Skip to content

Commit f1dae23

Browse files
ggbeckerggbecker
committed
Refactor ATEX workflow code.
1 parent a2466a0 commit f1dae23

File tree

1 file changed

+80
-57
lines changed

1 file changed

+80
-57
lines changed

.github/workflows/atex.yaml

Lines changed: 80 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,40 @@
1-
name: TMT Tests with Artifact Upload
1+
name: ATEX Testing Farm Integration
22

33
on:
44
pull_request:
55
types: [opened, synchronize, reopened]
66

7+
env:
8+
FEDORA_IMAGE: fedora:latest
9+
ATEX_REPO: RHSecurityCompliance/atex-results-testing-farm
10+
ATEX_HTML_REPO: RHSecurityCompliance/atex-html
11+
CONTEST_REPO: RHSecurityCompliance/contest
12+
ARTIFACT_RETENTION_DAYS: 1
13+
TEST_TIMEOUT: 1440 # 24 hours
14+
715
jobs:
816
build_content:
17+
name: Build content for CentOS Stream ${{ matrix.centos_stream_major }}
918
runs-on: ubuntu-latest
1019
strategy:
1120
matrix:
1221
centos_stream_major: [8, 9, 10]
1322
container:
14-
image: fedora:latest
23+
image: ${{ env.FEDORA_IMAGE }}
1524

1625
steps:
1726
- name: Checkout repository
1827
uses: actions/checkout@v4
1928

20-
- name: Install Deps
21-
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel python3-setuptools gawk
29+
- name: Install system dependencies
30+
run: |
31+
dnf install -y \
32+
cmake make openscap-utils python3-pyyaml \
33+
bats ansible python3-pip ShellCheck git \
34+
gcc gcc-c++ python3-devel libxml2-devel \
35+
libxslt-devel python3-setuptools gawk
2236
23-
- name: Install deps python
37+
- name: Install Python dependencies
2438
run: pip install pcre2==0.4.0 -r requirements.txt -r test-requirements.txt
2539

2640
- name: Build content
@@ -30,9 +44,9 @@ jobs:
3044
rm -rf build
3145
mkdir build
3246
cd build
33-
# defaults used by Contest (and scap-security-guide.spec),
34-
# plus any build options needed by any tests (so the tests don't have to rebuild
35-
# the content to add these options)
47+
48+
# Build configuration matching Contest and scap-security-guide.spec defaults
49+
# Includes options required by tests to avoid rebuilds
3650
cmake ../ \
3751
-DCMAKE_BUILD_TYPE:STRING=Release \
3852
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
@@ -43,27 +57,30 @@ jobs:
4357
-DSSG_BUILD_DISA_DELTA_FILES:BOOL=OFF \
4458
-DSSG_SEPARATE_SCAP_FILES_ENABLED:BOOL=OFF \
4559
-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
60+
61+
# Build using all available cores
4662
cores=$(nproc) || cores=4
4763
make "-j$cores"
4864
49-
# clean up useless metadata
65+
# Clean up temporary metadata
5066
rm -rf jinja2_cache
5167
5268
- name: Upload build artifacts
5369
uses: actions/upload-artifact@v4
5470
with:
5571
name: content-centos-stream${{ matrix.centos_stream_major }}
5672
path: .
57-
retention-days: 1
73+
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }}
5874

5975
test:
76+
name: Test on CentOS Stream ${{ matrix.centos_stream_major }}
6077
runs-on: ubuntu-latest
6178
needs: build_content
6279
strategy:
6380
matrix:
64-
centos_stream_major: [9] #[8, 9, 10]
81+
centos_stream_major: [8, 9, 10]
6582
container:
66-
image: fedora:latest
83+
image: ${{ env.FEDORA_IMAGE }}
6784

6885
steps:
6986
- name: Checkout repository
@@ -75,35 +92,33 @@ jobs:
7592
name: content-centos-stream${{ matrix.centos_stream_major }}
7693
path: content-centos-stream${{ matrix.centos_stream_major }}/
7794

78-
- name: Checkout RHSecurityCompliance contest
95+
- name: Checkout Contest framework
7996
uses: actions/checkout@v4
8097
with:
81-
repository: RHSecurityCompliance/contest
98+
repository: ${{ env.CONTEST_REPO }}
8299
ref: main
83100
path: contest
84101
fetch-depth: 1
85102

86103
- name: Install test dependencies
87104
run: |
88-
# Install utility and pip
89105
dnf -y install python3-pip git rsync
90-
91-
# Install dependencies into the isolated environment
92106
pip install fmf git+https://github.com/RHSecurityCompliance/atex.git
93107
94108
- name: Run tests on Testing Farm
95109
env:
96110
TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
111+
CS_MAJOR: ${{ matrix.centos_stream_major }}
97112
run: |
98113
python3 tests/run_tests_testingfarm.py \
99114
--contest-dir contest \
100-
--content-dir content-centos-stream${{ matrix.centos_stream_major }} \
115+
--content-dir content-centos-stream${CS_MAJOR} \
101116
--plan "/plans/daily" \
102117
--tests "/hardening/host-os/oscap/stig" \
103-
--compose "CentOS-Stream-${{ matrix.centos_stream_major }}" \
118+
--compose "CentOS-Stream-${CS_MAJOR}" \
104119
--arch x86_64 \
105-
--os-major-version "${{ matrix.centos_stream_major }}" \
106-
--timeout 120
120+
--os-major-version "${CS_MAJOR}" \
121+
--timeout ${{ env.TEST_TIMEOUT }}
107122
108123
- name: Upload test results
109124
if: always()
@@ -114,42 +129,39 @@ jobs:
114129
results-centos-stream-${{ matrix.centos_stream_major }}-x86_64.json.gz
115130
files-centos-stream-${{ matrix.centos_stream_major }}-x86_64/
116131
atex_debug.log.gz
117-
retention-days: 1
132+
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }}
118133

119134
upload:
135+
name: Upload and publish test results
120136
runs-on: ubuntu-latest
121137
needs: test
122-
if: always() # run even if the tests have failed
138+
if: always() # Run even if tests fail
123139
container:
124-
image: fedora:latest
140+
image: ${{ env.FEDORA_IMAGE }}
125141

126142
steps:
127143
- name: Checkout repository
128144
uses: actions/checkout@v4
129145

130146
- name: Install dependencies
131-
if: always() # Run even if previous steps fail
147+
if: always()
132148
run: |
133-
# Install utility and pip
134149
dnf -y install python3-pip git rsync
135-
136-
# Install dependencies into the isolated environment
137150
pip install fmf git+https://github.com/RHSecurityCompliance/atex.git
138151
139-
- name: Checkout RHSecurityCompliance repository to submit test results to Testing Farm Infrastructure
152+
- name: Checkout ATEX results repository
140153
if: always()
141154
uses: actions/checkout@v4
142155
with:
143-
repository: RHSecurityCompliance/atex-results-testing-farm
156+
repository: ${{ env.ATEX_REPO }}
144157
ref: main
145158
path: atex-results-testing-farm
146159
token: ${{ secrets.ATEX_RESULTS_TF_REPO_TOKEN }}
147160

148161
- name: Initialize FMF metadata
149162
if: always()
150163
working-directory: atex-results-testing-farm
151-
run: |
152-
fmf init
164+
run: fmf init
153165

154166
- name: Create TMT dummy plan for artifact transport
155167
if: always()
@@ -166,6 +178,7 @@ jobs:
166178
how: tmt
167179
EOF
168180
181+
# Download test results for all CentOS Stream versions
169182
- name: Download test results - CentOS Stream 8
170183
if: always()
171184
uses: actions/download-artifact@v4
@@ -190,69 +203,78 @@ jobs:
190203
path: test-results/cs10/
191204
continue-on-error: true
192205

193-
- name: Checkout atex-html repository
206+
- name: Checkout ATEX HTML viewer
194207
if: always()
195208
uses: actions/checkout@v4
196209
with:
197-
repository: RHSecurityCompliance/atex-html
210+
repository: ${{ env.ATEX_HTML_REPO }}
198211
ref: main
199212
path: atex-html
200213

201-
- name: Process test results with json2db.py
214+
- name: Update HTML title with PR number
202215
if: always()
203216
run: |
204-
sed "/<title>/s/>.*</>Test outputs from PR #${{ github.event.pull_request.number }} HTML</" -i atex-html/index.html
217+
sed "/<title>/s/>.*</>Test outputs from PR #${{ github.event.pull_request.number }} HTML</" \
218+
-i atex-html/index.html
205219
206-
- name: Create final merged results artifact
220+
- name: Merge test results from all versions
207221
if: always()
208222
run: |
209-
# Process results for each version
210223
mkdir -p atex-results-testing-farm/files_dir/
224+
225+
# Process and merge results for all CentOS Stream versions
211226
for version in 8 9 10; do
212-
if [ -f "test-results/cs${version}/results-centos-stream-${version}-x86_64.json.gz" ]; then
213-
cat "test-results/cs${version}/results-centos-stream-${version}-x86_64.json.gz"
214-
rm -f "test-results/cs${version}/results-centos-stream-${version}-x86_64.json.gz" >/dev/null
215-
cp -r test-results/cs${version}/files-centos-stream-${version}-x86_64/* atex-results-testing-farm/files_dir/ >/dev/null
227+
results_file="test-results/cs${version}/results-centos-stream-${version}-x86_64.json.gz"
228+
files_dir="test-results/cs${version}/files-centos-stream-${version}-x86_64"
229+
230+
if [ -f "${results_file}" ]; then
231+
cat "${results_file}"
232+
rm -f "${results_file}"
233+
[ -d "${files_dir}" ] && cp -r "${files_dir}"/* atex-results-testing-farm/files_dir/
216234
fi
217235
done > results.json.gz
218236
219-
- name: Process test results with json2db.py
237+
- name: Convert results to SQLite database
220238
if: always()
221239
run: |
222240
python atex-html/json2db.py results.json.gz atex-results-testing-farm/results.sqlite.gz
223241
224-
- name: Prepare the html-hosted results viewer
242+
- name: Prepare HTML results viewer
225243
if: always()
226244
run: |
227245
cp -rf atex-html/index.html atex-html/sqljs/ atex-results-testing-farm/
228246
229-
- name: Push artifacts as tag to Testing Farm repository
247+
- name: Commit and tag results in ATEX repository
230248
if: always()
231249
working-directory: atex-results-testing-farm
232250
env:
233251
GH_TOKEN: ${{ secrets.ATEX_RESULTS_TF_REPO_TOKEN }}
252+
PR_NUMBER: ${{ github.event.pull_request.number }}
234253
run: |
235254
git config user.name "openscap-ci[bot]"
236255
git config user.email "[email protected]"
237256
238-
# Commit and push as a tag
239257
git add .
240-
git commit -m "Test outputs from PR #${{ github.event.pull_request.number }}"
241-
git tag PR${{ github.event.pull_request.number }}
242-
git push origin PR${{ github.event.pull_request.number }}
258+
git commit -m "Test outputs from PR #${PR_NUMBER}"
259+
git tag PR${PR_NUMBER}
260+
git push origin PR${PR_NUMBER}
243261
244-
- name: Submit test to Testing Farm
262+
- name: Submit results to Testing Farm
245263
if: always()
246264
id: testing_farm_request
247265
env:
248266
TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
267+
PR_NUMBER: ${{ github.event.pull_request.number }}
249268
run: |
250269
python3 tests/submit_results_to_testing_farm.py \
251-
--repo-url "https://github.com/RHSecurityCompliance/atex-results-testing-farm" \
252-
--pr-number "${{ github.event.pull_request.number }}" 2>&1 | tee tf_output.log
253-
echo "HTML_LINK=$(grep -oP 'HTML: \K.*' tf_output.log || echo 'No HTML link found')" >> "$GITHUB_OUTPUT"
270+
--repo-url "https://github.com/${{ env.ATEX_REPO }}" \
271+
--pr-number "${PR_NUMBER}" 2>&1 | tee tf_output.log
272+
273+
# Extract HTML link from output
274+
html_link=$(grep -oP 'HTML: \K.*' tf_output.log || echo 'No HTML link found')
275+
echo "HTML_LINK=${html_link}" >> "$GITHUB_OUTPUT"
254276
255-
- name: Find Comment
277+
- name: Find existing PR comment
256278
if: always()
257279
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
258280
id: fc
@@ -261,7 +283,7 @@ jobs:
261283
comment-author: 'github-actions[bot]'
262284
body-includes: Testing Farm Results
263285

264-
- name: Create or update comment
286+
- name: Create or update PR comment with results
265287
if: always()
266288
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4
267289
with:
@@ -274,13 +296,14 @@ jobs:
274296
275297
**Results:** [View Test Results](${{ steps.testing_farm_request.outputs.HTML_LINK }})
276298
277-
_This comment was automatically generated by the atex workflow._
299+
_This comment was automatically generated by the ATEX workflow._
278300
edit-mode: replace
279301

280302
- name: Cleanup temporary tag
281303
if: always()
282304
working-directory: atex-results-testing-farm
283305
env:
284306
GH_TOKEN: ${{ secrets.ATEX_RESULTS_TF_REPO_TOKEN }}
307+
PR_NUMBER: ${{ github.event.pull_request.number }}
285308
run: |
286-
git push --delete origin PR${{ github.event.pull_request.number }}
309+
git push --delete origin PR${PR_NUMBER}

0 commit comments

Comments
 (0)