Switch to GitHub actions for CI actions.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito 2020-12-01 11:00:44 -05:00
parent fe29a74cad
commit e7b9598865
2 changed files with 158 additions and 139 deletions

158
.github/workflows/tests.yml vendored Normal file
View File

@ -0,0 +1,158 @@
name: Build tests
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
env:
SELINUX_USERSPACE_VERSION: checkpolicy-3.1
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# This version should be the minimum required to run the fc checker
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Install dependencies
run: |
sudo apt-get update -qq
# Install SELint from Debian testing
wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
sudo apt-get install -qqy selint
selint -V
- name: Create generated policy files
run: |
make conf
make generate
- name: Run file context checker
run: python3 -t -t -E -W error testing/check_fc_files.py
- name: Run SELint
run: |
# disable C-005 (Permissions in av rule or class declaration not ordered) for now: needs fixing
# disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
build:
runs-on: ubuntu-latest
needs: lint
strategy:
fail-fast: false
matrix:
build-opts:
- {type: standard, distro: redhat, monolithic: y, systemd: y}
- {type: standard, distro: redhat, monolithic: n, systemd: y}
- {type: standard, distro: debian, monolithic: y, systemd: y}
- {type: standard, distro: debian, monolithic: n, systemd: y}
- {type: standard, distro: gentoo, monolithic: y, systemd: n}
- {type: standard, distro: gentoo, monolithic: n, systemd: n}
- {type: mcs, distro: redhat, monolithic: y, systemd: y}
- {type: mcs, distro: redhat, monolithic: n, systemd: y}
- {type: mcs, distro: debian, monolithic: y, systemd: y}
- {type: mcs, distro: debian, monolithic: n, systemd: y}
- {type: mcs, distro: gentoo, monolithic: y, systemd: n}
- {type: mcs, distro: gentoo, monolithic: n, systemd: n}
- {type: mls, distro: redhat, monolithic: y, systemd: y}
- {type: mls, distro: redhat, monolithic: n, systemd: y}
- {type: mls, distro: debian, monolithic: y, systemd: y}
- {type: mls, distro: debian, monolithic: n, systemd: y}
- {type: mls, distro: gentoo, monolithic: y, systemd: n}
- {type: mls, distro: gentoo, monolithic: n, systemd: n}
- {type: standard, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
- {type: standard, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
- {type: standard, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
- {type: mcs, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
- {type: mcs, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
- {type: mcs, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
- {type: mls, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
- {type: mls, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
- {type: mls, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
steps:
- uses: actions/checkout@v2
# This should be the minimum required Python version to build refpolicy.
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.5
- name: Install dependencies
run: |
sudo apt-get update -qq
sudo apt-get install -qqy \
bison \
flex \
gettext \
libaudit-dev \
libbz2-dev \
libpcre3-dev \
libxml2-utils \
swig
- name: Configure environment
run: |
echo "DESTDIR=/tmp/refpolicy" >> $GITHUB_ENV
echo "PYTHON=python" >> $GITHUB_ENV
echo "TEST_TOOLCHAIN_SRC=/tmp/selinux-src" >> $GITHUB_ENV
echo "TEST_TOOLCHAIN=/tmp/selinux" >> $GITHUB_ENV
echo "TYPE=${{matrix.build-opts.type}}" >> $GITHUB_ENV
echo "DISTRO=${{matrix.build-opts.distro}}" >> $GITHUB_ENV
echo "MONOLITHIC=${{matrix.build-opts.monolithic}}" >> $GITHUB_ENV
echo "SYSTEMD=${{matrix.build-opts.systemd}}" >> $GITHUB_ENV
echo "APPS_OFF=${{matrix.build-opts.apps-off}}" >> $GITHUB_ENV
echo "WERROR=y" >> $GITHUB_ENV
- name: Build toolchain
run: |
# Download current SELinux userspace tools and libraries
git clone https://github.com/SELinuxProject/selinux.git ${TEST_TOOLCHAIN_SRC} -b ${SELINUX_USERSPACE_VERSION}
# Drop secilc to break xmlto dependence (secilc isn't used here anyway)
sed -i -e 's/secilc//' ${TEST_TOOLCHAIN_SRC}/Makefile
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
sed -i -e 's/sepolicy//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
# Drop restorecond to break glib dependence
sed -i -e 's/ restorecond//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
# Drop sandbox to break libcap-ng dependence
sed -i -e 's/ sandbox//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
# Compile and install SELinux toolchain
make OPT_SUBDIRS=semodule-utils DESTDIR=${TEST_TOOLCHAIN} -C ${TEST_TOOLCHAIN_SRC} install
- name: Build refpolicy
run: |
# Drop build.conf settings to listen to env vars
sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
make bare
make conf
make
make validate
- name: Build docs
run: |
make xml
make html
- name: Test installation
run: |
make install
make install-headers
make install-src
make install-docs
make install-appconfig

View File

@ -1,139 +0,0 @@
# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml
language: python
python: 3.5
env:
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
jobs:
fast_finish: true
include:
- python: 3.7
env: LINT=true TYPE=standard
os: linux
dist: bionic
cache:
directories:
- ${TRAVIS_BUILD_DIR}/selinux
addons:
apt:
packages:
# Install SELinux userspace utilities dependencies
- bison
- flex
- gettext
- libaudit-dev
- libbz2-dev
- libpcre3-dev
- swig
- libxml2-utils
before_install:
- lsb_release -a
- bison -V
- flex -V
- swig -version
- python3 -V
install:
- SELINUX_USERSPACE_VERSION=master
- export DESTDIR="${TRAVIS_BUILD_DIR}/selinux"
- |
if [[ "${SELINUX_USERSPACE_VERSION}" != "$(cat ${TRAVIS_BUILD_DIR}/selinux/travis.version)" ]]; then
rm -fR selinux-src
# Download current SELinux userspace tools and libraries
git clone https://github.com/SELinuxProject/selinux.git selinux-src -b ${SELINUX_USERSPACE_VERSION}
mv "selinux-${SELINUX_USERSPACE_VERSION}" selinux-src
# Drop secilc to break xmlto dependence (secilc isn't used here anyway)
sed -i -e 's/secilc//' selinux-src/Makefile
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile
# Drop restorecond to break glib dependence
sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile
# Drop sandbox to break libcap-ng dependence
sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile
# Compile and install SELinux toolchain into ~/selinux
make OPT_SUBDIRS=semodule-utils -C selinux-src install
echo "${SELINUX_USERSPACE_VERSION}" > "${TRAVIS_BUILD_DIR}/selinux/travis.version"
fi
# Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location
- export TEST_TOOLCHAIN="${TRAVIS_BUILD_DIR}/selinux"
# Drop build.conf settings to listen to env vars
- sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
- |
if [ -n "$LINT" ] ; then
# Install SELint from Debian testing
wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
sudo apt-get update -q
sudo apt-get install -y selint
selint -V
fi
script:
- echo $TYPE $DISTRO $MONOLITHIC $SYSTEMD $WERROR
- set -e
- make bare
- make conf
- |
if [ -n "$LINT" ] ; then
# Run filecontext checker
python3 -t -t -E -W error testing/check_fc_files.py
# Run SELint
# disable C-005 (Permissions in av rule or class declaration not ordered) for now: has 712 findings
# disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
exit 0
fi
- make
- make validate
- make xml
- make html
- make DESTDIR=${HOME}/tmp install
- make DESTDIR=${HOME}/tmp install-headers
- make DESTDIR=${HOME}/tmp install-src
- make DESTDIR=${HOME}/tmp install-docs
- make DESTDIR=${HOME}/tmp install-appconfig