forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 1
184 lines (178 loc) · 7.58 KB
/
gate.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Gate
on:
merge_group:
branches: [ 'master' ]
push:
branches: ['*', '!stabilization*', '!stable*', '!master' ]
pull_request:
branches: [ 'master', 'stabilization*', 'oscal-update-*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
validate-sle:
name: Build, Test on SLE 15 (Container)
runs-on: ubuntu-latest
container:
image: registry.suse.com/bci/bci-base:latest
steps:
- name: Update CA certificates
run: update-ca-certificates
- name: Zypper add factory repo - to install bats and ShellCheck
run: zypper --non-interactive ar https://download.opensuse.org/repositories/openSUSE:/Backports:/SLE-15-SP5/standard/openSUSE:Backports:SLE-15-SP5.repo
- name: Zypper auto import keys
run: zypper --gpg-auto-import-keys --non-interactive ref
- name: Zypper refs
run: zypper refs
- name: Zypper refresh
run: zypper refresh
- name: Install Deps
run: zypper install -y git cmake make bats openscap-utils python3 python3-rpm python3-pip python3-devel python3-PyYAML python3-Jinja2 python3-setuptools libxslt-tools libxml2-tools ShellCheck
- name: Upgrade pip python
run: pip install pip --upgrade
- name: Install deps python
run: pip install pytest pytest-cov
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Build
run: ./build_product sle12 sle15
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-suse:
name: Build, Test on OpenSUSE Leap 15 (Container)
runs-on: ubuntu-latest
container:
image: opensuse/leap:15
steps:
- name: Install Deps
run: zypper install -y git cmake make openscap-utils python3-PyYAML bats python3-pytest python3-pytest-cov python3-Jinja2 python3-setuptools libxslt-tools libxml2-tools ShellCheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Build
run: ./build_product opensuse
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-debian:
name: Build, Test on Debian 12 (Container)
runs-on: ubuntu-latest
container:
image: debian:bookworm
steps:
- name: Update the package repository
run: apt-get update
- name: Install Deps
run: apt-get install -y ansible-lint bats check cmake openscap-scanner openscap-utils libxml2-utils ninja-build python3-pip xsltproc libxslt1-dev libxml2-dev zlib1g-dev python3.11-venv
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Upgrade pip python
run: pip install --upgrade pip --break-system-packages
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt --ignore-installed PyYAML PyGithub --break-system-packages
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product debian11 debian12
- name: Test
working-directory: ./build
run: ctest -j2 --output-on-failure -E unique-stigids
validate-ubuntu:
name: Build, Test on Ubuntu 20.04
runs-on: ubuntu-20.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc ansible-lint bats python3-github python3-jinja2 python3-pip python3-pytest python3-pytest-cov python3-setuptools python3-yaml shellcheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product ubuntu1604 ubuntu1804 ubuntu2004
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-ubuntu-22-04:
name: Build, Test on Ubuntu 22.04
runs-on: ubuntu-22.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc ansible-lint bats python3-github python3-jinja2 python3-pip python3-pytest python3-pytest-cov python3-setuptools python3-yaml shellcheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product ubuntu2204
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-fedora-rawhide:
name: Build, Test on Fedora Rawhide (Container)
runs-on: ubuntu-latest
container:
image: registry.fedoraproject.org/fedora:rawhide
steps:
- name: Run Updates
run: dnf update -y
- name: Install Deps
run: dnf install -y cmake make openscap-utils bats ansible python3-pip ShellCheck git python3-devel gcc-c++ libxml2-devel libxslt-devel python3-setuptools
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip install -r requirements-base.txt -r test-requirements.txt
- name: Build
run: |-
./build_product \
al2023 \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
ocp4 \
rhcos4 \
rhel8 \
rhel9 \
rhel10 \
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-windows:
name: Build on Windows
runs-on: windows-latest
env:
OPENSCAP_VERSION: "1.4.1"
OPENSCAP_ROOT_DIR: "C:\\Program Files\\OpenSCAP 1.4.1"
steps:
- name: Install Deps
run: choco install xsltproc
- name: Get Latest OpenSCAP
shell: powershell
run: "Invoke-WebRequest -Uri https://nightly.link/OpenSCAP/openscap/workflows/build/main/openscap-win64.zip -OutFile ${{ github.workspace }}\\openscap-win.zip"
- name: Extract Latest OpenSCAP
shell: powershell
run: "Expand-Archive -LiteralPath ${{ github.workspace }}\\openscap-win.zip -DestinationPath ${{ github.workspace }}\\openscap-win -Verbose:$true"
- name: Install OpenSCAP
shell: powershell
run: "msiexec.exe /norestart /q /i ${{ github.workspace }}\\openscap-win\\OpenSCAP-${env:OPENSCAP_VERSION}-win64.msi"
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install Python Deps
run: pip install -r requirements.txt -r test-requirements.txt
- name: Build
shell: bash
run: ./build_product -j2 fedora