mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-21 22:04:15 +03:00
3623f0d805
This obsoletes the "just build" on c9s flow, and actually runs though a bootc install, which exercises more of things.
296 lines
11 KiB
YAML
296 lines
11 KiB
YAML
---
|
|
name: Tests
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
codestyle:
|
|
name: "Code style"
|
|
runs-on: ubuntu-latest
|
|
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
submodules: true
|
|
# https://github.com/actions/checkout/issues/760
|
|
- name: Mark git checkout as safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
- name: Test style
|
|
run: ./ci/ci-commitmessage-submodules.sh
|
|
build-integration:
|
|
runs-on: ubuntu-latest
|
|
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Cache Dependencies
|
|
uses: Swatinem/rust-cache@ce325b60658c1b38465c06cc965b79baf32c1e72
|
|
with:
|
|
key: "integration"
|
|
- name: Build
|
|
run: cd tests/inst && cargo build --verbose --release
|
|
- name: Upload binary
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: ostree-test
|
|
path: tests/inst/target/release/ostree-test
|
|
minimal:
|
|
name: "Build - FCOS minimal"
|
|
runs-on: ubuntu-latest
|
|
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
# https://github.com/actions/checkout/issues/760
|
|
- name: Mark git checkout as safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
- name: Build
|
|
run: |
|
|
env NOCONFIGURE=1 ./autogen.sh &&
|
|
./configure --without-curl --without-soup --disable-gtk-doc --disable-man \
|
|
--disable-rust --without-libarchive --without-selinux --without-smack \
|
|
--without-openssl --without-avahi --without-libmount --disable-rofiles-fuse \
|
|
--without-libsodium &&
|
|
make
|
|
build-c:
|
|
name: "Build (Fedora)"
|
|
runs-on: ubuntu-latest
|
|
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
# https://github.com/actions/checkout/issues/760
|
|
- name: Mark git checkout as safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
- name: Build
|
|
run: |
|
|
env NOCONFIGURE=1 ./autogen.sh &&
|
|
./configure --with-curl --with-selinux --with-dracut=yesbutnoconf --with-composefs &&
|
|
make -j 4 && make install DESTDIR=$(pwd)/install && tar -c -C install --zstd -f inst.tar.zst .
|
|
- name: Upload binary
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: inst.tar.zst
|
|
path: inst.tar.zst
|
|
privtest:
|
|
name: "Privileged testing"
|
|
needs: [build-c, build-integration]
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: quay.io/fedora/fedora-coreos:testing-devel
|
|
options: "--privileged --pid=host -v /run/systemd:/run/systemd -v /:/run/host"
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
- name: Download install tree
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: inst.tar.zst
|
|
- name: Install
|
|
run: tar -C / -xvf inst.tar.zst && rm -f inst.tar.zst
|
|
- name: Download test binary
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: ostree-test
|
|
- name: Install
|
|
run: install ostree-test /usr/bin
|
|
- name: Setup
|
|
# https://github.com/ostreedev/ostree-rs-ext/issues/417
|
|
run: mkdir -p /var/tmp
|
|
- name: Integration tests (unit)
|
|
run: ostree-test
|
|
tests:
|
|
# Distro configuration matrix
|
|
#
|
|
# Each build is run in a Docker container specific to the distro.
|
|
# When adding a new distro, handle the dependency installation in
|
|
# `ci/gh-install.sh`. The matrix configuration options are:
|
|
#
|
|
# name: A friendly name to use for the job.
|
|
#
|
|
# image: The Docker image to use.
|
|
#
|
|
# container-options: Additional Docker command line options.
|
|
#
|
|
# pre-checkout-setup: Commands to run before the git repo checkout.
|
|
# If git is not in the Docker image, it must be installed here.
|
|
# Otherwise, the checkout action uses the GitHub REST API, which
|
|
# doesn't result in an actual git repo. A real git repo is
|
|
# required to checkout the submodules.
|
|
#
|
|
# extra-packages: Packages to install in addition to those in
|
|
# `ci/gh-install.sh`. This can be used to support features from
|
|
# additional `configure` options.
|
|
#
|
|
# configure-options: Options to pass to `configure`.
|
|
strategy:
|
|
# Let other configurations continue if one fails.
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
include:
|
|
# Debian builds. Currently stable and testing are tested.
|
|
# Other options would be stable-backports, oldstable,
|
|
# oldstable-backports and unstable.
|
|
#
|
|
# https://hub.docker.com/_/debian
|
|
- name: Debian Stable with sign-ed25519 and FUSE 2
|
|
image: debian:stable-slim
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
extra-packages: >-
|
|
libfuse-dev
|
|
libsodium-dev
|
|
configure-options: >-
|
|
--with-ed25519-libsodium
|
|
|
|
- name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3
|
|
image: debian:stable-slim
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
extra-packages: >-
|
|
libfuse3-dev
|
|
libsodium-dev
|
|
configure-options: >-
|
|
--with-curl
|
|
--with-ed25519-libsodium
|
|
--without-gpgme
|
|
|
|
# A 32 bit build to act as a proxy for frequently deployed 32
|
|
# bit armv7
|
|
- name: Debian Stable 32 bit
|
|
image: i386/debian:stable-slim
|
|
# This is pretty nasty. The checkout action uses an x86_64
|
|
# node binary in the container, so we need to provide an
|
|
# x86_64 ld.so and libstdc++.
|
|
pre-checkout-setup: |
|
|
dpkg --add-architecture amd64
|
|
apt-get update
|
|
apt-get install -y git libc6:amd64 libstdc++6:amd64
|
|
|
|
# A build without libsystemd support, similar to what flatpak-builder does.
|
|
- name: Debian Stable without libsystemd
|
|
image: debian:stable-slim
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
configure-options: >-
|
|
--without-libsystemd
|
|
|
|
- name: Debian Testing
|
|
image: debian:testing-slim
|
|
container-options: --security-opt seccomp=unconfined
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
extra-packages: >-
|
|
libssl-dev
|
|
configure-options: >-
|
|
--with-crypto=openssl
|
|
|
|
# A build using libsoup3. After bookworm is released, this can
|
|
# be switched to Debian Stable.
|
|
- name: Debian Testing with libsoup3
|
|
image: debian:testing-slim
|
|
container-options: --security-opt seccomp=unconfined
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
extra-packages: >-
|
|
libsoup-3.0-dev
|
|
configure-options: >-
|
|
--with-soup3
|
|
|
|
# A build using static prepareorot
|
|
- name: Debian stable + static-prepareroot
|
|
image: debian:stable-slim
|
|
container-options: --security-opt seccomp=unconfined
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
configure-options: >-
|
|
--with-static-compiler="gcc"
|
|
|
|
# Ubuntu builds. Unfortunately, when the latest release is
|
|
# also the latest LTS, latest and rolling are the same. Other
|
|
# options would be to test the previous LTS by name or to test
|
|
# the devel tag, which is the unreleased version.
|
|
#
|
|
# https://hub.docker.com/_/ubuntu
|
|
# For now, this is disabled because its glib version is too old.
|
|
# - name: Ubuntu Latest LTS
|
|
# image: ubuntu:latest
|
|
# pre-checkout-setup: |
|
|
# apt-get update
|
|
# apt-get install -y git
|
|
|
|
- name: Ubuntu Latest Release
|
|
image: ubuntu:rolling
|
|
# FIXME: The ubuntu-latest VMs are currently based on 20.04
|
|
# (focal). In focal, libseccomp2 doesn't know about the
|
|
# close_range syscall, but g_spawn_sync in impish tries to
|
|
# use close_range since it's defined in glibc. That causes
|
|
# libseccomp2 to return EPERM as it does for any unknown
|
|
# syscalls. g_spawn_sync carries on silently instead of
|
|
# falling back to other means of setting CLOEXEC on open
|
|
# FDs. Eventually it causes some tests to hang since once
|
|
# side of a pipe is never closed. Remove this when
|
|
# libseccomp2 in focal is updated or glib in impish handles
|
|
# the EPERM better.
|
|
#
|
|
# https://github.com/ostreedev/ostree/issues/2495
|
|
# https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436
|
|
container-options: --security-opt seccomp=unconfined
|
|
pre-checkout-setup: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
|
|
name: ${{ matrix.name }}
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ${{ matrix.image }}
|
|
# An empty string isn't valid, so a dummy --label option is always
|
|
# added.
|
|
options: --label ostree ${{ matrix.container-options }}
|
|
# make sure tests are performed on a non-overlayfs filesystem
|
|
volumes:
|
|
- tmp_dir:/test-tmp
|
|
env:
|
|
TEST_TMPDIR: /test-tmp
|
|
|
|
steps:
|
|
|
|
- name: Pre-checkout setup
|
|
run: ${{ matrix.pre-checkout-setup }}
|
|
if: ${{ matrix.pre-checkout-setup }}
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
with:
|
|
submodules: true
|
|
|
|
- name: Install dependencies
|
|
run: ./ci/gh-install.sh ${{ matrix.extra-packages }}
|
|
|
|
- name: Add non-root user
|
|
run: "useradd builder && chown -R -h builder: . $TEST_TMPDIR"
|
|
|
|
- name: Build and test
|
|
run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }}
|
|
env:
|
|
# GitHub hosted runners currently have 2 CPUs, so run 2
|
|
# parallel make jobs.
|
|
#
|
|
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
|
|
MAKEFLAGS: -j2
|