From 28028fd3c816dba0f4914d21541295796aa7587b Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Thu, 4 Jul 2024 10:31:57 +0200
Subject: [PATCH 1/3] Search for per-rule playbooks

---
 lib/util/content.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/util/content.py b/lib/util/content.py
index 495a3eaf..ee7de3f9 100644
--- a/lib/util/content.py
+++ b/lib/util/content.py
@@ -47,7 +47,17 @@ def _find_playbooks(root):
         build_content(user_content)
         return user_content / 'build' / 'ansible'
     else:
-        return root / Path('/usr/share/scap-security-guide/ansible')
+        return root / Path('usr/share/scap-security-guide/ansible')
+
+
+def _find_per_rule_playbooks(root):
+    if user_content:
+        build_content(user_content)
+        return user_content / 'build' / f'rhel{rhel.major}' / 'playbooks' / 'all'
+    else:
+        return root / Path(
+            f'usr/share/scap-security-guide/ansible/rule_playbooks/rhel{rhel.major}/all'
+        )
 
 
 def get_playbook(profile, root='/'):
@@ -65,9 +75,12 @@ def get_playbook(profile, root='/'):
 
 
 def iter_playbooks(root='/'):
-    for file in _find_playbooks(root).rglob('*'):
+    for file in _find_playbooks(root).iterdir():
         if file.suffix == '.yml':
             yield file
+    per_rule_dir = _find_per_rule_playbooks(root)
+    if per_rule_dir.exists():
+        yield from per_rule_dir.iterdir()
 
 
 def get_kickstart(profile):

From 2800229649587caaeadee43fbf779436b11376f3 Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Thu, 4 Jul 2024 10:32:11 +0200
Subject: [PATCH 2/3] Build also per-rule playbooks

---
 lib/util/content.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/util/content.py b/lib/util/content.py
index ee7de3f9..9a22c9d3 100644
--- a/lib/util/content.py
+++ b/lib/util/content.py
@@ -111,7 +111,7 @@ def build_content(path):
     cmd = ['dnf', '-y', 'builddep', '--spec', 'scap-security-guide.spec']
     util.subprocess_run(cmd, check=True, cwd=path)
     # build content
-    cmd = ['./build_product', f'rhel{rhel.major}']
+    cmd = ['./build_product', '--playbook-per-rule', f'rhel{rhel.major}']
     util.subprocess_run(cmd, check=True, cwd=path)
 
 
@@ -152,6 +152,6 @@ def get_content(build=True):
                     raise FileNotFoundError(f"{extracted} not in extracted/patched SRPM")
                 # build content
                 if build:
-                    cmd = ['./build_product', f'rhel{rhel.major}']
+                    cmd = ['./build_product', '--playbook-per-rule', f'rhel{rhel.major}']
                     util.subprocess_run(cmd, check=True, cwd=extracted)
                 yield extracted

From 91a557e1e3230529ad6b1def1b37b1d5f0033f88 Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Thu, 4 Jul 2024 10:33:02 +0200
Subject: [PATCH 3/3] Run Ansible syntax check in gating ci

---
 plans/errata.fmf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plans/errata.fmf b/plans/errata.fmf
index efefcb23..0e81c592 100644
--- a/plans/errata.fmf
+++ b/plans/errata.fmf
@@ -9,6 +9,7 @@ discover:
       # just some basic smoke testing that should never fail
       - /scanning/oscap-eval
       - /static-checks
+      - /static-checks/ansible/syntax-check
     exclude:
       # often fails on temporary retrieval issues
       - /static-checks/html-links