Switch to GitHub actions for CI actions.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-12-01 11:00:44 -05:00 · 2020-12-01 11:00:44 -05:00 · e7b9598865
parent fe29a74cad
commit e7b9598865
2 changed files with 158 additions and 139 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -0,0 +1,158 @@
+name: Build tests
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+env:
+  SELINUX_USERSPACE_VERSION: checkpolicy-3.1
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    # This version should be the minimum required to run the fc checker
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.7
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update -qq
+
+        # Install SELint from Debian testing
+        wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
+        sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
+        sudo apt-get install -qqy selint
+        selint -V
+
+    - name: Create generated policy files
+      run: |
+        make conf
+        make generate
+
+    - name: Run file context checker
+      run: python3 -t -t -E -W error testing/check_fc_files.py
+
+    - name: Run SELint
+      run: |
+        # disable C-005 (Permissions in av rule or class declaration not ordered) for now: needs fixing
+        # disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
+        selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
+
+  build:
+    runs-on: ubuntu-latest
+
+    needs: lint
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        build-opts:
+          - {type: standard, distro: redhat, monolithic: y, systemd: y}
+          - {type: standard, distro: redhat, monolithic: n, systemd: y}
+          - {type: standard, distro: debian, monolithic: y, systemd: y}
+          - {type: standard, distro: debian, monolithic: n, systemd: y}
+          - {type: standard, distro: gentoo, monolithic: y, systemd: n}
+          - {type: standard, distro: gentoo, monolithic: n, systemd: n}
+          - {type: mcs, distro: redhat, monolithic: y, systemd: y}
+          - {type: mcs, distro: redhat, monolithic: n, systemd: y}
+          - {type: mcs, distro: debian, monolithic: y, systemd: y}
+          - {type: mcs, distro: debian, monolithic: n, systemd: y}
+          - {type: mcs, distro: gentoo, monolithic: y, systemd: n}
+          - {type: mcs, distro: gentoo, monolithic: n, systemd: n}
+          - {type: mls, distro: redhat, monolithic: y, systemd: y}
+          - {type: mls, distro: redhat, monolithic: n, systemd: y}
+          - {type: mls, distro: debian, monolithic: y, systemd: y}
+          - {type: mls, distro: debian, monolithic: n, systemd: y}
+          - {type: mls, distro: gentoo, monolithic: y, systemd: n}
+          - {type: mls, distro: gentoo, monolithic: n, systemd: n}
+          - {type: standard, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: standard, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: standard, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
+          - {type: mcs, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: mcs, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: mcs, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
+          - {type: mls, distro: redhat, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: mls, distro: debian, monolithic: y, systemd: y, apps-off: unconfined}
+          - {type: mls, distro: gentoo, monolithic: y, systemd: n, apps-off: unconfined}
+  
+    steps:
+    - uses: actions/checkout@v2
+
+    # This should be the minimum required Python version to build refpolicy.
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.5
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update -qq
+        sudo apt-get install -qqy \
+            bison \
+            flex \
+            gettext \
+            libaudit-dev \
+            libbz2-dev \
+            libpcre3-dev \
+            libxml2-utils \
+            swig
+
+    - name: Configure environment
+      run: |
+        echo "DESTDIR=/tmp/refpolicy" >> $GITHUB_ENV
+        echo "PYTHON=python" >> $GITHUB_ENV
+        echo "TEST_TOOLCHAIN_SRC=/tmp/selinux-src" >> $GITHUB_ENV
+        echo "TEST_TOOLCHAIN=/tmp/selinux" >> $GITHUB_ENV
+        echo "TYPE=${{matrix.build-opts.type}}" >> $GITHUB_ENV
+        echo "DISTRO=${{matrix.build-opts.distro}}" >> $GITHUB_ENV
+        echo "MONOLITHIC=${{matrix.build-opts.monolithic}}" >> $GITHUB_ENV
+        echo "SYSTEMD=${{matrix.build-opts.systemd}}" >> $GITHUB_ENV
+        echo "APPS_OFF=${{matrix.build-opts.apps-off}}" >> $GITHUB_ENV
+        echo "WERROR=y" >> $GITHUB_ENV
+
+    - name: Build toolchain
+      run: |
+        # Download current SELinux userspace tools and libraries
+        git clone https://github.com/SELinuxProject/selinux.git ${TEST_TOOLCHAIN_SRC} -b ${SELINUX_USERSPACE_VERSION}
+        # Drop secilc to break xmlto dependence (secilc isn't used here anyway)
+        sed -i -e 's/secilc//' ${TEST_TOOLCHAIN_SRC}/Makefile
+        # Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
+        sed -i -e 's/sepolicy//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
+        # Drop restorecond to break glib dependence
+        sed -i -e 's/ restorecond//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
+        # Drop sandbox to break libcap-ng dependence
+        sed -i -e 's/ sandbox//' ${TEST_TOOLCHAIN_SRC}/policycoreutils/Makefile
+        # Compile and install SELinux toolchain
+        make OPT_SUBDIRS=semodule-utils DESTDIR=${TEST_TOOLCHAIN} -C ${TEST_TOOLCHAIN_SRC} install
+
+    - name: Build refpolicy
+      run: |
+        # Drop build.conf settings to listen to env vars
+        sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
+
+        make bare
+        make conf
+        make
+        make validate
+
+    - name: Build docs
+      run: |
+        make xml
+        make html
+
+    - name: Test installation
+      run: |
+        make install
+        make install-headers
+        make install-src
+        make install-docs
+        make install-appconfig
--- a/.travis.yml
+++ b/.travis.yml
@ -1,139 +0,0 @@
-# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml
-
-language: python
-python: 3.5
-
-env:
-  - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
-  - TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
-  - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
-  - TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
-  - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
-  - TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
-  - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
-  - TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
-  - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
-  - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
-  - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
-  - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
-
-jobs:
-  fast_finish: true
-  include:
-  - python: 3.7
-    env: LINT=true TYPE=standard
-
-os: linux
-dist: bionic
-
-cache:
-  directories:
-    - ${TRAVIS_BUILD_DIR}/selinux
-
-addons:
-  apt:
-    packages:
-    # Install SELinux userspace utilities dependencies
-    - bison
-    - flex
-    - gettext
-    - libaudit-dev
-    - libbz2-dev
-    - libpcre3-dev
-    - swig
-    - libxml2-utils
-
-before_install:
-  - lsb_release -a
-  - bison -V
-  - flex -V
-  - swig -version
-  - python3 -V
-
-install:
-  - SELINUX_USERSPACE_VERSION=master
-
-  - export DESTDIR="${TRAVIS_BUILD_DIR}/selinux"
-  - |
-      if [[ "${SELINUX_USERSPACE_VERSION}" != "$(cat ${TRAVIS_BUILD_DIR}/selinux/travis.version)" ]]; then
-        rm -fR selinux-src
-
-        # Download current SELinux userspace tools and libraries
-        git clone https://github.com/SELinuxProject/selinux.git selinux-src -b ${SELINUX_USERSPACE_VERSION}
-        mv "selinux-${SELINUX_USERSPACE_VERSION}" selinux-src
-
-        # Drop secilc to break xmlto dependence (secilc isn't used here anyway)
-        sed -i -e 's/secilc//' selinux-src/Makefile
-
-        # Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
-        sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile
-
-        # Drop restorecond to break glib dependence
-        sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile
-
-        # Drop sandbox to break libcap-ng dependence
-        sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile
-
-        # Compile and install SELinux toolchain into ~/selinux
-        make OPT_SUBDIRS=semodule-utils -C selinux-src install
-        echo "${SELINUX_USERSPACE_VERSION}" > "${TRAVIS_BUILD_DIR}/selinux/travis.version"
-      fi
-
-  # Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location
-  - export TEST_TOOLCHAIN="${TRAVIS_BUILD_DIR}/selinux"
-
-  # Drop build.conf settings to listen to env vars
-  - sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
-
-  - |
-      if [ -n "$LINT" ] ; then
-        # Install SELint from Debian testing
-        wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
-        sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
-        sudo apt-get update -q
-        sudo apt-get install -y selint
-
-        selint -V
-      fi
-
-script:
-  - echo $TYPE $DISTRO $MONOLITHIC $SYSTEMD $WERROR
-  - set -e
-  - make bare
-  - make conf
-  - |
-      if [ -n "$LINT" ] ; then
-        # Run filecontext checker
-        python3 -t -t -E -W error testing/check_fc_files.py
-
-        # Run SELint
-        #   disable C-005 (Permissions in av rule or class declaration not ordered) for now: has 712 findings
-        #   disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
-        selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
-
-        exit 0
-      fi
-  - make
-  - make validate
-  - make xml
-  - make html
-  - make DESTDIR=${HOME}/tmp install
-  - make DESTDIR=${HOME}/tmp install-headers
-  - make DESTDIR=${HOME}/tmp install-src
-  - make DESTDIR=${HOME}/tmp install-docs
-  - make DESTDIR=${HOME}/tmp install-appconfig