Porting CI from Travis to Github actions

New Github Actions file follows similar convention to Travis with a few minor differences.
By default - GHA does not let you use normal syntax to skip jobs when testing. The current
setup allows for a dev to use either [skip ci] or [skip-ci] in order to not kick off a job.
This is similar to other CI tools except that in this instance we have full control of the syntax
we want to check for in order to skip a job.

Other fixes include additional verbosity on the build-for-osx and osx-create-dmg scripts. There
is also a new travis-ci file that is deprecated, but shown in case someone would like to use it
for further testing.

Author: Carlos Matos

.github/workflows/main.yml

@@ -0,0 +1,68 @@
+name: OpenScap Workbench CI
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on: push
+
+jobs:
+  build-macos:
+    # The type of runner that the job will run on
+    runs-on: macos-latest
+    # Allows you to skip a ci job - [skip ci] or [skip-ci]
+    if: (!contains(github.event.head_commit.message, 'skip ci') && !contains(github.event.head_commit.message, 'skip-ci'))
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    # *before_install* port
+    - name: Install additional packages
+      run: |
+        brew install jq
+        brew install qt5
+        brew install asciidoc
+        brew install pkg-config
+        brew install doxygen
+        brew install opendbx
+        brew install popt
+        brew install swig
+        brew install upx
+        npm install -g appdmg
+        echo "::add-path::/usr/local/opt/qt/bin"
+
+    # Runs a set of commands using the runners shell
+    - name: Run openSCAP build process
+      run: |
+        git clone --depth 1 https://github.com/openscap/openscap.git -b master
+        pushd openscap/build
+        cmake -DENABLE_PROBES=FALSE ../
+        make -j 4
+        make install
+        popd
+
+    # Build OSX image
+    - name: Build OSX image
+      run: |
+        chmod +x ./build-for-osx.sh
+        ./build-for-osx.sh
+        REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'`
+        REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2`
+        DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/${REL_TAG}/scap-security-guide-${REL_TAG_NUM}.zip
+        if [ -z "${DWN_LINK}" ]; then echo 'Could not get the ZIP URL! It is empty!'; exit 1; fi
+        wget "${DWN_LINK}" -O ssg.zip
+        mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/
+        cd build-osx && bash osx-create-dmg.sh
+
+    # Get tag release version (1.2.X etc,.)
+    - name: Get the release version
+      id: get_version
+      run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
+
+    # Deploy package to release
+    - name: Release
+      uses: softprops/action-gh-release@v1
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: build-osx/scap-workbench-${{ steps.get_version.outputs.VERSION }}.dmg
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.travis.yml.deprecated

@@ -0,0 +1,82 @@
+os: osx
+
+# Testing: Define jobs to include macOS 10.13 - present for compatibility testing.
+# Travis CI has a lot more OS options than Github Actions currently has.
+#
+# jobs:
+#   include:
+#     - os: osx
+#       osx_image: xcode9.4
+#     - os: osx
+#       osx_image: xcode10
+#     - os: osx
+#       osx_image: xcode10.1
+#     - os: osx
+#       osx_image: xcode10.2
+#     - os: osx
+#       osx_image: xcode10.3
+#     - os: osx
+#       osx_image: xcode11
+#     - os: osx
+#       osx_image: xcode11.1
+#     - os: osx
+#       osx_image: xcode11.2
+#     - os: osx
+#       osx_image: xcode11.3
+#     - os: osx
+#       osx_image: xcode11.4
+
+sudo: required
+
+language: cpp
+
+compiler:
+  - gcc
+
+env:
+  - PATH="/usr/local/opt/qt/bin:$PATH"
+
+before_install:
+  - brew update
+  - brew install jq || brew upgrade jq
+  - brew install qt || true
+  - brew install asciidoc || brew upgrade asciidoc
+  - brew install pkg-config || brew upgrade pkg-config
+  - brew install doxygen || brew upgrade doxygen
+  - brew install opendbx || brew upgrade opendbx
+  - brew install popt || brew upgrade popt
+  - brew install swig || brew upgrade swig
+  - brew install upx || brew upgrade upx
+  - brew install node || brew upgrade node
+  - npm install -g appdmg
+
+before_script:
+  - git clone --depth 1 https://github.com/openscap/openscap.git -b master
+  - pushd openscap/build
+  - cmake -DENABLE_PROBES=FALSE ../
+  - make -j 4
+  - make install
+  - popd
+
+script:
+  - ./build-for-osx.sh
+# Parse release page json to obtain link to latest content zip file and download it
+  - |
+    REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'`
+    REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2`
+    DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/${REL_TAG}/scap-security-guide-${REL_TAG_NUM}.zip
+    if [ -z "${DWN_LINK}" ] ; then
+        echo "Could not get the ZIP URL! It is empty!"
+        exit 1
+    fi
+  - wget "${DWN_LINK}" -O ssg.zip
+  - mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/
+  - cd build-osx && bash osx-create-dmg.sh
+
+deploy:
+  provider: releases
+  api_key: $GITHUB_TOKEN
+  file: scap-workbench-$TRAVIS_TAG.dmg
+  skip_cleanup: true
+  on:
+    tags: true

build-for-osx.sh

@@ -1,4 +1,4 @@
-set -e
+set -ex
 
 mkdir -p build-osx/
 pushd build-osx/

osx-create-dmg.sh.in

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -e
+set -ex
 
 # Original by Andy Maloney
 # http://asmaloney.com/2013/07/howto/packaging-a-mac-os-x-application-using-a-dmg/
@@ -29,11 +29,8 @@ _BACKGROUND_IMAGE_DPI_W=`sips -g dpiWidth ${DMG_BACKGROUND_IMG} | grep -Eo '[0-9
 if [ $(echo " $_BACKGROUND_IMAGE_DPI_H != 72.0 " | bc) -eq 1 -o $(echo " $_BACKGROUND_IMAGE_DPI_W != 72.0 " | bc) -eq 1 ]; then
    echo "WARNING: The background image's DPI is not 72.  This will result in distorted backgrounds on Mac OS X 10.7+."
    echo "         I will convert it to 72 DPI for you."
-   
    _DMG_BACKGROUND_TMP="${DMG_BACKGROUND_IMG%.*}"_dpifix."${DMG_BACKGROUND_IMG##*.}"
-
    sips -s dpiWidth 72 -s dpiHeight 72 ${DMG_BACKGROUND_IMG} --out ${_DMG_BACKGROUND_TMP}
-   
    DMG_BACKGROUND_IMG="${_DMG_BACKGROUND_TMP}"
 fi
 
@@ -62,79 +59,31 @@ fi
 
 popd
 
-# figure out how big our DMG needs to be
-#  assumes our contents are at least 1M!
-SIZE=`du -sh "${STAGING_DIR}" | sed 's/\([0-9\.]*\)M\(.*\)/\1/'` 
-SIZE=`echo "${SIZE} + 1.0" | bc | awk '{print int($1+0.5)}'`
-
-if [ $? -ne 0 ]; then
-   echo "Error: Cannot compute size of staging dir"
-   exit
-fi
-
-# create the temp DMG file
-hdiutil create -srcfolder "${STAGING_DIR}" -volname "${VOL_NAME}" -fs HFS+ \
-      -fsargs "-c c=64,a=16,e=16" -format UDRW -size ${SIZE}M "${DMG_TMP}"
-
-echo "Created DMG: ${DMG_TMP}"
-
-# mount it and save the device
-DEVICE=$(hdiutil attach -readwrite -noverify "${DMG_TMP}" | \
-         egrep '^/dev/' | sed 1q | awk '{print $1}')
-
-sleep 2
-
-# add a link to the Applications dir
-echo "Add link to /Applications"
-pushd /Volumes/"${VOL_NAME}"
-ln -s /Applications
-popd
-
-# add a background image
-mkdir /Volumes/"${VOL_NAME}"/.background
-cp "${DMG_BACKGROUND_IMG}" /Volumes/"${VOL_NAME}"/.background/
-DMG_BACKGROUND_IMG_BASENAME=`basename ${DMG_BACKGROUND_IMG}`
-
-# add COPYING
-cp "@CMAKE_SOURCE_DIR@/COPYING" /Volumes/"${VOL_NAME}"/
-
-# tell the Finder to resize the window, set the background,
-#  change the icon size, place the icons in the right position, etc.
-echo '
-   tell application "Finder"
-     tell disk "'${VOL_NAME}'"
-           open
-           set current view of container window to icon view
-           set toolbar visible of container window to false
-           set statusbar visible of container window to false
-           set the bounds of container window to {400, 100, 927, 440}
-           set viewOptions to the icon view options of container window
-           set arrangement of viewOptions to not arranged
-           set icon size of viewOptions to 72
-           set background picture of viewOptions to file ".background:'${DMG_BACKGROUND_IMG_BASENAME}'"
-           set position of item "'${APP_NAME}'.app" of container window to {160, 225}
-           set position of item "Applications" of container window to {360, 225}
-           set position of item "COPYING" of container window to {460, 275}
-           close
-           open
-           update without registering applications
-           delay 2
-     end tell
-   end tell
-' | osascript
-
-sync
-
-# unmount it
-hdiutil detach "${DEVICE}"
-
-# now make the final image a compressed disk image
-echo "Creating compressed image"
-hdiutil convert "${DMG_TMP}" -format UDZO -imagekey zlib-level=9 -o "${DMG_FINAL}"
-
-# clean up
-rm -rf "${DMG_TMP}"
-rm -rf "${STAGING_DIR}"
+#------------- Updated section to support creating a dmg in macOS 10.13+ -------------#
+# Changes made by Carlos Matos <[email protected]
+# Issues identified when trying to port CI from Travis to Github Actions. Using macOS 10.14+
+# would cause the CI job to fail due to security enhancements made after High Sierra. This
+# was essentially causing the original applescript to timeout after it's default 2 minute waiting
+# period. After making several attempts to work around this issue - it became clear that this was
+# going to take too much effort - if it even would work at all. I began looking at alternative
+# solutions, which lead me to a couple of open source projects created by people who simply wanted
+# to make the process of creating a dmg easier. After testing dmgbuild and appdmg, I settled with
+# appdmg since it was easy to port our existing configuration to it.
+cat << EOF > scapwb.json
+{
+    "title": "SCAP Workbench",
+    "background": "${DMG_BACKGROUND_IMG}",
+    "format": "UDZO",
+    "window": { "position": { "x": 300, "y": 300 } },
+    "contents": [
+        { "x": 360, "y": 225, "type": "link", "path": "/Applications" },
+        { "x": 160, "y": 225, "type": "file", "path": "${STAGING_DIR}/${APP_NAME}.app" }
+    ]
+}
+EOF
+
+echo "Creating customized DMG image..."
+appdmg scapwb.json ${DMG_FINAL}
 
 echo 'Done.'