Bump safety from 3.2.3 to 3.2.11 #1904
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
- merge_group | |
- push | |
- pull_request | |
# Only build for latest push/PR unless it's main or release/ | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
# Run `make test` against all components but client, which is special | |
component: | |
strategy: | |
fail-fast: false | |
matrix: | |
# qubesdb-tools has no test suite because it can only usefully be tested | |
# in `securedrop-workstation`'s CI. | |
component: | |
- export | |
- keyring | |
- log | |
- proxy | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make gnupg sudo python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Setup user | |
run: | | |
# We want to run tests as a regular user, similar to Qubes VMs | |
useradd --create-home --shell /bin/bash user | |
- name: Install Rust-specific dependencies | |
run: apt-get install --yes build-essential curl libssl-dev pkg-config | |
if: ${{ matrix.component == 'proxy' }} | |
- uses: actions/checkout@v4 | |
# Install Rust, keep in sync with rust-toolchain.toml | |
- uses: dtolnay/[email protected] | |
if: ${{ matrix.component == 'proxy' }} | |
- name: Install dependencies | |
run: | | |
if [[ "${{ matrix.component }}" == "export" ]]; then | |
make -C ${{ matrix.component }} ci-install-deps | |
fi | |
sudo -u user poetry -C ${{ matrix.component }} install | |
- name: Run test | |
run: | | |
sudo chown -R user:user . | |
sudo -u user PATH=$PATH:$HOME/.cargo/bin make -C ${{ matrix.component }} test | |
# Run the various `make test-...` commands for the client. | |
# TODO: these should be consolidated into one when feasible | |
client: | |
strategy: | |
fail-fast: false | |
matrix: | |
command: | |
- test-functional | |
- test-integration | |
- test-random | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make gnupg sudo python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Setup user | |
run: | | |
# We want to run tests as a regular user, similar to Qubes VMs | |
useradd --create-home --shell /bin/bash user | |
sudo -u user bash -c "mkdir ~/Downloads" | |
- name: Install dependencies | |
run: | | |
make -C client ci-install-deps | |
sudo -u user poetry -C client install | |
- name: Run test | |
run: | | |
sudo chown -R user:user . | |
sudo -u user make -C client ${{ matrix.command }} | |
# Run the client i18n/l10n checks. | |
internationalization: | |
strategy: | |
matrix: | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
poetry -C client install | |
make -C client ci-install-deps | |
git config --global --add safe.directory '*' | |
- name: Check that source strings are updated | |
run: make -C client check-strings | |
- name: Check that translation machine objects are reproducible | |
run: make -C client verify-mo |