1212 CONTEST_REPO : RHSecurityCompliance/contest
1313 ARTIFACT_RETENTION_DAYS : 1
1414 TEST_TIMEOUT : 1440 # 24 hours
15+ # CentOS Stream versions to test (space-separated for shell loops)
16+ # NOTE: Keep in sync with matrix.centos_stream_major in the test job
17+ CS_VERSIONS : " 8 9 10"
1518
1619permissions :
1720 contents : read
6669 name : Test on CentOS Stream ${{ matrix.centos_stream_major }}
6770 runs-on : ubuntu-latest
6871 needs : check_build
72+ outputs :
73+ # Contest SHA from any matrix job (all use same ref, so same SHA)
74+ contest_sha : ${{ steps.get_contest.outputs.contest_sha }}
75+ contest_ref : ${{ steps.get_contest.outputs.contest_ref }}
6976 strategy :
77+ fail-fast : false
7078 matrix :
79+ # NOTE: Keep in sync with env.CS_VERSIONS at the top of this file
7180 centos_stream_major : [8, 9, 10]
7281 container :
7382 image : fedora:latest
8493 name : content-centos-stream${{ matrix.centos_stream_major }}
8594 path : content-centos-stream${{ matrix.centos_stream_major }}/
8695
96+ - name : Restore file permissions lost during artifact download
97+ run : |
98+ # GitHub Actions artifact download strips execute permissions
99+ # Restore permissions from the saved file created during build
100+ CONTENT_DIR="content-centos-stream${{ matrix.centos_stream_major }}"
101+ PERMS_FILE="${CONTENT_DIR}/file-permissions.txt"
102+
103+ if [ -f "${PERMS_FILE}" ]; then
104+ echo "=== Restoring file permissions from ${PERMS_FILE} ==="
105+ cd "${CONTENT_DIR}"
106+ while IFS=' ' read -r mode filepath; do
107+ # Remove leading ./ from filepath if present
108+ filepath="${filepath#./}"
109+ if [ -f "${filepath}" ]; then
110+ chmod "${mode}" "${filepath}"
111+ fi
112+ done < file-permissions.txt
113+ echo "Restored permissions for $(wc -l < file-permissions.txt) files"
114+ # Show sample of restored executable files
115+ echo "=== Sample executable files after restore ==="
116+ find . -type f -executable -name "*.py" 2>/dev/null | head -5 || true
117+ find . -type f -executable -name "*.sh" 2>/dev/null | head -5 || true
118+ else
119+ echo "WARNING: ${PERMS_FILE} not found, permissions may be incorrect"
120+ exit 1
121+ fi
122+
123+ name : Install git for checkout
124+ run : dnf -y install git
125+
87126 - name : Checkout Contest Test Suite
88127 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
89128 with :
@@ -92,10 +131,19 @@ jobs:
92131 path : contest
93132 fetch-depth : 1
94133
134+ - name : Get Contest SHA
135+ id : get_contest
136+ run : |
137+ CONTEST_SHA=$(cd contest && git rev-parse HEAD)
138+ CONTEST_REF="main"
139+ echo "contest_sha=${CONTEST_SHA}" >> $GITHUB_OUTPUT
140+ echo "contest_ref=${CONTEST_REF}" >> $GITHUB_OUTPUT
141+ echo "Contest: ${CONTEST_SHA:0:12} (${CONTEST_REF})"
142+
95143name : Install test dependencies
96144 run : |
97- dnf -y install python3-pip git rsync
98- pip install fmf atex==0.11
145+ dnf -y install python3-pip rsync
146+ pip install fmf atex==0.12
99147
100148name : Run tests on Testing Farm
101149 env :
@@ -105,8 +153,7 @@ jobs:
105153 python3 tests/run_tests_testingfarm.py \
106154 --contest-dir contest \
107155 --content-dir content-centos-stream${CS_MAJOR} \
108- --plan "/plans/daily" \
109- --tests "/hardening/host-os/oscap/stig" \
156+ --plan "/plans/upstream" \
110157 --compose "CentOS-Stream-${CS_MAJOR}" \
111158 --arch x86_64 \
112159 --os-major-version "${CS_MAJOR}" \
@@ -139,7 +186,7 @@ jobs:
139186 if : always()
140187 run : |
141188 dnf -y install python3-pip git rsync
142- pip install fmf atex==0.11
189+ pip install fmf atex==0.12
143190
144191name : Checkout ATEX results repository
145192 if : always()
@@ -155,16 +202,16 @@ jobs:
155202 working-directory : atex-results-testing-farm
156203 run : fmf init
157204
158- - name : Create TMT dummy plan for artifact transport
205+ - name : Create TMT atex_results plan for artifact transport
159206 if : always()
160207 working-directory : atex-results-testing-farm
161208 run : |
162209 cat > main.fmf <<'EOF'
163- /dummy_plan :
210+ /atex_results_plan :
164211 discover:
165212 how: shell
166213 tests:
167- - name: /dummy_test
214+ - name: /atex_results_test
168215 test: mv * "$TMT_TEST_DATA/."
169216 execute:
170217 how: tmt
@@ -217,7 +264,7 @@ jobs:
217264 mkdir -p atex-results-testing-farm/files_dir/
218265
219266 # Process and merge results for all CentOS Stream versions
220- for version in 8 9 10 ; do
267+ for version in ${{ env.CS_VERSIONS }} ; do
221268 results_file="test-results/cs${version}/results-centos-stream-${version}-x86_64.json.xz"
222269 files_dir="test-results/cs${version}/files-centos-stream-${version}-x86_64"
223270
@@ -238,6 +285,74 @@ jobs:
238285 run : |
239286 cp -rf atex-html/index.html atex-html/sqljs/ atex-results-testing-farm/
240287
288+ name : Generate header.html for results page
289+ if : always()
290+ env :
291+ PR_NUMBER : ${{ needs.check_build.outputs.pr_number }}
292+ PR_SHA : ${{ needs.check_build.outputs.pr_sha }}
293+ CONTEST_SHA : ${{ needs.test.outputs.contest_sha }}
294+ CONTEST_REF : ${{ needs.test.outputs.contest_ref }}
295+ WORKFLOW_URL : ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
296+ REPO_URL : ${{ github.server_url }}/${{ github.repository }}
297+ ACTOR : ${{ github.actor }}
298+ RUN_STARTED : ${{ github.event.workflow_run.created_at }}
299+ CS_VERSIONS : ${{ env.CS_VERSIONS }}
300+ run : |
301+ cat > atex-results-testing-farm/header.html <<'HEADER_EOF'
302+ <style>
303+ #header table {
304+ display: inline-table;
305+ margin-right: 1em;
306+ vertical-align: top;
307+ border-collapse: collapse;
308+ }
309+ #header th, td {
310+ border: 1px solid black;
311+ padding: 0.3em;
312+ }
313+ #header h1 {
314+ color: #aaa;
315+ margin: 0;
316+ }
317+ #header h2 {
318+ color: #555;
319+ margin: 0;
320+ }
321+ </style>
322+ HEADER_EOF
323+
324+ # Add dynamic content - header section
325+ cat >> atex-results-testing-farm/header.html <<EOF
326+ <h1>ATEX Upstream Testing</h1>
327+ <h2>PR <a href="${REPO_URL}/pull/${PR_NUMBER}">#${PR_NUMBER}</a>
328+ - Workflow <a href="${WORKFLOW_URL}">#${{ github.run_id }}</a>
329+ started on <span id="header-started-on"></span>
330+ by <a href="https://github.com/${ACTOR}"><code>${ACTOR}</code></a></h2>
331+ <script>document.getElementById('header-started-on').textContent = new Date('${RUN_STARTED}').toLocaleString()</script>
332+ <div style="margin-top: 1em; margin-bottom: 1em">
333+ <table>
334+ <tr><th colspan="1">CentOS Stream</th></tr>
335+ EOF
336+
337+ # List each CentOS Stream version that was tested
338+ for version in ${CS_VERSIONS}; do
339+ echo " <tr><td>${version}</td></tr>" >> atex-results-testing-farm/header.html
340+ done
341+
342+ # Add commit info table
343+ cat >> atex-results-testing-farm/header.html <<EOF
344+ </table>
345+ <table>
346+ <tr><th>Repo</th><th>Commit used</th></tr>
347+ <tr><td>Content</td><td style="font-family: monospace, monospace;"><a href="${REPO_URL}/commit/${PR_SHA}">${PR_SHA:0:12}</a></td></tr>
348+ <tr><td>Contest (${CONTEST_REF})</td><td style="font-family: monospace, monospace;"><a href="https://github.com/${{ env.CONTEST_REPO }}/commit/${CONTEST_SHA}">${CONTEST_SHA:0:12}</a></td></tr>
349+ </table>
350+ </div>
351+ EOF
352+
353+ echo "=== Generated header.html ==="
354+ cat atex-results-testing-farm/header.html
355+
241356name : Commit and tag results in ATEX repository
242357 if : always()
243358 working-directory : atex-results-testing-farm
@@ -311,6 +426,7 @@ jobs:
311426 check_id : ${{ needs.check_build.outputs.check_id }}
312427 sha : ${{ needs.check_build.outputs.pr_sha }}
313428 status : completed
314- conclusion : ${{ job.status }}
429+ # Use test job result to determine conclusion - needs.test.result will be 'failure' if any matrix job failed
430+ conclusion : ${{ needs.test.result }}
315431 output : |
316432 {"summary":"ATEX tests completed. Job: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}. View results: ${{ steps.testing_farm_request.outputs.HTML_LINK }}","title":"ATEX Testing Complete"}
0 commit comments