Add ansible remediation #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Gate | |
on: | |
merge_group: | |
branches: [ 'master' ] | |
push: | |
branches: ['*', '!stabilization*', '!stable*', 'master' ] | |
pull_request: | |
branches: [ 'master', 'stabilization*' ] | |
concurrency: | |
group: ${{ github.workflow }}-fedora-${{ github.event.number || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
validate-fedora: | |
name: Build, Test on Fedora Latest (Container) | |
runs-on: ubuntu-latest | |
container: | |
image: fedora:latest | |
steps: | |
- name: Install Deps | |
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- name: Install deps python | |
run: pip install pcre2 -r requirements.txt -r test-requirements.txt | |
- name: Build | |
run: |- | |
./build_product -j2 \ | |
al2023 \ | |
alinux2 \ | |
alinux3 \ | |
anolis23 \ | |
anolis8 \ | |
chromium \ | |
eks \ | |
example \ | |
fedora \ | |
firefox \ | |
macos1015 \ | |
ocp4 \ | |
ol7 \ | |
ol8 \ | |
ol9 \ | |
openembedded \ | |
openeuler2203 \ | |
rhcos4 \ | |
rhel8 \ | |
rhel9 \ | |
rhel10 \ | |
rhv4 \ | |
env: | |
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF" | |
- name: Test | |
run: ctest -j2 --output-on-failure -E unique-stigids | |
working-directory: ./build | |
- name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760" | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Upload coverage to Code Climate # Requires: git package | |
if: ${{ github.repository == 'ComplianceAsCode/content' }} | |
uses: paambaati/codeclimate-action@7c100bd1ed15de0bdee476b38ca759d8c94207b5 # v8.0.0 | |
env: | |
CC_TEST_REPORTER_ID: e67e068471d32b63f8e9561dba8f6a3f84dcc76b05ebfd98e44ced1a91cff854 | |
with: | |
coverageLocations: build/tests/coverage.xml:coverage.py | |
- name: Validate gitmailmap | |
run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin |