fix unshare perms on nix #1611
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main workflow | |
on: | |
pull_request: | |
push: | |
schedule: | |
- cron: '17 14 * * *' | |
jobs: | |
dist: | |
strategy: | |
fail-fast: true | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Allow unprivileged user namespaces (for Ubuntu 24.04) | |
run: | | |
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 | |
- name: Install dependencies | |
run: | | |
sudo apt-get install util-linux expect mergerfs attr pandoc | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Check autoscan | |
run: | | |
autoscan | tee autoscan.out | |
! [ -s autoscan.out ] | |
- name: Configure and build manpage | |
run: | | |
autoconf | |
./configure | |
make dist | |
- name: Upload dist tarball | |
uses: actions/upload-artifact@v4 | |
with: | |
name: try-dist.tgz | |
path: try-*.tgz | |
test-dist: | |
needs: dist | |
strategy: | |
fail-fast: false | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Allow unprivileged user namespaces (for Ubuntu 24.04) | |
run: | | |
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 | |
- name: Install dependencies | |
run: | | |
sudo apt-get install expect mergerfs attr pandoc | |
- name: Download dist tarball | |
uses: actions/download-artifact@v4 | |
- name: Unpack tarball; configure and build utilities | |
run: | | |
tar xzf try-dist.tgz/try-*.tgz --strip-components=1 | |
rm -r try-dist.tgz | |
./configure | |
make all | |
- name: Run tests with shell fallbacks | |
run: | | |
! which try-summary | |
! which try-commit | |
scripts/run_tests.sh | |
- name: Install utilities | |
run: | | |
sudo make install | |
- name: Run tests with utilities | |
run: | | |
which try-summary | |
which try-commit | |
scripts/run_tests.sh | |
- name: Check manpage | |
run: | | |
man -w try | |
test-checkout: | |
strategy: | |
fail-fast: false | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Allow unprivileged user namespaces (for Ubuntu 24.04) | |
run: | | |
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 | |
- name: Install dependencies | |
run: | | |
sudo apt-get install expect mergerfs attr pandoc | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Configure and build utilities | |
run: | | |
autoconf | |
./configure | |
make all | |
- name: Run tests with shell fallbacks | |
run: | | |
! which try-summary | |
! which try-commit | |
scripts/run_tests.sh | |
- name: Install utilities | |
run: | | |
sudo make install | |
- name: Run tests with utilities | |
run: | | |
which try-summary | |
which try-commit | |
scripts/run_tests.sh | |
- name: Check manpage | |
run: | | |
man -w try | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Run scripts/lint.sh | |
run: scripts/lint.sh | |
trycase-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Run check_trycase.sh | |
run: scripts/check_trycase.sh | |
version-check: | |
runs-on: ubuntu-latest | |
if: github.event.pull_request.draft == false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Check version consistency (script, manpage, include) | |
run: scripts/check_version.sh | |
shellcheck: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
with: | |
ignore_paths: >- | |
completions | |
./configure | |
./install-sh | |
nix: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Allow unprivileged user namespaces (for Ubuntu 24.04) | |
run: | | |
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- name: Run tests | |
run: | | |
nix-shell --run "sh scripts/run_tests.sh symlinks summary exit_status unzip_D_flag_commit hidden_variables command_substitution reuse_problematic_sandbox toplevel-perms empty_summary merge_multiple_dirs touch_and_rm_no_flag reuse_sandbox mkdir_on_file all-commit-cases unzip_D_flag_commit_without_cleanup unzip_no_flag pipeline touch_and_rm_D_flag_commit network ignore_flag dev_urandom nonexistent_sandbox" | |
prerelease: | |
needs: | |
- test-checkout | |
- test-dist | |
- version-check | |
- lint | |
- shellcheck | |
- trycase-check | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
steps: | |
- name: Download binaries | |
uses: actions/download-artifact@v4 | |
- name: Rename tarball | |
run: | | |
mv try-dist.tgz/try-*.tgz try-latest.tgz | |
rmdir try-dist.tgz | |
- name: Deploy 'latest' release | |
uses: "marvinpinto/action-automatic-releases@latest" | |
with: | |
repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
automatic_release_tag: "latest" | |
prerelease: true | |
title: "Latest distribution tarball" | |
files: | | |
try-latest.tgz |