-
Notifications
You must be signed in to change notification settings - Fork 11
122 lines (120 loc) · 3.85 KB
/
e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: e2e
on:
push:
branches:
- master
pull_request:
jobs:
e2e-image:
runs-on: ubuntu-20.04
strategy:
matrix:
base: ["fedora", "el8", "el9"]
steps:
- uses: actions/checkout@v3
- run: make ${{ matrix.base }}-image
- run: podman save --format=docker-archive -o image.tar quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
- uses: actions/upload-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: image.tar
e2e:
needs: e2e-image
runs-on: macos-12
timeout-minutes: 80
strategy:
matrix:
base: ["fedora", "el8", "el9"]
env:
RUN: ./hack/ci/run.sh
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
CONTAINER_NAME: selinuxd
TEST_OS: ${{ matrix.base }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: .
- name: Boot Virtual Machine
run: make vagrant-up
- name: Check if SELInux is enforcing
run: $RUN getenforce
- name: Check if SELInux is enabled in podman
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}}
- name: Run selinuxd
run: $RUN hack/ci/daemon-and-trace.sh
- name: Run E2E tests
run: $RUN hack/ci/e2e.sh
- name: Get logs
run: $RUN hack/ci/logs.sh
if: ${{ always() }}
- name: Fetch selinuxd logs
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- uses: actions/upload-artifact@v3
with:
name: e2e-${{ matrix.base }}-logs
path: ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- name: Stop selinuxd
run: $RUN podman stop ${{ env.CONTAINER_NAME }}
if: ${{ always() }}
- name: Wait for container to stop
run: $RUN sleep 30
- name: Fetch seccomp profile
run: $RUN cat /tmp/selinuxd-seccomp.json | python -m json.tool > selinuxd-seccomp.json
if: matrix.base == 'fedora'
- uses: actions/upload-artifact@v3
with:
name: seccomp-profile
path: selinuxd-seccomp.json
if: matrix.base == 'fedora'
- name: Fetch selinux policy
run: $RUN cat selinuxd.cil > selinuxd.cil
- uses: actions/upload-artifact@v3
with:
name: selinux-policy
path: selinuxd.cil
secure-e2e:
needs: e2e-image
runs-on: macos-12
timeout-minutes: 80
strategy:
matrix:
base: ["fedora", "el8", "el9"]
env:
RUN: ./hack/ci/run.sh
IMG: quay.io/security-profiles-operator/selinuxd-${{ matrix.base }}:latest
CONTAINER_NAME: selinuxd
TEST_OS: ${{ matrix.base }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.base }}-image-tar
path: image.tar
- name: Boot Virtual Machine
run: make vagrant-up
- name: Check if SELInux is enforcing
run: $RUN getenforce
- name: Check if SELInux is enabled in podman
run: $RUN podman info --debug -f {{.Host.Security.SELinuxEnabled}}
- name: Run selinuxd
run: $RUN hack/ci/daemon-secure.sh
- name: Run E2E tests
run: $RUN hack/ci/e2e.sh
- name: Get logs
run: $RUN hack/ci/logs.sh
if: ${{ always() }}
- name: Fetch selinuxd logs
run: $RUN cat ${{ env.CONTAINER_NAME }}.logs > ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- uses: actions/upload-artifact@v3
with:
name: e2e-${{ matrix.base }}-logs
path: ${{ env.CONTAINER_NAME }}.logs
if: ${{ always() }}
- name: Stop selinuxd
run: $RUN podman stop ${{ env.CONTAINER_NAME }}
if: ${{ always() }}