Skip to content

Stabilize

Stabilize #17

Workflow file for this run

name: Stabilize
on:
push:
branches: [ 'stabilization*' ]
schedule:
# Run weekly at 05:00 on Sunday
- cron: "0 5 * * 0"
env:
SCAPVAL_JAR: scapval-1.3.5.jar
SCAPVAL_FILENAME: SCAP-Content-Validation-Tool-1.3.5
SCAPVAL_URL: https://csrc.nist.gov/CSRC/media/Projects/Security-Content-Automation-Protocol/tools/scap/1.3/
jobs:
stabilize-fedora:
name: Build and Stabilization Tests on Fedora Latest (Container)
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- name: Install Deps
run: dnf install -y cmake ninja-build openscap-utils python3-pyyaml python3-jinja2 python3-pytest ansible libxslt python3-ansible-lint linkchecker java-1.8.0-openjdk unar wget python-unversioned-command git-core
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Configure
run: cmake -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF -DANSIBLE_CHECKS=ON -DENABLE_SCAPVAL13=ON -DSCAPVAL_PATH='/opt/scapval/SCAP-Content-Validation-Tool-1.3.5/scapval-1.3.5.jar' ..
working-directory: ./build
- name: Build All
run: make -j2 all
working-directory: ./build
- name: Get SCAPVAL
run: wget $SCAPVAL_URL/$SCAPVAL_FILENAME.zip
- name: Unpack SCAPVAL
run: mkdir -p /opt/scapval/ && unar $SCAPVAL_FILENAME.zip -o /opt/scapval/
- name: Run SCAPVal
# Runs SCAPVal on all built datastream
run: ctest -j2 -R scapval --output-on-failure
- name: Lint Check
# Performs ansible-lint and yamllint checks on generated ansible playbooks
run: ctest -j2 -R ansible-playbook --output-on-failure
working-directory: ./build
- name: Link Check
# Performs linkcheck across all build tables and html guides to ensure there are no broken references.
run: ctest -j2 -R linkchecker --output-on-failure
working-directory: ./build