complyctl.spec

# SPDX-License-Identifier: Apache-2.0

%global goipath github.com/complytime/complyctl
%global base_url https://%{goipath}
%global app_dir complytime
%global gopath %{_builddir}/go
%global debug_package %{nil}

Name:           complyctl
Version:        0.0.8
Release:        0%{?dist}
Summary:        Gemara-native compliance scanning CLI with pluggable providers
License:        Apache-2.0
URL:            %{base_url}
Source0:        %{base_url}/archive/refs/tags/v%{version}.tar.gz

BuildRequires:  golang
BuildRequires:  go-rpm-macros

%gometa -f

%description
%{name} fetches Gemara policies from OCI registries, resolves dependency
graphs, dispatches scans to providers via gRPC, and produces compliance
reports (EvaluationLog, OSCAL, Markdown, SARIF).

%package        openscap-provider
Summary:        OpenSCAP scanning provider for complyctl
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires:       scap-security-guide
%description    openscap-provider
openscap-provider is a scanning provider that extends complyctl with OpenSCAP
evaluation capabilities. It communicates via gRPC (Generate, Scan, HealthCheck
RPCs) and follows the complyctl-provider-* discovery convention.

%prep
%goprep -k

%build
BUILD_DATE_GO=$(date -u +'%Y-%m-%dT%H:%M:%SZ')

# Set up environment variables and flags to build properly and securely
%set_build_flags

# Align GIT_COMMIT and GIT_TAG with version for simplicity
GO_LD_EXTRAFLAGS="-X %{goipath}/internal/version.version=%{version} \
                  -X %{goipath}/internal/version.gitTreeState=clean \
                  -X %{goipath}/internal/version.commit=%{version} \
                  -X %{goipath}/internal/version.buildDate=${BUILD_DATE_GO}"

# Adapt go env to RPM build environment
export GO111MODULE=on

# Define and create the output directory for binaries
GO_BUILD_BINDIR=./bin
mkdir -p ${GO_BUILD_BINDIR}

# Not calling the macro for more control on go env variables
go build -buildmode=pie -o ${GO_BUILD_BINDIR}/ -ldflags="${GO_LD_EXTRAFLAGS}" ./cmd/...

# Build openscap provider (separate Go module)
cd cmd/openscap-plugin
go build -buildmode=pie -o ../../${GO_BUILD_BINDIR}/complyctl-provider-openscap -ldflags="${GO_LD_EXTRAFLAGS}" .
cd ../..

%install
install -d %{buildroot}%{_bindir}
install -d -m 0755 %{buildroot}%{_libexecdir}/%{app_dir}/providers

install -p -m 0755 bin/complyctl %{buildroot}%{_bindir}/complyctl
install -p -m 0755 bin/complyctl-provider-openscap %{buildroot}%{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap

%check
# Run unit tests
go test -mod=vendor -race -v ./...
cd cmd/openscap-plugin && go test -mod=vendor -race -v ./...
cd ../..

%files
%attr(0755, root, root) %{_bindir}/complyctl
%license LICENSE
%dir %{_libexecdir}/%{app_dir}
%dir %{_libexecdir}/%{app_dir}/providers

%files          openscap-provider
%attr(0755, root, root) %{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap
%license LICENSE

%changelog
* Wed Jul 9 2025 Marcus Burghardt <maburgha@redhat.com> - 0.0.8-1
- Bump to upstream version v0.0.8

* Tue Jul 8 2025 Marcus Burghardt <maburgha@redhat.com> - 0.0.7-1
- Bump to upstream version v0.0.7
- Include manifest file for openscap-plugin

* Mon Jun 16 2025 George Vauter <gvauter@redhat.com> - 0.0.6-2
- Update package name to complyctl

* Wed Jun 11 2025 Marcus Burghardt <maburgha@redhat.com> - 0.0.6-1
- Bump to upstream version v0.0.6
- Align with Fedora Package Guidelines

* Tue May 6 2025 Qingmin Duanmu <qduanmu@redhat.com> - 0.0.3-2
- Add complytime and openscap plugin man pages

* Wed Apr 30 2025 Qingmin Duanmu <qduanmu@redhat.com> - 0.0.3-1
- Separate plugin binary from manifest

* Fri Apr 11 2025 Qingmin Duanmu <qduanmu@redhat.com> - 0.0.2-1
- Separate package for openscap-plugin

* Tue Apr 08 2025 Marcus Burghardt <maburgha@redhat.com> - 0.0.2-1
- Initial RPM