CI improvements #2449
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| merge_group: | |
| branches: | |
| - main | |
| jobs: | |
| e2e-tests: | |
| runs-on: ubuntu-latest | |
| env: | |
| SUDO_UNDER_TEST: ours | |
| SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
| CI: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: set up docker buildx | |
| run: docker buildx create --name builder --use | |
| - name: cache docker layers | |
| uses: actions/cache@v2 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: docker-buildx-rs-${{ github.sha }} | |
| restore-keys: docker-buildx-rs- | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "compliance-tests" | |
| workspaces: | | |
| test-framework | |
| - name: Run all E2E tests | |
| working-directory: test-framework | |
| run: cargo test -p e2e-tests | |
| - name: prevent the cache from growing too large | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| compliance-tests-og: | |
| runs-on: ubuntu-latest | |
| env: | |
| SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
| CI: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: set up docker buildx | |
| run: docker buildx create --name builder --use | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "compliance-tests" | |
| workspaces: | | |
| test-framework | |
| - name: Test sudo-test itself | |
| working-directory: test-framework | |
| run: cargo test -p sudo-test | |
| - name: Run all compliance tests against original sudo | |
| working-directory: test-framework | |
| run: cargo test -p sudo-compliance-tests -- --include-ignored | |
| - name: prevent the cache from growing too large | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| compliance-tests: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| env: | |
| SUDO_TEST_PROFRAW_DIR: /tmp/profraw | |
| SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
| CI: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: set up docker buildx | |
| run: docker buildx create --name builder --use | |
| - name: cache docker layers | |
| uses: actions/cache@v2 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: docker-buildx-rs-${{ github.sha }} | |
| restore-keys: docker-buildx-rs- | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "compliance-tests" | |
| workspaces: | | |
| test-framework | |
| - name: Run gated compliance tests against sudo-rs | |
| working-directory: test-framework | |
| env: | |
| SUDO_UNDER_TEST: ours | |
| run: cargo test -p sudo-compliance-tests | |
| - name: Check that we didn't forget to gate a passing compliance test | |
| working-directory: test-framework | |
| env: | |
| SUDO_UNDER_TEST: ours | |
| run: | | |
| tmpfile="$(mktemp)" | |
| cargo test -p sudo-compliance-tests -- --ignored | tee "$tmpfile" | |
| grep 'test result: FAILED. 0 passed' "$tmpfile" || ( echo "expected ALL tests to fail but at least one passed; the passing tests must be un-#[ignore]-d" && exit 1 ) | |
| - name: prevent the cache from growing too large | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| compliance-tests-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "compliance-tests" | |
| workspaces: | | |
| test-framework | |
| - name: clippy sudo-test | |
| working-directory: test-framework | |
| run: cargo clippy -p sudo-test --no-deps -- --deny warnings | |
| - name: clippy compliance-tests | |
| working-directory: test-framework | |
| run: cargo clippy -p sudo-compliance-tests --tests --no-deps -- --deny warnings | |
| - name: Check that all ignored tests are linked to a GH issue | |
| working-directory: test-framework/sudo-compliance-tests | |
| run: | | |
| grep -r '#\[ignore' ./src | grep -v -e '"gh' -e '"wontfix"' && echo 'found ignored tests not linked to a GitHub issue. please like them using the format #[ignore = "gh123"]' && exit 1; true | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install llvm-tools component | |
| run: rustup component add llvm-tools | |
| - name: Add cargo-llvm-cov | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-llvm-cov | |
| - name: Install dependencies | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: libpam0g-dev | |
| version: "1.0" | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "stable" | |
| - name: Build | |
| run: cargo build --workspace --all-targets --all-features --release | |
| - name: Run tests | |
| run: cargo llvm-cov --workspace --all-features --all-targets --release --lcov --output-path lcov.info | |
| - name: Upload code coverage | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: lcov.info | |
| build-and-test-minimal: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set rust nightly version | |
| run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/rustc)" >> $GITHUB_ENV | |
| - name: Install nightly rust | |
| run: | | |
| rustup set profile minimal | |
| rustup override set nightly-${{ env.NIGHTLY_VERSION }} | |
| - name: Install dependencies | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: libpam0g-dev | |
| version: "1.0" | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "nightly" | |
| - name: Update to minimal direct dependencies | |
| run: cargo update -Zdirect-minimal-versions | |
| - name: Build | |
| run: cargo build --workspace --all-targets --all-features --release | |
| - name: Run tests | |
| run: cargo test --workspace --all-features --all-targets --release | |
| build-and-test-msrv: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install rust 1.70 | |
| run: rustup override set 1.70 | |
| - name: Install dependencies | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: libpam0g-dev | |
| version: "1.0" | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "msrv" | |
| - name: Build | |
| run: cargo build --workspace --all-targets --all-features --release | |
| - name: Run tests | |
| run: cargo test --workspace --all-features --all-targets --release | |
| miri: | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set rust nightly version | |
| run: echo "NIGHTLY_VERSION=$(curl https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV | |
| - name: Install nightly rust and miri | |
| run: | | |
| rustup set profile minimal | |
| rustup override set nightly-${{ env.NIGHTLY_VERSION }} | |
| rustup component add miri | |
| - name: Install dependencies | |
| uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: libpam0g-dev | |
| version: "1.0" | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: miri | |
| - name: Run tests | |
| run: cargo miri test --workspace --all-features miri | |
| format: | |
| runs-on: ubuntu-latest | |
| env: | |
| RUSTDOCFLAGS: "-D warnings" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "stable" | |
| - name: Run rustfmt | |
| run: cargo fmt --all -- --check | |
| clippy: | |
| needs: format | |
| runs-on: ubuntu-latest | |
| env: | |
| RUSTDOCFLAGS: "-D warnings" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "stable" | |
| - name: Run clippy | |
| run: cargo clippy --no-deps --all-targets --all-features -- --deny warnings | |
| docs: | |
| needs: clippy | |
| runs-on: ubuntu-latest | |
| env: | |
| RUSTDOCFLAGS: "-D warnings" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "stable" | |
| - name: Build docs | |
| run: cargo doc --no-deps --document-private-items --all-features | |
| audit: | |
| needs: clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install cargo-audit | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-audit | |
| - name: Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "audit" | |
| - name: Run audit | |
| run: cargo audit |