | |
| run: |- | |
| ./build_product -j2 \ | |
| al2023 \ | |
| alinux2 \ | |
| alinux3 \ | |
| almalinux9 \ | |
| anolis23 \ | |
| anolis8 \ | |
| chromium \ | |
| eks \ | |
| example \ | |
| fedora \ | |
| firefox \ | |
| ocp4 \ | |
| ol7 \ | |
| ol8 \ | |
| ol9 \ | |
| openembedded \ | |
| openeuler2203 \ | |
| rhcos4 \ | |
| rhel8 \ | |
| rhel9 \ | |
| rhel10 \ | |
| rhv4 \ | |
| env: | |
| ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON -DSSG_SCAP_VALIDATION_ENABLED:BOOL=OFF -DENABLE_CHECK_RULE_REMOVAL:BOOL=ON -DOLD_RELEASE_DIR=/__w/content/content/old_release -DENABLE_PYTHON_COVERAGE:BOOL=ON" | |
| - name: Get Latest Release | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const release = await github.rest.repos.getLatestRelease({owner: 'ComplianceAsCode', repo: 'content'}) | |
| const tag = release.data.tag_name; | |
| const version = tag.substring(1) | |
| const builtUrl = `https://github.com/ComplianceAsCode/content/releases/download/${tag}/scap-security-guide-${version}.zip` | |
| const downloadedResponse = await fetch(builtUrl); | |
| if (!downloadedResponse.ok) { | |
| throw new Error(`Failed to download: ${downloadedResponse.statusText}`); | |
| } | |
| const buffer = await downloadedResponse.arrayBuffer(); | |
| const artifactName = "/__w/content/content/old_release.zip" | |
| fs.writeFileSync(artifactName, Buffer.from(buffer)); | |
| - name: Extract old release | |
| run: |- | |
| unzip /__w/content/content/old_release.zip -d /__w/content/content/old_release | |
| mv /__w/content/content/old_release/*/* /__w/content/content/old_release/ | |
| - name: Test | |
| run: ctest -j2 --output-on-failure -E unique-stigids | |
| working-directory: ./build | |
| - name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760" | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Upload coverage to Qlty # Requires: git package | |
| if: ${{ github.repository == 'ComplianceAsCode/content' }} | |
| uses: qltysh/qlty-action/coverage@a19242102d17e497f437d7466aa01b528537e899 # v2.2.0 | |
| with: | |
| token: qltcp_kdIPsqNZzW5rYoxq | |
| files: build/tests/coverage.xml | |
| strip-prefix: /__w/content/content | |
| - name: Validate gitmailmap | |
| run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin |