Merge pull request #792 from memorysafety/refactor-su-cli #2249
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
merge_group: | |
branches: | |
- main | |
jobs: | |
e2e-tests: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_UNDER_TEST: ours | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Run all E2E tests | |
working-directory: test-framework | |
run: cargo test -p e2e-tests | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-og: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-og-${{ github.sha }} | |
restore-keys: docker-buildx-og- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Test sudo-test itself | |
working-directory: test-framework | |
run: cargo test -p sudo-test | |
- name: Run all compliance tests against original sudo | |
working-directory: test-framework | |
run: cargo test -p sudo-compliance-tests -- --include-ignored | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
env: | |
SUDO_TEST_PROFRAW_DIR: /tmp/profraw | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Run gated compliance tests against sudo-rs | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: cargo test -p sudo-compliance-tests | |
- name: Check that we didn't forget to gate a passing compliance test | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: | | |
tmpfile="$(mktemp)" | |
cargo test -p sudo-compliance-tests -- --ignored | tee "$tmpfile" | |
grep 'test result: FAILED. 0 passed' "$tmpfile" || ( echo "expected ALL tests to fail but at least one passed; the passing tests must be un-#[ignore]-d" && exit 1 ) | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: clippy sudo-test | |
working-directory: test-framework | |
run: cargo clippy -p sudo-test --no-deps -- --deny warnings | |
- name: clippy compliance-tests | |
working-directory: test-framework | |
run: cargo clippy -p sudo-compliance-tests --tests --no-deps -- --deny warnings | |
- name: Check that all ignored tests are linked to a GH issue | |
working-directory: test-framework/sudo-compliance-tests | |
run: | | |
grep -r '#\[ignore' ./src | grep -v -e '"gh' -e '"wontfix"' && echo 'found ignored tests not linked to a GitHub issue. please like them using the format #[ignore = "gh123"]' && exit 1; true | |
build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
components: llvm-tools | |
- name: Add cargo-llvm-cov | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-llvm-cov | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Build | |
uses: actions-rs/cargo@v1 | |
with: | |
command: build | |
args: --workspace --all-targets --all-features --release | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: llvm-cov | |
args: --workspace --all-features --all-targets --release --lcov --output-path lcov.info | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: lcov.info | |
build-and-test-minimal: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set rust nightly version | |
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/rustc)" >> $GITHUB_ENV | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly-${{ env.NIGHTLY_VERSION }} | |
override: true | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "nightly" | |
- name: Update to minimal direct dependencies | |
uses: actions-rs/cargo@v1 | |
with: | |
command: update | |
args: -Zdirect-minimal-versions | |
- name: Build | |
uses: actions-rs/cargo@v1 | |
with: | |
command: build | |
args: --workspace --all-targets --all-features --release | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: test | |
args: --workspace --all-features --all-targets --release | |
build-and-test-msrv: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: "1.70" | |
override: true | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "msrv" | |
- name: Build | |
uses: actions-rs/cargo@v1 | |
with: | |
command: build | |
args: --workspace --all-targets --all-features --release | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: test | |
args: --workspace --all-features --all-targets --release | |
miri: | |
needs: build-and-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set rust nightly version | |
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly-${{ env.NIGHTLY_VERSION }} | |
override: true | |
components: miri | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: miri | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: miri | |
args: test --workspace --all-features miri | |
format: | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
components: rustfmt | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Run rustfmt | |
uses: actions-rs/cargo@v1 | |
with: | |
command: fmt | |
args: --all -- --check | |
clippy: | |
needs: format | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
components: clippy | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Run clippy | |
uses: actions-rs/clippy-check@v1 | |
with: | |
name: clippy-result | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --no-deps -- --deny warnings | |
docs: | |
needs: clippy | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: "1.0" | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Build docs | |
uses: actions-rs/cargo@v1 | |
with: | |
command: doc | |
args: --no-deps --document-private-items --all-features | |
audit: | |
needs: clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- name: Install cargo-audit | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-audit | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "audit" | |
- name: Run audit | |
uses: actions-rs/cargo@v1 | |
with: | |
command: audit |