From c3b8bcd757e6aa0f260da51f24d75ddf6e6ea3b2 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 28 Jan 2022 18:34:03 +0100
Subject: [PATCH 1/2] Test CTF with Gitpod.

---
 .github/workflows/compare-ds.yaml |  2 +-
 .github/workflows/ctf.yaml        | 63 ++++++++++++++++++++++++++-----
 .github/workflows/ssgts.yaml      |  2 +-
 3 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/compare-ds.yaml b/.github/workflows/compare-ds.yaml
index 01598d53fe1..26e88673138 100644
--- a/.github/workflows/compare-ds.yaml
+++ b/.github/workflows/compare-ds.yaml
@@ -34,7 +34,7 @@ jobs:
           repository: mildas/content-test-filtering
           path: ctf
       - name: Detect content changes in the PR
-        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
+        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }}  --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
       - name: Test if there are no content changes
         run: echo "::set-output name=CTF_OUTPUT_SIZE::$(stat --printf="%s" output.json)"
         id: ctf
diff --git a/.github/workflows/ctf.yaml b/.github/workflows/ctf.yaml
index a72b68ecd78..779e612e8a0 100644
--- a/.github/workflows/ctf.yaml
+++ b/.github/workflows/ctf.yaml
@@ -1,6 +1,6 @@
 name: Gating
 on:
-  pull_request:
+  pull_request_target:
     branches: [ master, 'stabilization*' ]
 jobs:
   content-test-filtering:
@@ -11,26 +11,69 @@ jobs:
         uses: mstksg/get-package@master
         with:
           apt-get: git python3-jinja2 python3-yaml python3-setuptools python3-deepdiff python3-git python3-github python3-requests xmldiff
-      # TODO: Use action's checkout along with --local and --repository options of ctf
-      # See: https://github.community/t/how-to-commit-to-two-branches-from-an-action/17713/4
       - name: Checkout
         uses: actions/checkout@v2
         with:
+          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
       - name: Find forking point
         env:
           BASE_BRANCH: ${{ github.base_ref }}
         run: echo "::set-output name=FORK_POINT::$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})"
         id: fork_point
+      - name: Checkout fork point
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ steps.fork_point.outputs.FORK_POINT }}
+          fetch-depth: 0
       - name: Checkout (CTF)
         uses: actions/checkout@v2
         with:
           repository: mildas/content-test-filtering
           path: ctf
-      - name: Process (see the output for recommended tests)
-        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --verbose --output-format markdown ${{ github.event.pull_request.number }} # > ctf.md
-      # TODO: We can't do this for now: github.token is incapable of writing to the PR, and we can't provide our own
-      # for PRs coming from forked repos
-      # TODO: mshick/add-pr-comment@v1 and alike won't work as well
-      #- name: Update the PR
-      #  run: python3 ./ctf/utility_scripts/comment_pr.py --token ${{ github.token }} --pr ${{ github.event.pull_request.number }} --comment ctf.md
+      - name: Detect content changes in the PR
+        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
+      - name: Test if there are no content changes
+        run: echo "::set-output name=CTF_OUTPUT_SIZE::$(stat --printf="%s" output.json)"
+        id: ctf
+      - name: Print changes to content detected if any
+        if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
+        run: cat output.json
+      - name: Get product attribute
+        if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
+        id: product
+        uses: notiz-dev/github-action-json-property@release
+        with:
+          path: 'output.json'
+          prop_path: 'product'
+      - name: Find Comment
+        uses: peter-evans/find-comment@v1
+        id: fc
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: This datastream diff is auto generated by the check
+      - name: Create or update comment
+        if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Start a new ephemeral environment with changes proposed in this pull request
+
+            [![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#PRODUCT=${{steps.product.outputs.prop}}/${{ github.server_url }}/${{ github.repository }}/pulls/${{ github.event.pull_request.number }})
+
+          edit-mode: replace
+      - name: Create or update a trimmed comment
+        if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE == '0' }}
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            Start a new ephemeral environment with changes proposed in this pull request
+
+            [![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#${{ github.server_url }}/${{ github.repository }}/pulls/${{ github.event.pull_request.number }})
+
+          edit-mode: replace
diff --git a/.github/workflows/ssgts.yaml b/.github/workflows/ssgts.yaml
index e0a86e956ef..312718262e2 100644
--- a/.github/workflows/ssgts.yaml
+++ b/.github/workflows/ssgts.yaml
@@ -28,7 +28,7 @@ jobs:
         run: echo "::set-output name=FORK_POINT::$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})"
         id: fork_point
       - name: Detect content changes in the PR
-        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
+        run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }}  --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
       - name: Test if there are no content changes
         run: echo "::set-output name=CTF_OUTPUT_SIZE::$(stat --printf="%s" output.json)"
         id: ctf

From 95dcc1dd9725158f737508112fd51c55e2a86daf Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 28 Jan 2022 18:35:24 +0100
Subject: [PATCH 2/2] Test.

---
 .../services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
index f1232556c8f..6be53f5be27 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
@@ -56,4 +56,4 @@ template:
         missing_parameter_pass: 'true'
         parameter: StrictModes
         rule_id: sshd_enable_strictmodes
-        value: 'yes'
+        value: 'no'