--- name: Tests on: push: branches: [main] pull_request: branches: [main] permissions: contents: read jobs: codestyle: name: "Code style" runs-on: ubuntu-latest container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel steps: - name: Checkout repository uses: actions/checkout@v2 with: fetch-depth: 0 submodules: true # https://github.com/actions/checkout/issues/760 - name: Mark git checkout as safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Test style run: ./ci/ci-commitmessage-submodules.sh build-integration: runs-on: ubuntu-latest container: quay.io/coreos-assembler/fcos-buildroot:testing-devel steps: - uses: actions/checkout@v3 - name: Cache Dependencies uses: Swatinem/rust-cache@ce325b60658c1b38465c06cc965b79baf32c1e72 with: key: "integration" - name: Build run: cd tests/inst && cargo build --verbose --release - name: Upload binary uses: actions/upload-artifact@v2 with: name: ostree-test path: tests/inst/target/release/ostree-test minimal: name: "Build - FCOS minimal" runs-on: ubuntu-latest container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel steps: - name: Checkout repository uses: actions/checkout@v2 # https://github.com/actions/checkout/issues/760 - name: Mark git checkout as safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Build run: | env NOCONFIGURE=1 ./autogen.sh && ./configure --without-curl --without-soup --disable-gtk-doc --disable-man \ --disable-rust --without-libarchive --without-selinux --without-smack \ --without-openssl --without-avahi --without-libmount --disable-rofiles-fuse \ --without-libsodium && make build-c: name: "Build (Fedora)" runs-on: ubuntu-latest container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel steps: - name: Checkout repository uses: actions/checkout@v3 # https://github.com/actions/checkout/issues/760 - name: Mark git checkout as safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Build run: | env NOCONFIGURE=1 ./autogen.sh && ./configure --with-curl --with-selinux --with-dracut=yesbutnoconf && make -j 4 && make install DESTDIR=$(pwd)/install && tar -c -C install --zstd -f inst.tar.zst . - name: Upload binary uses: actions/upload-artifact@v2 with: name: inst.tar.zst path: inst.tar.zst privtest: name: "Privileged testing" needs: [build-c, build-integration] runs-on: ubuntu-latest container: image: quay.io/fedora/fedora-coreos:testing-devel options: "--privileged --pid=host -v /run/systemd:/run/systemd -v /:/run/host" steps: - name: Checkout repository uses: actions/checkout@v3 - name: Download install tree uses: actions/download-artifact@v2 with: name: inst.tar.zst - name: Install run: tar -C / -xvf inst.tar.zst && rm -f inst.tar.zst - name: Download test binary uses: actions/download-artifact@v2 with: name: ostree-test - name: Install run: install ostree-test /usr/bin - name: Setup # https://github.com/ostreedev/ostree-rs-ext/issues/417 run: mkdir -p /var/tmp - name: Integration tests (unit) run: ostree-test tests: # Distro configuration matrix # # Each build is run in a Docker container specific to the distro. # When adding a new distro, handle the dependency installation in # `ci/gh-install.sh`. The matrix configuration options are: # # name: A friendly name to use for the job. # # image: The Docker image to use. # # container-options: Additional Docker command line options. # # pre-checkout-setup: Commands to run before the git repo checkout. # If git is not in the Docker image, it must be installed here. # Otherwise, the checkout action uses the GitHub REST API, which # doesn't result in an actual git repo. A real git repo is # required to checkout the submodules. # # extra-packages: Packages to install in addition to those in # `ci/gh-install.sh`. This can be used to support features from # additional `configure` options. # # configure-options: Options to pass to `configure`. strategy: # Let other configurations continue if one fails. fail-fast: false matrix: include: # Debian builds. Currently stable and testing are tested. # Other options would be stable-backports, oldstable, # oldstable-backports and unstable. # # https://hub.docker.com/_/debian - name: Debian Stable with sign-ed25519 and FUSE 2 image: debian:stable-slim pre-checkout-setup: | apt-get update apt-get install -y git extra-packages: >- libfuse-dev libsodium-dev configure-options: >- --with-ed25519-libsodium - name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3 image: debian:stable-slim pre-checkout-setup: | apt-get update apt-get install -y git extra-packages: >- libfuse3-dev libsodium-dev configure-options: >- --with-curl --with-ed25519-libsodium --without-gpgme # A 32 bit build to act as a proxy for frequently deployed 32 # bit armv7 - name: Debian Stable 32 bit image: i386/debian:stable-slim # This is pretty nasty. The checkout action uses an x86_64 # node binary in the container, so we need to provide an # x86_64 ld.so and libstdc++. pre-checkout-setup: | dpkg --add-architecture amd64 apt-get update apt-get install -y git libc6:amd64 libstdc++6:amd64 # A build without libsystemd support, similar to what flatpak-builder does. - name: Debian Stable without libsystemd image: debian:stable-slim pre-checkout-setup: | apt-get update apt-get install -y git configure-options: >- --without-libsystemd - name: Debian Testing image: debian:testing-slim container-options: --security-opt seccomp=unconfined pre-checkout-setup: | apt-get update apt-get install -y git # Ubuntu builds. Unfortunately, when the latest release is # also the latest LTS, latest and rolling are the same. Other # options would be to test the previous LTS by name or to test # the devel tag, which is the unreleased version. # # https://hub.docker.com/_/ubuntu # For now, this is disabled because its glib version is too old. # - name: Ubuntu Latest LTS # image: ubuntu:latest # pre-checkout-setup: | # apt-get update # apt-get install -y git - name: Ubuntu Latest Release image: ubuntu:rolling # FIXME: The ubuntu-latest VMs are currently based on 20.04 # (focal). In focal, libseccomp2 doesn't know about the # close_range syscall, but g_spawn_sync in impish tries to # use close_range since it's defined in glibc. That causes # libseccomp2 to return EPERM as it does for any unknown # syscalls. g_spawn_sync carries on silently instead of # falling back to other means of setting CLOEXEC on open # FDs. Eventually it causes some tests to hang since once # side of a pipe is never closed. Remove this when # libseccomp2 in focal is updated or glib in impish handles # the EPERM better. # # https://github.com/ostreedev/ostree/issues/2495 # https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436 container-options: --security-opt seccomp=unconfined pre-checkout-setup: | apt-get update apt-get install -y git name: ${{ matrix.name }} runs-on: ubuntu-latest container: image: ${{ matrix.image }} # An empty string isn't valid, so a dummy --label option is always # added. options: --label ostree ${{ matrix.container-options }} # make sure tests are performed on a non-overlayfs filesystem volumes: - tmp_dir:/test-tmp env: TEST_TMPDIR: /test-tmp steps: - name: Pre-checkout setup run: ${{ matrix.pre-checkout-setup }} if: ${{ matrix.pre-checkout-setup }} - name: Checkout repository uses: actions/checkout@v2 with: submodules: true - name: Install dependencies run: ./ci/gh-install.sh ${{ matrix.extra-packages }} - name: Add non-root user run: "useradd builder && chown -R -h builder: . $TEST_TMPDIR" - name: Build and test run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }} env: # GitHub hosted runners currently have 2 CPUs, so run 2 # parallel make jobs. # # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners MAKEFLAGS: -j2