Pair the ATEX tests with the packit testing farm tests.

ggbecker · ggbecker · commit acd1e7ff48d8 · 2026-01-14T16:08:23.000+01:00
diff --git a/.github/workflows/atex-test.yaml b/.github/workflows/atex-test.yaml
@@ -58,6 +58,7 @@ jobs:
           output: |
             {"summary":"Running ATEX tests: Job: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}","title":"ATEX Testing in Progress"}
 
+  # All tests aggregated per CentOS Stream version
   test:
     name: Test on CentOS Stream ${{ matrix.centos_stream_major }}
     runs-on: ubuntu-latest
@@ -93,16 +94,94 @@ jobs:
           dnf -y install python3-pip git rsync
           pip install fmf atex==0.11
 
-      - name: Run tests on Testing Farm
+      - name: Run static checks
         env:
           TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
           CS_MAJOR: ${{ matrix.centos_stream_major }}
         run: |
+          # Explicitly specify static checks to run, excluding:
+          # - /static-checks/html-links (fails frequently due to temporary website availability issues)
+          # - /static-checks/diff (always fails, meant for manual review)
+          # - /static-checks/nist-validation (datastream is often noncompliant by design, e.g. SCE checks)
+          # Tests from: https://github.com/RHSecurityCompliance/contest/tree/main/static-checks
           python3 tests/run_tests_testingfarm.py \
             --contest-dir contest \
             --content-dir content-centos-stream${CS_MAJOR} \
             --plan "/plans/daily" \
-            --tests "/hardening/host-os/oscap/stig" \
+            --tests \
+              "/static-checks/ansible" \
+              "/static-checks/removed-rules" \
+              "/static-checks/rpmbuild-ctest" \
+              "/static-checks/rule-identifiers" \
+              "/static-checks/unit-tests-metadata" \
+            --compose "CentOS-Stream-${CS_MAJOR}" \
+            --arch x86_64 \
+            --os-major-version "${CS_MAJOR}" \
+            --timeout ${{ env.TEST_TIMEOUT }}
+
+      - name: Run hardening tests
+        env:
+          TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
+          CS_MAJOR: ${{ matrix.centos_stream_major }}
+        run: |
+          # Build test list based on CentOS Stream version
+          TESTS=(
+            # Tests for all versions (8, 9, 10)
+            "/hardening/host-os/ansible/anssi_bp28_high"
+            "/hardening/host-os/ansible/cis"
+            "/hardening/host-os/ansible/cis_server_l1"
+            "/hardening/host-os/ansible/cis_workstation_l1"
+            "/hardening/host-os/ansible/cis_workstation_l2"
+            "/hardening/host-os/ansible/e8"
+            "/hardening/host-os/ansible/hipaa"
+            "/hardening/host-os/ansible/ism_o"
+            "/hardening/host-os/ansible/ospp"
+            "/hardening/host-os/ansible/pci-dss"
+            "/hardening/host-os/ansible/stig"
+            "/hardening/host-os/oscap/anssi_bp28_high"
+            "/hardening/host-os/oscap/cis"
+            "/hardening/host-os/oscap/cis_server_l1"
+            "/hardening/host-os/oscap/cis_workstation_l1"
+            "/hardening/host-os/oscap/cis_workstation_l2"
+            "/hardening/host-os/oscap/e8"
+            "/hardening/host-os/oscap/hipaa"
+            "/hardening/host-os/oscap/ism_o"
+            "/hardening/host-os/oscap/ospp"
+            "/hardening/host-os/oscap/pci-dss"
+            "/hardening/host-os/oscap/stig"
+          )
+
+          # CS8 and CS9 only: cui
+          if [[ "${CS_MAJOR}" == "8" || "${CS_MAJOR}" == "9" ]]; then
+            TESTS+=(
+              "/hardening/host-os/ansible/cui"
+              "/hardening/host-os/oscap/cui"
+            )
+          fi
+
+          # CS9 only: bsi, ccn_advanced
+          if [[ "${CS_MAJOR}" == "9" ]]; then
+            TESTS+=(
+              "/hardening/host-os/ansible/bsi"
+              "/hardening/host-os/ansible/ccn_advanced"
+              "/hardening/host-os/oscap/bsi"
+              "/hardening/host-os/oscap/ccn_advanced"
+            )
+          fi
+
+          # CS10 only: ism_o_top_secret
+          if [[ "${CS_MAJOR}" == "10" ]]; then
+            TESTS+=(
+              "/hardening/host-os/ansible/ism_o_top_secret"
+              "/hardening/host-os/oscap/ism_o_top_secret"
+            )
+          fi
+
+          python3 tests/run_tests_testingfarm.py \
+            --contest-dir contest \
+            --content-dir content-centos-stream${CS_MAJOR} \
+            --plan "/plans/daily" \
+            --tests "${TESTS[@]}" \
             --compose "CentOS-Stream-${CS_MAJOR}" \
             --arch x86_64 \
             --os-major-version "${CS_MAJOR}" \
