incusd/apparmor/instance: Allow all firmwares #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
- push | |
- pull_request | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
code-tests: | |
name: Code tests | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Dependency Review | |
uses: actions/dependency-review-action@v3 | |
if: github.event_name == 'pull_request' | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Install dependencies | |
run: | | |
sudo add-apt-repository ppa:ubuntu-lxc/lxc-git-master -y --no-update | |
sudo add-apt-repository ppa:cowsql/main -y --no-update | |
sudo apt-get update | |
sudo apt-get install --no-install-recommends -y \ | |
curl \ | |
gettext \ | |
git \ | |
libacl1-dev \ | |
libcap-dev \ | |
libdbus-1-dev \ | |
libcowsql-dev \ | |
liblxc-dev \ | |
lxc-templates \ | |
libseccomp-dev \ | |
libselinux-dev \ | |
libsqlite3-dev \ | |
libtool \ | |
libudev-dev \ | |
make \ | |
pkg-config \ | |
shellcheck | |
python3 -m pip install flake8 | |
- name: Download go dependencies | |
run: | | |
go mod download | |
- name: Run Incus build | |
run: | | |
make | |
- name: Run static analysis | |
run: | | |
make static-analysis | |
- name: Unit tests (all) | |
run: | | |
sudo go test ./... | |
system-tests: | |
env: | |
CGO_LDFLAGS_ALLOW: "(-Wl,-wrap,pthread_create)|(-Wl,-z,now)" | |
INCUS_SHIFTFS_DISABLE: "true" | |
INCUS_CEPH_CLUSTER: "ceph" | |
INCUS_CEPH_CEPHFS: "cephfs" | |
INCUS_CEPH_CEPHOBJECT_RADOSGW: "http://127.0.0.1" | |
INCUS_VERBOSE: "1" | |
INCUS_OFFLINE: "1" | |
INCUS_TMPFS: "1" | |
INCUS_REQUIRED_TESTS: "test_storage_buckets" | |
name: System tests | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
go: ["1.20.x"] | |
suite: ["cluster", "standalone"] | |
backend: ["dir", "btrfs", "lvm", "zfs", "ceph", "random"] | |
include: | |
- go: stable | |
suite: cluster | |
backend: dir | |
- go: stable | |
suite: standalone | |
backend: dir | |
- go: tip | |
suite: cluster | |
backend: dir | |
- go: tip | |
suite: standalone | |
backend: dir | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Go (stable) | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go }} | |
if: matrix.go != 'tip' | |
- name: Install Go (tip) | |
run: | | |
curl -sL https://storage.googleapis.com/go-build-snap/go/linux-amd64/$(git ls-remote https://github.com/golang/go.git HEAD | awk '{print $1;}').tar.gz -o gotip.tar.gz | |
ls -lah gotip.tar.gz | |
mkdir -p ~/sdk/gotip | |
tar -C ~/sdk/gotip -xzf gotip.tar.gz | |
~/sdk/gotip/bin/go version | |
echo "PATH=$HOME/go/bin:$HOME/sdk/gotip/bin/:$PATH" >> $GITHUB_ENV | |
if: matrix.go == 'tip' | |
- name: Install dependencies | |
run: | | |
set -x | |
sudo add-apt-repository ppa:ubuntu-lxc/lxc-git-master -y --no-update | |
sudo add-apt-repository ppa:cowsql/main -y --no-update | |
sudo apt-get update | |
sudo snap remove lxd --purge | |
sudo apt-get autopurge moby-containerd docker uidmap -y | |
sudo ip link delete docker0 | |
sudo nft flush ruleset | |
sudo systemctl mask lxc.service | |
sudo systemctl mask lxc-net.service | |
sudo apt-get install --no-install-recommends -y \ | |
curl \ | |
dnsutils \ | |
git \ | |
libacl1-dev \ | |
libcap-dev \ | |
libdbus-1-dev \ | |
libcowsql-dev \ | |
liblxc-dev \ | |
libseccomp-dev \ | |
libselinux-dev \ | |
libsqlite3-dev \ | |
libtool \ | |
libudev-dev \ | |
make \ | |
pkg-config\ | |
acl \ | |
attr \ | |
bind9-dnsutils \ | |
btrfs-progs \ | |
busybox-static \ | |
dnsmasq-base \ | |
gettext \ | |
jq \ | |
lxc-utils \ | |
lvm2 \ | |
nftables \ | |
quota \ | |
rsync \ | |
s3cmd \ | |
socat \ | |
sqlite3 \ | |
squashfs-tools \ | |
tar \ | |
tcl \ | |
thin-provisioning-tools \ | |
uuid-runtime \ | |
xfsprogs \ | |
xz-utils \ | |
zfsutils-linux | |
mkdir -p "$(go env GOPATH)/bin" | |
curl -sSfL https://dl.min.io/server/minio/release/linux-amd64/minio --output "$(go env GOPATH)/bin/minio" | |
chmod +x "$(go env GOPATH)/bin/minio" | |
- name: Download go dependencies | |
run: | | |
go mod download | |
- name: Run Incus build | |
run: | | |
make | |
- name: Setup MicroCeph | |
if: ${{ matrix.backend == 'ceph' }} | |
run: | | |
set -x | |
sudo apt-get install --no-install-recommends -y snapd ceph-common | |
sudo snap install microceph --edge | |
sleep 5 | |
sudo microceph cluster bootstrap | |
sudo microceph.ceph config set global osd_pool_default_size 1 | |
sudo microceph.ceph config set global mon_allow_pool_delete true | |
sudo microceph.ceph config set global osd_memory_target 939524096 | |
sudo microceph.ceph osd crush rule rm replicated_rule | |
sudo microceph.ceph osd crush rule create-replicated replicated default osd | |
for flag in nosnaptrim noscrub nobackfill norebalance norecover noscrub nodeep-scrub; do | |
sudo microceph.ceph osd set $flag | |
done | |
# Use ephemeral disk mounted on /mnt for ceph OSD. | |
# The block-devices plug doesn't allow accessing /dev/loopX devices so we make those same devices | |
# available under alternate names (/dev/sdiY) that are not used inside GitHub Action runners. | |
sudo swapoff /mnt/swapfile | |
sudo rm -f /mnt/swapfile | |
loop_file="/mnt/ceph-osd.img" | |
sudo fallocate -l 10G "${loop_file}" | |
loop_dev="$(sudo losetup --show --direct-io=on --nooverlap -f "${loop_file}")" | |
devInfo=($(sudo stat -c '%t %T' "${loop_dev}")) | |
sudo mknod -m 0660 /dev/sdia b 0x"${devInfo[0]}" 0x"${devInfo[1]}" | |
sudo microceph disk add --wipe /dev/sdia | |
sudo rm -rf /etc/ceph | |
sudo ln -s /var/snap/microceph/current/conf/ /etc/ceph | |
sudo microceph enable rgw | |
sudo microceph.ceph osd pool create cephfs_meta 32 | |
sudo microceph.ceph osd pool create cephfs_data 32 | |
sudo microceph.ceph fs new cephfs cephfs_meta cephfs_data | |
sudo microceph.ceph fs ls | |
sleep 30 | |
sudo microceph.ceph status | |
sudo rm -f /snap/bin/rbd | |
- name: "Run system tests (${{ matrix.go }}, ${{ matrix.suite }}, ${{ matrix.backend }})" | |
run: | | |
chmod +x ~ | |
echo "root:1000000:1000000000" | sudo tee /etc/subuid /etc/subgid | |
cd test | |
sudo --preserve-env=PATH,GOPATH,INCUS_VERBOSE,INCUS_BACKEND,INCUS_CEPH_CLUSTER,INCUS_CEPH_CEPHFS,INCUS_CEPH_CEPHOBJECT_RADOSGW,INCUS_OFFLINE,INCUS_SKIP_TESTS,INCUS_REQUIRED_TESTS,INCUS_SHIFTFS_DISABLE INCUS_BACKEND=${{ matrix.backend }} ./main.sh ${{ matrix.suite }} | |
client: | |
name: Client tests | |
strategy: | |
fail-fast: false | |
matrix: | |
go: | |
- 1.20.x | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go }} | |
- name: Create build directory | |
run: | | |
mkdir bin | |
- name: Build static incus | |
env: | |
CGO_ENABLED: 0 | |
run: | | |
go build -o bin ./cmd/incus | |
- name: Build static incus-migrate | |
if: runner.os == 'Linux' | |
env: | |
CGO_ENABLED: 0 | |
run: | | |
go build -o bin ./cmd/incus-migrate | |
- name: Unit tests (client) | |
env: | |
CGO_ENABLED: 0 | |
run: go test -v ./client/... | |
- name: Unit tests (incus) | |
env: | |
CGO_ENABLED: 0 | |
run: go test -v ./cmd/incus/... | |
- name: Unit tests (shared) | |
env: | |
CGO_ENABLED: 0 | |
run: go test -v ./shared/... | |
- name: Upload incus client artifacts | |
uses: actions/upload-artifact@v3 | |
continue-on-error: true | |
with: | |
name: ${{ runner.os }} | |
path: bin/ | |
documentation: | |
name: Documentation tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
sudo apt-get install aspell aspell-en | |
sudo snap install mdl | |
- name: Run markdown linter | |
run: | | |
make doc-lint | |
- name: Run spell checker | |
run: | | |
make doc-spellcheck | |
- name: Run inclusive naming checker | |
uses: get-woke/woke-action@v0 | |
with: | |
fail-on-error: true | |
woke-args: "*.md **/*.md -c https://github.com/canonical-web-and-design/Inclusive-naming/raw/main/config.yml" | |
- name: Run link checker | |
run: | | |
make doc-linkcheck | |
- name: Build docs (Sphinx) | |
run: make doc | |
- name: Print warnings (Sphinx) | |
run: if [ -s doc/.sphinx/warnings.txt ]; then cat doc/.sphinx/warnings.txt; exit 1; fi | |
- name: Upload documentation artifacts | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: documentation | |
path: doc/html |