Add gating.yaml

Resolves: RHEL-31755
This commit is contained in:
Jan Černý 2024-05-16 17:59:50 +02:00
parent 42aa52a88f
commit 520d7f9602
6 changed files with 154 additions and 1 deletions

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/integration.functional}

111
generate_arf.sh Executable file
View File

@ -0,0 +1,111 @@
#!/usr/bin/env bash
# This script generates ARF results.
# Supported OS:
# - Fedora
# - RHEL8/9
# - Centos8/9
# Requirements:
# - cmake
# - make
# - openscap-utils
# - openscap-scanner
# - python3-pyyaml
# - python3-jinja2
# - python3-setuptools
# - git
# - scap-security-guide
# Usage: ./generate_arf MODE FETCH PRODUCT ARF_FILE SKIP_BUILD
# MODE [latest, ssg] use scap-security-guide or latest content from github
# FETCH [yes, no] scanner fetch remote resources
# ARF_FILE Writes results to a given ARF_FILE.
# SKIP_BUILD [yes] Skip build of latest content(Have affect with mode latest).
set -e -o pipefail
build_content() {
product=$1
echo "Build - Start"
git clone https://github.com/ComplianceAsCode/content.git
cd content/
git checkout master
cd build/
cmake ../
make -j4 "${product}"
cd ../../
echo "Build - Done"
}
run_oscap_scan() {
ds=$1
fetch=$2
file=$3
echo "Scans - Start"
oscap xccdf eval ${fetch} --profile "(all)" --results-arf ${file} ${ds} || EXIT_CODE=$?
echo $EXIT_CODE
if [ ! -f "$file" ]; then
echo "$file does not exist."
exit 2
fi
}
get_product() {
cpe_name=$(grep "CPE_NAME=" < /etc/os-release | sed 's/CPE_NAME=//g' | sed 's/["]//g')
if [[ "${cpe_name}" =~ fedora ]]; then
echo "fedora"
elif [[ "${cpe_name}" =~ redhat.*8 ]]; then
echo "rhel8"
elif [[ "${cpe_name}" =~ redhat.*9 ]]; then
echo "rhel9"
elif [[ "${cpe_name}" =~ centos.*8 ]]; then
echo "centos8"
elif [[ "${cpe_name}" =~ centos.*9 ]]; then
echo "cs9"
else
echo $cpe_name
echo "ERROR: Not supported OS!"
exit 1
fi
}
if [ "$1" = "" ]; then
echo "ERROR: Missing MODE parameter!"
exit 1
fi
if [ "$2" = "" ]; then
echo "ERROR: Missing FETCH parameter!"
exit 1
fi
if [ "$3" = "" ]; then
echo "ERROR: Missing ARF_FILE parameter!"
exit 1
fi
file=$3
product=$(get_product)
fetch="--fetch-remote-resources"
if [ "$2" = "no" ]; then
fetch=""
fi
if [ "$1" = "latest" ]; then
if [ "$4" != "yes" ]; then
build_content "${product}"
fi
run_oscap_scan "./content/build/ssg-${product}-ds.xml" "${fetch}" "${file}"
fi
if [ "$1" = "ssg" ]; then
run_oscap_scan "/usr/share/xml/scap/ssg/content/ssg-${product}-ds.xml" "${fetch}" "${file}"
fi

View File

@ -2,7 +2,7 @@
Name: openscap-report Name: openscap-report
Version: 0.2.9 Version: 0.2.9
Release: 1%{?dist} Release: 2%{?dist}
Summary: A tool for generating human-readable reports from (SCAP) XCCDF and ARF results Summary: A tool for generating human-readable reports from (SCAP) XCCDF and ARF results
# The entire source code is LGPL-2.1+ and GPL-2.0+ and MIT except schemas/ and assets/, which are Public Domain # The entire source code is LGPL-2.1+ and GPL-2.0+ and MIT except schemas/ and assets/, which are Public Domain
@ -64,6 +64,9 @@ install -m 0644 -Dt %{buildroot}%{_mandir}/man1 _build_docs/oscap-report.1
%changelog %changelog
* Thu May 16 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-2
- Add gating.yaml
* Thu Apr 25 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-1 * Thu Apr 25 2024 Jan Černý <jcerny@redhat.com> - 0.2.9-1
- Initial build for RHEL 9 - Initial build for RHEL 9

31
plans/integration.fmf Normal file
View File

@ -0,0 +1,31 @@
summary: Test integration with latest versions of content
discover:
how: fmf
url: https://github.com/OpenSCAP/openscap-report.git
filter: tag:integration
provision:
memory: 4096
prepare:
- name: Install packages require for generation ARF files
how: install
package:
- cmake
- make
- openscap-utils
- openscap-scanner
- python3
- python3-pyyaml
- python3-jinja2
- python3-setuptools
- git
- scap-security-guide
- name: Generate ARF files
how: shell
script:
- ./generate_arf.sh ssg no ${TMT_PLAN_DATA}/arf.xml
- ./generate_arf.sh ssg yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources.xml
- ./generate_arf.sh latest no ${TMT_PLAN_DATA}/arf-latest.xml
- ./generate_arf.sh latest yes ${TMT_PLAN_DATA}/arf_fetch-remote-resources-latest.xml yes
execute:
how: tmt