selinux/.github/workflows/run_tests.yml
Workflow config file is invalid. Please check your config file: EOF
Jason Zaman b5f01626fe ci: bump to python 3.11 in GitHub Actions
- Also drop py3.5, py3.6 since they are no longer supported in the
  github 22.04 runners

Signed-off-by: Jason Zaman <jason@perfinion.com>
2023-02-01 16:48:21 +01:00

209 lines
8.7 KiB
YAML

name: Run tests
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
compiler: [gcc, clang]
python-ruby-version:
- {python: '3.11', ruby: '3.1'}
- {python: '3.11', ruby: '3.1', other: 'test-flags-override'}
- {python: '3.11', ruby: '3.1', other: 'test-debug'}
- {python: '3.11', ruby: '3.1', other: 'linker-bfd'}
- {python: '3.11', ruby: '3.1', other: 'linker-gold'}
# Test several Python versions with the latest Ruby version
- {python: '3.10', ruby: '3.1'}
- {python: '3.9', ruby: '3.1'}
- {python: '3.8', ruby: '3.1'}
- {python: '3.7', ruby: '3.1'}
- {python: 'pypy3.7', ruby: '3.1'}
# Test several Ruby versions with the latest Python version
- {python: '3.11', ruby: '3.0'}
- {python: '3.11', ruby: '2.7'}
- {python: '3.11', ruby: '2.6'}
- {python: '3.11', ruby: '2.5'}
exclude:
- compiler: clang
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-bfd'}
- compiler: clang
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-gold'}
include:
- compiler: gcc
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'sanitizers'}
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-ruby-version.python }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-ruby-version.python }}
- name: Set up Ruby ${{ matrix.python-ruby-version.ruby }}
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.python-ruby-version.ruby }}
bundler-cache: true
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -qy --no-install-recommends \
bison \
flex \
gawk \
gettext \
libaudit-dev \
libcap-dev \
libcap-ng-dev \
libcunit1-dev \
libdbus-glib-1-dev \
libpcre2-dev \
ruby-dev \
swig \
xmlto
pip install flake8
- name: Install Clang
if: ${{ matrix.compiler == 'clang' }}
run: sudo apt-get install -qqy clang
- name: Configure the environment
run: |
DESTDIR=/tmp/destdir
echo "PYTHON=python" >> $GITHUB_ENV
echo "RUBY=ruby" >> $GITHUB_ENV
echo "DESTDIR=$DESTDIR" >> $GITHUB_ENV
CC=${{ matrix.compiler }}
if [ "${{ matrix.python-ruby-version.other }}" = "linker-bfd" ] ; then
CC="$CC -fuse-ld=bfd"
elif [ "${{ matrix.python-ruby-version.other }}" = "linker-gold" ] ; then
CC="$CC -fuse-ld=gold"
fi
# https://bugs.ruby-lang.org/issues/18616
# https://github.com/llvm/llvm-project/issues/49958
if [ "${{ matrix.compiler }}" = "clang" ] && [[ "${{ matrix.python-ruby-version.ruby }}" = 3* ]] ; then
CC="$CC -fdeclspec"
fi
echo "CC=$CC" >> $GITHUB_ENV
EXPLICIT_MAKE_VARS=
if [ "${{ matrix.python-ruby-version.other }}" = "test-flags-override" ] ; then
# Test that overriding CFLAGS, LDFLAGS and other variables works fine
EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS="
elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then
# Test hat debug build works fine
EXPLICIT_MAKE_VARS="DEBUG=1"
elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then
sanitizers='-fsanitize=address,undefined'
EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS="
echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV
echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV
else
EXPLICIT_MAKE_VARS=
fi
echo "EXPLICIT_MAKE_VARS=${EXPLICIT_MAKE_VARS}" >> $GITHUB_ENV
# Find files in order of pkgconf to be able to find Python.h
# For example with Python 3.5:
# * python is located at /opt/hostedtoolcache/Python/3.5.10/x64/bin/python
# * sys.prefix is /opt/hostedtoolcache/Python/3.5.10/x64
# * Python.h is located at /opt/hostedtoolcache/Python/3.5.10/x64/include/python3.5m/Python.h
# * python-3.5.pc is located at /opt/hostedtoolcache/Python/3.5.10/x64/lib/pkgconfig/python-3.5.pc
PYTHON_SYS_PREFIX="$(python -c 'import sys;print(sys.prefix)')"
echo "PKG_CONFIG_PATH=${PYTHON_SYS_PREFIX}/lib/pkgconfig" >> $GITHUB_ENV
if [[ "${{ matrix.python-ruby-version.python }}" = pypy* ]] ; then
# PyPy does not provide a config file for pkg-config
# libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
echo "PYINC=-I${PYTHON_SYS_PREFIX}/include" >> $GITHUB_ENV
echo "PYLIBS=-L${PYTHON_SYS_PREFIX}/bin -lpypy3-c" >> $GITHUB_ENV
fi
# Display the final environment file, for debugging purpose
cat $GITHUB_ENV
- name: Download and install refpolicy headers for sepolgen tests
run: |
curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20220520/refpolicy-2.20220520.tar.bz2
tar -xvjf refpolicy.tar.bz2
sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
sudo make -C refpolicy install-headers bare
sudo mkdir -p /etc/selinux
echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
rm -r refpolicy refpolicy.tar.bz2
- name: Display versions
run: |
echo "::group::Compiler ($CC):"
$CC --version
echo "::endgroup::"
echo "::group::Python ($(which "$PYTHON")):"
$PYTHON --version
echo "::endgroup::"
echo "::group::Ruby ($(which "$RUBY")):"
$RUBY --version
echo "::endgroup::"
- name: Run tests
run: |
echo "::group::make install"
eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k
echo "::endgroup::"
echo "::group::make install-pywrap"
eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k
echo "::endgroup::"
echo "::group::make install-rubywrap"
eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k
echo "::endgroup::"
# Now that everything is installed, run "make all" to build everything which may have not been built
echo "::group::make all"
eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k
echo "::endgroup::"
# Set up environment variables for the tests and show variables (to help debugging issues)
echo "::group::Environment variables"
. ./scripts/env_use_destdir
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
echo "PATH=$PATH"
echo "PYTHONPATH=$PYTHONPATH"
echo "RUBYLIB=$RUBYLIB"
echo "::endgroup::"
# Run tests
echo "::group::make test"
eval make test $EXPLICIT_MAKE_VARS
echo "::endgroup::"
if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then
# Test Python and Ruby wrappers
echo "::group::Test Python and Ruby wrappers"
$PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
$RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
echo "::endgroup::"
# Run Python linter, but not on the downloaded refpolicy
echo "::group::scripts/run-flake8"
./scripts/run-flake8
echo "::endgroup::"
fi
echo "::group::Test .gitignore and make clean distclean"
# Remove every installed files
rm -rf "$DESTDIR"
# Test that "git status" looks clean, or print a clear error message
git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
# Clean up everything and show which file needs to be added to "make clean"
eval make clean distclean $EXPLICIT_MAKE_VARS
git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
echo "::endgroup::"