1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
---
name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
codestyle:
name: "Code style"
runs-on: ubuntu-latest
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: true
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Test style
run: ./ci/ci-commitmessage-submodules.sh
build-integration:
runs-on: ubuntu-latest
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
steps:
- uses: actions/checkout@v3
- name: Cache Dependencies
uses: Swatinem/rust-cache@ce325b60658c1b38465c06cc965b79baf32c1e72
with:
key: "integration"
- name: Build
run: cd tests/inst && cargo build --verbose --release
- name: Upload binary
uses: actions/upload-artifact@v2
with:
name: ostree-test
path: tests/inst/target/release/ostree-test
minimal:
name: "Build - FCOS minimal"
runs-on: ubuntu-latest
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v2
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Build
run: |
env NOCONFIGURE=1 ./autogen.sh &&
./configure --without-curl --without-soup --disable-gtk-doc --disable-man \
--disable-rust --without-libarchive --without-selinux --without-smack \
--without-openssl --without-avahi --without-libmount --disable-rofiles-fuse \
--without-libsodium &&
make
build-c:
name: "Build (Fedora)"
runs-on: ubuntu-latest
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v3
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Build
run: |
env NOCONFIGURE=1 ./autogen.sh &&
./configure --with-curl --with-selinux --with-dracut=yesbutnoconf &&
make -j 4 && make install DESTDIR=$(pwd)/install && tar -c -C install --zstd -f inst.tar.zst .
- name: Upload binary
uses: actions/upload-artifact@v2
with:
name: inst.tar.zst
path: inst.tar.zst
privtest:
name: "Privileged testing"
needs: [build-c, build-integration]
runs-on: ubuntu-latest
container:
image: quay.io/fedora/fedora-coreos:testing-devel
options: "--privileged --pid=host -v /run/systemd:/run/systemd -v /:/run/host"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download install tree
uses: actions/download-artifact@v2
with:
name: inst.tar.zst
- name: Install
run: tar -C / -xvf inst.tar.zst && rm -f inst.tar.zst
- name: Download test binary
uses: actions/download-artifact@v2
with:
name: ostree-test
- name: Install
run: install ostree-test /usr/bin
- name: Setup
# https://github.com/ostreedev/ostree-rs-ext/issues/417
run: mkdir -p /var/tmp
- name: Integration tests (unit)
run: ostree-test
tests:
# Distro configuration matrix
#
# Each build is run in a Docker container specific to the distro.
# When adding a new distro, handle the dependency installation in
# `ci/gh-install.sh`. The matrix configuration options are:
#
# name: A friendly name to use for the job.
#
# image: The Docker image to use.
#
# container-options: Additional Docker command line options.
#
# pre-checkout-setup: Commands to run before the git repo checkout.
# If git is not in the Docker image, it must be installed here.
# Otherwise, the checkout action uses the GitHub REST API, which
# doesn't result in an actual git repo. A real git repo is
# required to checkout the submodules.
#
# extra-packages: Packages to install in addition to those in
# `ci/gh-install.sh`. This can be used to support features from
# additional `configure` options.
#
# configure-options: Options to pass to `configure`.
strategy:
# Let other configurations continue if one fails.
fail-fast: false
matrix:
include:
# Debian builds. Currently stable and testing are tested.
# Other options would be stable-backports, oldstable,
# oldstable-backports and unstable.
#
# https://hub.docker.com/_/debian
- name: Debian Stable with sign-ed25519 and FUSE 2
image: debian:stable-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
extra-packages: >-
libfuse-dev
libsodium-dev
configure-options: >-
--with-ed25519-libsodium
- name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3
image: debian:stable-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
extra-packages: >-
libfuse3-dev
libsodium-dev
configure-options: >-
--with-curl
--with-ed25519-libsodium
--without-gpgme
# A 32 bit build to act as a proxy for frequently deployed 32
# bit armv7
- name: Debian Stable 32 bit
image: i386/debian:stable-slim
# This is pretty nasty. The checkout action uses an x86_64
# node binary in the container, so we need to provide an
# x86_64 ld.so and libstdc++.
pre-checkout-setup: |
dpkg --add-architecture amd64
apt-get update
apt-get install -y git libc6:amd64 libstdc++6:amd64
# A build without libsystemd support, similar to what flatpak-builder does.
- name: Debian Stable without libsystemd
image: debian:stable-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
configure-options: >-
--without-libsystemd
- name: Debian Testing
image: debian:testing-slim
container-options: --security-opt seccomp=unconfined
pre-checkout-setup: |
apt-get update
apt-get install -y git
# Ubuntu builds. Unfortunately, when the latest release is
# also the latest LTS, latest and rolling are the same. Other
# options would be to test the previous LTS by name or to test
# the devel tag, which is the unreleased version.
#
# https://hub.docker.com/_/ubuntu
# For now, this is disabled because its glib version is too old.
# - name: Ubuntu Latest LTS
# image: ubuntu:latest
# pre-checkout-setup: |
# apt-get update
# apt-get install -y git
- name: Ubuntu Latest Release
image: ubuntu:rolling
# FIXME: The ubuntu-latest VMs are currently based on 20.04
# (focal). In focal, libseccomp2 doesn't know about the
# close_range syscall, but g_spawn_sync in impish tries to
# use close_range since it's defined in glibc. That causes
# libseccomp2 to return EPERM as it does for any unknown
# syscalls. g_spawn_sync carries on silently instead of
# falling back to other means of setting CLOEXEC on open
# FDs. Eventually it causes some tests to hang since once
# side of a pipe is never closed. Remove this when
# libseccomp2 in focal is updated or glib in impish handles
# the EPERM better.
#
# https://github.com/ostreedev/ostree/issues/2495
# https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436
container-options: --security-opt seccomp=unconfined
pre-checkout-setup: |
apt-get update
apt-get install -y git
name: ${{ matrix.name }}
runs-on: ubuntu-latest
container:
image: ${{ matrix.image }}
# An empty string isn't valid, so a dummy --label option is always
# added.
options: --label ostree ${{ matrix.container-options }}
# make sure tests are performed on a non-overlayfs filesystem
volumes:
- tmp_dir:/test-tmp
env:
TEST_TMPDIR: /test-tmp
steps:
- name: Pre-checkout setup
run: ${{ matrix.pre-checkout-setup }}
if: ${{ matrix.pre-checkout-setup }}
- name: Checkout repository
uses: actions/checkout@v2
with:
submodules: true
- name: Install dependencies
run: ./ci/gh-install.sh ${{ matrix.extra-packages }}
- name: Add non-root user
run: "useradd builder && chown -R -h builder: . $TEST_TMPDIR"
- name: Build and test
run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }}
env:
# GitHub hosted runners currently have 2 CPUs, so run 2
# parallel make jobs.
#
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
MAKEFLAGS: -j2
|
