diff --git a/.github/workflows/build-tests.yml b/.github/workflows/build-tests.yml index 452ac0353..d6ed8f713 100644 --- a/.github/workflows/build-tests.yml +++ b/.github/workflows/build-tests.yml @@ -83,3 +83,34 @@ jobs: diff /tmp/functions.txt /tmp/version.txt || true comm -23 --check-order /tmp/functions.txt /tmp/version.txt > /tmp/diff.txt test ! -s /tmp/diff.txt + + rpminspect: + name: RPMInspect + runs-on: ubuntu-latest + container: 'fedora:latest' + steps: + - name: Clone repository + uses: actions/checkout@v2 + + - name: Set up Java + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'adopt' + + - name: Install Fedora dependencies + run: | + dnf install -y dnf-plugins-core rpm-build maven + dnf builddep -y --spec jss.spec + + - name: Build JSS RPMs with CMake + run: ./build.sh --work-dir=build rpm + + - name: Install RPMInspect + run: | + dnf install -y dnf-plugins-core + dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect + dnf install -y rpminspect rpminspect-data-fedora + + - name: Run RPMInspect on SRPM and RPMs + run: ./tests/bin/rpminspect.sh diff --git a/build.sh b/build.sh index 136cfe852..9dba90422 100755 --- a/build.sh +++ b/build.sh @@ -127,6 +127,7 @@ generate_rpm_sources() { --transform "s,^./,$PREFIX/," \ --exclude .git \ --exclude bin \ + --exclude build \ -C "$SRC_DIR" \ . } diff --git a/tests/bin/rpminspect.sh b/tests/bin/rpminspect.sh new file mode 100755 index 000000000..7017c0f09 --- /dev/null +++ b/tests/bin/rpminspect.sh @@ -0,0 +1,14 @@ +#!/bin/bash -e + +# Don't run metadata check as we can't know the build host subdomain +# of CI runners in advance to add to an allow list + +echo "Running RPMInspect on SRPM" +rpminspect-fedora -E metadata build/SRPMS/*.rpm + +# Run RPMInspect on RPMs +for f in build/RPMS/*rpm; do + echo "::group::Running RPMInspect on $f" + rpminspect-fedora -E metadata,javabytecode "$f" + echo "::endgroup::" +done