Add a fedora-cis sanity test using Packit / Testing Farm#13903
Merged
Conversation
|
Skipping CI for Draft Pull Request. |
52e9bd2 to
0ed2a47
Compare
The .packit.yaml code churn is due to me renaming tests/tmt-plans to tests/tmt and then having a /plans/ and /tests/ under it, for tmt-specific plans and (fmf) tests. Signed-off-by: Jiri Jaburek <comps@nomail.dom>
jan-cerny
approved these changes
Sep 18, 2025
Collaborator
jan-cerny
left a comment
There was a problem hiding this comment.
I have checked the produced HTML report of the testing farm jobs on all three Fedora versions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Add a simple remediation + remediation + scan test for CIS on Fedora, running on Testing Farm, using a Packit-built SSG RPM.
The
.packit.yamlcode churn is due to me renamingtests/tmt-planstotests/tmtand then having a/plans/and/tests/under it, for tmt-specific plans and (fmf) tests.Rationale:
As far as I understood, the idea is to use the profile (and a vendor-neutral distro like Fedora) to demonstrate https://github.com/complytime and its features, and to hopefully get wider adoption of the project.
I'm adding it as a non-Contest fmf test after some debates with @matusmarhefka, where we concluded that the cost of maintaining Fedora compatibility for a strictly RHEL-specific test suite would pose a significant maintenance overhead.
Doing it separately is not perfect (as we don't get any waiver logic, multi-test html reports, etc.) and any failing rules have to be either fixed during a PR that broke them, or "waived" by unselecting the entire rule (see an existing list inside the test), but it's probably still less work than trying to hack non-RHEL support to Contest.
Note the TODO in the test - currently, it PASSes no matter the found failures. This is to allow other PRs to fix the issues gradually, without a failing CI test being present for (potentially) many weeks.