Browse code
ci: run integration tests with firewalld enabled
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Albin Kerouanton authored on 2024/10/08 18:54:51Showing 2 changed files
| ... | ... |
@@ -36,6 +36,12 @@ jobs: |
| 36 | 36 |
runs-on: ubuntu-20.04 |
| 37 | 37 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 38 | 38 |
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
| 39 |
+ strategy: |
|
| 40 |
+ fail-fast: false |
|
| 41 |
+ matrix: |
|
| 42 |
+ mode: |
|
| 43 |
+ - "" |
|
| 44 |
+ - firewalld |
|
| 39 | 45 |
steps: |
| 40 | 46 |
- |
| 41 | 47 |
name: Checkout |
| ... | ... |
@@ -44,6 +50,15 @@ jobs: |
| 44 | 44 |
name: Set up runner |
| 45 | 45 |
uses: ./.github/actions/setup-runner |
| 46 | 46 |
- |
| 47 |
+ name: Prepare |
|
| 48 |
+ run: | |
|
| 49 |
+ CACHE_DEV_SCOPE=dev |
|
| 50 |
+ if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
|
| 51 |
+ echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV |
|
| 52 |
+ CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
|
| 53 |
+ fi |
|
| 54 |
+ echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
|
| 55 |
+ - |
|
| 47 | 56 |
name: Set up Docker Buildx |
| 48 | 57 |
uses: docker/setup-buildx-action@v3 |
| 49 | 58 |
with: |
| ... | ... |
@@ -65,11 +80,18 @@ jobs: |
| 65 | 65 |
name: Prepare reports |
| 66 | 66 |
if: always() |
| 67 | 67 |
run: | |
| 68 |
- mkdir -p bundles /tmp/reports |
|
| 68 |
+ reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
|
|
| 69 |
+ if [ -n "${{ matrix.mode }}" ]; then
|
|
| 70 |
+ reportsName="$reportsName-${{ matrix.mode }}"
|
|
| 71 |
+ fi |
|
| 72 |
+ reportsPath=/tmp/reports/$reportsName |
|
| 73 |
+ echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV |
|
| 74 |
+ |
|
| 75 |
+ mkdir -p bundles $reportsPath |
|
| 69 | 76 |
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz |
| 70 |
- tar -xzf /tmp/reports.tar.gz -C /tmp/reports |
|
| 71 |
- sudo chown -R $(id -u):$(id -g) /tmp/reports |
|
| 72 |
- tree -nh /tmp/reports |
|
| 77 |
+ tar -xzf /tmp/reports.tar.gz -C $reportsPath |
|
| 78 |
+ sudo chown -R $(id -u):$(id -g) $reportsPath |
|
| 79 |
+ tree -nh $reportsPath |
|
| 73 | 80 |
- |
| 74 | 81 |
name: Send to Codecov |
| 75 | 82 |
uses: codecov/codecov-action@v4 |
| ... | ... |
@@ -83,7 +105,7 @@ jobs: |
| 83 | 83 |
if: always() |
| 84 | 84 |
uses: actions/upload-artifact@v4 |
| 85 | 85 |
with: |
| 86 |
- name: test-reports-unit-${{ inputs.storage }}
|
|
| 86 |
+ name: test-reports-unit-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
|
|
| 87 | 87 |
path: /tmp/reports/* |
| 88 | 88 |
retention-days: 1 |
| 89 | 89 |
|
| ... | ... |
@@ -104,7 +126,7 @@ jobs: |
| 104 | 104 |
name: Download reports |
| 105 | 105 |
uses: actions/download-artifact@v4 |
| 106 | 106 |
with: |
| 107 |
- name: test-reports-unit-${{ inputs.storage }}
|
|
| 107 |
+ pattern: test-reports-unit-${{ inputs.storage }}-*
|
|
| 108 | 108 |
path: /tmp/reports |
| 109 | 109 |
- |
| 110 | 110 |
name: Install teststat |
| ... | ... |
@@ -218,6 +240,7 @@ jobs: |
| 218 | 218 |
- "" |
| 219 | 219 |
- rootless |
| 220 | 220 |
- systemd |
| 221 |
+ - firewalld |
|
| 221 | 222 |
#- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084 |
| 222 | 223 |
steps: |
| 223 | 224 |
- |
| ... | ... |
@@ -240,6 +263,10 @@ jobs: |
| 240 | 240 |
echo "SYSTEMD=true" >> $GITHUB_ENV |
| 241 | 241 |
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
|
| 242 | 242 |
fi |
| 243 |
+ if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
|
| 244 |
+ echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV |
|
| 245 |
+ CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
|
| 246 |
+ fi |
|
| 243 | 247 |
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
| 244 | 248 |
- |
| 245 | 249 |
name: Set up Docker Buildx |
| ... | ... |
@@ -377,6 +404,9 @@ jobs: |
| 377 | 377 |
fail-fast: false |
| 378 | 378 |
matrix: |
| 379 | 379 |
test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
|
| 380 |
+ mode: |
|
| 381 |
+ - "" |
|
| 382 |
+ - firewalld |
|
| 380 | 383 |
steps: |
| 381 | 384 |
- |
| 382 | 385 |
name: Checkout |
| ... | ... |
@@ -388,6 +418,15 @@ jobs: |
| 388 | 388 |
name: Set up tracing |
| 389 | 389 |
uses: ./.github/actions/setup-tracing |
| 390 | 390 |
- |
| 391 |
+ name: Prepare |
|
| 392 |
+ run: | |
|
| 393 |
+ CACHE_DEV_SCOPE=dev |
|
| 394 |
+ if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
|
| 395 |
+ echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV |
|
| 396 |
+ CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
|
| 397 |
+ fi |
|
| 398 |
+ echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
|
| 399 |
+ - |
|
| 391 | 400 |
name: Set up Docker Buildx |
| 392 | 401 |
uses: docker/setup-buildx-action@v3 |
| 393 | 402 |
with: |
| ... | ... |
@@ -414,6 +453,9 @@ jobs: |
| 414 | 414 |
if: always() |
| 415 | 415 |
run: | |
| 416 | 416 |
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
|
| 417 |
+ if [ -n "${{ matrix.mode }}" ]; then
|
|
| 418 |
+ reportsName="$reportsName-${{ matrix.mode }}"
|
|
| 419 |
+ fi |
|
| 417 | 420 |
reportsPath=/tmp/reports/$reportsName |
| 418 | 421 |
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV |
| 419 | 422 |
|
| ... | ... |
@@ -59,7 +59,7 @@ fi |
| 59 | 59 |
# Allow connections coming from the host (through eth0). This is needed to |
| 60 | 60 |
# access the daemon port (independently of which port is used), or run a |
| 61 | 61 |
# 'remote' Delve session, etc... |
| 62 |
-if [ ${DOCKER_FIREWALLD:-} = "true" ]; then
|
|
| 62 |
+if [ "${DOCKER_FIREWALLD:-}" = "true" ]; then
|
|
| 63 | 63 |
cat > /etc/firewalld/zones/trusted.xml << EOF |
| 64 | 64 |
<?xml version="1.0" encoding="utf-8"?> |
| 65 | 65 |
<zone target="ACCEPT"> |
| ... | ... |
@@ -76,7 +76,7 @@ env > /etc/docker-entrypoint-env |
| 76 | 76 |
cat > /etc/systemd/system/docker-entrypoint.target << EOF |
| 77 | 77 |
[Unit] |
| 78 | 78 |
Description=the target for docker-entrypoint.service |
| 79 |
-Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ ${DOCKER_FIREWALLD:-} = "true" ] && echo firewalld.service)
|
|
| 79 |
+Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ "${DOCKER_FIREWALLD:-}" = "true" ] && echo firewalld.service)
|
|
| 80 | 80 |
EOF |
| 81 | 81 |
|
| 82 | 82 |
quoted_args="$(printf " %q" "${@}")"
|