Delete temporary directory when visudo is terminated #2026
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
merge_group: | |
branches: | |
- main | |
jobs: | |
e2e-tests: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_UNDER_TEST: ours | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Run all E2E tests | |
working-directory: test-framework | |
run: cargo test -p e2e-tests | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-og: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-og-${{ github.sha }} | |
restore-keys: docker-buildx-og- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Test sudo-test itself | |
working-directory: test-framework | |
run: cargo test -p sudo-test | |
- name: Run all compliance tests against original sudo | |
working-directory: test-framework | |
run: cargo test -p sudo-compliance-tests -- --include-ignored | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
env: | |
SUDO_TEST_PROFRAW_DIR: /tmp/profraw | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Run gated compliance tests against sudo-rs | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: cargo test -p sudo-compliance-tests | |
- name: Check that we didn't forget to gate a passing compliance test | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: | | |
tmpfile="$(mktemp)" | |
cargo test -p sudo-compliance-tests -- --ignored | tee "$tmpfile" | |
grep 'test result: FAILED. 0 passed' "$tmpfile" || ( echo "expected ALL tests to fail but at least one passed; the passing tests must be un-#[ignore]-d" && exit 1 ) | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: clippy sudo-test | |
working-directory: test-framework | |
run: cargo clippy -p sudo-test --no-deps -- --deny clippy::all | |
- name: clippy compliance-tests | |
working-directory: test-framework | |
run: cargo clippy -p sudo-compliance-tests --tests --no-deps -- --deny clippy::all | |
- name: Check that all ignored tests are linked to a GH issue | |
working-directory: test-framework/sudo-compliance-tests | |
run: | | |
grep -r '#\[ignore' ./src | grep -v -e '"gh' -e '"wontfix"' && echo 'found ignored tests not linked to a GitHub issue. please like them using the format #[ignore = "gh123"]' && exit 1; true | |
build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
override: true | |
components: llvm-tools | |
- name: Add cargo-llvm-cov | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-llvm-cov | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: 1.0 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Build | |
uses: actions-rs/cargo@v1 | |
with: | |
command: build | |
args: --workspace --all-targets --all-features --release | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: llvm-cov | |
args: --workspace --all-features --all-targets --release --lcov --output-path lcov.info | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
files: lcov.info | |
miri: | |
needs: build-and-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set rust nightly version | |
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly-${{ env.NIGHTLY_VERSION }} | |
override: true | |
components: miri | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: 1.0 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: miri | |
- name: Run tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: miri | |
args: test --workspace --all-features miri | |
format: | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
components: rustfmt | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Run rustfmt | |
uses: actions-rs/cargo@v1 | |
with: | |
command: fmt | |
args: --all -- --check | |
clippy: | |
needs: format | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
components: clippy | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: 1.0 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Run clippy | |
uses: actions-rs/clippy-check@v1 | |
with: | |
name: clippy-result | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --no-deps | |
docs: | |
needs: clippy | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: 1.0 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "stable" | |
- name: Build docs | |
uses: actions-rs/cargo@v1 | |
with: | |
command: doc | |
args: --no-deps --document-private-items --all-features | |
track-dependencies: | |
needs: clippy | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set rust nightly version | |
run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/rustc)" >> $GITHUB_ENV | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly-${{ env.NIGHTLY_VERSION }} | |
override: true | |
- name: Install cargo-udeps | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-udeps | |
- name: Install dependencies | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: libpam0g-dev | |
version: 1.0 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
- name: Check udeps | |
uses: actions-rs/cargo@v1 | |
with: | |
command: udeps | |
args: --workspace --all-targets | |
- uses: tweedegolf/[email protected] | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
bin: sudo | |
mainBranchName: main | |
audit: | |
needs: clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
override: true | |
- name: Install cargo-audit | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-audit | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: "audit" | |
- name: Run audit | |
uses: actions-rs/cargo@v1 | |
with: | |
command: audit |