Skip to content

Instantly share code, notes, and snippets.

@dmc5179

dmc5179/Dockerfile

Last active January 9, 2026 14:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dmc5179/a01f2f84bfe52bbd011308e9fa2445de to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dmc5179/a01f2f84bfe52bbd011308e9fa2445de to your computer and use it in GitHub Desktop.
Download ZIP
Steps to update the RedHatOfficial ansible roles from the upstream ComplianceAsCode content repo
Raw
README.md

How to update the RedHatOfficial ansible roles

Make the build container image

  • Update the container registry location to use your own.
podman build -t quay.io/danclark/content:fedora -f ./Dockerfile .

Checkout the code

version=1.73
git clone https://github.com/ComplianceAsCode/content.git content-${version}
pushd content-${version}
git checkout -b "v0.${version}" "v0.${version}"

Install dependencies for utils/ansible_playbook_to_role.py

sudo dnf install scap-security-guide
pip install --user sh PyYAML

Launch the build container in the background. It run sleep infinity

podman run --rm --name content -d -v ${PWD}:/home/oscap/content:Z quay.io/danclark/content:fedora

Kickoff a build. RHEL 7 in this example (Deprecated)

podman exec -ti --workdir=/home/oscap/content content ./build_product rhel7

Upload for RHEL 7 (Deprecated)

for p in cis anssi_nt28_minimal anssi_nt28_intermediary anssi_nt28_high anssi_nt28_enhanced stig cjis hipaa ospp pci-dss rht-ccp cui
do
  echo "Processing RHEL 7 profile ${p}"
  PYTHONPATH=. python3 utils/ansible_playbook_to_role.py  --build-playbooks-dir ./build/ansible/ --profile ${p} --product rhel7 --tag-release --token "${GIT_TOKEN}"
done

Kickoff a build. RHEL 8 in this example

rm -rf build
mkdir build
git checkout build/.gitkeep
podman exec -ti --workdir=/home/oscap/content content ./build_product rhel8

Upload for RHEL 8

for p in cis anssi_bp28_minimal anssi_bp28_intermediary anssi_bp28_high anssi_bp28_enhanced stig cjis hipaa ospp pci-dss rht-ccp cui 
do
  echo "Processing RHEL 8 profile ${p}"
  PYTHONPATH=. python3 utils/ansible_playbook_to_role.py  --build-playbooks-dir ./build/ansible/ --profile ${p} --product rhel8 --tag-release --token "${GIT_TOKEN}"
done

Kickoff a build. RHEL 9 in this example

rm -rf build
mkdir build
git checkout build/.gitkeep
podman exec -ti --workdir=/home/oscap/content content ./build_product rhel9

Upload for RHEL 9

for p in cis anssi_bp28_minimal anssi_bp28_intermediary anssi_bp28_high anssi_bp28_enhanced stig cjis hipaa ospp pci-dss rht-ccp cui e8
do
  echo "Processing RHEL 9 profile ${p}"
  PYTHONPATH=. python3 utils/ansible_playbook_to_role.py  --build-playbooks-dir ./build/ansible/ --profile ${p} --product rhel9 --tag-release --token "${GIT_TOKEN}"
done

Kickoff a build. RHEL 10 in this example

rm -rf build
mkdir build
git checkout build/.gitkeep
podman exec -ti --workdir=/home/oscap/content content ./build_product rhel10

Upload for RHEL 10

for p in anssi_bp28_minimal anssi_bp28_intermediary anssi_bp28_high anssi_bp28_enhanced stig cjis hipaa ospp pci-dss rht-ccp cui e8
do
  echo "Processing RHEL 10 profile ${p}"
  PYTHONPATH=. python3 utils/ansible_playbook_to_role.py  --build-playbooks-dir ./build/ansible/ --profile ${p} --product rhel10 --tag-release --token "${GIT_TOKEN}"
done
Raw
Dockerfile
FROM registry.fedoraproject.org/fedora-minimal:latest
WORKDIR /content
RUN microdnf -y install cmake make git /usr/bin/python3 python3-pyyaml \
python3-jinja2 openscap-utils python3-setuptools \
jq vim scap-security-guide python3-pip python3-pygithub.noarch && \
python3 -m pip install --upgrade pip && \
python3 -m pip install --no-cache sh && \
rm -rf /var/cache/yum /var/cache/dnf
CMD ["sleep", "infinity"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment