Skip to content

Merge pull request #792 from memorysafety/refactor-su-cli #2249

Merge pull request #792 from memorysafety/refactor-su-cli

Merge pull request #792 from memorysafety/refactor-su-cli #2249

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main
merge_group:
branches:
- main
jobs:
e2e-tests:
runs-on: ubuntu-latest
env:
SUDO_UNDER_TEST: ours
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1
CI: true
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: set up docker buildx
run: docker buildx create --name builder --use
- name: cache docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: docker-buildx-rs-${{ github.sha }}
restore-keys: docker-buildx-rs-
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "compliance-tests"
workspaces: |
test-framework
- name: Run all E2E tests
working-directory: test-framework
run: cargo test -p e2e-tests
- name: prevent the cache from growing too large
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
compliance-tests-og:
runs-on: ubuntu-latest
env:
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1
CI: true
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: set up docker buildx
run: docker buildx create --name builder --use
- name: cache docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: docker-buildx-og-${{ github.sha }}
restore-keys: docker-buildx-og-
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "compliance-tests"
workspaces: |
test-framework
- name: Test sudo-test itself
working-directory: test-framework
run: cargo test -p sudo-test
- name: Run all compliance tests against original sudo
working-directory: test-framework
run: cargo test -p sudo-compliance-tests -- --include-ignored
- name: prevent the cache from growing too large
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
compliance-tests:
runs-on: ubuntu-latest
timeout-minutes: 20
env:
SUDO_TEST_PROFRAW_DIR: /tmp/profraw
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1
CI: true
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: set up docker buildx
run: docker buildx create --name builder --use
- name: cache docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: docker-buildx-rs-${{ github.sha }}
restore-keys: docker-buildx-rs-
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "compliance-tests"
workspaces: |
test-framework
- name: Run gated compliance tests against sudo-rs
working-directory: test-framework
env:
SUDO_UNDER_TEST: ours
run: cargo test -p sudo-compliance-tests
- name: Check that we didn't forget to gate a passing compliance test
working-directory: test-framework
env:
SUDO_UNDER_TEST: ours
run: |
tmpfile="$(mktemp)"
cargo test -p sudo-compliance-tests -- --ignored | tee "$tmpfile"
grep 'test result: FAILED. 0 passed' "$tmpfile" || ( echo "expected ALL tests to fail but at least one passed; the passing tests must be un-#[ignore]-d" && exit 1 )
- name: prevent the cache from growing too large
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
compliance-tests-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "compliance-tests"
workspaces: |
test-framework
- name: clippy sudo-test
working-directory: test-framework
run: cargo clippy -p sudo-test --no-deps -- --deny warnings
- name: clippy compliance-tests
working-directory: test-framework
run: cargo clippy -p sudo-compliance-tests --tests --no-deps -- --deny warnings
- name: Check that all ignored tests are linked to a GH issue
working-directory: test-framework/sudo-compliance-tests
run: |
grep -r '#\[ignore' ./src | grep -v -e '"gh' -e '"wontfix"' && echo 'found ignored tests not linked to a GitHub issue. please like them using the format #[ignore = "gh123"]' && exit 1; true
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: llvm-tools
- name: Add cargo-llvm-cov
uses: taiki-e/install-action@v2
with:
tool: cargo-llvm-cov
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "stable"
- name: Build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --all-targets --all-features --release
- name: Run tests
uses: actions-rs/cargo@v1
with:
command: llvm-cov
args: --workspace --all-features --all-targets --release --lcov --output-path lcov.info
- name: Upload code coverage
uses: codecov/codecov-action@v3
with:
files: lcov.info
build-and-test-minimal:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set rust nightly version
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/rustc)" >> $GITHUB_ENV
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly-${{ env.NIGHTLY_VERSION }}
override: true
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "nightly"
- name: Update to minimal direct dependencies
uses: actions-rs/cargo@v1
with:
command: update
args: -Zdirect-minimal-versions
- name: Build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --all-targets --all-features --release
- name: Run tests
uses: actions-rs/cargo@v1
with:
command: test
args: --workspace --all-features --all-targets --release
build-and-test-msrv:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: "1.70"
override: true
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "msrv"
- name: Build
uses: actions-rs/cargo@v1
with:
command: build
args: --workspace --all-targets --all-features --release
- name: Run tests
uses: actions-rs/cargo@v1
with:
command: test
args: --workspace --all-features --all-targets --release
miri:
needs: build-and-test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set rust nightly version
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly-${{ env.NIGHTLY_VERSION }}
override: true
components: miri
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: miri
- name: Run tests
uses: actions-rs/cargo@v1
with:
command: miri
args: test --workspace --all-features miri
format:
runs-on: ubuntu-latest
env:
RUSTDOCFLAGS: "-D warnings"
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "stable"
- name: Run rustfmt
uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
clippy:
needs: format
runs-on: ubuntu-latest
env:
RUSTDOCFLAGS: "-D warnings"
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: clippy
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "stable"
- name: Run clippy
uses: actions-rs/clippy-check@v1
with:
name: clippy-result
token: ${{ secrets.GITHUB_TOKEN }}
args: --no-deps -- --deny warnings
docs:
needs: clippy
runs-on: ubuntu-latest
env:
RUSTDOCFLAGS: "-D warnings"
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Install dependencies
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libpam0g-dev
version: "1.0"
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "stable"
- name: Build docs
uses: actions-rs/cargo@v1
with:
command: doc
args: --no-deps --document-private-items --all-features
audit:
needs: clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Install cargo-audit
uses: taiki-e/install-action@v2
with:
tool: cargo-audit
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: "audit"
- name: Run audit
uses: actions-rs/cargo@v1
with:
command: audit