From 8a8acd26817c00889f2d36e6708194d8981423cc Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 6 Mar 2026 12:09:34 +0100
Subject: [PATCH 1/3] Fix compare DS job.

---
 .github/workflows/compare-ds-build.yml |  4 +--
 .github/workflows/compare-ds.yaml      | 34 ++++++++++++++++++++++----
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/compare-ds-build.yml b/.github/workflows/compare-ds-build.yml
index a57473e1bf4d..dfbe2a96df6c 100644
--- a/.github/workflows/compare-ds-build.yml
+++ b/.github/workflows/compare-ds-build.yml
@@ -49,7 +49,7 @@ jobs:
                 with:
                     path: 'output.json'
                     prop_path: 'product'
-            -   name: Build product ${{ github.base_ref }} (${{ steps.fork_point.outputs.FORK_POINT }})
+            -   name: Build product ${{ github.event.pull_request.head.sha }}
                 if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
                 run: ./build_product ${{steps.product.outputs.prop}} --datastream-only
             -   name: Create Artifact
@@ -63,7 +63,7 @@ jobs:
                 if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
                 uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v4
                 with:
-                    name: pr-artifacts-${{ github.event.pull_request.head.sha }}
+                    name: pr-artifacts
                     retention-days: 1
                     path: artifacts.tar.gz
             -   name: Save PR info
diff --git a/.github/workflows/compare-ds.yaml b/.github/workflows/compare-ds.yaml
index dc30f49ffc4d..0af76dfd2452 100644
--- a/.github/workflows/compare-ds.yaml
+++ b/.github/workflows/compare-ds.yaml
@@ -8,8 +8,9 @@ permissions:
     pull-requests: write
     contents: read
     actions: read
+    checks: write
 jobs:
-  build-content:
+  compare_ds_job:
     name: Generate Diff
     runs-on: ubuntu-latest
     container:
@@ -30,19 +31,32 @@ jobs:
         id: pr_info
         run: |
           PR_NUMBER=$(cat pr-info/pr-number.txt)
+          PR_SHA=$(cat pr-info/pr-sha.txt)
           BASE_BRANCH=$(cat pr-info/base-branch.txt)
           FORK_POINT=$(cat pr-info/fork-point.txt)
           echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
+          echo "pr_sha=${PR_SHA}" >> $GITHUB_OUTPUT
           echo "base_branch=${BASE_BRANCH}" >> $GITHUB_OUTPUT
           echo "fork_point=${FORK_POINT}" >> $GITHUB_OUTPUT
           echo "PR Number: ${PR_NUMBER}"
+          echo "PR SHA: ${PR_SHA}"
           echo "Base Branch: ${BASE_BRANCH}"
           echo "Fork Point: ${FORK_POINT}"
-      - name: Checkout master
+      - name: Create GitHub check run
+        uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
+        id: create_check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: Compare DS
+          status: in_progress
+          sha: ${{ steps.pr_info.outputs.pr_sha }}
+          output: |
+            {"summary":"Compare DS started. Job: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}."}
+      - name: Checkout forking point ($FORK_POINT)
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           repo: ComplianceAsCode/content
-          ref: master
+          ref: ${{ steps.pr_info.outputs.fork_point }}
           fetch-depth: 0
       # https://github.com/actions/checkout/issues/766
       - name: Set git safe directory
@@ -75,7 +89,7 @@ jobs:
         uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
         with:
             github-token: ${{ secrets.GITHUB_TOKEN }}
-            name: pr-artifacts-${{ github.event.workflow_run.head_sha }}
+            name: pr-artifacts
             path: pr_artifacts
             run-id: ${{ github.event.workflow_run.id }}
       - name: Unpack built artifacts
@@ -158,7 +172,7 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Compare Ansible playbook shell commands
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: utils/ansible_shell_diff.py ssg-${{steps.product.outputs.prop}}-ds.xml build/ssg-${{steps.product.outputs.prop}}-ds.xml | tee diff.log
+        run: utils/ansible_shell_diff.py build/ssg-${{steps.product.outputs.prop}}-ds.xml pr_artifacts/artifacts/ssg-${{steps.product.outputs.prop}}-ds.xml | tee diff.log
         env:
           PYTHONPATH: ${{ github.workspace }}
       - name: Test if there are Ansible shell module changes
@@ -188,3 +202,13 @@ jobs:
           type: delete
           comment_id: ${{ steps.shell_diff.outputs.comment-id }}
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Compare DS
+        if: always()
+        uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ steps.create_check.outputs.check_id }}
+          sha: ${{ steps.pr_info.outputs.pr_sha }}
+          output: |
+            {"summary":"Compare DS completed. Job: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}."}

From bcd7999dd718f0ed9b1b5e76821c5b730d60679b Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 9 Mar 2026 12:43:10 +0100
Subject: [PATCH 2/3] Apply suggestion from @jan-cerny
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Jan Černý <jcerny@redhat.com>
---
 .github/workflows/compare-ds-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/compare-ds-build.yml b/.github/workflows/compare-ds-build.yml
index dfbe2a96df6c..f9c574780a05 100644
--- a/.github/workflows/compare-ds-build.yml
+++ b/.github/workflows/compare-ds-build.yml
@@ -49,7 +49,7 @@ jobs:
                 with:
                     path: 'output.json'
                     prop_path: 'product'
-            -   name: Build product ${{ github.event.pull_request.head.sha }}
+            -   name: Build product PR ${{ github.event.pull_request.head.sha }}
                 if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
                 run: ./build_product ${{steps.product.outputs.prop}} --datastream-only
             -   name: Create Artifact

From 90559e61c59b7b35e39287249e2827a5d88b7824 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 9 Mar 2026 12:43:45 +0100
Subject: [PATCH 3/3] Apply suggestion from @ggbecker

---
 .github/workflows/compare-ds.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/compare-ds.yaml b/.github/workflows/compare-ds.yaml
index 0af76dfd2452..c2e0079aba3b 100644
--- a/.github/workflows/compare-ds.yaml
+++ b/.github/workflows/compare-ds.yaml
@@ -52,7 +52,7 @@ jobs:
           sha: ${{ steps.pr_info.outputs.pr_sha }}
           output: |
             {"summary":"Compare DS started. Job: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}."}
-      - name: Checkout forking point ($FORK_POINT)
+      - name: Checkout forking point (${{ steps.pr_info.outputs.fork_point }})
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           repo: ComplianceAsCode/content