Add gating.yaml

Resolves: RHEL-32208
2024-05-16 17:59:50 +02:00 · 2024-05-16 17:59:50 +02:00 · 443c017183
commit 443c017183
parent 47f9fa4e66
5 changed files with 153 additions and 1 deletions
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1 @@
+resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/integration.functional}
--- a/generate_arf.sh
+++ b/generate_arf.sh
@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+# This script generates ARF results.
+# Supported OS:
+#  - Fedora
+#  - RHEL8/9
+#  - Centos8/9
+# Requirements:
+#  - cmake
+#  - make
+#  - openscap-utils
+#  - openscap-scanner
+#  - python3-pyyaml
+#  - python3-jinja2
+#  - python3-setuptools
+#  - git
+#  - scap-security-guide
+# Usage: ./generate_arf MODE FETCH PRODUCT ARF_FILE SKIP_BUILD
+#   MODE        [latest, ssg] use scap-security-guide or latest content from github
+#   FETCH       [yes, no] scanner fetch remote resources
+#   ARF_FILE    Writes results to a given ARF_FILE.
+#   SKIP_BUILD  [yes] Skip build of latest content(Have affect with mode latest).
+
+
+set -e -o pipefail
+
+
+build_content() {
+    product=$1
+
+    echo "Build - Start"
+
+    git clone https://github.com/ComplianceAsCode/content.git
+    cd content/
+    git checkout master
+
+    cd build/
+    cmake ../
+    make -j4 "${product}"
+
+    cd ../../
+    echo "Build - Done"
+}
+
+run_oscap_scan() {
+    ds=$1
+    fetch=$2
+    file=$3
+    echo "Scans - Start"
+    oscap xccdf eval ${fetch} --profile "(all)" --results-arf ${file} ${ds} || EXIT_CODE=$?
+    echo $EXIT_CODE
+    if [ ! -f "$file" ]; then
+        echo "$file does not exist."
+        exit 2
+    fi
+}
+
+get_product() {
+    cpe_name=$(grep "CPE_NAME=" < /etc/os-release | sed 's/CPE_NAME=//g' | sed 's/["]//g')
+    if [[ "${cpe_name}" =~ fedora ]]; then
+        echo "fedora"
+    elif [[ "${cpe_name}" =~ redhat.*8 ]]; then
+        echo "rhel8"
+    elif [[ "${cpe_name}" =~ redhat.*9 ]]; then
+        echo "rhel9"
+    elif [[ "${cpe_name}" =~ centos.*8 ]]; then
+        echo "centos8"
+    elif [[ "${cpe_name}" =~ centos.*9 ]]; then
+        echo "cs9"
+    else
+        echo $cpe_name
+        echo "ERROR: Not supported OS!"
+        exit 1
+    fi
+}
+
+if [ "$1" = "" ]; then
+    echo "ERROR: Missing MODE parameter!"
+    exit 1
+fi
+
+
+if [ "$2" = "" ]; then
+    echo "ERROR: Missing FETCH parameter!"
+    exit 1
+fi
+
+
+if [ "$3" = "" ]; then
+    echo "ERROR: Missing ARF_FILE parameter!"
+    exit 1
+fi
+file=$3
+
+product=$(get_product)
+
+fetch="--fetch-remote-resources"
+if [ "$2" = "no" ]; then
+    fetch=""
+fi
+
+
+if [ "$1" = "latest" ]; then
+    if [ "$4" != "yes" ]; then
+        build_content "${product}"
+    fi
+    run_oscap_scan "./content/build/ssg-${product}-ds.xml" "${fetch}" "${file}"
+fi
+
+if [ "$1" = "ssg" ]; then
+    run_oscap_scan "/usr/share/xml/scap/ssg/content/ssg-${product}-ds.xml" "${fetch}" "${file}"
+fi
--- a/openscap-report.spec
+++ b/openscap-report.spec
@ -2,7 +2,7 @@

 Name:           openscap-report
 Version:        0.2.9
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A tool for generating human-readable reports from (SCAP) XCCDF and ARF results

 # The entire source code is LGPL-2.1+ and GPL-2.0+ and MIT except schemas/ and assets/, which are Public Domain
@ -57,5 +57,8 @@ install -m 0644 -Dt %{buildroot}%{_mandir}/man1 _build_docs/oscap-report.1


 %changelog
+* Thu May 16 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-2
+- Add gating.yaml
+
 * Tue Apr 23 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-1
 - Initial build for RHEL 8
--- a/plans/integration.fmf
+++ b/plans/integration.fmf
@ -0,0 +1,31 @@
+summary: Test integration with latest versions of content
+discover:
+    how: fmf
+    url: https://github.com/OpenSCAP/openscap-report.git
+    filter: tag:integration
+provision:
+  memory: 4096
+prepare:
+  - name: Install packages require for generation ARF files
+    how: install
+    package:
+      - cmake
+      - make
+      - openscap-utils
+      - openscap-scanner
+      - python3
+      - python3-pyyaml
+      - python3-jinja2
+      - python3-setuptools
+      - git
+      - scap-security-guide
+  - name: Generate ARF files
+    how: shell
+    script:
+      - ./generate_arf.sh ssg no ${TMT_PLAN_DATA}/arf.xml
+      - ./generate_arf.sh ssg yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources.xml
+      - ./generate_arf.sh latest no  ${TMT_PLAN_DATA}/arf-latest.xml
+      - ./generate_arf.sh latest yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources-latest.xml yes
+
+execute:
+    how: tmt