Skip to content

Add ansible remediation configure_bind_crypto_policy #2794

Add ansible remediation configure_bind_crypto_policy

Add ansible remediation configure_bind_crypto_policy #2794

Workflow file for this run

name: Gate
on:
merge_group:
branches: [ 'master' ]
push:
branches: ['*', '!stabilization*', '!stable*', 'master' ]
pull_request:
branches: [ 'master', 'stabilization*' ]
concurrency:
group: ${{ github.workflow }}-fedora-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
validate-fedora:
name: Build, Test on Fedora Latest (Container)
runs-on: ubuntu-latest
container:
image: fedora:latest
steps:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml bats ansible python3-pip ShellCheck git gcc gcc-c++ python3-devel libxml2-devel libxslt-devel
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install deps python
run: pip install pcre2 -r requirements.txt -r test-requirements.txt
- name: Build
run: |-
./build_product -j2 \
al2023 \
alinux2 \
alinux3 \
anolis23 \
anolis8 \
chromium \
eks \
example \
fedora \
firefox \
macos1015 \
ocp4 \
ol7 \
ol8 \
ol9 \
openembedded \
openeuler2203 \
rhcos4 \
rhel8 \
rhel9 \
rhel10 \
rhv4 \
env:
ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF"
- name: Test
run: ctest -j2 --output-on-failure -E unique-stigids
working-directory: ./build
- name: "Set git safe directory, ref: https://github.com/actions/checkout/issues/760"
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Upload coverage to Code Climate # Requires: git package
if: ${{ github.repository == 'ComplianceAsCode/content' }}
uses: paambaati/codeclimate-action@7c100bd1ed15de0bdee476b38ca759d8c94207b5 # v8.0.0
env:
CC_TEST_REPORTER_ID: e67e068471d32b63f8e9561dba8f6a3f84dcc76b05ebfd98e44ced1a91cff854
with:
coverageLocations: build/tests/coverage.xml:coverage.py
- name: Validate gitmailmap
run: grep -E "\S" .mailmap | grep -Ev '^#' | git check-mailmap --stdin