12. Understanding Profile Patch Updates

Learning Objectives

• Understand what constitutes a patch update
• Learn the complete patch update workflow
• Master the testing and validation process

What is a Patch Update?

A patch update is a minor modification to an InSpec profile that addresses specific issues, bugs, or improvements without changing core functionality. Common examples include:

• Fixing control logic errors
• Updating threshold values
• Improving error handling
• Adding missing test cases

Step-by-Step Patch Update Process

1. Issue Documentation

• Create a detailed issue in the project repository
• Include specific examples of the problem
• Reference any related documentation
• Link: Project Issues Page

2. Environment Setup

• Fork the repository
• Create a branch from the target patch release tag
• Configure test environments:
  • AWS testing suite
  • Docker testing suite

3. Implementation

• Make necessary updates to:
  • Control logic
  • inspec.yml inputs
  • Threshold values

Version number increments

The version attribute in inspec.yml is managed during releases so you shouldn't change it in every merged branch, just when you cut a new release.

4. Testing Protocol

Verify your changes across multiple environments:

• Vanilla systems
• Hardened systems
• Known bad states
• Known good states
• Edge cases and error conditions

Test contexts to cover:

• Container environments
• Virtual machines
• Physical hardware (1U machines)

5. Quality Assurance

Run the provided linting tools:

• bundle exec rake lint
• bundle exec rake lint:autocorrect

6. Commit and PR

• Commit your updates with a message including Fixes #ISSUE
• Open a PR from your fork to the project repository

7. Test Suite Verification

• Ensure the GitHub Action test suite passes
• Link: Project Actions Page