From 0f8dd657fa07bc058388efbdaa6a7d68e62e9e1d Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 23 Feb 2023 19:44:26 +0100
Subject: [PATCH] Enable Fedora CI tests

Run end to end tests on Fedora CI

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 .fmf/version  |  1 +
 e2e_tests.fmf | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 .fmf/version
 create mode 100644 e2e_tests.fmf

diff --git a/.fmf/version b/.fmf/version
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/.fmf/version
@@ -0,0 +1 @@
+1
diff --git a/e2e_tests.fmf b/e2e_tests.fmf
new file mode 100644
index 0000000..6fcc300
--- /dev/null
+++ b/e2e_tests.fmf
@@ -0,0 +1,36 @@
+summary: run keylime e2e tests
+
+context:
+    # define context to filter out all test requiring TPM device
+    swtpm: yes
+    agent: rust
+
+prepare:
+  - how: shell
+    script:
+     - dnf config-manager --set-enabled updates-testing updates-testing-modular
+
+discover:
+    how: fmf
+    url: https://github.com/RedHat-SP-Security/keylime-tests
+    ref: "@.tmt/dynamic_ref.fmf"
+    test:
+     - /setup/configure_tpm_emulator
+     # change IMA policy to simple and run one attestation scenario
+     # this is to utilize also a different parser
+     - /setup/configure_kernel_ima_module/ima_policy_simple
+     - /setup/inject_SELinux_AVC_check
+     - /functional/basic-attestation-on-localhost
+     # now change IMA policy to signing and run all tests
+     - /setup/configure_kernel_ima_module/ima_policy_signing
+     - "/functional/.*"
+
+execute:
+    how: tmt
+
+adjust:
+    - when: distro == fedora-rawhide
+      environment:
+          AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
+      because: "On Rawhide we ignore SELinux AVCs not related to keylime"
+