feat: profiles and integration tests improvments. #2154
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ubuntu | |
on: [push, pull_request, workflow_dispatch] | |
jobs: | |
check: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Run basic profile linter check | |
run: | | |
make check | |
build: | |
runs-on: ${{ matrix.os }} | |
needs: check | |
strategy: | |
matrix: | |
os: | |
- ubuntu-24.04 | |
- ubuntu-22.04 | |
mode: | |
- default | |
- full-system-policy | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Build dependencies | |
run: | | |
sudo apt-get update -q | |
sudo apt-get install -y \ | |
devscripts debhelper config-package-dev \ | |
auditd apparmor-profiles apparmor-utils | |
sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real | |
- name: Build the apparmor.d package | |
run: | | |
if [[ ${{ matrix.mode }} == full-system-policy ]]; then | |
echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules | |
fi | |
bash dists/build.sh dpkg | |
- name: Install apparmor.d | |
run: sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true | |
- name: Reload AppArmor | |
run: | | |
sudo systemctl restart apparmor.service || true | |
sudo systemctl status apparmor.service | |
- name: Ensure compatibility with some AppArmor userspace tools | |
if: matrix.os != 'ubuntu-24.04' | |
run: | | |
sudo aa-enforce /etc/apparmor.d/aa-notify | |
- name: Show AppArmor log and rules | |
run: | | |
sudo aa-log | |
sudo aa-log -s | |
sudo aa-log -r | |
- name: Show Number of loaded profile | |
run: sudo aa-status --profiled | |
- name: Cache the build package | |
if: matrix.mode == 'default' && matrix.os == 'ubuntu-24.04' | |
uses: actions/cache/save@v4 | |
with: | |
path: .pkg/apparmor.d_*_amd64.deb | |
key: ${{ matrix.os }}-${{ matrix.mode }}-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }} | |
tests: | |
runs-on: ubuntu-24.04 | |
needs: build | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Restore the cached build package | |
uses: actions/cache/restore@v4 | |
with: | |
fail-on-cache-miss: true | |
path: .pkg/apparmor.d_*_amd64.deb | |
key: ubuntu-24.04-default-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }} | |
restore-keys: | | |
ubuntu-24.04-default- | |
- name: Install Tests dependencies | |
run: | | |
sudo apt-get update -q | |
sudo apt-get install -y \ | |
apparmor-profiles apparmor-utils \ | |
bats bats-support | |
- name: Install apparmor.d | |
run: | | |
sudo install -Dm0644 tests/github.local /etc/apparmor.d/tunables/global.d/github.local | |
sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true | |
sudo systemctl restart apparmor.service | |
- name: Github Action specific requirements | |
run: | | |
sudo systemctl restart ModemManager NetworkManager | |
sudo systemctl restart polkit snapd | |
sudo systemctl restart systemd-hostnamed systemd-logind | |
sudo systemctl restart packagekit udisks2 | |
bash tests/requirements.sh | |
ps auxZ | |
- name: Run the bats integration tests | |
run: | | |
make bats | |
- name: Show final AppArmor logs | |
if: always() | |
run: | | |
sudo aa-log -s --raw |