feat: update RPM packaging for core-only complyctl after provider split

.goreleaser.yaml

@@ -24,12 +24,6 @@ builds:
           - "-X github.com/complytime/complyctl/internal/version.gitTreeState={{ .GitTreeState }}"
           - "-X github.com/complytime/complyctl/internal/version.commit={{ .Commit }}"
           - "-X github.com/complytime/complyctl/internal/version.buildDate={{ .Date }}"
-    - id: openscap-plugin
-      binary: openscap-plugin
-      dir: ./cmd/openscap-plugin
-      main: .
-      goos:
-          - linux
 
 archives:
     - format: tar.gz

.specify/feature.json

@@ -0,0 +1,3 @@
+{
+  "feature_directory": "specs/005-rpm-packaging-ci"
+}

AGENTS.md

@@ -3,6 +3,7 @@
 Auto-generated from all feature plans. Last updated: 2026-04-21
 
 ## Active Technologies
+- Go 1.25 + go-rpm-macros, Packit, Testing Farm (TMT/FMF) (005-rpm-packaging-ci)
 
 - Go 1.25 (complyctl root `go.mod`) (004-providers-repository-split)
 
@@ -22,6 +23,7 @@ tests/
 Go 1.25 (complyctl root `go.mod`): Follow standard conventions
 
 ## Recent Changes
+- 005-rpm-packaging-ci: Added Go 1.25 + go-rpm-macros, Packit, Testing Farm (TMT/FMF)
 
 - 004-providers-repository-split: Providers (openscap, ampel) migrated to `complytime-providers`; `pkg/plugin/` renamed to `pkg/provider/`; all "plugin" terminology updated to "provider"
 

Makefile

@@ -12,10 +12,6 @@ GO_LD_EXTRAFLAGS := -X github.com/complytime/complyctl/internal/version.version=
 
 MAN_COMPLYCTL = docs/man/complyctl.md
 MAN_COMPLYCTL_OUTPUT = docs/man/complyctl.1
-MAN_OPENSCAP_PROVIDER = docs/man/complyctl-openscap-provider.md
-MAN_OPENSCAP_PROVIDER_OUTPUT = docs/man/complyctl-openscap-provider.7
-MAN_OPENSCAP_CONF = docs/man/c2p-openscap-manifest.md
-MAN_OPENSCAP_CONF_OUTPUT = docs/man/c2p-openscap-manifest.5
 
 ##@ Proto
 
@@ -74,9 +70,8 @@ build-behavioral-report: prep-build-dir ## build behavioral report tool (go test
 ##@ Packaging
 
 man: ## generate man pages
-	mkdir -p $(dir $(MAN_COMPLYCTL_OUTPUT)) $(dir $(MAN_OPENSCAP_CONF_OUTPUT))
+	mkdir -p $(dir $(MAN_COMPLYCTL_OUTPUT))
 	pandoc -s -t man $(MAN_COMPLYCTL) -o $(MAN_COMPLYCTL_OUTPUT)
-	pandoc -s -t man $(MAN_OPENSCAP_CONF) -o $(MAN_OPENSCAP_CONF_OUTPUT)
 
 ##@ Environment
 

complyctl.spec

@@ -3,13 +3,12 @@
 %global goipath github.com/complytime/complyctl
 %global base_url https://%{goipath}
 %global app_dir complytime
-%global gopath %{_builddir}/go
 %global debug_package %{nil}
 
 Name:           complyctl
 Version:        0.0.8
-Release:        0%{?dist}
-Summary:        Gemara-native compliance scanning CLI with pluggable providers
+Release:        1%{?dist}
+Summary:        Compliance scanning CLI for OSCAL-based assessment workflows
 License:        Apache-2.0
 URL:            %{base_url}
 Source0:        %{base_url}/archive/refs/tags/v%{version}.tar.gz
@@ -24,20 +23,13 @@ BuildRequires:  go-rpm-macros
 graphs, dispatches scans to providers via gRPC, and produces compliance
 reports (EvaluationLog, OSCAL, Markdown, SARIF).
 
-%package        openscap-provider
-Summary:        OpenSCAP scanning provider for complyctl
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-Requires:       scap-security-guide
-%description    openscap-provider
-openscap-provider is a scanning provider that extends complyctl with OpenSCAP
-evaluation capabilities. It communicates via gRPC (Generate, Scan, HealthCheck
-RPCs) and follows the complyctl-provider-* discovery convention.
+Providers are distributed separately via the complytime-providers package.
 
 %prep
 %goprep -k
 
 %build
-BUILD_DATE_GO=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+BUILD_DATE_GO=$(date -u +'%%Y-%%m-%%dT%%H:%%M:%%SZ')
 
 # Set up environment variables and flags to build properly and securely
 %set_build_flags
@@ -55,38 +47,37 @@ export GO111MODULE=on
 GO_BUILD_BINDIR=./bin
 mkdir -p ${GO_BUILD_BINDIR}
 
-# Not calling the macro for more control on go env variables
-go build -buildmode=pie -o ${GO_BUILD_BINDIR}/ -ldflags="${GO_LD_EXTRAFLAGS}" ./cmd/...
-
-# Build openscap provider (separate Go module)
-cd cmd/openscap-plugin
-go build -buildmode=pie -o ../../${GO_BUILD_BINDIR}/complyctl-provider-openscap -ldflags="${GO_LD_EXTRAFLAGS}" .
-cd ../..
+# Build only the complyctl binary
+go build -buildmode=pie -o ${GO_BUILD_BINDIR}/complyctl -ldflags="${GO_LD_EXTRAFLAGS}" ./cmd/complyctl
 
 %install
 install -d %{buildroot}%{_bindir}
 install -d -m 0755 %{buildroot}%{_libexecdir}/%{app_dir}/providers
+install -d %{buildroot}%{_mandir}/man1
 
 install -p -m 0755 bin/complyctl %{buildroot}%{_bindir}/complyctl
-install -p -m 0755 bin/complyctl-provider-openscap %{buildroot}%{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap
+install -p -m 0644 docs/man/complyctl.1 %{buildroot}%{_mandir}/man1/complyctl.1
 
 %check
 # Run unit tests
 go test -mod=vendor -race -v ./...
-cd cmd/openscap-plugin && go test -mod=vendor -race -v ./...
-cd ../..
 
 %files
 %attr(0755, root, root) %{_bindir}/complyctl
-%license LICENSE
+%{_mandir}/man1/complyctl.1*
+%license LICENSE vendor/modules.txt
+%doc README.md
 %dir %{_libexecdir}/%{app_dir}
 %dir %{_libexecdir}/%{app_dir}/providers
 
-%files          openscap-provider
-%attr(0755, root, root) %{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap
-%license LICENSE
-
 %changelog
+* Fri Apr 24 2026 Marcus Burghardt <maburgha@redhat.com> - 0.0.8-1
+- Simplify spec for core-only delivery after provider split
+- Remove openscap-provider sub-package (moved to complytime-providers)
+- Add complyctl.1 man page
+- Add vendor/modules.txt for automatic bundled provides generation
+- Build only complyctl binary from cmd/complyctl
+
 * Wed Jul 9 2025 Marcus Burghardt <maburgha@redhat.com> - 0.0.8-1
 - Bump to upstream version v0.0.8
 

docs/RELEASE_PROCESS.md

@@ -31,16 +31,30 @@ Tests relevant for releases are incorporated in CI tests for every PR.
 
 Releases are currently expected every three weeks. Project maintainers always discuss and agree on releases. Therefore, some releases may be triggered a bit earlier or later when necessary.
 
-## Fedora Package
+## Fedora Packages
 
-Once a new release is out, the [Fedora Package](https://src.fedoraproject.org/rpms/complyctl) also needs to be updated.
+After the repository split, complyctl and complytime-providers are independent Fedora packages with separate release cycles.
+
+### complyctl
+
+Once a new complyctl release is out, the [Fedora Package](https://src.fedoraproject.org/rpms/complyctl) also needs to be updated.
 
 The process is automated by [Packit](https://packit.dev/docs/fedora-releases-guide) according to [.packit.yaml](https://github.com/complytime/complyctl/blob/main/.packit.yaml) configuration file and should only demand a PR review from a Fedora package [maintainer](https://src.fedoraproject.org/rpms/complyctl)
 
 This automation will create PRs for the specified branches. Once the PRs are reviewed and merged:
 - [Koji builds](https://koji.fedoraproject.org/koji/packageinfo?packageID=42298) will be created
 - [Bodhi updates](https://bodhi.fedoraproject.org/updates/?packages=complyctl) will be submitted
 
+### complytime-providers
+
+The [complytime-providers](https://github.com/complytime/complytime-providers) repository has its own independent release and packaging pipeline. It produces two sub-packages:
+- `complytime-providers-openscap` -- OpenSCAP scanning provider
+- `complytime-providers-ampel` -- Ampel scanning provider
+
+The process is also automated by Packit via the `.packit.yaml` in the complytime-providers repository.
+
+> **Note:** The complytime-providers Fedora package requires a one-time [Fedora package review](https://docs.fedoraproject.org/en-US/package-maintainers/Joining_the_Package_Maintainers/) before the automation can function. Once approved, the Packit automation operates identically to complyctl.
+
 ### Preparation (only necessary for Manual Process)
 
 To update a Fedora package, it is ultimately necessary to be a member of Fedora Packager group.