From babe234c574f4a2a7620d1a7c0038b7570d70237 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Mon, 23 Feb 2026 16:57:20 +0100 Subject: [PATCH 1/5] chore: fix yaml lint issues Signed-off-by: Marcus Burghardt --- .packit.yaml | 67 ++++++++++++++++++++--------------------- .pre-commit-config.yaml | 26 ++++++++-------- 2 files changed, 46 insertions(+), 47 deletions(-) diff --git a/.packit.yaml b/.packit.yaml index 9e1f749d..01483bc6 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -10,46 +10,45 @@ files_to_sync: - .packit.yaml jobs: -# For testing before merging PRs -- job: copr_build - trigger: pull_request - targets: - - fedora-rawhide-x86_64 - - fedora-43-x86_64 - - fedora-42-x86_64 - - centos-stream-9-x86_64 - - centos-stream-10-x86_64 + - job: copr_build + trigger: pull_request + targets: + - fedora-rawhide-x86_64 + - fedora-43-x86_64 + - fedora-42-x86_64 + - centos-stream-9-x86_64 + - centos-stream-10-x86_64 # Running tests using testing farm https://packit.dev/docs/configuration/upstream/tests -- job: tests - trigger: pull_request - targets: - - fedora-rawhide-x86_64 - - fedora-43-x86_64 - - fedora-42-x86_64 - - centos-stream-9-x86_64 - - centos-stream-10-x86_64 + - job: tests + trigger: pull_request + targets: + - fedora-rawhide-x86_64 + - fedora-43-x86_64 + - fedora-42-x86_64 + - centos-stream-9-x86_64 + - centos-stream-10-x86_64 # https://packit.dev/docs/fedora-releases-guide # Propose Downstream PRs once a Upstream release is out -- job: propose_downstream - trigger: release - dist_git_branches: - - rawhide - - f43 - - f42 + - job: propose_downstream + trigger: release + dist_git_branches: + - rawhide + - f43 + - f42 # Automatically submit builds to Koji after PR is merged into dist-git -- job: koji_build - trigger: commit - dist_git_branches: - - rawhide - - f43 - - f42 + - job: koji_build + trigger: commit + dist_git_branches: + - rawhide + - f43 + - f42 # Trigger Bodhi update for released Fedora versions -- job: bodhi_update - trigger: commit - dist_git_branches: - - f43 - - f42 + - job: bodhi_update + trigger: commit + dist_git_branches: + - f43 + - f42 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 75e48fe2..e62b2ae4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,15 +2,15 @@ # See https://pre-commit.com/hooks.html for more hooks default_stages: [pre-push] repos: -- repo: https://github.com/pre-commit/pre-commit-hooks + - repo: https://github.com/pre-commit/pre-commit-hooks rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b #v5.0.0 hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-yaml - - id: check-added-large-files + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files exclude: "^internal/complytime/testdata/openscap/ssg-rhel-ds.xml$" -- repo: https://github.com/dnephin/pre-commit-golang + - repo: https://github.com/dnephin/pre-commit-golang rev: fb24a639f7c938759fe56eeebbb7713b69d60494 #v0.5.1 hooks: - id: go-fmt @@ -19,11 +19,11 @@ repos: #- id: golangci-lint - id: go-unit-tests -- repo: local + - repo: local hooks: - - id: check-spdx - name: Check and fix SPDX line in source files - entry: python ./scripts/check-and-fix-spdx.py - language: system - stages: [pre-commit] - files: \.(py|go|sh)$ + - id: check-spdx + name: Check and fix SPDX line in source files + entry: python ./scripts/check-and-fix-spdx.py + language: system + stages: [pre-commit] + files: \.(py|go|sh)$ From cc54b15e5dcb77e7039490490aff044111756144 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Mon, 23 Feb 2026 17:04:25 +0100 Subject: [PATCH 2/5] chore: fix shellcheck lint issues Signed-off-by: Marcus Burghardt --- scripts/quick_start/quick_start.sh | 17 +++++++---------- tests/build_init_env.sh | 18 +++++++++--------- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/scripts/quick_start/quick_start.sh b/scripts/quick_start/quick_start.sh index b21a5d92..d53a24b2 100644 --- a/scripts/quick_start/quick_start.sh +++ b/scripts/quick_start/quick_start.sh @@ -11,10 +11,7 @@ set +e # Check if the scap-security-guide package is available in the enabled repositories -dnf provides scap-security-guide - -# Check the exit status of the previous command -if [ $? -ne 0 ]; then +if ! dnf provides scap-security-guide; then echo "No working repository is available to install scap-security-guide." # Check if RHEL_APPS_REPO variable is set @@ -39,18 +36,18 @@ dnf update -y dnf install git wget make scap-security-guide -y rm -rf /usr/bin/go go_mod="https://raw.githubusercontent.com/complytime/complyctl/main/go.mod" -go_version=$(curl -s $go_mod | grep '^go' | awk '{print $2}') -go_tar_file=go$go_version.linux-amd64.tar.gz +go_version=$(curl -s "$go_mod" | grep '^go' | awk '{print $2}') +go_tar_file="go${go_version}.linux-amd64.tar.gz" wget "https://go.dev/dl/$go_tar_file" tar -C /usr/local -xvzf "$go_tar_file" rm -rf "$go_tar_file" -export PATH=$PATH:/usr/local/go/bin +export PATH="$PATH:/usr/local/go/bin" source ~/.bash_profile # Install and build complyctl echo "Cloning the complyctl repository..." -complyctlrepo="${REPO:-"https://github.com/complytime/complyctl"}" -complyctlbranch="${BRANCH:-"main"}" +complyctlrepo="${REPO:-https://github.com/complytime/complyctl}" +complyctlbranch="${BRANCH:-main}" git clone -b "${complyctlbranch}" "${complyctlrepo}" cd complyctl && make build && cp ./bin/complyctl /usr/local/bin echo "complyctl installed successfully!" @@ -66,7 +63,7 @@ cp docs/samples/sample-profile.json docs/samples/sample-catalog.json ~/.local/sh # Copy the binary plugin and manifest files cp -rp bin/openscap-plugin ~/.local/share/complytime/plugins -checksum=$(sha256sum ~/.local/share/complytime/plugins/openscap-plugin| cut -d ' ' -f 1 ) +checksum=$(sha256sum ~/.local/share/complytime/plugins/openscap-plugin | cut -d ' ' -f 1) cat > ~/.local/share/complytime/plugins/c2p-openscap-manifest.json << EOF { "metadata": { diff --git a/tests/build_init_env.sh b/tests/build_init_env.sh index 03c460ba..afbabafe 100755 --- a/tests/build_init_env.sh +++ b/tests/build_init_env.sh @@ -18,7 +18,7 @@ product=$1 catalog=$2 profile=$3 -if [ $# -lt 3 ]; then +if [ "$#" -lt 3 ]; then echo "Please provide the necessary inputs." exit 1 fi @@ -31,15 +31,15 @@ set +e complyctl list 2>/dev/null echo "The error is expected because there is no content, this will create needed directoris for further test." # Download OSCAL content -wget $URL/profiles/$3/profile.json -O $HOME/$WDIR/controls/profile.json -wget $URL/catalogs/$2/catalog.json -O $HOME/$WDIR/controls/catalog.json -wget $URL/component-definitions/$1/$3/component-definition.json -O $HOME/$WDIR/bundles/component-definition.json +wget "$URL/profiles/$3/profile.json" -O "$HOME/$WDIR/controls/profile.json" +wget "$URL/catalogs/$2/catalog.json" -O "$HOME/$WDIR/controls/catalog.json" +wget "$URL/component-definitions/$1/$3/component-definition.json" -O "$HOME/$WDIR/bundles/component-definition.json" # Update trestle path -sed -i "s|trestle://catalogs/$2/catalog.json|trestle://controls/catalog.json|" $HOME/$WDIR/controls/profile.json -sed -i "s|trestle://profiles/$3/profile.json|trestle://controls/profile.json|" $HOME/$WDIR/bundles/component-definition.json +sed -i "s|trestle://catalogs/$2/catalog.json|trestle://controls/catalog.json|" "$HOME/$WDIR/controls/profile.json" +sed -i "s|trestle://profiles/$3/profile.json|trestle://controls/profile.json|" "$HOME/$WDIR/bundles/component-definition.json" # Setup plugin -cp -rp bin/openscap-plugin $HOME/$WDIR/plugins -checksum=$(sha256sum $HOME/$WDIR/plugins/openscap-plugin| cut -d " " -f 1 ) +cp -rp bin/openscap-plugin "$HOME/$WDIR/plugins" +checksum=$(sha256sum "$HOME/$WDIR/plugins/openscap-plugin" | cut -d " " -f 1) jq --arg new_sum "$checksum" '.sha256 = $new_sum' "docs/samples/c2p-openscap-manifest.json" > "docs/samples/c2p-openscap-manifest.json.tmp" -mv docs/samples/c2p-openscap-manifest.json.tmp $HOME/$WDIR/plugins/c2p-openscap-manifest.json +mv docs/samples/c2p-openscap-manifest.json.tmp "$HOME/$WDIR/plugins/c2p-openscap-manifest.json" echo "Build and init finished." From f9c5ee985356c6b30b4a8c7c65e084bffd10b1f8 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Mon, 23 Feb 2026 17:08:21 +0100 Subject: [PATCH 3/5] chore: fix python lint issues Signed-off-by: Marcus Burghardt --- scripts/check-and-fix-spdx.py | 1 + scripts/setup-github-workflows.py | 27 ++++++++++++++++----------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/scripts/check-and-fix-spdx.py b/scripts/check-and-fix-spdx.py index 9fd6c614..1e32769c 100755 --- a/scripts/check-and-fix-spdx.py +++ b/scripts/check-and-fix-spdx.py @@ -31,6 +31,7 @@ def _check_spdx(lines: list[str]) -> bool: for line in lines[:3]: if SPDX_LINE in line: return True + return False def _write_file(file_path: Path, lines: list[str]) -> None: diff --git a/scripts/setup-github-workflows.py b/scripts/setup-github-workflows.py index bf31fa5f..9c2cdf28 100755 --- a/scripts/setup-github-workflows.py +++ b/scripts/setup-github-workflows.py @@ -15,6 +15,10 @@ from urllib.parse import urljoin +class RepoException(Exception): + """Raised when a git repository operation fails.""" + + GITHUB_API = "https://api.github.com" GITHUB_USERNAME = os.getenv('USERNAME') # GitHub PAT is needed to run this script, and GitHub recommends that you use a @@ -76,13 +80,14 @@ def copy_workflow_file(workflow_filename, dest_project_path): if os.path.exists(dest_file_path): print(f"{workflow_filename} already exists in {dest_project_path}.") return False - else: - try: - shutil.copy(src_file_path, dest_file_path) - except FileNotFoundError: - print(f"Error: Source file {src_file_path} not found.") - except Exception as e: - print(f"An error occurred while copying file {src_file_path}: {e}") + try: + shutil.copy(src_file_path, dest_file_path) + except FileNotFoundError: + print(f"Error: Source file {src_file_path} not found.") + return False + except Exception as e: + print(f"An error occurred while copying file {src_file_path}: {e}") + return False return True @@ -124,7 +129,7 @@ def create_pull_request(workflow, owner, repo, workflow_branch): try: subprocess.check_call(cmd, shell=True) except subprocess.CalledProcessError as e: - raise RuntimeError(e) + raise RuntimeError(e) from e print("Done") @@ -153,7 +158,7 @@ def check_workflows(repo_url): try: subprocess.check_call(cmd, shell=True) except subprocess.CalledProcessError as e: - raise RuntimeError(e) + raise RuntimeError(e) from e print("Done") # Otherwise, add the workflow file or enable with configuration @@ -168,7 +173,7 @@ def check_workflows(repo_url): try: subprocess.check_call(cmd, shell=True) except subprocess.CalledProcessError as e: - raise RuntimeError(e) + raise RuntimeError(e) from e print("Done") else: @@ -179,7 +184,7 @@ def check_workflows(repo_url): try: subprocess.check_call(cmd, cwd=dest_project_root, shell=True) except subprocess.CalledProcessError as e: - raise RuntimeError(e) + raise RuntimeError(e) from e dest_project_path = os.path.join(dest_project_root, repo) print(f"Copying {workflow} workflow file to {dest_project_path}") From 399a172212a5449a75ebc0c4b45781746e03c3c7 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Tue, 24 Feb 2026 17:02:45 +0100 Subject: [PATCH 4/5] chore: remove unnecessary line It was also causing shellcheck to fail. Signed-off-by: Marcus Burghardt --- scripts/quick_start/quick_start.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/quick_start/quick_start.sh b/scripts/quick_start/quick_start.sh index d53a24b2..f5c89f59 100644 --- a/scripts/quick_start/quick_start.sh +++ b/scripts/quick_start/quick_start.sh @@ -42,8 +42,6 @@ wget "https://go.dev/dl/$go_tar_file" tar -C /usr/local -xvzf "$go_tar_file" rm -rf "$go_tar_file" export PATH="$PATH:/usr/local/go/bin" -source ~/.bash_profile - # Install and build complyctl echo "Cloning the complyctl repository..." complyctlrepo="${REPO:-https://github.com/complytime/complyctl}" From 41b9dab8e7c2ccdb4b5f539e1923097cb6effb61 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Tue, 24 Feb 2026 17:10:33 +0100 Subject: [PATCH 5/5] chore: update references with previously unnused variables Signed-off-by: Marcus Burghardt --- tests/build_init_env.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/build_init_env.sh b/tests/build_init_env.sh index afbabafe..8e3c682f 100755 --- a/tests/build_init_env.sh +++ b/tests/build_init_env.sh @@ -14,9 +14,9 @@ URL="https://raw.githubusercontent.com/ComplianceAsCode/oscal-content/refs/heads/main/" WDIR=".local/share/complytime" -product=$1 -catalog=$2 -profile=$3 +product="$1" +catalog="$2" +profile="$3" if [ "$#" -lt 3 ]; then echo "Please provide the necessary inputs." @@ -31,12 +31,12 @@ set +e complyctl list 2>/dev/null echo "The error is expected because there is no content, this will create needed directoris for further test." # Download OSCAL content -wget "$URL/profiles/$3/profile.json" -O "$HOME/$WDIR/controls/profile.json" -wget "$URL/catalogs/$2/catalog.json" -O "$HOME/$WDIR/controls/catalog.json" -wget "$URL/component-definitions/$1/$3/component-definition.json" -O "$HOME/$WDIR/bundles/component-definition.json" +wget "$URL/profiles/$profile/profile.json" -O "$HOME/$WDIR/controls/profile.json" +wget "$URL/catalogs/$catalog/catalog.json" -O "$HOME/$WDIR/controls/catalog.json" +wget "$URL/component-definitions/$product/$profile/component-definition.json" -O "$HOME/$WDIR/bundles/component-definition.json" # Update trestle path -sed -i "s|trestle://catalogs/$2/catalog.json|trestle://controls/catalog.json|" "$HOME/$WDIR/controls/profile.json" -sed -i "s|trestle://profiles/$3/profile.json|trestle://controls/profile.json|" "$HOME/$WDIR/bundles/component-definition.json" +sed -i "s|trestle://catalogs/$catalog/catalog.json|trestle://controls/catalog.json|" "$HOME/$WDIR/controls/profile.json" +sed -i "s|trestle://profiles/$profile/profile.json|trestle://controls/profile.json|" "$HOME/$WDIR/bundles/component-definition.json" # Setup plugin cp -rp bin/openscap-plugin "$HOME/$WDIR/plugins" checksum=$(sha256sum "$HOME/$WDIR/plugins/openscap-plugin" | cut -d " " -f 1)