name: Run tests on: [push, pull_request] jobs: build: runs-on: ubuntu-latest strategy: matrix: compiler: [gcc, clang] python-ruby-version: - {python: '3.12', ruby: '3.3'} - {python: '3.12', ruby: '3.3', other: 'test-flags-override'} - {python: '3.12', ruby: '3.3', other: 'test-debug'} - {python: '3.12', ruby: '3.3', other: 'linker-bfd'} - {python: '3.12', ruby: '3.3', other: 'linker-gold'} # Test several Python versions with the latest Ruby version - {python: '3.11', ruby: '3.3'} - {python: '3.10', ruby: '3.3'} - {python: '3.9', ruby: '3.3'} - {python: '3.8', ruby: '3.3'} - {python: '3.7', ruby: '3.3'} - {python: 'pypy3.7', ruby: '3.3'} # Test several Ruby versions with the latest Python version - {python: '3.12', ruby: '3.2'} - {python: '3.12', ruby: '3.1'} - {python: '3.12', ruby: '3.0'} - {python: '3.12', ruby: '2.7'} - {python: '3.12', ruby: '2.6'} - {python: '3.12', ruby: '2.5'} exclude: - compiler: clang python-ruby-version: {python: '3.12', ruby: '3.3', other: 'linker-bfd'} - compiler: clang python-ruby-version: {python: '3.12', ruby: '3.3', other: 'linker-gold'} include: - compiler: gcc python-ruby-version: {python: '3.12', ruby: '3.3', other: 'sanitizers'} steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-ruby-version.python }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-ruby-version.python }} - name: Set up Ruby ${{ matrix.python-ruby-version.ruby }} uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.python-ruby-version.ruby }} bundler-cache: true - name: Install dependencies run: | sudo apt-get update -q sudo apt-get install -qy --no-install-recommends \ bison \ flex \ gawk \ gettext \ libaudit-dev \ libcap-dev \ libcap-ng-dev \ libcunit1-dev \ libdbus-glib-1-dev \ libpcre2-dev \ ruby-dev \ swig \ xmlto pip install flake8 - name: Install Python setuptools if: matrix.python-ruby-version.python == '3.12' run: pip install setuptools - name: Install Clang if: ${{ matrix.compiler == 'clang' }} run: sudo apt-get install -qqy clang - name: Configure the environment run: | DESTDIR=/tmp/destdir echo "PYTHON=python" >> $GITHUB_ENV echo "RUBY=ruby" >> $GITHUB_ENV echo "DESTDIR=$DESTDIR" >> $GITHUB_ENV CC=${{ matrix.compiler }} if [ "${{ matrix.python-ruby-version.other }}" = "linker-bfd" ] ; then CC="$CC -fuse-ld=bfd" elif [ "${{ matrix.python-ruby-version.other }}" = "linker-gold" ] ; then CC="$CC -fuse-ld=gold" fi # https://bugs.ruby-lang.org/issues/18616 # https://github.com/llvm/llvm-project/issues/49958 if [ "${{ matrix.compiler }}" = "clang" ] && [[ "${{ matrix.python-ruby-version.ruby }}" = 3* ]] ; then CC="$CC -fdeclspec" fi echo "CC=$CC" >> $GITHUB_ENV EXPLICIT_MAKE_VARS= if [ "${{ matrix.python-ruby-version.other }}" = "test-flags-override" ] ; then # Test that overriding CFLAGS, LDFLAGS and other variables works fine EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then # Test hat debug build works fine EXPLICIT_MAKE_VARS="DEBUG=1" elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then sanitizers='-fsanitize=address,undefined' EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS=" echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV else EXPLICIT_MAKE_VARS= fi echo "EXPLICIT_MAKE_VARS=${EXPLICIT_MAKE_VARS}" >> $GITHUB_ENV # Find files in order of pkgconf to be able to find Python.h # For example with Python 3.5: # * python is located at /opt/hostedtoolcache/Python/3.5.10/x64/bin/python # * sys.prefix is /opt/hostedtoolcache/Python/3.5.10/x64 # * Python.h is located at /opt/hostedtoolcache/Python/3.5.10/x64/include/python3.5m/Python.h # * python-3.5.pc is located at /opt/hostedtoolcache/Python/3.5.10/x64/lib/pkgconfig/python-3.5.pc PYTHON_SYS_PREFIX="$(python -c 'import sys;print(sys.prefix)')" echo "PKG_CONFIG_PATH=${PYTHON_SYS_PREFIX}/lib/pkgconfig" >> $GITHUB_ENV if [[ "${{ matrix.python-ruby-version.python }}" = pypy* ]] ; then # PyPy does not provide a config file for pkg-config # libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3 echo "PYINC=-I${PYTHON_SYS_PREFIX}/include" >> $GITHUB_ENV echo "PYLIBS=-L${PYTHON_SYS_PREFIX}/bin -lpypy3-c" >> $GITHUB_ENV fi # Display the final environment file, for debugging purpose cat $GITHUB_ENV - name: Download and install refpolicy headers for sepolgen tests run: | curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20220520/refpolicy-2.20220520.tar.bz2 tar -xvjf refpolicy.tar.bz2 sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel sudo make -C refpolicy install-headers bare sudo mkdir -p /etc/selinux echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py rm -r refpolicy refpolicy.tar.bz2 - name: Display versions run: | echo "::group::Compiler ($CC):" $CC --version echo "::endgroup::" echo "::group::Python ($(which "$PYTHON")):" $PYTHON --version echo "::endgroup::" echo "::group::Ruby ($(which "$RUBY")):" $RUBY --version echo "::endgroup::" - name: Run tests run: | echo "::group::make install" eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k echo "::endgroup::" echo "::group::make install-pywrap" eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k echo "::endgroup::" echo "::group::make install-rubywrap" eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k echo "::endgroup::" # Now that everything is installed, run "make all" to build everything which may have not been built echo "::group::make all" eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k echo "::endgroup::" # Set up environment variables for the tests and show variables (to help debugging issues) echo "::group::Environment variables" . ./scripts/env_use_destdir echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" echo "PATH=$PATH" echo "PYTHONPATH=$PYTHONPATH" echo "RUBYLIB=$RUBYLIB" echo "::endgroup::" # Run tests echo "::group::make test" eval make test $EXPLICIT_MAKE_VARS echo "::endgroup::" if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then # Test Python and Ruby wrappers echo "::group::Test Python and Ruby wrappers" $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())' $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()' echo "::endgroup::" # Run Python linter, but not on the downloaded refpolicy echo "::group::scripts/run-flake8" ./scripts/run-flake8 echo "::endgroup::" fi echo "::group::Test .gitignore and make clean distclean" # Remove every installed files rm -rf "$DESTDIR" # Test that "git status" looks clean, or print a clear error message git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^') # Clean up everything and show which file needs to be added to "make clean" eval make clean distclean $EXPLICIT_MAKE_VARS git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^') echo "::endgroup::"