SLE16 fix sysctl related ansible remediations #190
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ATEX - Build Content | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| env: | |
| ARTIFACT_RETENTION_DAYS: 1 | |
| permissions: | |
| contents: read | |
| jobs: | |
| build_content: | |
| name: Build content for CentOS Stream ${{ matrix.centos_stream_major }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| centos_stream_major: [8, 9, 10] | |
| container: | |
| image: fedora:latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install system dependencies | |
| run: | | |
| dnf install -y \ | |
| cmake make openscap-utils python3-pyyaml \ | |
| bats ansible python3-pip ShellCheck git \ | |
| gcc gcc-c++ python3-devel libxml2-devel \ | |
| libxslt-devel python3-setuptools gawk | |
| - name: Install Python dependencies | |
| run: pip install -r requirements.txt -r test-requirements.txt | |
| - name: Build content | |
| env: | |
| CENTOS_STREAM_MAJOR: ${{ matrix.centos_stream_major }} | |
| run: | | |
| rm -rf build | |
| mkdir build | |
| cd build | |
| # Build configuration matching Contest and scap-security-guide.spec defaults | |
| # Includes options required by tests to avoid rebuilds | |
| cmake ../ \ | |
| -DCMAKE_BUILD_TYPE:STRING=Release \ | |
| -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \ | |
| -DSSG_PRODUCT_DEFAULT:BOOL=OFF \ | |
| "-DSSG_PRODUCT_RHEL${CENTOS_STREAM_MAJOR}:BOOL=ON" \ | |
| -DSSG_SCE_ENABLED:BOOL=ON \ | |
| -DSSG_BASH_SCRIPTS_ENABLED:BOOL=OFF \ | |
| -DSSG_BUILD_DISA_DELTA_FILES:BOOL=OFF \ | |
| -DSSG_SEPARATE_SCAP_FILES_ENABLED:BOOL=OFF \ | |
| -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON | |
| # Build using all available cores | |
| cores=$(nproc) || cores=4 | |
| make "-j$cores" | |
| # Clean up temporary metadata | |
| rm -rf jinja2_cache | |
| - name: Save file permissions before artifact upload | |
| run: | | |
| # GitHub Actions artifact upload/download strips execute permissions | |
| # Save all file permissions so they can be restored after download | |
| echo "=== Saving file permissions ===" | |
| find . -type f -printf '%m %p\n' > file-permissions.txt | |
| echo "Saved permissions for $(wc -l < file-permissions.txt) files" | |
| # Show sample of executable files being saved | |
| echo "=== Sample executable files ===" | |
| grep -E '^[0-7]*[1357][0-7]* ' file-permissions.txt | head -10 || true | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: content-centos-stream${{ matrix.centos_stream_major }} | |
| path: . | |
| retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
| include-hidden-files: true # make sure all .dot files are included e.g. .cmakelintrc | |
| save_pr_info: | |
| name: Save PR information for workflow_run | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Save PR number and SHA | |
| run: | | |
| mkdir -p pr-info | |
| echo ${{ github.event.pull_request.number }} > pr-info/pr-number.txt | |
| echo ${{ github.event.pull_request.head.sha }} > pr-info/pr-sha.txt | |
| - name: Upload PR info | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: pr-info | |
| path: pr-info/ | |
| retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} |