Add gating.yaml
Resolves: RHEL-31755
This commit is contained in:
parent
42aa52a88f
commit
520d7f9602
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-*
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/integration.functional}
|
111
generate_arf.sh
Executable file
111
generate_arf.sh
Executable file
@ -0,0 +1,111 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# This script generates ARF results.
|
||||||
|
# Supported OS:
|
||||||
|
# - Fedora
|
||||||
|
# - RHEL8/9
|
||||||
|
# - Centos8/9
|
||||||
|
# Requirements:
|
||||||
|
# - cmake
|
||||||
|
# - make
|
||||||
|
# - openscap-utils
|
||||||
|
# - openscap-scanner
|
||||||
|
# - python3-pyyaml
|
||||||
|
# - python3-jinja2
|
||||||
|
# - python3-setuptools
|
||||||
|
# - git
|
||||||
|
# - scap-security-guide
|
||||||
|
# Usage: ./generate_arf MODE FETCH PRODUCT ARF_FILE SKIP_BUILD
|
||||||
|
# MODE [latest, ssg] use scap-security-guide or latest content from github
|
||||||
|
# FETCH [yes, no] scanner fetch remote resources
|
||||||
|
# ARF_FILE Writes results to a given ARF_FILE.
|
||||||
|
# SKIP_BUILD [yes] Skip build of latest content(Have affect with mode latest).
|
||||||
|
|
||||||
|
|
||||||
|
set -e -o pipefail
|
||||||
|
|
||||||
|
|
||||||
|
build_content() {
|
||||||
|
product=$1
|
||||||
|
|
||||||
|
echo "Build - Start"
|
||||||
|
|
||||||
|
git clone https://github.com/ComplianceAsCode/content.git
|
||||||
|
cd content/
|
||||||
|
git checkout master
|
||||||
|
|
||||||
|
cd build/
|
||||||
|
cmake ../
|
||||||
|
make -j4 "${product}"
|
||||||
|
|
||||||
|
cd ../../
|
||||||
|
echo "Build - Done"
|
||||||
|
}
|
||||||
|
|
||||||
|
run_oscap_scan() {
|
||||||
|
ds=$1
|
||||||
|
fetch=$2
|
||||||
|
file=$3
|
||||||
|
echo "Scans - Start"
|
||||||
|
oscap xccdf eval ${fetch} --profile "(all)" --results-arf ${file} ${ds} || EXIT_CODE=$?
|
||||||
|
echo $EXIT_CODE
|
||||||
|
if [ ! -f "$file" ]; then
|
||||||
|
echo "$file does not exist."
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_product() {
|
||||||
|
cpe_name=$(grep "CPE_NAME=" < /etc/os-release | sed 's/CPE_NAME=//g' | sed 's/["]//g')
|
||||||
|
if [[ "${cpe_name}" =~ fedora ]]; then
|
||||||
|
echo "fedora"
|
||||||
|
elif [[ "${cpe_name}" =~ redhat.*8 ]]; then
|
||||||
|
echo "rhel8"
|
||||||
|
elif [[ "${cpe_name}" =~ redhat.*9 ]]; then
|
||||||
|
echo "rhel9"
|
||||||
|
elif [[ "${cpe_name}" =~ centos.*8 ]]; then
|
||||||
|
echo "centos8"
|
||||||
|
elif [[ "${cpe_name}" =~ centos.*9 ]]; then
|
||||||
|
echo "cs9"
|
||||||
|
else
|
||||||
|
echo $cpe_name
|
||||||
|
echo "ERROR: Not supported OS!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$1" = "" ]; then
|
||||||
|
echo "ERROR: Missing MODE parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$2" = "" ]; then
|
||||||
|
echo "ERROR: Missing FETCH parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$3" = "" ]; then
|
||||||
|
echo "ERROR: Missing ARF_FILE parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
file=$3
|
||||||
|
|
||||||
|
product=$(get_product)
|
||||||
|
|
||||||
|
fetch="--fetch-remote-resources"
|
||||||
|
if [ "$2" = "no" ]; then
|
||||||
|
fetch=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$1" = "latest" ]; then
|
||||||
|
if [ "$4" != "yes" ]; then
|
||||||
|
build_content "${product}"
|
||||||
|
fi
|
||||||
|
run_oscap_scan "./content/build/ssg-${product}-ds.xml" "${fetch}" "${file}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "ssg" ]; then
|
||||||
|
run_oscap_scan "/usr/share/xml/scap/ssg/content/ssg-${product}-ds.xml" "${fetch}" "${file}"
|
||||||
|
fi
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: openscap-report
|
Name: openscap-report
|
||||||
Version: 0.2.9
|
Version: 0.2.9
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: A tool for generating human-readable reports from (SCAP) XCCDF and ARF results
|
Summary: A tool for generating human-readable reports from (SCAP) XCCDF and ARF results
|
||||||
|
|
||||||
# The entire source code is LGPL-2.1+ and GPL-2.0+ and MIT except schemas/ and assets/, which are Public Domain
|
# The entire source code is LGPL-2.1+ and GPL-2.0+ and MIT except schemas/ and assets/, which are Public Domain
|
||||||
@ -64,6 +64,9 @@ install -m 0644 -Dt %{buildroot}%{_mandir}/man1 _build_docs/oscap-report.1
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 16 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-2
|
||||||
|
- Add gating.yaml
|
||||||
|
|
||||||
* Thu Apr 25 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-1
|
* Thu Apr 25 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-1
|
||||||
- Initial build for RHEL 9
|
- Initial build for RHEL 9
|
||||||
|
|
||||||
|
31
plans/integration.fmf
Normal file
31
plans/integration.fmf
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
summary: Test integration with latest versions of content
|
||||||
|
discover:
|
||||||
|
how: fmf
|
||||||
|
url: https://github.com/OpenSCAP/openscap-report.git
|
||||||
|
filter: tag:integration
|
||||||
|
provision:
|
||||||
|
memory: 4096
|
||||||
|
prepare:
|
||||||
|
- name: Install packages require for generation ARF files
|
||||||
|
how: install
|
||||||
|
package:
|
||||||
|
- cmake
|
||||||
|
- make
|
||||||
|
- openscap-utils
|
||||||
|
- openscap-scanner
|
||||||
|
- python3
|
||||||
|
- python3-pyyaml
|
||||||
|
- python3-jinja2
|
||||||
|
- python3-setuptools
|
||||||
|
- git
|
||||||
|
- scap-security-guide
|
||||||
|
- name: Generate ARF files
|
||||||
|
how: shell
|
||||||
|
script:
|
||||||
|
- ./generate_arf.sh ssg no ${TMT_PLAN_DATA}/arf.xml
|
||||||
|
- ./generate_arf.sh ssg yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources.xml
|
||||||
|
- ./generate_arf.sh latest no ${TMT_PLAN_DATA}/arf-latest.xml
|
||||||
|
- ./generate_arf.sh latest yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources-latest.xml yes
|
||||||
|
|
||||||
|
execute:
|
||||||
|
how: tmt
|
Loading…
Reference in New Issue
Block a user