From dc8fe64c6c282f1d7b7e2ddbe224eec8299b790a Mon Sep 17 00:00:00 2001
From: Jiri Jaburek <comps@nomail.dom>
Date: Fri, 19 Apr 2024 19:31:18 +0200
Subject: [PATCH 1/5] split out TMT plans to separate Packit jobs

Also remove unused merge queue code for tests, as leaving it
in place would lead to a lot more copy/pasted .packit.yaml code.

Signed-off-by: Jiri Jaburek <comps@nomail.dom>
---
 .packit.yaml             | 56 +++++++++++++++++++++++++++++++++-------
 tests/tmt-plans/main.fmf |  3 ---
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/.packit.yaml b/.packit.yaml
index 05d919d7961..b5d251824e2 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -19,20 +19,58 @@ jobs:
   - centos-stream-8-x86_64
   - centos-stream-9-x86_64
 
-- &test
+- <<: *build
+  trigger: commit
+  branch: "gh-readonly-queue/.*"
+
+- &test-static-checks
   job: tests
   trigger: pull_request
   fmf_path: tests/tmt-plans
+  identifier: /static-checks
+  tmt_plan: /static-checks
   targets:
     epel-7:
       distros: [ centos-7 ]
-    centos-stream-8: { }
-    centos-stream-9: { }
+    centos-stream-8: {}
+    centos-stream-9: {}
 
-- <<: *test
-  trigger: commit
-  branch: "gh-readonly-queue/.*"
+# when modifying this, modify also tests/tmt-plans/
 
-- <<: *build
-  trigger: commit
-  branch: "gh-readonly-queue/.*"
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/anssi_bp28_high
+  tmt_plan: /hardening/host-os/ansible/anssi_bp28_high
+  targets:
+    centos-stream-8: {}
+    centos-stream-9: {}
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/cis
+  tmt_plan: /hardening/host-os/ansible/cis
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/ospp
+  tmt_plan: /hardening/host-os/ansible/ospp
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/pci-dss
+  tmt_plan: /hardening/host-os/ansible/pci-dss
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/stig
+  tmt_plan: /hardening/host-os/ansible/stig
+
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/anssi_bp28_high
+  tmt_plan: /hardening/host-os/oscap/anssi_bp28_high
+  targets:
+    centos-stream-8: {}
+    centos-stream-9: {}
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/cis
+  tmt_plan: /hardening/host-os/oscap/cis
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/ospp
+  tmt_plan: /hardening/host-os/oscap/ospp
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/pci-dss
+  tmt_plan: /hardening/host-os/oscap/pci-dss
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/stig
+  tmt_plan: /hardening/host-os/oscap/stig
diff --git a/tests/tmt-plans/main.fmf b/tests/tmt-plans/main.fmf
index 3af0e430e29..a6fa94f6ef0 100644
--- a/tests/tmt-plans/main.fmf
+++ b/tests/tmt-plans/main.fmf
@@ -35,9 +35,6 @@ report:
 /hardening/host-os/ansible/stig:
     summary: Destructive STIG profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/stig$}
-    adjust+:
-      - when: distro <= centos-8
-        enabled: false
 
 #
 # Hardening via oscap xccdf eval --remediate

From 9ebcd62cd0b38ac3d10c6a3537ed40305ea2c5c0 Mon Sep 17 00:00:00 2001
From: Jiri Jaburek <comps@nomail.dom>
Date: Fri, 19 Apr 2024 22:19:22 +0200
Subject: [PATCH 2/5] remove TMT plan summaries

Using just the name is likely less confusing, since it maps
directly to Contest test names.

Also, it minimizes the .fmf file noise.

Signed-off-by: Jiri Jaburek <comps@nomail.dom>
---
 tests/tmt-plans/main.fmf | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/tests/tmt-plans/main.fmf b/tests/tmt-plans/main.fmf
index a6fa94f6ef0..7765e98c49a 100644
--- a/tests/tmt-plans/main.fmf
+++ b/tests/tmt-plans/main.fmf
@@ -14,26 +14,21 @@ report:
 #
 
 /hardening/host-os/ansible/anssi_bp28_high:
-    summary: Destructive ANSSI BP-028 (high) profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/anssi_bp28_high$}
     adjust+:
       - when: distro <= centos-7
         enabled: false
 
 /hardening/host-os/ansible/cis:
-    summary: Destructive CIS Server Level 2 profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/cis$}
 
 /hardening/host-os/ansible/ospp:
-    summary: Destructive OSPP profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/ospp$}
 
 /hardening/host-os/ansible/pci-dss:
-    summary: Destructive PCI-DSS profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/pci-dss$}
 
 /hardening/host-os/ansible/stig:
-    summary: Destructive STIG profile test (Ansible)
     discover+: {test: /hardening/host-os/ansible/stig$}
 
 #
@@ -41,26 +36,21 @@ report:
 #
 
 /hardening/host-os/oscap/anssi_bp28_high:
-    summary: Destructive ANSSI-BP-028 (high) profile test (Bash)
     discover+: {test: /hardening/host-os/oscap/anssi_bp28_high$}
     adjust+:
       - when: distro <= centos-7
         enabled: false
 
 /hardening/host-os/oscap/cis:
-    summary: Destructive CIS Server Level 2 profile test (Bash)
     discover+: {test: /hardening/host-os/oscap/cis$}
 
 /hardening/host-os/oscap/ospp:
-    summary: Destructive OSPP profile test (Bash)
     discover+: {test: /hardening/host-os/oscap/ospp$}
 
 /hardening/host-os/oscap/pci-dss:
-    summary: Destructive PCI-DSS profile test (Bash)
     discover+: {test: /hardening/host-os/oscap/pci-dss$}
 
 /hardening/host-os/oscap/stig:
-    summary: Destructive STIG profile test (Bash)
     discover+: {test: /hardening/host-os/oscap/stig$}
 
 #
@@ -68,7 +58,6 @@ report:
 #
 
 /static-checks:
-    summary: Sanity non-destructive tests
     discover+:
         test: /static-checks
         # exclude here due to the test failing frequently for short periods

From 84c39b59ca964a36f55b5a3158d16ce9a1c0597c Mon Sep 17 00:00:00 2001
From: Jiri Jaburek <comps@nomail.dom>
Date: Fri, 19 Apr 2024 22:52:31 +0200
Subject: [PATCH 3/5] add TMT plans for all RHEL / CentOS Stream profiles

Signed-off-by: Jiri Jaburek <comps@nomail.dom>
---
 .packit.yaml             | 58 ++++++++++++++++++++++++++++++++++++
 tests/tmt-plans/main.fmf | 64 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)

diff --git a/.packit.yaml b/.packit.yaml
index b5d251824e2..598bf2cebf6 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -43,9 +43,38 @@ jobs:
   targets:
     centos-stream-8: {}
     centos-stream-9: {}
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/ccn_advanced
+  tmt_plan: /hardening/host-os/ansible/ccn_advanced
+  targets:
+    centos-stream-9: {}
 - <<: *test-static-checks
   identifier: /hardening/host-os/ansible/cis
   tmt_plan: /hardening/host-os/ansible/cis
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/cis_server_l1
+  tmt_plan: /hardening/host-os/ansible/cis_server_l1
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/cis_workstation_l1
+  tmt_plan: /hardening/host-os/ansible/cis_workstation_l1
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/cis_workstation_l2
+  tmt_plan: /hardening/host-os/ansible/cis_workstation_l2
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/cui
+  tmt_plan: /hardening/host-os/ansible/cui
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/e8
+  tmt_plan: /hardening/host-os/ansible/e8
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/hipaa
+  tmt_plan: /hardening/host-os/ansible/hipaa
+- <<: *test-static-checks
+  identifier: /hardening/host-os/ansible/ism_o
+  tmt_plan: /hardening/host-os/ansible/ism_o
+  targets:
+    centos-stream-8: {}
+    centos-stream-9: {}
 - <<: *test-static-checks
   identifier: /hardening/host-os/ansible/ospp
   tmt_plan: /hardening/host-os/ansible/ospp
@@ -62,9 +91,38 @@ jobs:
   targets:
     centos-stream-8: {}
     centos-stream-9: {}
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/ccn_advanced
+  tmt_plan: /hardening/host-os/oscap/ccn_advanced
+  targets:
+    centos-stream-9: {}
 - <<: *test-static-checks
   identifier: /hardening/host-os/oscap/cis
   tmt_plan: /hardening/host-os/oscap/cis
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/cis_server_l1
+  tmt_plan: /hardening/host-os/oscap/cis_server_l1
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/cis_workstation_l1
+  tmt_plan: /hardening/host-os/oscap/cis_workstation_l1
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/cis_workstation_l2
+  tmt_plan: /hardening/host-os/oscap/cis_workstation_l2
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/cui
+  tmt_plan: /hardening/host-os/oscap/cui
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/e8
+  tmt_plan: /hardening/host-os/oscap/e8
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/hipaa
+  tmt_plan: /hardening/host-os/oscap/hipaa
+- <<: *test-static-checks
+  identifier: /hardening/host-os/oscap/ism_o
+  tmt_plan: /hardening/host-os/oscap/ism_o
+  targets:
+    centos-stream-8: {}
+    centos-stream-9: {}
 - <<: *test-static-checks
   identifier: /hardening/host-os/oscap/ospp
   tmt_plan: /hardening/host-os/oscap/ospp
diff --git a/tests/tmt-plans/main.fmf b/tests/tmt-plans/main.fmf
index 7765e98c49a..8ad28b754ac 100644
--- a/tests/tmt-plans/main.fmf
+++ b/tests/tmt-plans/main.fmf
@@ -19,9 +19,41 @@ report:
       - when: distro <= centos-7
         enabled: false
 
+/hardening/host-os/ansible/ccn_advanced:
+    discover+: {test: /hardening/host-os/ansible/ccn_advanced$}
+    adjust+:
+      - when: distro <= centos-7
+        enabled: false
+      - when: distro < centos-stream-9
+        enabled: false
+
 /hardening/host-os/ansible/cis:
     discover+: {test: /hardening/host-os/ansible/cis$}
 
+/hardening/host-os/ansible/cis_server_l1:
+    discover+: {test: /hardening/host-os/ansible/cis_server_l1$}
+
+/hardening/host-os/ansible/cis_workstation_l1:
+    discover+: {test: /hardening/host-os/ansible/cis_workstation_l1$}
+
+/hardening/host-os/ansible/cis_workstation_l2:
+    discover+: {test: /hardening/host-os/ansible/cis_workstation_l2$}
+
+/hardening/host-os/ansible/cui:
+    discover+: {test: /hardening/host-os/ansible/cui$}
+
+/hardening/host-os/ansible/e8:
+    discover+: {test: /hardening/host-os/ansible/e8$}
+
+/hardening/host-os/ansible/hipaa:
+    discover+: {test: /hardening/host-os/ansible/hipaa$}
+
+/hardening/host-os/ansible/ism_o:
+    discover+: {test: /hardening/host-os/ansible/ism_o$}
+    adjust+:
+      - when: distro <= centos-7
+        enabled: false
+
 /hardening/host-os/ansible/ospp:
     discover+: {test: /hardening/host-os/ansible/ospp$}
 
@@ -41,9 +73,41 @@ report:
       - when: distro <= centos-7
         enabled: false
 
+/hardening/host-os/oscap/ccn_advanced:
+    discover+: {test: /hardening/host-os/oscap/ccn_advanced$}
+    adjust+:
+      - when: distro <= centos-7
+        enabled: false
+      - when: distro < centos-stream-9
+        enabled: false
+
 /hardening/host-os/oscap/cis:
     discover+: {test: /hardening/host-os/oscap/cis$}
 
+/hardening/host-os/oscap/cis_server_l1:
+    discover+: {test: /hardening/host-os/oscap/cis_server_l1$}
+
+/hardening/host-os/oscap/cis_workstation_l1:
+    discover+: {test: /hardening/host-os/oscap/cis_workstation_l1$}
+
+/hardening/host-os/oscap/cis_workstation_l2:
+    discover+: {test: /hardening/host-os/oscap/cis_workstation_l2$}
+
+/hardening/host-os/oscap/cui:
+    discover+: {test: /hardening/host-os/oscap/cui$}
+
+/hardening/host-os/oscap/e8:
+    discover+: {test: /hardening/host-os/oscap/e8$}
+
+/hardening/host-os/oscap/hipaa:
+    discover+: {test: /hardening/host-os/oscap/hipaa$}
+
+/hardening/host-os/oscap/ism_o:
+    discover+: {test: /hardening/host-os/oscap/ism_o$}
+    adjust+:
+      - when: distro <= centos-7
+        enabled: false
+
 /hardening/host-os/oscap/ospp:
     discover+: {test: /hardening/host-os/oscap/ospp$}
 

From e13b2b70ffd632d10cf6e8e1407371dcb08c7e21 Mon Sep 17 00:00:00 2001
From: Jiri Jaburek <comps@nomail.dom>
Date: Mon, 22 Apr 2024 13:41:35 +0200
Subject: [PATCH 4/5] disable CentOS Stream Testing Farm tests for ccn_advanced

It seems the profile is not quite ready for Testing Farm.

Signed-off-by: Jiri Jaburek <comps@nomail.dom>
---
 .packit.yaml             | 11 ++++++-----
 tests/tmt-plans/main.fmf | 15 ++++++++-------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/.packit.yaml b/.packit.yaml
index 598bf2cebf6..6a0d0592b51 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -43,11 +43,12 @@ jobs:
   targets:
     centos-stream-8: {}
     centos-stream-9: {}
-- <<: *test-static-checks
-  identifier: /hardening/host-os/ansible/ccn_advanced
-  tmt_plan: /hardening/host-os/ansible/ccn_advanced
-  targets:
-    centos-stream-9: {}
+# disable for now - it seems to be broken on CentOS Stream
+#- <<: *test-static-checks
+#  identifier: /hardening/host-os/ansible/ccn_advanced
+#  tmt_plan: /hardening/host-os/ansible/ccn_advanced
+#  targets:
+#    centos-stream-9: {}
 - <<: *test-static-checks
   identifier: /hardening/host-os/ansible/cis
   tmt_plan: /hardening/host-os/ansible/cis
diff --git a/tests/tmt-plans/main.fmf b/tests/tmt-plans/main.fmf
index 8ad28b754ac..d1d447234d0 100644
--- a/tests/tmt-plans/main.fmf
+++ b/tests/tmt-plans/main.fmf
@@ -19,13 +19,14 @@ report:
       - when: distro <= centos-7
         enabled: false
 
-/hardening/host-os/ansible/ccn_advanced:
-    discover+: {test: /hardening/host-os/ansible/ccn_advanced$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
-      - when: distro < centos-stream-9
-        enabled: false
+# see .packit.yaml
+#/hardening/host-os/ansible/ccn_advanced:
+#    discover+: {test: /hardening/host-os/ansible/ccn_advanced$}
+#    adjust+:
+#      - when: distro <= centos-7
+#        enabled: false
+#      - when: distro < centos-stream-9
+#        enabled: false
 
 /hardening/host-os/ansible/cis:
     discover+: {test: /hardening/host-os/ansible/cis$}

From c8e2f84f2fa0985c556bdca4c991a1e6a9def655 Mon Sep 17 00:00:00 2001
From: Jiri Jaburek <comps@nomail.dom>
Date: Mon, 22 Apr 2024 13:43:00 +0200
Subject: [PATCH 5/5] remove adjusts from tmt-plans

Signed-off-by: Jiri Jaburek <comps@nomail.dom>
---
 tests/tmt-plans/main.fmf | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/tests/tmt-plans/main.fmf b/tests/tmt-plans/main.fmf
index d1d447234d0..448f60afb39 100644
--- a/tests/tmt-plans/main.fmf
+++ b/tests/tmt-plans/main.fmf
@@ -15,18 +15,10 @@ report:
 
 /hardening/host-os/ansible/anssi_bp28_high:
     discover+: {test: /hardening/host-os/ansible/anssi_bp28_high$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
 
 # see .packit.yaml
 #/hardening/host-os/ansible/ccn_advanced:
 #    discover+: {test: /hardening/host-os/ansible/ccn_advanced$}
-#    adjust+:
-#      - when: distro <= centos-7
-#        enabled: false
-#      - when: distro < centos-stream-9
-#        enabled: false
 
 /hardening/host-os/ansible/cis:
     discover+: {test: /hardening/host-os/ansible/cis$}
@@ -51,9 +43,6 @@ report:
 
 /hardening/host-os/ansible/ism_o:
     discover+: {test: /hardening/host-os/ansible/ism_o$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
 
 /hardening/host-os/ansible/ospp:
     discover+: {test: /hardening/host-os/ansible/ospp$}
@@ -70,17 +59,9 @@ report:
 
 /hardening/host-os/oscap/anssi_bp28_high:
     discover+: {test: /hardening/host-os/oscap/anssi_bp28_high$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
 
 /hardening/host-os/oscap/ccn_advanced:
     discover+: {test: /hardening/host-os/oscap/ccn_advanced$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
-      - when: distro < centos-stream-9
-        enabled: false
 
 /hardening/host-os/oscap/cis:
     discover+: {test: /hardening/host-os/oscap/cis$}
@@ -105,9 +86,6 @@ report:
 
 /hardening/host-os/oscap/ism_o:
     discover+: {test: /hardening/host-os/oscap/ism_o$}
-    adjust+:
-      - when: distro <= centos-7
-        enabled: false
 
 /hardening/host-os/oscap/ospp:
     discover+: {test: /hardening/host-os/oscap/ospp$}