complytime · marcusburghardt · Apr 24, 2026 · Apr 24, 2026 · Apr 30, 2026
diff --git a/.fmf/version b/.fmf/version
@@ -0,0 +1 @@
+1
diff --git a/.packit.yaml b/.packit.yaml
@@ -0,0 +1,54 @@
+upstream_project_url: https://github.com/complytime/complytime-providers
+upstream_tag_template: v{version}
+upstream_package_name: complytime-providers
+downstream_package_name: complytime-providers
+
+specfile_path: complytime-providers.spec
+
+files_to_sync:
+    - complytime-providers.spec
+    - .packit.yaml
+
+jobs:
+    - job: copr_build
+      trigger: pull_request
+      targets:
+          - fedora-rawhide-x86_64
+          - fedora-43-x86_64
+          - fedora-42-x86_64
+          - centos-stream-9-x86_64
+          - centos-stream-10-x86_64
+
+# Running tests using testing farm https://packit.dev/docs/configuration/upstream/tests
+    - job: tests
+      trigger: pull_request
+      targets:
+          - fedora-rawhide-x86_64
+          - fedora-43-x86_64
+          - fedora-42-x86_64
+          - centos-stream-9-x86_64
+          - centos-stream-10-x86_64
+
+# https://packit.dev/docs/fedora-releases-guide
+# Propose Downstream PRs once an upstream release is out
+    - job: propose_downstream
+      trigger: release
+      dist_git_branches:
+          - rawhide
+          - f43
+          - f42
+
+# Automatically submit builds to Koji after PR is merged into dist-git
+    - job: koji_build
+      trigger: commit
+      dist_git_branches:
+          - rawhide
+          - f43
+          - f42
+
+# Trigger Bodhi update for released Fedora versions
+    - job: bodhi_update
+      trigger: commit
+      dist_git_branches:
+          - f43
+          - f42
diff --git a/complytime-providers.spec b/complytime-providers.spec
@@ -0,0 +1,94 @@
+# SPDX-License-Identifier: Apache-2.0
+
+%global goipath github.com/complytime/complytime-providers
+%global base_url https://%{goipath}
+%global app_dir complytime
+%global debug_package %{nil}
+
+Name:           complytime-providers
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Compliance scanning providers for complyctl
+License:        Apache-2.0
+URL:            %{base_url}
+Source0:        %{base_url}/archive/refs/tags/v%{version}.tar.gz
+
+BuildRequires:  golang
+BuildRequires:  go-rpm-macros
+
+%gometa -f
+
+%description
+Compliance scanning providers that extend complyctl with support for
+different policy validation platforms (PVPs). Each provider communicates
+with complyctl via gRPC and follows the complyctl-provider-* discovery
+convention. Providers are distributed as separate sub-packages so users
+can install only the providers they need.
+
+# --- OpenSCAP provider sub-package ---
+
+%package        openscap
+Summary:        OpenSCAP scanning provider for complyctl
+Requires:       complyctl >= 0.0.8
+Requires:       scap-security-guide
+
+%description    openscap
+OpenSCAP scanning provider that extends complyctl with OpenSCAP evaluation
+capabilities. It converts OSCAL assessment plans into SCAP policies,
+executes scans via the OpenSCAP engine, and returns structured results
+to complyctl. Communicates via gRPC (Generate, Scan, HealthCheck RPCs)
+and follows the complyctl-provider-* discovery convention.
+
+# --- Ampel provider sub-package ---
+
+%package        ampel
+Summary:        Ampel scanning provider for complyctl
+Requires:       complyctl >= 0.0.8
+
+%description    ampel
+Ampel scanning provider that extends complyctl with Ampel evaluation
+capabilities. It communicates via gRPC and follows the
+complyctl-provider-* discovery convention.
+
+%prep
+%goprep -k
+
+%build
+# Set up environment variables and flags to build properly and securely
+%set_build_flags
+export GO111MODULE=on
+
+# Define and create the output directory for binaries
+GO_BUILD_BINDIR=./bin
+mkdir -p ${GO_BUILD_BINDIR}
+
+# Build both provider binaries
+go build -buildmode=pie -o ${GO_BUILD_BINDIR}/complyctl-provider-openscap ./cmd/openscap-provider
+go build -buildmode=pie -o ${GO_BUILD_BINDIR}/complyctl-provider-ampel ./cmd/ampel-provider
+
+%install
+install -d -m 0755 %{buildroot}%{_libexecdir}/%{app_dir}/providers
+
+install -p -m 0755 bin/complyctl-provider-openscap %{buildroot}%{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap
+install -p -m 0755 bin/complyctl-provider-ampel %{buildroot}%{_libexecdir}/%{app_dir}/providers/complyctl-provider-ampel
+
+%check
+# Run unit tests
+go test -mod=vendor -v ./...
+
+# No main files section -- source RPM produces only sub-packages
+
+%files          openscap
+%attr(0755, root, root) %{_libexecdir}/%{app_dir}/providers/complyctl-provider-openscap
+%license LICENSE vendor/modules.txt
+%doc README.md
+
+%files          ampel
+%attr(0755, root, root) %{_libexecdir}/%{app_dir}/providers/complyctl-provider-ampel
+%license LICENSE vendor/modules.txt
+%doc README.md
+
+%changelog
+* Fri Apr 24 2026 Marcus Burghardt <maburgha@redhat.com> - 0.0.1-1
+- Initial RPM packaging for complytime-providers
+- OpenSCAP and Ampel provider sub-packages
diff --git a/plans/test-RPM-providers.fmf b/plans/test-RPM-providers.fmf
@@ -0,0 +1,6 @@
+summary: Validate complytime-providers RPM sub-packages deliver provider binaries
+
+execute:
+    script:
+      - test -x /usr/libexec/complytime/providers/complyctl-provider-openscap
+      - test -x /usr/libexec/complytime/providers/complyctl-provider-ampel