From a1f50a8ee2c815e45376464cea177066d0f9da15 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 15 Aug 2022 11:34:26 +0200 Subject: [PATCH 1/4] Update MAC build. --- .github/workflows/build.yaml | 86 +++++++++++++++++++----------------- build-for-osx.sh | 2 +- osx-create-dmg.sh.in | 2 +- 3 files changed, 47 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2268522b..569f0710 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -41,47 +41,51 @@ jobs: make -j4 popd -# Disabled -# build-macos: -# name: Build on MacOS X Latest -# runs-on: macos-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Install Deps -# run: | -# brew install jq -# brew install qt5 -# brew install asciidoc -# brew install pkg-config -# brew install doxygen -# brew install opendbx -# brew install popt -# brew install swig -# brew install upx -# brew install libxmlsec1 -# npm install -g appdmg -# echo "/usr/local/opt/qt/bin" >> $GITHUB_PATH -# echo "Qt5_DIR=/usr/local/opt/qt5/lib/cmake/Qt5" >> $GITHUB_ENV -# - name: Build OpenSCAP -# run: | -# git clone --depth 1 https://github.com/openscap/openscap.git -# pushd openscap/build -# cmake -DENABLE_PROBES=FALSE ../ -# make -j4 -# make install -# popd -# Broken -# - name: Build OSX Image -# run: | -# chmod +x ./build-for-osx.sh -# ./build-for-osx.sh -# REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'` -# REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2` -# DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/${REL_TAG}/scap-security-guide-${REL_TAG_NUM}.zip -# if [ -z "${DWN_LINK}" ]; then echo 'Could not get the ZIP URL! It is empty!'; exit 1; fi -# wget "${DWN_LINK}" -O ssg.zip -# mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ -# cd build-osx && bash osx-create-dmg.sh + build-macos: + name: Build on MacOS X Latest + runs-on: macos-latest + steps: + - uses: actions/checkout@v2 + - name: Install Deps + run: | + brew install jq + brew install qt5 + brew install asciidoc + brew install pkg-config + brew install doxygen + brew install opendbx + brew install popt + brew install swig + brew install upx + brew install libxmlsec1 + npm install -g appdmg + echo "/usr/local/opt/qt/bin" >> $GITHUB_PATH + echo "Qt5_DIR=/usr/local/opt/qt5/lib/cmake/Qt5" >> $GITHUB_ENV + - name: Build OpenSCAP + run: | + git clone --depth 1 https://github.com/openscap/openscap.git + pushd openscap/build + cmake -DENABLE_PROBES=FALSE ../ + make -j4 + make install + popd + - name: Build OSX Image + run: | + chmod +x ./build-for-osx.sh + ./build-for-osx.sh + REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'` + REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2` + DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/v0.1.63/scap-security-guide-0.1.63.zip + if [ -z "${DWN_LINK}" ]; then echo 'Could not get the ZIP URL! It is empty!'; exit 1; fi + wget "${DWN_LINK}" -O ssg.zip + mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ + cd build-osx && bash osx-create-dmg.sh + - name: Upload OSX Image + uses: actions/upload-artifact@v2 + with: + name: scap-workbench-1.2.1.dmg + path: build-osx/scap-workbench-1.2.1.dmg + # We don't do automatic releases, do we? # - name: Release # uses: softprops/action-gh-release@v1 diff --git a/build-for-osx.sh b/build-for-osx.sh index d126d9db..ac81ba05 100755 --- a/build-for-osx.sh +++ b/build-for-osx.sh @@ -2,7 +2,7 @@ set -ex mkdir -p build-osx/ pushd build-osx/ -cmake -D SCAP_WORKBENCH_LOCAL_SCAN_ENABLED=false -D SCAP_AS_RPM_EXECUTABLE="" ../ +cmake -D SCAP_WORKBENCH_LOCAL_SCAN_ENABLED=false -D SCAP_AS_RPM_EXECUTABLE="" -DCMAKE_PREFIX_PATH="/usr/local/opt/qt5/lib/cmake/" ../ make -j 4 mkdir -p ./scap-workbench.app/Contents/Frameworks/ cp /usr/local/lib/libpcre.1.dylib ./scap-workbench.app/Contents/Frameworks/ diff --git a/osx-create-dmg.sh.in b/osx-create-dmg.sh.in index 9ae74287..25fdf331 100755 --- a/osx-create-dmg.sh.in +++ b/osx-create-dmg.sh.in @@ -15,7 +15,7 @@ DMG_BACKGROUND_IMG="@CMAKE_SOURCE_DIR@/osx-dmg-background.png" APP_EXE="@CMAKE_BINARY_DIR@/${APP_NAME}.app/Contents/MacOS/${APP_NAME}" # make sure Qt frameworks are included -macdeployqt @CMAKE_BINARY_DIR@/${APP_NAME}.app +/usr/local/opt/qt5/bin/macdeployqt @CMAKE_BINARY_DIR@/${APP_NAME}.app VOL_NAME="${APP_NAME}-${VERSION}" # volume name will be "SuperCoolApp-1.0.0" DMG_TMP="${VOL_NAME}-temp.dmg" From 72379e0441b72ea5953dc03ad93f903d8377e83c Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Feb 2023 14:14:32 +0100 Subject: [PATCH 2/4] Add pcre as dependency to build openscap. --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 569f0710..e65763f1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -58,6 +58,7 @@ jobs: brew install swig brew install upx brew install libxmlsec1 + brew install pcre npm install -g appdmg echo "/usr/local/opt/qt/bin" >> $GITHUB_PATH echo "Qt5_DIR=/usr/local/opt/qt5/lib/cmake/Qt5" >> $GITHUB_ENV From 47134785fc1608e2377327afb2cf511c74e73118 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Feb 2023 14:28:01 +0100 Subject: [PATCH 3/4] Use latest CaC/content package version when building for Mac OS X. --- .github/workflows/build.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e65763f1..7865a3b7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -72,11 +72,12 @@ jobs: popd - name: Build OSX Image run: | + REPOSITORY="ComplianceAsCode/content" chmod +x ./build-for-osx.sh ./build-for-osx.sh - REL_TAG=`curl -s "https://github.com/ComplianceAsCode/content/releases/latest" | grep -o 'tag/[v.0-9]*' | awk -F/ '{print $2}'` + REL_TAG=`wget -q -O- https://api.github.com/repos/${REPOSITORY}/releases/latest | jq -r '.tag_name'` REL_TAG_NUM=`echo ${REL_TAG} | cut -d"v" -f2` - DWN_LINK=https://github.com/ComplianceAsCode/content/releases/download/v0.1.63/scap-security-guide-0.1.63.zip + DWN_LINK="https://github.com/${REPOSITORY}/releases/download/${REL_TAG}/scap-security-guide-${REL_TAG_NUM}.zip" if [ -z "${DWN_LINK}" ]; then echo 'Could not get the ZIP URL! It is empty!'; exit 1; fi wget "${DWN_LINK}" -O ssg.zip mkdir -p `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ && unzip ssg.zip && cp -a scap-security-guide-*/* `pwd`/build-osx/scap-workbench.app/Contents/Resources/ssg/ From 4992d085ab4bfc8d7ee1dfc7ed59d70914b4bbea Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 22 Jun 2023 12:17:31 +0200 Subject: [PATCH 4/4] Update Fedora build to latest version --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7865a3b7..835341c2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -24,10 +24,10 @@ jobs: popd build-fedora: - name: Build on Fedora 33 (Container) + name: Build on Fedora Latest (Container) runs-on: ubuntu-latest container: - image: fedora:33 + image: fedora:latest steps: - name: Install Deps run: dnf install -y cmake gcc-c++ openssh-clients util-linux openscap-devel qt5-qtbase-devel qt5-qtxmlpatterns-devel openssh-askpass asciidoc polkit-libs