Stabilize #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Stabilize | |
on: | |
push: | |
branches: [ 'stabilization*' ] | |
schedule: | |
# Run weekly at 05:00 on Sunday | |
- cron: "0 5 * * 0" | |
env: | |
SCAPVAL_JAR: scapval-1.3.5.jar | |
SCAPVAL_FILENAME: SCAP-Content-Validation-Tool-1.3.5 | |
SCAPVAL_URL: https://csrc.nist.gov/CSRC/media/Projects/Security-Content-Automation-Protocol/tools/scap/1.3/ | |
jobs: | |
stabilize-fedora: | |
name: Build and Stabilization Tests on Fedora Latest (Container) | |
runs-on: ubuntu-latest | |
container: | |
image: fedora:latest | |
steps: | |
- name: Install Deps | |
run: dnf install -y cmake ninja-build openscap-utils python3-pyyaml python3-jinja2 python3-pytest ansible libxslt python3-ansible-lint linkchecker java-1.8.0-openjdk unar wget python-unversioned-command git-core | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure | |
run: cmake -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF -DANSIBLE_CHECKS=ON -DENABLE_SCAPVAL13=ON -DSCAPVAL_PATH='/opt/scapval/SCAP-Content-Validation-Tool-1.3.5/scapval-1.3.5.jar' .. | |
working-directory: ./build | |
- name: Build All | |
run: make -j2 all | |
working-directory: ./build | |
- name: Get SCAPVAL | |
run: wget $SCAPVAL_URL/$SCAPVAL_FILENAME.zip | |
- name: Unpack SCAPVAL | |
run: mkdir -p /opt/scapval/ && unar $SCAPVAL_FILENAME.zip -o /opt/scapval/ | |
- name: Run SCAPVal | |
# Runs SCAPVal on all built datastream | |
run: ctest -j2 -R scapval --output-on-failure | |
- name: Lint Check | |
# Performs ansible-lint and yamllint checks on generated ansible playbooks | |
run: ctest -j2 -R ansible-playbook --output-on-failure | |
working-directory: ./build | |
- name: Link Check | |
# Performs linkcheck across all build tables and html guides to ensure there are no broken references. | |
run: ctest -j2 -R linkchecker --output-on-failure | |
working-directory: ./build |