-
Notifications
You must be signed in to change notification settings - Fork 109
123 lines (121 loc) · 3.42 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Main
on:
push:
branches:
- master
pull_request:
branches:
- master
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
precommit:
name: pre-commit
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: setup-python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: pre-commit
uses: pre-commit/[email protected]
sast:
name: sast
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: shellcheck
uses: ./.github/actions/shellcheck
- name: shfmt
uses: ./.github/actions/shfmt
- name: checkbashisms
uses: ./.github/actions/checkbashisms
tests:
name: tests
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: unit tests
uses: ./.github/actions/bats
docker:
name: docker
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: hadolint
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
failure-threshold: error
ignore: DL3018
- name: docker
run: docker build . --tag ${{ github.event.repository.name }}:scan
- name: install dockle
run: |
VERSION=$(
curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/' \
) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
sudo dpkg -i dockle.deb && rm dockle.deb
- name: dockle
run: |
dockle --exit-code 1 --format list --ignore CIS-DI-0001 ${{ github.event.repository.name }}:scan
macos:
name: macos
runs-on: macos-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: brew bundle
run: brew bundle
- name: unit tests
run: ( cd tests ; ./runtests.bash )
- name: create wghub.conf
run: |
echo none > fwtype.txt
./easy-wg-quick
./easy-wg-quick macos_named_client
- name: dump configuration
run: head *.txt *.key *.conf
- name: dump wghub.conf
run: cat wghub.conf
- name: empty file check
run: ls *.txt *.key *.conf | xargs -tn1 test -s
- name: wg-quick up
run: sudo wg-quick up ./wghub.conf
- name: check interface
run: sudo wg show
- name: wg-quick down
run: sudo wg-quick down ./wghub.conf
ubuntu:
name: ubuntu
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- name: install wireguard
run: sudo apt install -y wireguard-tools
- name: create wghub.conf
run: |
echo none > fwtype.txt
./easy-wg-quick
./easy-wg-quick macos_named_client
- name: dump configuration
run: head *.txt *.key *.conf
- name: dump wghub.conf
run: cat wghub.conf
- name: empty file check
run: ls *.txt *.key *.conf | xargs -tn1 test -s
- name: wg-quick up
run: sudo wg-quick up ./wghub.conf
- name: check interface
run: sudo wg show
- name: wg-quick down
run: sudo wg-quick down ./wghub.conf