build(deps): bump github/codeql-action from 2 to 3 #226
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: e2e | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
jobs: | |
e2e-image: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
base: ["fedora", "el8", "el9"] | |
steps: | |
- uses: actions/checkout@v3 | |
- run: make ${{ matrix.base }}-image | |
- run: podman save --format=docker-archive -o image.tar quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.base }}-image-tar | |
path: image.tar | |
e2e: | |
needs: e2e-image | |
runs-on: macos-12 | |
timeout-minutes: 80 | |
strategy: | |
matrix: | |
base: ["fedora", "el8", "el9"] | |
env: | |
RUN: ./hack/ci/run.sh | |
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest | |
CONTAINER_NAME: selinuxd | |
TEST_OS: ${{ matrix.base }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.base }}-image-tar | |
path: . | |
- name: Boot Virtual Machine | |
run: make vagrant-up | |
- name: Check if SELInux is enforcing | |
run: $RUN getenforce | |
- name: Check if SELInux is enabled in podman | |
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}} | |
- name: Run selinuxd | |
run: $RUN hack/ci/daemon-and-trace.sh | |
- name: Run E2E tests | |
run: $RUN hack/ci/e2e.sh | |
- name: Get logs | |
run: $RUN hack/ci/logs.sh | |
if: ${{ always() }} | |
- name: Fetch selinuxd logs | |
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs | |
if: ${{ always() }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: e2e-${{ matrix.base }}-logs | |
path: ${{ env.CONTAINER_NAME }}.logs | |
if: ${{ always() }} | |
- name: Stop selinuxd | |
run: $RUN podman stop ${{ env.CONTAINER_NAME }} | |
if: ${{ always() }} | |
- name: Wait for container to stop | |
run: $RUN sleep 30 | |
- name: Fetch seccomp profile | |
run: $RUN cat /tmp/selinuxd-seccomp.json | python -m json.tool > selinuxd-seccomp.json | |
if: matrix.base == 'fedora' | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: seccomp-profile | |
path: selinuxd-seccomp.json | |
if: matrix.base == 'fedora' | |
- name: Fetch selinux policy | |
run: $RUN cat selinuxd.cil > selinuxd.cil | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: selinux-policy | |
path: selinuxd.cil | |
secure-e2e: | |
needs: e2e-image | |
runs-on: macos-12 | |
timeout-minutes: 80 | |
strategy: | |
matrix: | |
base: ["fedora", "el8", "el9"] | |
env: | |
RUN: ./hack/ci/run.sh | |
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest | |
CONTAINER_NAME: selinuxd | |
TEST_OS: ${{ matrix.base }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.base }}-image-tar | |
path: image.tar | |
- name: Boot Virtual Machine | |
run: make vagrant-up | |
- name: Check if SELInux is enforcing | |
run: $RUN getenforce | |
- name: Check if SELInux is enabled in podman | |
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}} | |
- name: Run selinuxd | |
run: $RUN hack/ci/daemon-secure.sh | |
- name: Run E2E tests | |
run: $RUN hack/ci/e2e.sh | |
- name: Get logs | |
run: $RUN hack/ci/logs.sh | |
if: ${{ always() }} | |
- name: Fetch selinuxd logs | |
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs | |
if: ${{ always() }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: e2e-${{ matrix.base }}-logs | |
path: ${{ env.CONTAINER_NAME }}.logs | |
if: ${{ always() }} | |
- name: Stop selinuxd | |
run: $RUN podman stop ${{ env.CONTAINER_NAME }} | |
if: ${{ always() }} |