mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-22 05:59:58 +00:00
b5f01626fe
- Also drop py3.5, py3.6 since they are no longer supported in the github 22.04 runners Signed-off-by: Jason Zaman <jason@perfinion.com>
209 lines
8.7 KiB
YAML
209 lines
8.7 KiB
YAML
name: Run tests
|
|
|
|
on: [push, pull_request]
|
|
|
|
jobs:
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
compiler: [gcc, clang]
|
|
python-ruby-version:
|
|
- {python: '3.11', ruby: '3.1'}
|
|
- {python: '3.11', ruby: '3.1', other: 'test-flags-override'}
|
|
- {python: '3.11', ruby: '3.1', other: 'test-debug'}
|
|
- {python: '3.11', ruby: '3.1', other: 'linker-bfd'}
|
|
- {python: '3.11', ruby: '3.1', other: 'linker-gold'}
|
|
# Test several Python versions with the latest Ruby version
|
|
- {python: '3.10', ruby: '3.1'}
|
|
- {python: '3.9', ruby: '3.1'}
|
|
- {python: '3.8', ruby: '3.1'}
|
|
- {python: '3.7', ruby: '3.1'}
|
|
- {python: 'pypy3.7', ruby: '3.1'}
|
|
# Test several Ruby versions with the latest Python version
|
|
- {python: '3.11', ruby: '3.0'}
|
|
- {python: '3.11', ruby: '2.7'}
|
|
- {python: '3.11', ruby: '2.6'}
|
|
- {python: '3.11', ruby: '2.5'}
|
|
exclude:
|
|
- compiler: clang
|
|
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-bfd'}
|
|
- compiler: clang
|
|
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-gold'}
|
|
include:
|
|
- compiler: gcc
|
|
python-ruby-version: {python: '3.11', ruby: '3.1', other: 'sanitizers'}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Set up Python ${{ matrix.python-ruby-version.python }}
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: ${{ matrix.python-ruby-version.python }}
|
|
|
|
- name: Set up Ruby ${{ matrix.python-ruby-version.ruby }}
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
ruby-version: ${{ matrix.python-ruby-version.ruby }}
|
|
bundler-cache: true
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo apt-get update -q
|
|
sudo apt-get install -qy --no-install-recommends \
|
|
bison \
|
|
flex \
|
|
gawk \
|
|
gettext \
|
|
libaudit-dev \
|
|
libcap-dev \
|
|
libcap-ng-dev \
|
|
libcunit1-dev \
|
|
libdbus-glib-1-dev \
|
|
libpcre2-dev \
|
|
ruby-dev \
|
|
swig \
|
|
xmlto
|
|
|
|
pip install flake8
|
|
|
|
- name: Install Clang
|
|
if: ${{ matrix.compiler == 'clang' }}
|
|
run: sudo apt-get install -qqy clang
|
|
|
|
- name: Configure the environment
|
|
run: |
|
|
DESTDIR=/tmp/destdir
|
|
echo "PYTHON=python" >> $GITHUB_ENV
|
|
echo "RUBY=ruby" >> $GITHUB_ENV
|
|
echo "DESTDIR=$DESTDIR" >> $GITHUB_ENV
|
|
|
|
CC=${{ matrix.compiler }}
|
|
if [ "${{ matrix.python-ruby-version.other }}" = "linker-bfd" ] ; then
|
|
CC="$CC -fuse-ld=bfd"
|
|
elif [ "${{ matrix.python-ruby-version.other }}" = "linker-gold" ] ; then
|
|
CC="$CC -fuse-ld=gold"
|
|
fi
|
|
# https://bugs.ruby-lang.org/issues/18616
|
|
# https://github.com/llvm/llvm-project/issues/49958
|
|
if [ "${{ matrix.compiler }}" = "clang" ] && [[ "${{ matrix.python-ruby-version.ruby }}" = 3* ]] ; then
|
|
CC="$CC -fdeclspec"
|
|
fi
|
|
echo "CC=$CC" >> $GITHUB_ENV
|
|
|
|
EXPLICIT_MAKE_VARS=
|
|
if [ "${{ matrix.python-ruby-version.other }}" = "test-flags-override" ] ; then
|
|
# Test that overriding CFLAGS, LDFLAGS and other variables works fine
|
|
EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS="
|
|
elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then
|
|
# Test hat debug build works fine
|
|
EXPLICIT_MAKE_VARS="DEBUG=1"
|
|
elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then
|
|
sanitizers='-fsanitize=address,undefined'
|
|
EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS="
|
|
echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV
|
|
echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV
|
|
else
|
|
EXPLICIT_MAKE_VARS=
|
|
fi
|
|
echo "EXPLICIT_MAKE_VARS=${EXPLICIT_MAKE_VARS}" >> $GITHUB_ENV
|
|
|
|
# Find files in order of pkgconf to be able to find Python.h
|
|
# For example with Python 3.5:
|
|
# * python is located at /opt/hostedtoolcache/Python/3.5.10/x64/bin/python
|
|
# * sys.prefix is /opt/hostedtoolcache/Python/3.5.10/x64
|
|
# * Python.h is located at /opt/hostedtoolcache/Python/3.5.10/x64/include/python3.5m/Python.h
|
|
# * python-3.5.pc is located at /opt/hostedtoolcache/Python/3.5.10/x64/lib/pkgconfig/python-3.5.pc
|
|
PYTHON_SYS_PREFIX="$(python -c 'import sys;print(sys.prefix)')"
|
|
echo "PKG_CONFIG_PATH=${PYTHON_SYS_PREFIX}/lib/pkgconfig" >> $GITHUB_ENV
|
|
|
|
if [[ "${{ matrix.python-ruby-version.python }}" = pypy* ]] ; then
|
|
# PyPy does not provide a config file for pkg-config
|
|
# libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
|
|
echo "PYINC=-I${PYTHON_SYS_PREFIX}/include" >> $GITHUB_ENV
|
|
echo "PYLIBS=-L${PYTHON_SYS_PREFIX}/bin -lpypy3-c" >> $GITHUB_ENV
|
|
fi
|
|
|
|
# Display the final environment file, for debugging purpose
|
|
cat $GITHUB_ENV
|
|
|
|
- name: Download and install refpolicy headers for sepolgen tests
|
|
run: |
|
|
curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20220520/refpolicy-2.20220520.tar.bz2
|
|
tar -xvjf refpolicy.tar.bz2
|
|
sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
|
|
sudo make -C refpolicy install-headers bare
|
|
sudo mkdir -p /etc/selinux
|
|
echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
|
|
echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
|
|
sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
|
|
rm -r refpolicy refpolicy.tar.bz2
|
|
|
|
- name: Display versions
|
|
run: |
|
|
echo "::group::Compiler ($CC):"
|
|
$CC --version
|
|
echo "::endgroup::"
|
|
echo "::group::Python ($(which "$PYTHON")):"
|
|
$PYTHON --version
|
|
echo "::endgroup::"
|
|
echo "::group::Ruby ($(which "$RUBY")):"
|
|
$RUBY --version
|
|
echo "::endgroup::"
|
|
|
|
- name: Run tests
|
|
run: |
|
|
echo "::group::make install"
|
|
eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k
|
|
echo "::endgroup::"
|
|
echo "::group::make install-pywrap"
|
|
eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k
|
|
echo "::endgroup::"
|
|
echo "::group::make install-rubywrap"
|
|
eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k
|
|
echo "::endgroup::"
|
|
|
|
# Now that everything is installed, run "make all" to build everything which may have not been built
|
|
echo "::group::make all"
|
|
eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k
|
|
echo "::endgroup::"
|
|
|
|
# Set up environment variables for the tests and show variables (to help debugging issues)
|
|
echo "::group::Environment variables"
|
|
. ./scripts/env_use_destdir
|
|
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
|
|
echo "PATH=$PATH"
|
|
echo "PYTHONPATH=$PYTHONPATH"
|
|
echo "RUBYLIB=$RUBYLIB"
|
|
echo "::endgroup::"
|
|
|
|
# Run tests
|
|
echo "::group::make test"
|
|
eval make test $EXPLICIT_MAKE_VARS
|
|
echo "::endgroup::"
|
|
|
|
if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then
|
|
# Test Python and Ruby wrappers
|
|
echo "::group::Test Python and Ruby wrappers"
|
|
$PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
|
|
$RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
|
|
echo "::endgroup::"
|
|
|
|
# Run Python linter, but not on the downloaded refpolicy
|
|
echo "::group::scripts/run-flake8"
|
|
./scripts/run-flake8
|
|
echo "::endgroup::"
|
|
fi
|
|
|
|
echo "::group::Test .gitignore and make clean distclean"
|
|
# Remove every installed files
|
|
rm -rf "$DESTDIR"
|
|
# Test that "git status" looks clean, or print a clear error message
|
|
git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
|
|
# Clean up everything and show which file needs to be added to "make clean"
|
|
eval make clean distclean $EXPLICIT_MAKE_VARS
|
|
git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
|
|
echo "::endgroup::"
|