diff options
author | Simon McVittie <smcv@collabora.com> | 2023-02-06 13:36:43 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-02-06 13:36:43 +0000 |
commit | 7501a0440166e609789b98c0bb98f29bdce43774 (patch) | |
tree | 63611302cbc9c5f474e42123996e6613794fc33c | |
parent | cca6c046374a2e6a849cc73c809b17b32a26dd30 (diff) | |
parent | 25e1512c17be88b3dfdfd576969dcc5503495b68 (diff) | |
download | dbus-7501a0440166e609789b98c0bb98f29bdce43774.tar.gz |
Merge branch 'gitlab-ci' into 'master'
CI: Avoid changing uid, except when running installed-tests
Closes #447
See merge request dbus/dbus!392
-rw-r--r-- | .gitlab-ci.yml | 6 | ||||
-rwxr-xr-x | tools/ci-build.sh | 58 | ||||
-rwxr-xr-x | tools/ci-install.sh | 25 |
3 files changed, 30 insertions, 59 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2fd5a04e..5982829d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -40,6 +40,9 @@ variables: ci_local_packages: "yes" ci_parallel: "2" ci_sudo: "yes" + # Temporarily needed to clean up after dbus/dbus#447 + GIT_STRATEGY: clone + ### # IMPORTANT # These are the version tags for the docker images the CI runs against. @@ -142,8 +145,7 @@ windows amd64 image: # compilers - export PATH="/usr/lib/ccache:$PATH" script: - - chown -R user . - - runuser -u user ./tools/ci-build.sh + - ./tools/ci-build.sh debian image: extends: diff --git a/tools/ci-build.sh b/tools/ci-build.sh index 287b170e..df22b8ba 100755 --- a/tools/ci-build.sh +++ b/tools/ci-build.sh @@ -86,15 +86,6 @@ init_wine() { # Typical values: auto (detect at runtime), ubuntu, debian; maybe fedora in future : "${ci_distro:=auto}" -# ci_docker: -# If non-empty, this is the name of a Docker image. ci-install.sh will -# fetch it with "docker pull" and use it as a base for a new Docker image -# named "ci-image" in which we will do our testing. -# -# If empty, we test on "bare metal". -# Typical values: ubuntu:xenial, debian:jessie-slim -: "${ci_docker:=}" - # ci_host: # See ci-install.sh : "${ci_host:=native}" @@ -138,7 +129,7 @@ init_wine() { # One of static, shared; used for windows cross builds : "${ci_runtime:=static}" -echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_docker=$ci_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0" +echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0" # choose distribution if [ "$ci_distro" = "auto" ]; then @@ -152,22 +143,6 @@ if [ "$ci_suite" = "auto" ]; then echo "detected ci_suite as '${ci_suite}'" fi -if [ -n "$ci_docker" ]; then - exec docker run \ - --env=ci_buildsys="${ci_buildsys}" \ - --env=ci_docker="" \ - --env=ci_host="${ci_host}" \ - --env=ci_parallel="${ci_parallel}" \ - --env=ci_sudo=yes \ - --env=ci_test="${ci_test}" \ - --env=ci_test_fatal="${ci_test_fatal}" \ - --env=ci_variant="${ci_variant}" \ - --env=ci_runtime="${ci_runtime}" \ - --privileged \ - ci-image \ - tools/ci-build.sh -fi - maybe_fail_tests () { if [ "$ci_test_fatal" = yes ]; then exit 1 @@ -396,19 +371,34 @@ case "$ci_buildsys" in maybe_fail_tests cat test/test-suite.log || : - # re-run them with gnome-desktop-testing + # Re-run them with gnome-desktop-testing. + # Also, one test needs a finite fd limit to be useful, so we + # can set that here. env LD_LIBRARY_PATH=/usr/local/lib \ + bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ gnome-desktop-testing-runner -d /usr/local/share dbus/ || \ maybe_fail_tests - # these tests benefit from being re-run as root, and one - # test needs a finite fd limit to be useful - sudo env LD_LIBRARY_PATH=/usr/local/lib \ - bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ + # Some tests benefit from being re-run as non-root, if we were + # not already... + if [ "$(id -u)" = 0 ] && [ "$ci_in_docker" = yes ]; then + sudo -u user \ + env LD_LIBRARY_PATH=/usr/local/lib \ gnome-desktop-testing-runner -d /usr/local/share \ - dbus/test-dbus-daemon_with_config.test \ - dbus/test-uid-permissions_with_config.test || \ - maybe_fail_tests + dbus/test-dbus-daemon_with_config.test \ + || maybe_fail_tests + fi + + # ... while other tests benefit from being re-run as root, if + # we were not already + if [ "$(id -u)" != 0 ]; then + sudo env LD_LIBRARY_PATH=/usr/local/lib \ + bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ + gnome-desktop-testing-runner -d /usr/local/share \ + dbus/test-dbus-daemon_with_config.test \ + dbus/test-uid-permissions_with_config.test || \ + maybe_fail_tests + fi fi ;; diff --git a/tools/ci-install.sh b/tools/ci-install.sh index b259a58e..0637ea87 100755 --- a/tools/ci-install.sh +++ b/tools/ci-install.sh @@ -32,20 +32,13 @@ NULL= # Typical values: auto, ubuntu, debian, ; maybe fedora in future : "${ci_distro:=auto}" -# ci_docker: -# If non-empty, this is the name of a Docker image. ci-install.sh will -# fetch it with "docker pull" and use it as a base for a new Docker image -# named "ci-image" in which we will do our testing. -: "${ci_docker:=}" - # ci_host: # Either "native", or an Autoconf --host argument to cross-compile # the package : "${ci_host:=native}" # ci_in_docker: -# Used internally by ci-install.sh. If yes, we are inside the Docker image -# (ci_docker is empty in this case). +# "yes" if we are running inside a Docker image. : "${ci_in_docker:=no}" # ci_local_packages: @@ -61,7 +54,7 @@ NULL= # One of debug, reduced, legacy, production : "${ci_variant:=production}" -echo "ci_distro=$ci_distro ci_docker=$ci_docker ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0" +echo "ci_distro=$ci_distro ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0" if [ $(id -u) = 0 ]; then sudo= @@ -82,15 +75,6 @@ if [ "$ci_suite" = "auto" ]; then echo "detected ci_suite as '${ci_suite}'" fi -if [ -n "$ci_docker" ]; then - sed \ - -e "s/@ci_distro@/${ci_distro}/" \ - -e "s/@ci_docker@/${ci_docker}/" \ - -e "s/@ci_suite@/${ci_suite}/" \ - < tools/ci-Dockerfile.in > Dockerfile - exec docker build -t ci-image . -fi - case "$ci_distro" in (debian*|ubuntu*) # Don't ask questions, just do it @@ -406,11 +390,6 @@ if [ "$ci_local_packages" = yes ]; then wget ${mirror}/${filename} tar -C ${dep_prefix} --strip-components=1 -xvf ${filename} done - - # limit access rights - if [ "$ci_in_docker" = yes ]; then - chown -R user "${dep_prefix}" - fi ;; esac fi |