Skip to content

STIG Fixes for RHEL 7/8 #10132

STIG Fixes for RHEL 7/8

STIG Fixes for RHEL 7/8 #10132

Workflow file for this run

name: Gate
on:
push:
branches: [ 'master', '*', '!stabilization*', '!stable*' ]
pull_request:
branches: [ 'master', 'stabilization*' ]
jobs:
validate-centos7:
name: Build, Test on CentOS 7 (Container)
runs-on: ubuntu-latest
container:
image: centos:7
steps:
- name: Install Deps
run: yum install -y cmake make openscap-utils PyYAML libxslt xml-common python-jinja2 python-setuptools
- name: Checkout
uses: actions/checkout@v3
- name: Build
run: |-
./build_product \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
rhcos4 \
rhel7 \
rhel8 \
rhel9 \
uos20 \
--derivatives
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-suse:
name: Build, Test on OpenSUSE Leap 15 (Container)
runs-on: ubuntu-latest
container:
image: opensuse/leap:15
steps:
- name: Install Deps
run: zypper install -y git cmake make openscap-utils python3-PyYAML bats python3-pytest python3-pytest-cov python3-Jinja2 python3-setuptools libxslt-tools libxml2-tools ShellCheck
- name: Checkout
uses: actions/checkout@v3
- name: Build
run: ./build_product alinux2 alinux3 anolis23 anolis8 chromium fedora firefox rhcos4 rhel7 rhel8 rhel9 sle12 sle15 ubuntu2004 ubuntu2204 uos20
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-debian:
name: Build, Test on Debian 10 (Container)
runs-on: ubuntu-latest
container:
image: debian:buster
steps:
- name: Update the package repository
run: apt-get update
- name: Install Deps
run: apt-get install -y ansible-lint bats check cmake libopenscap8 libxml2-utils ninja-build python3-github python3-pip xsltproc
- name: Checkout
uses: actions/checkout@v3
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON"
run: |-
./build_product debian10 debian11
- name: Test
working-directory: ./build
run: ctest -j2 --output-on-failure -E unique-stigids
validate-ubuntu:
name: Build, Test on Ubuntu 20.04
runs-on: ubuntu-20.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml python3-setuptools ansible-lint python3-github bats python3-pytest python3-pytest-cov shellcheck
- name: Checkout
uses: actions/checkout@v3
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_SCE_ENABLED:BOOL=ON"
run: |-
./build_product \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
rhcos4 \
rhel7 \
rhel8 \
rhel9 \
sle12 \
sle15 \
ubuntu2004 \
ubuntu2204 \
uos20
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-ubuntu-22-04:
name: Build, Test on Ubuntu 22.04
runs-on: ubuntu-22.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install cmake ninja-build libopenscap8 libxml2-utils xsltproc python3-jinja2 python3-yaml python3-setuptools ansible-lint python3-github bats python3-pytest python3-pytest-cov shellcheck
- name: Checkout
uses: actions/checkout@v3
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_SCE_ENABLED:BOOL=ON"
run: |-
./build_product \
ubuntu2004 \
ubuntu2204
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-fedora:
name: Build, Test on Fedora Latest (Container)
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git
- name: Checkout
uses: actions/checkout@v3
- name: Install deps python
run: pip install -r requirements.txt -r test-requirements.txt
- name: Build
run: |-
./build_product \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
rhcos4 \
rhel7 \
rhel8 \
rhel9 \
sle12 \
sle15 \
ubuntu2004 \
ubuntu2204 \
uos20 \
ocp4 \
eks
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
- name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760"
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Upload coverage to Code Climate # Requires: git package
if: ${{ github.repository == 'ComplianceAsCode/content' }}
uses: paambaati/codeclimate-action@v4.0.0
env:
CC_TEST_REPORTER_ID: e67e068471d32b63f8e9561dba8f6a3f84dcc76b05ebfd98e44ced1a91cff854
with:
coverageLocations: build/tests/coverage.xml:coverage.py
- name: Validate gitmailmap
run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin
validate-fedora-rawhide:
name: Build, Test on Fedora Rawhide (Container)
runs-on: ubuntu-latest
container:
image: fedora:rawhide
steps:
- name: Run Updates
run: dnf update -y
- name: Install Deps
run: dnf install -y cmake make openscap-utils bats ansible python3-pip ShellCheck git
- name: Checkout
uses: actions/checkout@v3
- name: Install deps python
run: pip install -r requirements.txt -r test-requirements.txt
- name: Build
run: |-
./build_product \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
rhcos4 \
rhel7 \
rhel8 \
rhel9 \
sle12 \
sle15 \
ubuntu2004 \
ubuntu2204 \
uos20 \
ocp4
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build