-
Notifications
You must be signed in to change notification settings - Fork 370
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'maint-1.3' after 1.3.10 release
- Loading branch information
Showing
783 changed files
with
26,105 additions
and
102,505 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
# This is a basic workflow to help you get started with Actions | ||
|
||
name: Gating | ||
|
||
# Controls when the action will run. Triggers the workflow on push or pull request | ||
# events but only for the main branch | ||
on: | ||
push: | ||
branches: [ '*' ] | ||
pull_request: | ||
branches: [ main, maint-1.3 ] | ||
|
||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
# This workflow contains a single job called "build" | ||
build-ubuntu: | ||
# The type of runner that the job will run on | ||
name: Build, Test on Ubuntus | ||
runs-on: ${{ matrix.os }} | ||
|
||
strategy: | ||
matrix: | ||
os: [ubuntu-20.04, ubuntu-latest] | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
- uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
|
||
# Runs a single command using the runners shell | ||
- name: Install Deps | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get -y install lcov swig xsltproc rpm-common lua5.3 libpcre2-dev libyaml-dev libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt-dev libselinux1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libxslt1-dev libxml-parser-perl libxml-xpath-perl libperl-dev librpm-dev librtmp-dev libxmlsec1-dev libxmlsec1-openssl python3-dbusmock python3-pytest | ||
sudo apt-get -y remove rpm | ||
# Runs a set of commands using the runners shell | ||
- name: Build | ||
working-directory: ./build | ||
run: | | ||
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_PCRE2=True ../ | ||
make all | ||
- name: Test | ||
working-directory: ./build | ||
run: | | ||
export $(dbus-launch) | ||
ctest --output-on-failure | ||
build-fedora: | ||
name: Build, Test on Fedora Latest (Container) | ||
runs-on: ubuntu-latest | ||
container: | ||
image: fedora:latest | ||
steps: | ||
- name: Install Deps | ||
run: dnf install -y cmake git dbus-devel GConf2-devel libacl-devel libblkid-devel libcap-devel libcurl-devel libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel python3-devel python3-dbusmock rpm-devel swig bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel hostname bzip2 lua rpm-build which strace python3-pytest | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Build | ||
working-directory: ./build | ||
run: | | ||
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_PCRE2=True ../ | ||
make all | ||
- name: Test | ||
working-directory: ./build | ||
run: | | ||
export $(dbus-launch) | ||
ctest --output-on-failure | ||
build-fedora-nss: | ||
name: Build with NSS, Test on Fedora Latest (Container) | ||
runs-on: ubuntu-latest | ||
container: | ||
image: fedora:latest | ||
steps: | ||
- name: Install Deps | ||
run: dnf install -y cmake git dbus-devel GConf2-devel libacl-devel libblkid-devel libcap-devel libcurl-devel nss-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel python3-devel python3-dbusmock rpm-devel swig bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel hostname bzip2 lua rpm-build which strace python3-pytest | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Build | ||
working-directory: ./build | ||
run: | | ||
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_PCRE2=True -DWITH_CRYPTO=nss ../ | ||
make all | ||
- name: Test | ||
working-directory: ./build | ||
run: | | ||
export $(dbus-launch) | ||
ctest --output-on-failure | ||
build-macos: | ||
# The type of runner that the job will run on | ||
name: Build, Test on macOS Latest | ||
runs-on: macos-latest | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
- uses: actions/checkout@v3 | ||
|
||
# Runs a single command using the runners shell | ||
- name: Install Deps | ||
run: | | ||
# Unlink and re-link to prevent errors when GitHub Mac runner images | ||
# install Python outside of Brew: | ||
brew list -1 | grep python | while read formula; do brew unlink $formula; brew link --overwrite $formula; done | ||
brew update | ||
brew install doxygen | ||
brew install opendbx | ||
brew install pkg-config | ||
brew install popt | ||
brew install swig | ||
brew install libxmlsec1 | ||
brew install openssl | ||
brew install pcre2 | ||
# Runs a set of commands using the runners shell | ||
- name: Build | ||
run: | | ||
cd $GITHUB_WORKSPACE/build | ||
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_PCRE2=True -DENABLE_PROBES=False ../ | ||
make all | ||
- name: Test | ||
run: | | ||
cd $GITHUB_WORKSPACE/build | ||
echo "Tests are so broken for macOS :(" | ||
build-windows: | ||
name: Build on Windows | ||
runs-on: windows-latest | ||
env: | ||
VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite" | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Checkout vcpkg | ||
uses: actions/checkout@v3 | ||
with: | ||
path: ${{ github.workspace }}/vcpkg | ||
repository: microsoft/vcpkg | ||
fetch-depth: 1 | ||
|
||
- name: Bootstrap vcpkg | ||
shell: pwsh | ||
run: "${{ github.workspace }}\\vcpkg\\scripts\\bootstrap.ps1 -disableMetrics" | ||
|
||
- name: Export GitHub Actions cache environment variables | ||
uses: actions/github-script@v7 | ||
with: | ||
script: | | ||
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | ||
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | ||
- name: Install Deps | ||
run: "${{ github.workspace }}\\vcpkg\\vcpkg.exe install curl libxml2 libxslt bzip2 pcre pthreads zlib getopt-win32 xmlsec --triplet x64-windows" | ||
|
||
- name: Configure | ||
working-directory: ./build | ||
run: cmake -DCMAKE_BUILD_TYPE=Release -DENABLE_PYTHON3=FALSE -DCMAKE_TOOLCHAIN_FILE=${{ github.workspace }}/vcpkg/scripts/buildsystems/vcpkg.cmake .. | ||
|
||
- name: Build | ||
run: cmake --build . --config Release | ||
working-directory: ./build | ||
|
||
- name: Package | ||
run: cpack | ||
working-directory: build | ||
|
||
- name: Upload Artifacts | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: openscap-win64 | ||
path: |- | ||
build\OpenSCAP*.msi | ||
build\OpenSCAP*.msi.sha512 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [ 'maint-1.3', 'maint-1.2', 'master' ] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: [ 'maint-1.3' ] | ||
schedule: | ||
- cron: '32 17 * * 0' | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ 'cpp', 'python' ] | ||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install Deps | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get -y install lcov swig xsltproc rpm-common lua5.3 libyaml-dev libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt-dev libselinux1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libxslt1-dev libxml-parser-perl libxml-xpath-perl libperl-dev librpm-dev librtmp-dev libxmlsec1-dev libxmlsec1-openssl python3-dbusmock | ||
sudo apt-get -y remove rpm | ||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
|
||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
queries: +security-and-quality | ||
|
||
- name: Build | ||
working-directory: ./build | ||
run: | | ||
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ../ | ||
make all | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
downstream_package_name: openscap | ||
upstream_package_name: openscap | ||
specfile_path: openscap.spec | ||
|
||
actions: | ||
get-current-version: | ||
- bash -c "source release_tools/versions.sh && echo ${version}" | ||
|
||
srpm_build_deps: | ||
- bash | ||
|
||
jobs: | ||
- job: copr_build | ||
trigger: pull_request | ||
metadata: | ||
targets: | ||
- fedora-all-x86_64 | ||
- centos-stream-8-x86_64 | ||
- centos-stream-9-x86_64 | ||
|
||
- job: tests | ||
trigger: pull_request | ||
metadata: | ||
targets: | ||
- fedora-all-x86_64 | ||
- centos-stream-8-x86_64 | ||
- centos-stream-9-x86_64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,59 +1,56 @@ | ||
language: c | ||
|
||
matrix: | ||
include: | ||
- os: linux | ||
dist: bionic | ||
addons: | ||
apt: | ||
packages: | ||
- lcov | ||
- libdbus-1-dev | ||
- libdbus-glib-1-dev | ||
- libcurl4-openssl-dev | ||
- libgcrypt-dev | ||
- libselinux1-dev | ||
- libgconf2-dev | ||
- libacl1-dev | ||
- libblkid-dev | ||
- libcap-dev | ||
- libxml2-dev | ||
- swig | ||
- libxml-parser-perl | ||
- libxml-xpath-perl | ||
- libperl-dev | ||
- librpm-dev | ||
- swig | ||
- librtmp-dev | ||
- xsltproc | ||
- rpm-common | ||
- lua50 | ||
before_script: | ||
- cd build | ||
script: | ||
- cmake -DCMAKE_BUILD_TYPE=Debug ../ | ||
- build-wrapper-linux-x86-64 --out-dir bw-output make all || make all # build-wrapper won't work on forked repositories. | ||
- ctest --output-on-failure | ||
- (cd .. && sonar-scanner) || true # Will always fail builds on forked repositories. | ||
after_success: | ||
- curl -s https://codecov.io/bash > cov.sh && bash cov.sh -x "$GCOV" | ||
- os: osx | ||
before_install: | ||
- brew update | ||
- brew install doxygen | ||
- brew install opendbx | ||
- brew install popt | ||
- brew install swig | ||
before_script: | ||
- cd build | ||
script: | ||
- cmake -DENABLE_PROBES=false ../ | ||
- make -j 4 | ||
os: linux | ||
dist: bionic | ||
arch: | ||
- arm64 | ||
- ppc64le | ||
- amd64 | ||
|
||
addons: | ||
sonarcloud: | ||
organization: "openscap" | ||
apt: | ||
packages: | ||
- lcov | ||
- libdbus-1-dev | ||
- libdbus-glib-1-dev | ||
- libcurl4-openssl-dev | ||
- libgcrypt-dev | ||
- libselinux1-dev | ||
- libgconf2-dev | ||
- libacl1-dev | ||
- libblkid-dev | ||
- libcap-dev | ||
- libxml2-dev | ||
- swig | ||
- libxml-parser-perl | ||
- libxml-xpath-perl | ||
- libperl-dev | ||
- librpm-dev | ||
- swig | ||
- librtmp-dev | ||
- xsltproc | ||
- rpm-common | ||
- lua50 | ||
- libxmlsec1-dev | ||
- libxmlsec1-openssl | ||
|
||
cache: | ||
directories: | ||
- '$HOME/.sonar/cache' | ||
|
||
before_script: | ||
- cd build | ||
|
||
script: | ||
- cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ../ | ||
# The build-wrapper tool won't work on forked repositories. | ||
- case ${TRAVIS_CPU_ARCH} in | ||
amd64) build-wrapper-linux-x86-64 --out-dir bw-output make all || make all ;; | ||
arm64) build-wrapper-linux-aarch64 --out-dir bw-output make all || make all ;; | ||
*) make all ;; | ||
esac | ||
- ctest --output-on-failure | ||
# Will always fail builds on forked repositories. | ||
- (cd .. && sonar-scanner) || true |
Oops, something went wrong.