diff --git a/.github/workflows/freebsd.yml b/.github/workflows/freebsd.yml index 4ba2b147e..37e86dced 100644 --- a/.github/workflows/freebsd.yml +++ b/.github/workflows/freebsd.yml @@ -8,29 +8,56 @@ jobs: freebsd: runs-on: macos-12 name: FreeBSD + timeout-minutes: 45 if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:full') || contains(github.event.pull_request.labels.*.name, 'tests:long') || contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }} steps: - uses: actions/checkout@v4 with: persist-credentials: false - name: Functional tests under FreeBSD - uses: vmactions/freebsd-vm@v0 + uses: cross-platform-actions/action@master with: - usesh: true - sync: sshfs + operating_system: freebsd + version: '13.2' + shell: bash + sync_files: runner-to-vm run: | - set -ex + # source this to get the $SSH_DIR var properly filled + source lib/shell/functions.inc + # a few debug commands + set -exu freebsd-version - mount -o acls / - pkg install -y bash rsync ca_root_nss jq fping screen flock curl - mkdir -p /opt/bastion - rsync -a . /opt/bastion/ - /opt/bastion/bin/admin/packages-check.sh -i - /opt/bastion/bin/admin/install-ttyrec.sh -s - /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s - /opt/bastion/bin/admin/install-mkhash-helper.sh -s - /opt/bastion/bin/admin/install --new-install - ssh-keygen -t ed25519 -f id_user - ssh-keygen -t ed25519 -f id_root - WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey=$(cat id_user.pub) root_pubkey=$(cat id_root.pub) TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh + id + # to do proper tests, we need the fs to have ACLs enabled + sudo mount -o acls / + # install required packages + sudo pkg update + sudo pkg install -y bash rsync ca_root_nss jq fping screen flock curl + # create required folder + sudo mkdir -p /opt/bastion + # copy bastion code to the proper location + sudo rsync -a . /opt/bastion/ + # save default ssh config, so we can restore it when we're done, + # or the github action will fail because the post-run actions it'll + # try to do over ssh won't complete due to our modified ssh config + sudo tar czf /opt/bastion/ssh_config.tar.gz $SSH_DIR/ + # setup bastion + sudo /opt/bastion/bin/admin/packages-check.sh -i + sudo /opt/bastion/bin/admin/install-ttyrec.sh -s + sudo /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s + sudo /opt/bastion/bin/admin/install-mkhash-helper.sh -s + sudo /opt/bastion/bin/admin/install --new-install + # by default, this is 0700, but we'll run those as non-root + sudo chmod 0755 /opt/bastion/tests + # generate two sets of keys + ssh-keygen -t ed25519 -f id_user -N '' + ssh-keygen -t ed25519 -f id_root -N '' + # setup the local bastion for tests + sudo env WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey="$(cat id_user.pub)" root_pubkey="$(cat id_root.pub)" TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh + # run the tests /opt/bastion/tests/functional/launch_tests_on_instance.sh --has-mfa=0 --has-mfa-password=1 --has-pamtester=1 --skip-consistency-check --remote-etc-bastion=/usr/local/etc/bastion 127.0.0.1 22 0 user5000 id_user id_root + # restore saved ssh config + sudo tar xzf /opt/bastion/ssh_config.tar.gz -C / + # restart ssh so that the config is taken into account + sudo /etc/rc.d/sshd restart + # now, the post-run of cross-platform-actions will work diff --git a/tests/functional/tests.d/200-scripts.sh b/tests/functional/tests.d/200-scripts.sh index 293a992cd..6c7d59b77 100644 --- a/tests/functional/tests.d/200-scripts.sh +++ b/tests/functional/tests.d/200-scripts.sh @@ -58,8 +58,8 @@ testsuite_scripts() contain "50-gpg-admins-key.conf updated:" contain "50-gpg.conf updated:" contain "Parsed and added 2 keys" - contain "GPGKEYS='CF27BEC1C8266FFE EC6CEA6719EF3700'" - contain '[ "CF27BEC1C8266FFE", "EC6CEA6719EF3700" ]' + contain REGEX "GPGKEYS='(CF27BEC1C8266FFE EC6CEA6719EF3700|EC6CEA6719EF3700 CF27BEC1C8266FFE)'" + contain REGEX '("CF27BEC1C8266FFE", "EC6CEA6719EF3700"|"EC6CEA6719EF3700", "CF27BEC1C8266FFE")' nocontain "WARN:" nocontain "ERROR:" nocontain "Unexpected termination"