Skip to content

Commit

Permalink
add CONTEST_CONTENT_PR and CONTEST_OSCAP_PR
Browse files Browse the repository at this point in the history
Signed-off-by: Jiri Jaburek <[email protected]>
  • Loading branch information
comps committed Mar 21, 2024
1 parent 06a8a6b commit 7bc530c
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 25 deletions.
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,24 @@ on Red Hat Enterprise Linux.
content.
- Note that this may fail if the content is located on a read-only path.

- `CONTEST_CONTENT_PR`
- Specify a numerical Pull Request ID (no `#` or other letters) of the
[CaC/content](https://github.com/ComplianceAsCode/content/) project.
- This will download content from the specified PR and automatically pre-set
`CONTEST_CONTENT` to point to it.
- Do not specify `CONTEST_CONTENT` in addition to `CONTEST_CONTENT_PR`,
use one or the other.

- `CONTEST_OSCAP_PR`
- Specify a numerical Pull Request ID (no `#` or other letters) of the
[OpenSCAP](https://github.com/OpenSCAP/openscap/) project.
- This will add a Packit DNF repository (specific for the PR) to the target
system, and upgrade `openscap-scanner`.
- As such, `openscap-scanner` built by Packit has to have a newer NVR
than the RPM provided by regular OS repositories.
- Wait for Packit to build the RPM before running tests with this variable,
otherwise the test run will fail.

## Waiving failed results

In this context, "to waive" means to label a failing result as known-bad,
Expand Down
4 changes: 0 additions & 4 deletions plans/default.fmf
Original file line number Diff line number Diff line change
@@ -1,5 +1 @@
summary: Default plan (simple for now)
discover:
how: fmf
execute:
how: tmt
55 changes: 53 additions & 2 deletions plans/main.fmf
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,66 @@
/:
inherit: false

discover:
how: fmf

execute:
how: tmt

adjust:
- prepare:
- prepare+:
- how: shell
name: install-epel-on-rhel7
because: python3 is not on RHEL 7 by default
script: |
set -xe
if ! rpm -q epel-release; then
curl -o epel-release.rpm --retry 10 https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
curl --retry 10 -sSfkL -o epel-release.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release.rpm
rm -f epel-release.rpm
fi
when: distro < rhel-8

- prepare+:
- how: shell
name: Update OpenSCAP from Packit (if specified)
script: |
set -xe
[ -n "$CONTEST_OSCAP_PR" ] || exit 0
repofile=/etc/yum.repos.d/openscap-packit-pr.repo
rm -f "$repofile"
if rpm -q openscap-scanner; then
# the RPM might have been upgraded from another PR, sanitize it
dnf -q -y downgrade openscap-scanner
else
# this runs before test dependencies are installed
dnf -q -y install openscap-scanner
fi
# download Packit-provided per-PR repository
major=$(. /etc/os-release && echo "${VERSION_ID%%.*}")
repourl="https://copr.fedorainfracloud.org/coprs/packit/OpenSCAP-openscap-$CONTEST_OSCAP_PR/repo/centos-stream-$major/packit-OpenSCAP-openscap-$CONTEST_OSCAP_PR-centos-stream-$major.repo"
curl --retry 10 -sSfkL -o "$repofile" "$repourl"
trap "rm -f \"$repofile\"" ERR
# check that the per-PR repo contains a newer build
rc=0
dnf -q check-upgrade openscap-scanner || rc=$?
if [ "$rc" -ne 100 ]; then # see dnf(8)
nvr=$(rpm -q openscap-scanner)
echo "openscap-scanner from PR#$CONTEST_OSCAP_PR doesn't upgrade existing $nvr" >&2
false # exit with ERR
fi
dnf -q -y upgrade openscap-scanner
# invalidate VM snapshots
rm -f /var/lib/libvirt/images/*.ready
when: distro > rhel-7
- finish+:
- how: shell
name: Restore original OpenSCAP (if upgraded from Packit)
script: |
set -xe
repofile=/etc/yum.repos.d/openscap-packit-pr.repo
if [ -f "$repofile" ]; then
dnf -q -y downgrade openscap-scanner
rm -f "$repofile"
fi
when: distro > rhel-7
38 changes: 19 additions & 19 deletions plans/upstream.fmf
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
summary: Test against a fresh build of upstream content

discover:
how: fmf
execute:
how: tmt
prepare+:
- how: install
package:
- git-core
- how: shell
name: Download and build latest content
script: |
set -xe
[ -n "$CONTEST_CONTENT_PR" ] && ref="refs/pull/$CONTEST_CONTENT_PR/head" || ref=HEAD
content_dir=/root/upstream-content
[ -e "$content_dir" ] || git init "$content_dir"
cd "$content_dir"
git fetch --depth=1 https://github.com/ComplianceAsCode/content.git "$ref"
# remove any previously built content
git clean -ffdx
git checkout FETCH_HEAD

adjust+:
- prepare+:
- how: install
package:
- git-core
- how: shell
name: Download and build latest content
script: |
if [ ! -e /root/content ]; then
git clone --depth=1 https://github.com/ComplianceAsCode/content.git /root/content
fi

- environment+:
CONTEST_CONTENT: /root/content
CONTEST_WAIVERS: upstream
environment+:
CONTEST_CONTENT: /root/upstream-content
CONTEST_WAIVERS: upstream

0 comments on commit 7bc530c

Please sign in to comment.