Skip to content

Commit 6f426df

Browse files
rhmdndrhmdnd
authored
Merge pull request #13750 from yuumasato/update-konflux-built-profiles-and-arches
Align build of profiles with downstream
2 parents 9570cda + 819996e commit 6f426df

File tree

1 file changed

+60
-39
lines changed

1 file changed

+60
-39
lines changed

Dockerfiles/compliance-operator-content-konflux.Containerfile

Lines changed: 60 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -15,65 +15,86 @@ RUN find . -name "default\.profile" -exec sed -i 's/\(documentation_complete: \)
1515

1616
# Choose profile to enable for all architectures
1717
RUN sed -i 's/\(documentation_complete: \).*/\1true/' \
18-
products/ocp4/profiles/pci-dss-node-3-2.profile \
19-
products/ocp4/profiles/pci-dss-3-2.profile \
20-
products/ocp4/profiles/pci-dss-node-4-0.profile \
21-
products/ocp4/profiles/pci-dss-4-0.profile \
22-
products/ocp4/profiles/pci-dss-node.profile \
23-
products/ocp4/profiles/pci-dss.profile \
2418
products/ocp4/profiles/cis-node.profile \
2519
products/ocp4/profiles/cis.profile \
2620
products/ocp4/profiles/cis-node-1-4.profile \
2721
products/ocp4/profiles/cis-1-4.profile \
2822
products/ocp4/profiles/cis-node-1-5.profile \
2923
products/ocp4/profiles/cis-1-5.profile \
24+
products/ocp4/profiles/cis-node-1-7.profile \
25+
products/ocp4/profiles/cis-1-7.profile \
3026
products/ocp4/profiles/moderate-node.profile \
3127
products/ocp4/profiles/moderate.profile \
3228
products/ocp4/profiles/moderate-node-rev-4.profile \
3329
products/ocp4/profiles/moderate-rev-4.profile
3430

31+
# Enable PCI-DSS for all architectures except aarch64. Once we have testing for
32+
# PCI-DSS on ARM64 upstream, we can remove this case and include PCI-DSS
33+
# profiles downstream.
34+
RUN if [ "$(uname -m)" != "aarch64" ]; then \
35+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-node.profile && \
36+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss.profile && \
37+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-node-4-0.profile && \
38+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-4-0.profile && \
39+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-node-3-2.profile && \
40+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-3-2.profile; \
41+
fi
42+
43+
# Enable the FedRAMP Moderate profile on ARM64.
44+
RUN if [ "$(uname -m)" = "aarch64" ]; then \
45+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate.profile && \
46+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate-rev-4.profile; \
47+
fi
48+
49+
3550
# Only enable for x86_64
3651
RUN if [ "$(uname -m)" = "x86_64" ]; then \
37-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/e8.profile && \
38-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high.profile && \
39-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-node.profile && \
40-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-rev-4.profile && \
41-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-node-rev-4.profile && \
42-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/nerc-cip.profile && \
43-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/nerc-cip-node.profile && \
44-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate.profile && \
45-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/high.profile && \
46-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate-rev-4.profile && \
47-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/high-rev-4.profile && \
48-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/e8.profile && \
49-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/nerc-cip.profile && \
50-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-node.profile && \
51-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss.profile && \
52-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-node-3-2.profile && \
53-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/pci-dss-3-2.profile && \
54-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig.profile && \
55-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node.profile && \
56-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig.profile && \
57-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-v1r1.profile && \
58-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node-v1r1.profile && \
59-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig-v1r1.profile && \
60-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-v2r1.profile && \
61-
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node-v2r1.profile && \
62-
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig-v2r1.profile; \
63-
elif [ "$(uname -m)" = "ppc64le" ]; then \
64-
find products/rhcos4 -name "*stig*.profile" | xargs sed -i 's/\(documentation_complete: \).*/\1true/' && \
65-
find products/ocp4 -name "*stig*.profile" | xargs sed -i 's/\(documentation_complete: \).*/\1true/' ; \
66-
fi
52+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/e8.profile && \
53+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high.profile && \
54+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-node.profile && \
55+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-rev-4.profile && \
56+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/high-node-rev-4.profile && \
57+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/nerc-cip.profile && \
58+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/nerc-cip-node.profile && \
59+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate.profile && \
60+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/high.profile && \
61+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/moderate-rev-4.profile && \
62+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/high-rev-4.profile && \
63+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/e8.profile && \
64+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/nerc-cip.profile && \
65+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig.profile && \
66+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node.profile && \
67+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig.profile && \
68+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-v1r1.profile && \
69+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node-v1r1.profile && \
70+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig-v1r1.profile && \
71+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-v2r1.profile && \
72+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node-v2r1.profile && \
73+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig-v2r1.profile && \
74+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/bsi.profile && \
75+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/bsi-node.profile && \
76+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/bsi-2022.profile && \
77+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/bsi-node-2022.profile && \
78+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-v2r2.profile && \
79+
sed -i 's/\(documentation_complete: \).*/\1true/' products/ocp4/profiles/stig-node-v2r2.profile && \
80+
sed -i 's/\(documentation_complete: \).*/\1true/' products/rhcos4/profiles/stig-v2r2.profile; \
81+
fi
82+
83+
# Enable the DISA-STIG profiles for ppc64le
84+
RUN if [ "$(uname -m)" = "ppc64le" ]; then \
85+
find products/rhcos4 -name "*stig*.profile" | xargs sed -i 's/\(documentation_complete: \).*/\1true/' && \
86+
find products/ocp4 -name "*stig*.profile" | xargs sed -i 's/\(documentation_complete: \).*/\1true/' ; \
87+
fi
6788

6889
# OCPBUGS-32794: Ensure stability of rules shipped
6990
# Before building the content we re-enable all profiles as hidden, this will include any rule selected
7091
# by these profiles in the data stream without creating a profile for them.
7192
RUN grep -lr 'documentation_complete: false' ./products | xargs -I '{}' \
7293
sed -i -e 's/\(documentation_complete: \).*/\1true/' -e '/documentation_complete/a hidden: true' {}
7394

74-
# Build the OpenShift and RHCOS content for x86 architectures. Only build
75-
# OpenShift content for ppc64le and s390x architectures.
76-
RUN if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "ppc64le" ]; then \
95+
# Build the OpenShift and RHCOS content for x86, aarch64 and ppc64le architectures.
96+
# Only build OpenShift content for s390x architectures.
97+
RUN if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "ppc64le"]; then \
7798
./build_product ocp4 rhcos4 --datastream-only; \
7899
else ./build_product ocp4 --datastream-only; \
79100
fi

0 commit comments

Comments
 (0)