Build rpm packages

.github/workflows/build-macos.yml

@@ -28,7 +28,7 @@ jobs:
       - name: npm pack
         run: npx oclif pack macos
 
-      - name: Rename Windows Installers
+      - name: Rename Mac Installers
         run: |
           cd dist/macos
           for file in saf-*.pkg; do

.github/workflows/build-rpm.yml

@@ -0,0 +1,65 @@
+name: Build SAF-CLI RPM Installers
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  build-deploy:
+    runs-on: ubuntu-22.04
+    container:
+      image: registry.access.redhat.com/ubi8/nodejs-18:latest
+      options: -u 0 # dnf needs root
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: saf
+
+      - name: setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+          check-latest: true
+          cache: 'npm'
+          cache-dependency-path: ./saf/package-lock.json
+
+      - name: install build dependencies
+        run: dnf install -y rpm-build perl-Digest-SHA # rpmbuild, shasum
+
+      - name: setup saf cli
+        working-directory: ./saf
+        run: |
+          rm -rf test
+          npm ci
+
+      - name: set filename envvar
+        working-directory: ./saf
+        run: |
+          echo "filename=saf-v$(cat VERSION)-linux-x64" >> "$GITHUB_ENV"
+
+      - name: pack into tarball # we are targetting x86-64 since oclif bundles a node binary, but the project is actually fully architecture independent so long as they have a node binary on it
+        working-directory: ./saf
+        run: npx oclif pack tarballs -t linux-x64 --no-xz
+
+      - name: repack tarball but include the spec file
+        working-directory: ./saf/dist
+        run: |
+          gzip -dc "$(ls)" > "$filename.tar"
+          tar -rf "$filename.tar" --transform 's|^\.\.|saf|' ../saf.spec
+          gzip "$filename.tar"
+
+      - name: build rpm
+        working-directory: ./saf
+        run: rpmbuild -ta "dist/$filename.tar.gz" -D "_rpmdir $(pwd)" -D "version $(cat VERSION)"
+
+      - name: upload binary as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: SAF-CLI RPM Build noarch
+          path: saf/noarch/saf-*.rpm

.github/workflows/build-windows-linux.yml

@@ -49,7 +49,7 @@ jobs:
                   mv "$file" "$prefix-$suffix"
           done
 
-      - name: Rename Windows debian Installers
+      - name: Rename Debian Installers
         run: |
           cd saf/dist/deb
           for file in saf_*.deb; do

.gitignore

@@ -9,9 +9,10 @@ generatedMD.md
 node_modules
 **/.DS_Store
 *.*.un~
+*.*.swp
 out
 .env
 *.tgz
 **/saf-cli.log
 *.html
-saf-cli.log
+saf-cli.log

package.json

@@ -100,9 +100,7 @@
   "files": [
     "/bin",
     "/lib",
-    "/help",
-    "/npm-shrinkwrap.json",
-    "/oclif.manifest.json"
+    "/docs"
   ],
   "homepage": "https://github.com/mitre/saf",
   "keywords": [

saf.spec

@@ -0,0 +1,46 @@
+%define _rpmfilename %%{ARCH}/%%{NAME}-v%%{VERSION}-%%{ARCH}.rpm
+
+%define name saf
+%define release 1
+
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Summary: The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.
+
+License: Apache-2.0
+URL: https://saf.mitre.org
+Source: %{name}-v%{version}-linux-x64.tar.gz
+
+BuildRoot: %{buildroot}
+BuildArch: noarch
+ExclusiveArch: %{nodejs_arches} noarch
+
+Requires: nodejs > 18.18.2
+
+AutoReqProv: no
+
+%description
+%{summary}
+
+%prep
+%setup -q -c -n %{name}
+rm ./saf/bin/node # need to delete bundled node so that we use the system node instead
+
+%install
+rm -rf %{buildroot}
+
+mkdir -p %{buildroot}/opt/saf
+cp -r ./saf %{buildroot}/opt
+
+mkdir -p %{buildroot}%{_bindir}
+ln -s /opt/saf/bin/saf %{buildroot}%{_bindir}/saf
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(644, -, -, 755)
+/opt/saf
+%attr(755, -, -) /opt/saf/bin/saf
+/usr/bin/saf