Skip to content

build(deps): bump github/codeql-action from 2 to 3 #226

build(deps): bump github/codeql-action from 2 to 3

build(deps): bump github/codeql-action from 2 to 3 #226

Workflow file for this run

name: e2e
on:
push:
branches:
- master
pull_request:
jobs:
e2e-image:
runs-on: ubuntu-20.04
strategy:
matrix:
base: ["fedora", "el8", "el9"]
steps:
- uses: actions/checkout@v3
- run: make ${{ matrix.base }}-image
- run: podman save --format=docker-archive -o image.tar quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
- uses: actions/upload-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: image.tar
e2e:
needs: e2e-image
runs-on: macos-12
timeout-minutes: 80
strategy:
matrix:
base: ["fedora", "el8", "el9"]
env:
RUN: ./hack/ci/run.sh
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
CONTAINER_NAME: selinuxd
TEST_OS: ${{ matrix.base }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: .
- name: Boot Virtual Machine
run: make vagrant-up
- name: Check if SELInux is enforcing
run: $RUN getenforce
- name: Check if SELInux is enabled in podman
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}}
- name: Run selinuxd
run: $RUN hack/ci/daemon-and-trace.sh
- name: Run E2E tests
run: $RUN hack/ci/e2e.sh
- name: Get logs
run: $RUN hack/ci/logs.sh
if: ${{ always() }}
- name: Fetch selinuxd logs
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- uses: actions/upload-artifact@v3
with:
name: e2e-${{ matrix.base }}-logs
path: ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- name: Stop selinuxd
run: $RUN podman stop ${{ env.CONTAINER_NAME }}
if: ${{ always() }}
- name: Wait for container to stop
run: $RUN sleep 30
- name: Fetch seccomp profile
run: $RUN cat /tmp/selinuxd-seccomp.json | python -m json.tool > selinuxd-seccomp.json
if: matrix.base == 'fedora'
- uses: actions/upload-artifact@v3
with:
name: seccomp-profile
path: selinuxd-seccomp.json
if: matrix.base == 'fedora'
- name: Fetch selinux policy
run: $RUN cat selinuxd.cil > selinuxd.cil
- uses: actions/upload-artifact@v3
with:
name: selinux-policy
path: selinuxd.cil
secure-e2e:
needs: e2e-image
runs-on: macos-12
timeout-minutes: 80
strategy:
matrix:
base: ["fedora", "el8", "el9"]
env:
RUN: ./hack/ci/run.sh
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
CONTAINER_NAME: selinuxd
TEST_OS: ${{ matrix.base }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: image.tar
- name: Boot Virtual Machine
run: make vagrant-up
- name: Check if SELInux is enforcing
run: $RUN getenforce
- name: Check if SELInux is enabled in podman
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}}
- name: Run selinuxd
run: $RUN hack/ci/daemon-secure.sh
- name: Run E2E tests
run: $RUN hack/ci/e2e.sh
- name: Get logs
run: $RUN hack/ci/logs.sh
if: ${{ always() }}
- name: Fetch selinuxd logs
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- uses: actions/upload-artifact@v3
with:
name: e2e-${{ matrix.base }}-logs
path: ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- name: Stop selinuxd
run: $RUN podman stop ${{ env.CONTAINER_NAME }}
if: ${{ always() }}