Add more integration tests #2159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ubuntu | |
on: [push, pull_request, workflow_dispatch] | |
jobs: | |
check: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Run basic profile linter check | |
run: | | |
make check | |
build: | |
runs-on: ${{ matrix.os }} | |
needs: check | |
strategy: | |
matrix: | |
os: | |
- ubuntu-24.04 | |
# - ubuntu-22.04 | |
mode: | |
- default | |
# - full-system-policy | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Build dependencies | |
run: | | |
sudo apt-get update -q | |
sudo apt-get install -y \ | |
devscripts debhelper config-package-dev \ | |
auditd apparmor-profiles apparmor-utils | |
sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real | |
- name: Build the apparmor.d package | |
run: | | |
if [[ ${{ matrix.mode }} == full-system-policy ]]; then | |
echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules | |
fi | |
bash dists/build.sh dpkg | |
- name: Install apparmor.d | |
run: sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true | |
- name: Reload AppArmor | |
run: | | |
sudo systemctl restart apparmor.service || true | |
sudo systemctl status apparmor.service | |
- name: Ensure compatibility with some AppArmor userspace tools | |
if: matrix.os != 'ubuntu-24.04' | |
run: | | |
sudo aa-enforce /etc/apparmor.d/aa-notify | |
- name: Show AppArmor log and rules | |
run: | | |
sudo aa-log | |
sudo aa-log -s | |
sudo aa-log -r | |
- name: Show Number of loaded profile | |
run: sudo aa-status --profiled | |
- name: Cache the build package | |
if: matrix.mode == 'default' && matrix.os == 'ubuntu-24.04' | |
uses: actions/cache/save@v4 | |
with: | |
path: .pkg/apparmor.d_*_amd64.deb | |
key: ${{ matrix.os }}-${{ matrix.mode }}-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }} | |
tests: | |
runs-on: ubuntu-24.04 | |
needs: build | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Restore the cached build package | |
uses: actions/cache/restore@v4 | |
with: | |
fail-on-cache-miss: true | |
path: .pkg/apparmor.d_*_amd64.deb | |
key: ubuntu-24.04-default-${{ hashFiles('.pkg/apparmor.d_*_amd64.deb') }} | |
restore-keys: | | |
ubuntu-24.04-default- | |
- name: Install Tests dependencies | |
run: | | |
sudo apt-get update -q | |
sudo apt-get install -y \ | |
apparmor-profiles apparmor-utils \ | |
bats bats-support | |
- name: Install apparmor.d | |
run: | | |
sudo install -Dm0644 tests/github.local /etc/apparmor.d/tunables/global.d/github.local | |
sudo dpkg --install .pkg/apparmor.d_*_amd64.deb || true | |
sudo systemctl restart apparmor.service | |
- name: "Github Action: restart services to ensure they are confined" | |
run: | | |
sudo ps auxZ | grep -v '\[.*\]' | |
sudo aa-log -s --raw | |
services=( | |
containerd | |
cron | |
dockerd | |
ModemManager | |
multipathd | |
networkd-dispatcher | |
packagekit | |
polkit | |
snapd | |
systemd-hostnamed | |
systemd-logind | |
systemd-networkd | |
systemd-resolved | |
systemd-udevd | |
udisks2 | |
) | |
for service in "${services[@]}"; do | |
sudo systemctl restart "$service" || true | |
sudo systemctl status "$service.service" || true | |
done | |
sudo ps auxZ | grep -v '\[.*\]' | |
sudo aa-log -s --raw | |
- name: "Github Action: install integration dependencies" | |
run: | | |
bash tests/requirements.sh | |
echo "AFTER RQRMT & RESTART" | |
sudo ps auxZ | grep -v '\[.*\]' | |
sudo aa-log -s --raw | |
- name: Run the bats integration tests | |
run: | | |
make bats | |
- name: Show final AppArmor logs | |
if: always() | |
run: | | |
sudo ps auxZ | grep -v '\[.*\]' | |
sudo aa-log -s --raw |