forked from ostreedev/ostree
-
Notifications
You must be signed in to change notification settings - Fork 0
155 lines (140 loc) · 5.51 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
---
name: Tests
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
tests:
# Distro configuration matrix
#
# Each build is run in a Docker container specific to the distro.
# When adding a new distro, handle the dependency installation in
# `ci/gh-install.sh`. The matrix configuration options are:
#
# name: A friendly name to use for the job.
#
# image: The Docker image to use.
#
# container-options: Additional Docker command line options.
#
# pre-checkout-setup: Commands to run before the git repo checkout.
# If git is not in the Docker image, it must be installed here.
# Otherwise, the checkout action uses the GitHub REST API, which
# doesn't result in an actual git repo. A real git repo is
# required to checkout the submodules.
#
# extra-packages: Packages to install in addition to those in
# `ci/gh-install.sh`. This can be used to support features from
# additional `configure` options.
#
# configure-options: Options to pass to `configure`.
strategy:
# Let other configurations continue if one fails.
fail-fast: false
matrix:
include:
# Debian builds. Currently stable and testing are tested.
# Other options would be stable-backports, oldstable,
# oldstable-backports and unstable.
#
# https://hub.docker.com/_/debian
- name: Debian Stable with sign-ed25519 and FUSE 2
image: debian:stable-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
extra-packages: >-
libfuse-dev
libsodium-dev
configure-options: >-
--with-ed25519-libsodium
- name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3
image: debian:stable-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
extra-packages: >-
libfuse3-dev
libsodium-dev
configure-options: >-
--with-curl
--with-ed25519-libsodium
--without-gpgme
# A 32 bit build to act as a proxy for frequently deployed 32
# bit armv7
- name: Debian Stable 32 bit
image: i386/debian:stable-slim
# This is pretty nasty. The checkout action uses an x86_64
# node binary in the container, so we need to provide an
# x86_64 ld.so and libstdc++.
pre-checkout-setup: |
dpkg --add-architecture amd64
apt-get update
apt-get install -y git libc6:amd64 libstdc++6:amd64
- name: Debian Testing
image: debian:testing-slim
pre-checkout-setup: |
apt-get update
apt-get install -y git
# Ubuntu builds. Unfortunately, when the latest release is
# also the latest LTS, latest and rolling are the same. Other
# options would be to test the previous LTS by name or to test
# the devel tag, which is the unreleased version.
#
# https://hub.docker.com/_/ubuntu
- name: Ubuntu Latest LTS
image: ubuntu:latest
pre-checkout-setup: |
apt-get update
apt-get install -y git
- name: Ubuntu Latest Release
image: ubuntu:rolling
# FIXME: The ubuntu-latest VMs are currently based on 20.04
# (focal). In focal, libseccomp2 doesn't know about the
# close_range syscall, but g_spawn_sync in impish tries to
# use close_range since it's defined in glibc. That causes
# libseccomp2 to return EPERM as it does for any unknown
# syscalls. g_spawn_sync carries on silently instead of
# falling back to other means of setting CLOEXEC on open
# FDs. Eventually it causes some tests to hang since once
# side of a pipe is never closed. Remove this when
# libseccomp2 in focal is updated or glib in impish handles
# the EPERM better.
#
# https://github.com/ostreedev/ostree/issues/2495
# https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436
container-options: --security-opt seccomp=unconfined
pre-checkout-setup: |
apt-get update
apt-get install -y git
name: ${{ matrix.name }}
runs-on: ubuntu-latest
container:
image: ${{ matrix.image }}
# An empty string isn't valid, so a dummy --label option is always
# added.
options: --label ostree ${{ matrix.container-options }}
steps:
- name: Pre-checkout setup
run: ${{ matrix.pre-checkout-setup }}
if: ${{ matrix.pre-checkout-setup }}
- name: Checkout repository
uses: actions/checkout@v2
with:
submodules: true
- name: Install dependencies
run: ./ci/gh-install.sh ${{ matrix.extra-packages }}
- name: Add non-root user
run: "useradd builder && chown -R -h builder: ."
- name: Build and test
run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }}
env:
# GitHub hosted runners currently have 2 CPUs, so run 2
# parallel make jobs.
#
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
MAKEFLAGS: -j2