Skip to content

Commit

Permalink
Merge pull request ComplianceAsCode#11860 from comps/packit_jobs_for_…
Browse files Browse the repository at this point in the history
…plans

Split out TMT plans to separate Packit jobs
  • Loading branch information
jan-cerny authored Apr 24, 2024
2 parents 01337bd + c8e2f84 commit 5738d71
Show file tree
Hide file tree
Showing 2 changed files with 155 additions and 29 deletions.
115 changes: 106 additions & 9 deletions .packit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,117 @@ jobs:
- centos-stream-8-x86_64
- centos-stream-9-x86_64

- &test
- <<: *build
trigger: commit
branch: "gh-readonly-queue/.*"

- &test-static-checks
job: tests
trigger: pull_request
fmf_path: tests/tmt-plans
identifier: /static-checks
tmt_plan: /static-checks
targets:
epel-7:
distros: [ centos-7 ]
centos-stream-8: { }
centos-stream-9: { }
centos-stream-8: {}
centos-stream-9: {}

- <<: *test
trigger: commit
branch: "gh-readonly-queue/.*"
# when modifying this, modify also tests/tmt-plans/

- <<: *build
trigger: commit
branch: "gh-readonly-queue/.*"
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/anssi_bp28_high
tmt_plan: /hardening/host-os/ansible/anssi_bp28_high
targets:
centos-stream-8: {}
centos-stream-9: {}
# disable for now - it seems to be broken on CentOS Stream
#- <<: *test-static-checks
# identifier: /hardening/host-os/ansible/ccn_advanced
# tmt_plan: /hardening/host-os/ansible/ccn_advanced
# targets:
# centos-stream-9: {}
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/cis
tmt_plan: /hardening/host-os/ansible/cis
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/cis_server_l1
tmt_plan: /hardening/host-os/ansible/cis_server_l1
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/cis_workstation_l1
tmt_plan: /hardening/host-os/ansible/cis_workstation_l1
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/cis_workstation_l2
tmt_plan: /hardening/host-os/ansible/cis_workstation_l2
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/cui
tmt_plan: /hardening/host-os/ansible/cui
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/e8
tmt_plan: /hardening/host-os/ansible/e8
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/hipaa
tmt_plan: /hardening/host-os/ansible/hipaa
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/ism_o
tmt_plan: /hardening/host-os/ansible/ism_o
targets:
centos-stream-8: {}
centos-stream-9: {}
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/ospp
tmt_plan: /hardening/host-os/ansible/ospp
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/pci-dss
tmt_plan: /hardening/host-os/ansible/pci-dss
- <<: *test-static-checks
identifier: /hardening/host-os/ansible/stig
tmt_plan: /hardening/host-os/ansible/stig

- <<: *test-static-checks
identifier: /hardening/host-os/oscap/anssi_bp28_high
tmt_plan: /hardening/host-os/oscap/anssi_bp28_high
targets:
centos-stream-8: {}
centos-stream-9: {}
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/ccn_advanced
tmt_plan: /hardening/host-os/oscap/ccn_advanced
targets:
centos-stream-9: {}
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/cis
tmt_plan: /hardening/host-os/oscap/cis
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/cis_server_l1
tmt_plan: /hardening/host-os/oscap/cis_server_l1
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/cis_workstation_l1
tmt_plan: /hardening/host-os/oscap/cis_workstation_l1
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/cis_workstation_l2
tmt_plan: /hardening/host-os/oscap/cis_workstation_l2
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/cui
tmt_plan: /hardening/host-os/oscap/cui
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/e8
tmt_plan: /hardening/host-os/oscap/e8
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/hipaa
tmt_plan: /hardening/host-os/oscap/hipaa
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/ism_o
tmt_plan: /hardening/host-os/oscap/ism_o
targets:
centos-stream-8: {}
centos-stream-9: {}
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/ospp
tmt_plan: /hardening/host-os/oscap/ospp
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/pci-dss
tmt_plan: /hardening/host-os/oscap/pci-dss
- <<: *test-static-checks
identifier: /hardening/host-os/oscap/stig
tmt_plan: /hardening/host-os/oscap/stig
69 changes: 49 additions & 20 deletions tests/tmt-plans/main.fmf
Original file line number Diff line number Diff line change
Expand Up @@ -14,64 +14,93 @@ report:
#

/hardening/host-os/ansible/anssi_bp28_high:
summary: Destructive ANSSI BP-028 (high) profile test (Ansible)
discover+: {test: /hardening/host-os/ansible/anssi_bp28_high$}
adjust+:
- when: distro <= centos-7
enabled: false

# see .packit.yaml
#/hardening/host-os/ansible/ccn_advanced:
# discover+: {test: /hardening/host-os/ansible/ccn_advanced$}

/hardening/host-os/ansible/cis:
summary: Destructive CIS Server Level 2 profile test (Ansible)
discover+: {test: /hardening/host-os/ansible/cis$}

/hardening/host-os/ansible/cis_server_l1:
discover+: {test: /hardening/host-os/ansible/cis_server_l1$}

/hardening/host-os/ansible/cis_workstation_l1:
discover+: {test: /hardening/host-os/ansible/cis_workstation_l1$}

/hardening/host-os/ansible/cis_workstation_l2:
discover+: {test: /hardening/host-os/ansible/cis_workstation_l2$}

/hardening/host-os/ansible/cui:
discover+: {test: /hardening/host-os/ansible/cui$}

/hardening/host-os/ansible/e8:
discover+: {test: /hardening/host-os/ansible/e8$}

/hardening/host-os/ansible/hipaa:
discover+: {test: /hardening/host-os/ansible/hipaa$}

/hardening/host-os/ansible/ism_o:
discover+: {test: /hardening/host-os/ansible/ism_o$}

/hardening/host-os/ansible/ospp:
summary: Destructive OSPP profile test (Ansible)
discover+: {test: /hardening/host-os/ansible/ospp$}

/hardening/host-os/ansible/pci-dss:
summary: Destructive PCI-DSS profile test (Ansible)
discover+: {test: /hardening/host-os/ansible/pci-dss$}

/hardening/host-os/ansible/stig:
summary: Destructive STIG profile test (Ansible)
discover+: {test: /hardening/host-os/ansible/stig$}
adjust+:
- when: distro <= centos-8
enabled: false

#
# Hardening via oscap xccdf eval --remediate
#

/hardening/host-os/oscap/anssi_bp28_high:
summary: Destructive ANSSI-BP-028 (high) profile test (Bash)
discover+: {test: /hardening/host-os/oscap/anssi_bp28_high$}
adjust+:
- when: distro <= centos-7
enabled: false

/hardening/host-os/oscap/ccn_advanced:
discover+: {test: /hardening/host-os/oscap/ccn_advanced$}

/hardening/host-os/oscap/cis:
summary: Destructive CIS Server Level 2 profile test (Bash)
discover+: {test: /hardening/host-os/oscap/cis$}

/hardening/host-os/oscap/cis_server_l1:
discover+: {test: /hardening/host-os/oscap/cis_server_l1$}

/hardening/host-os/oscap/cis_workstation_l1:
discover+: {test: /hardening/host-os/oscap/cis_workstation_l1$}

/hardening/host-os/oscap/cis_workstation_l2:
discover+: {test: /hardening/host-os/oscap/cis_workstation_l2$}

/hardening/host-os/oscap/cui:
discover+: {test: /hardening/host-os/oscap/cui$}

/hardening/host-os/oscap/e8:
discover+: {test: /hardening/host-os/oscap/e8$}

/hardening/host-os/oscap/hipaa:
discover+: {test: /hardening/host-os/oscap/hipaa$}

/hardening/host-os/oscap/ism_o:
discover+: {test: /hardening/host-os/oscap/ism_o$}

/hardening/host-os/oscap/ospp:
summary: Destructive OSPP profile test (Bash)
discover+: {test: /hardening/host-os/oscap/ospp$}

/hardening/host-os/oscap/pci-dss:
summary: Destructive PCI-DSS profile test (Bash)
discover+: {test: /hardening/host-os/oscap/pci-dss$}

/hardening/host-os/oscap/stig:
summary: Destructive STIG profile test (Bash)
discover+: {test: /hardening/host-os/oscap/stig$}

#
# Misc smoke/sanity tests
#

/static-checks:
summary: Sanity non-destructive tests
discover+:
test: /static-checks
# exclude here due to the test failing frequently for short periods
Expand Down

0 comments on commit 5738d71

Please sign in to comment.