Skip to content

Firewall technology related rules per service and package change logic according to interactive profile variable #14377

Firewall technology related rules per service and package change logic according to interactive profile variable

Firewall technology related rules per service and package change logic according to interactive profile variable #14377

Workflow file for this run

name: Gate
on:
merge_group:
branches: [ 'master' ]
push:
branches: ['*', '!stabilization*', '!stable*', '!master' ]
pull_request:
branches: [ 'master', 'stabilization*', 'oscal-update-*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
validate-sle:
name: Build, Test on SLE 15 (Container)
runs-on: ubuntu-latest
container:
image: registry.suse.com/bci/bci-base:latest
steps:
- name: Update CA certificates
run: update-ca-certificates
- name: Zypper add factory repo - to install bats and ShellCheck
run: zypper --non-interactive ar https://download.opensuse.org/repositories/openSUSE:/Backports:/SLE-15-SP5/standard/openSUSE:Backports:SLE-15-SP5.repo
- name: Zypper auto import keys
run: zypper --gpg-auto-import-keys --non-interactive ref
- name: Zypper refs
run: zypper refs
- name: Zypper refresh
run: zypper refresh
- name: Install Deps
run: zypper install -y git cmake make bats openscap-utils python3 python3-rpm python3-pip python3-devel python3-PyYAML python3-Jinja2 python3-setuptools libxslt-tools libxml2-tools ShellCheck
- name: Upgrade pip python
run: pip install pip --upgrade
- name: Install deps python
run: pip install pytest pytest-cov
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Build
run: ./build_product sle12 sle15
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-suse:
name: Build, Test on OpenSUSE Leap 15 (Container)
runs-on: ubuntu-latest
container:
image: opensuse/leap:15
steps:
- name: Install Deps
run: zypper install -y git cmake make openscap-utils python3-PyYAML bats python3-pytest python3-pytest-cov python3-Jinja2 python3-setuptools libxslt-tools libxml2-tools ShellCheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Build
run: ./build_product opensuse
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-debian:
name: Build, Test on Debian 12 (Container)
runs-on: ubuntu-latest
container:
image: debian:bookworm
steps:
- name: Update the package repository
run: apt-get update
- name: Install Deps
run: apt-get install -y ansible-lint bats check cmake openscap-scanner openscap-utils libxml2-utils ninja-build python3-pip xsltproc libxslt1-dev libxml2-dev zlib1g-dev python3.11-venv
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Upgrade pip python
run: pip install --upgrade pip --break-system-packages
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt --ignore-installed PyYAML PyGithub --break-system-packages
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product debian11 debian12
- name: Test
working-directory: ./build
run: ctest -j2 --output-on-failure -E unique-stigids
validate-ubuntu:
name: Build, Test on Ubuntu 20.04
runs-on: ubuntu-20.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install -y cmake ninja-build libopenscap8 libxml2-utils xsltproc ansible-lint bats python3-github python3-jinja2 python3-pip python3-pytest python3-pytest-cov python3-setuptools python3-yaml shellcheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product ubuntu1604 ubuntu1804 ubuntu2004 ubuntu2404
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-ubuntu-22-04:
name: Build, Test on Ubuntu 22.04
runs-on: ubuntu-22.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install -y cmake ninja-build libopenscap8 libxml2-utils xsltproc ansible-lint bats python3-github python3-jinja2 python3-pip python3-pytest python3-pytest-cov python3-setuptools python3-yaml shellcheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product ubuntu2204
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-ubuntu-24-04:
name: Build, Test on Ubuntu 24.04
runs-on: ubuntu-24.04
steps:
- name: Install Deps
run: sudo apt-get update && sudo apt-get install -y cmake ninja-build openscap-utils libxml2-utils xsltproc ansible-lint bats python3-github python3-jinja2 python3-pip python3-pytest python3-pytest-cov python3-setuptools python3-yaml shellcheck
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip3 install -r requirements.txt -r test-requirements.txt
- name: Build
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
run: |-
./build_product ubuntu2404
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-fedora-rawhide:
name: Build, Test on Fedora Rawhide (Container)
runs-on: ubuntu-latest
container:
image: registry.fedoraproject.org/fedora:rawhide
steps:
- name: Run Updates
run: dnf update -y
- name: Install Deps
run: dnf install -y cmake make openscap-utils bats ansible python3-pip ShellCheck git python3-devel gcc-c++ libxml2-devel libxslt-devel python3-setuptools
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip install -r requirements-base.txt -r test-requirements.txt
- name: Build
run: |-
./build_product \
al2023 \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
fedora \
firefox \
ocp4 \
rhcos4 \
rhel8 \
rhel9 \
rhel10 \
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
validate-windows:
name: Build on Windows
runs-on: windows-latest
env:
OPENSCAP_VERSION: "1.4.2"
OPENSCAP_ROOT_DIR: "C:\\Program Files\\OpenSCAP 1.4.2"
steps:
- name: Install Deps
run: choco install xsltproc
- name: Get Latest OpenSCAP
shell: powershell
run: "Invoke-WebRequest -Uri https://nightly.link/OpenSCAP/openscap/workflows/build/main/openscap-win64.zip -OutFile ${{ github.workspace }}\\openscap-win.zip"
- name: Extract Latest OpenSCAP
shell: powershell
run: "Expand-Archive -LiteralPath ${{ github.workspace }}\\openscap-win.zip -DestinationPath ${{ github.workspace }}\\openscap-win -Verbose:$true"
- name: Install OpenSCAP
shell: powershell
run: "msiexec.exe /norestart /q /i ${{ github.workspace }}\\openscap-win\\OpenSCAP-${env:OPENSCAP_VERSION}-win64.msi"
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install Python Deps
run: pip install -r requirements.txt -r test-requirements.txt
- name: Build
shell: bash
run: ./build_product -j2 fedora