Setup github ci for pytest tests including static analysis #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| #branches: [master] | |
| pull_request: | |
| #branches: [master] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| tox: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.11", "3.x"] | |
| upstream: ["pypi"] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Detect skipped environments | |
| id: skipenv | |
| env: | |
| UPSTREAM: ${{ matrix.upstream }} | |
| run: | | |
| set -ex | |
| case $UPSTREAM in | |
| upstream) | |
| echo 'skipenv=.*(?<!upstream)$' >> $GITHUB_OUTPUT | |
| ;; | |
| *) | |
| echo 'skipenv=.*-upstream$' >> $GITHUB_OUTPUT | |
| ;; | |
| esac | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| # Install dependencies for python-ldap | |
| sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev libssh-dev | |
| python -m pip install --upgrade pip | |
| pip install tox tox-gh | |
| - name: Prepare tox environment and install packages | |
| run: | | |
| tox --skip-env '${{ steps.skipenv.outputs.skipenv }}' --colored=yes --notest | |
| - name: Run tests | |
| run: | | |
| tox --skip-env '${{ steps.skipenv.outputs.skipenv }}' --colored=yes --skip-pkg-install | |
| system: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tag: | |
| - fedora-latest | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.x | |
| - name: Checkout sssd-test-framework repository | |
| uses: actions/checkout@v5 | |
| with: | |
| # Fetch the entire history of the repository and tags to determine | |
| # correct framework version, as it is constructed from git describe | |
| repository: sssd/sssd-test-framework | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| path: sssd-test-framework | |
| - name: Checkout sudo-tests repository | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: RedHat-SP-Security/sudo-tests | |
| path: sudo-tests | |
| - name: Setup containers | |
| uses: SSSD/sssd-ci-containers/actions/setup@master | |
| with: | |
| path: sssd-ci-containers | |
| registry: quay.io/sssd | |
| tag: ${{ matrix.tag }} | |
| override: | | |
| services: | |
| dns: | |
| restart: always | |
| image: ${REGISTRY}/ci-dns:latest | |
| container_name: dns | |
| env_file: ./env.containers | |
| volumes: | |
| - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf | |
| cap_add: | |
| - NET_RAW | |
| - NET_ADMIN | |
| - SYS_CHROOT | |
| security_opt: | |
| - apparmor=unconfined | |
| - label=disable | |
| - seccomp=unconfined | |
| networks: | |
| sssd: | |
| ipv4_address: 172.16.100.2 | |
| ipa: | |
| image: ${REGISTRY}/ci-ipa:${TAG} | |
| container_name: ipa | |
| hostname: master.ipa.test | |
| dns: 172.16.100.2 | |
| env_file: ./env.containers | |
| volumes: | |
| - ./shared:/shared:rw | |
| cap_add: | |
| - SYS_ADMIN | |
| - SYS_PTRACE | |
| - AUDIT_WRITE | |
| - AUDIT_CONTROL | |
| - SYS_CHROOT | |
| - NET_ADMIN | |
| - CAP_CHOWN | |
| - CAP_DAC_OVERRIDE | |
| - CAP_SETGID | |
| - CAP_SETUID | |
| - CAP_DAC_READ_SEARCH | |
| security_opt: | |
| - apparmor=unconfined | |
| - label=disable | |
| - seccomp=unconfined | |
| networks: | |
| sssd: | |
| ipv4_address: 172.16.100.10 | |
| ldap: | |
| image: ${REGISTRY}/ci-ldap:${TAG} | |
| container_name: ldap | |
| hostname: master.ldap.test | |
| dns: 172.16.100.2 | |
| env_file: ./env.containers | |
| volumes: | |
| - ./shared:/shared:rw | |
| cap_add: | |
| - SYS_ADMIN | |
| - SYS_PTRACE | |
| - AUDIT_WRITE | |
| - AUDIT_CONTROL | |
| - SYS_CHROOT | |
| - NET_ADMIN | |
| security_opt: | |
| - apparmor=unconfined | |
| - label=disable | |
| - seccomp=unconfined | |
| networks: | |
| sssd: | |
| ipv4_address: 172.16.100.20 | |
| client: | |
| image: ${REGISTRY}/ci-client:${TAG} | |
| container_name: client | |
| hostname: client.test | |
| dns: 172.16.100.2 | |
| env_file: ./env.containers | |
| volumes: | |
| - ./shared:/shared:rw | |
| cap_add: | |
| - SYS_ADMIN | |
| - SYS_PTRACE | |
| - NET_RAW | |
| - NET_ADMIN | |
| - AUDIT_WRITE | |
| - AUDIT_CONTROL | |
| - SYS_CHROOT | |
| - CAP_CHOWN | |
| - CAP_DAC_OVERRIDE | |
| - CAP_SETGID | |
| - CAP_SETUID | |
| - CAP_DAC_READ_SEARCH | |
| security_opt: | |
| - apparmor=unconfined | |
| - label=disable | |
| - seccomp=unconfined | |
| networks: | |
| sssd: | |
| ipv4_address: 172.16.100.40 | |
| networks: | |
| sssd: | |
| name: sssd-ci | |
| driver: bridge | |
| ipam: | |
| config: | |
| - subnet: 172.16.100.0/24 | |
| gateway: 172.16.100.1 | |
| options: | |
| driver: host-local | |
| - name: Patch the SSH configuration | |
| uses: SSSD/sssd-ci-containers/actions/exec@master | |
| with: | |
| user: root | |
| script: | | |
| #!/bin/bash | |
| test -x /usr/bin/sss_ssh_knownhosts && \ | |
| sed -e 's/GlobalKnownHostsFile/#GlobalKnownHostsFile/' \ | |
| -e 's/ProxyCommand \/usr\/bin\/sss_ssh_knownhostsproxy -p %p %h/KnownHostsCommand \/usr\/bin\/sss_ssh_knownhosts %H/' \ | |
| -i /etc/ssh/ssh_config.d/04-ipa.conf | |
| - name: Install system tests dependencies | |
| shell: bash | |
| working-directory: ./sudo-tests/pytest | |
| run: | | |
| set -ex | |
| sudo apt-get update | |
| # Install dependencies for python-ldap | |
| sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev libssh-dev | |
| # Virtualenv | |
| pip3 install virtualenv | |
| python3 -m venv .venv | |
| source .venv/bin/activate | |
| # Install system tests requirements | |
| pip3 install -r ./requirements.txt | |
| # Install yq to parse yaml files | |
| sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 | |
| sudo chmod a+x /usr/local/bin/yq | |
| - name: Install test framework | |
| shell: bash | |
| run: | | |
| set -ex | |
| source ./sudo-tests/pytest/.venv/bin/activate | |
| pip3 install ./sssd-test-framework | |
| - name: Remove ad from mhc.yaml | |
| shell: bash | |
| working-directory: ./sudo-tests/pytest | |
| run: | | |
| yq -i 'del(.domains[0].hosts.[] | select(.role == "ad"))' mhc.yaml | |
| - name: Check polarion metadata | |
| shell: bash | |
| working-directory: ./sudo-tests/pytest | |
| run: | | |
| # Run pytest in collect only mode to quickly catch issues in Polarion metadata. | |
| set -ex -o pipefail | |
| mkdir -p $GITHUB_WORKSPACE/artifacts | |
| source .venv/bin/activate | |
| pytest \ | |
| --color=yes \ | |
| --mh-config=./mhc.yaml \ | |
| --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ | |
| --polarion-config=../polarion.yaml \ | |
| --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ | |
| --collect-only . |& tee $GITHUB_WORKSPACE/pytest-collect.log | |
| - name: Run tests | |
| shell: bash | |
| working-directory: ./sudo-tests/pytest/ | |
| run: | | |
| set -ex -o pipefail | |
| mkdir -p $GITHUB_WORKSPACE/artifacts | |
| source .venv/bin/activate | |
| pytest \ | |
| --durations=0 \ | |
| --color=yes \ | |
| --show-capture=no \ | |
| --mh-config=./mhc.yaml \ | |
| --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ | |
| --polarion-config=../polarion.yaml \ | |
| --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ | |
| --output-polarion-testrun=$GITHUB_WORKSPACE/artifacts/testrun.xml \ | |
| -vvv . |& tee $GITHUB_WORKSPACE/pytest.log | |
| - name: Upload artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| if-no-files-found: ignore | |
| name: ${{ matrix.tag }}-system | |
| path: | | |
| artifacts | |
| build.log | |
| install.log | |
| pytest.log | |
| pytest-collect.log |