forked from uutils/coreutils
-
Notifications
You must be signed in to change notification settings - Fork 0
557 lines (512 loc) · 20.9 KB
/
GnuTests.yml
File metadata and controls
557 lines (512 loc) · 20.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
name: GnuTests
# spell-checker:ignore (abbrev/names) CodeCov gnulib GnuTests Swatinem
# spell-checker:ignore (jargon) submodules devel
# spell-checker:ignore (libs/utils) chksum dpkg getenforce getlimits gperf lcov libexpect limactl pyinotify setenforce shopt valgrind libattr libcap taiki-e zstd cpio
# spell-checker:ignore (options) Ccodegen Coverflow Cpanic Zpanic
# spell-checker:ignore (people) Dawid Dziurla * dawidd dtolnay
# spell-checker:ignore (vars) FILESET SUBDIRS XPASS
# spell-checker:ignore userns
# * note: to run a single test => `REPO/util/run-gnu-test.sh PATH/TO/TEST/SCRIPT`
on:
pull_request:
push:
branches:
- '*'
permissions:
contents: read
# End the current execution if there is a new changeset in the PR.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
env:
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
TEST_FULL_SUMMARY_FILE: 'gnu-full-result.json'
TEST_ROOT_FULL_SUMMARY_FILE: 'gnu-root-full-result.json'
TEST_STTY_FULL_SUMMARY_FILE: 'gnu-stty-full-result.json'
TEST_SELINUX_FULL_SUMMARY_FILE: 'selinux-gnu-full-result.json'
TEST_SELINUX_ROOT_FULL_SUMMARY_FILE: 'selinux-root-gnu-full-result.json'
TEST_SMACK_FULL_SUMMARY_FILE: 'smack-gnu-full-result.json'
jobs:
native:
name: Run GNU tests (native)
runs-on: ubuntu-24.04
steps:
#### Get the code, setup cache
- name: Checkout code (uutils)
uses: actions/checkout@v6
with:
path: 'uutils'
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: "./uutils -> target"
- name: Checkout code (GNU coreutils)
run: (mkdir -p gnu && cd gnu && bash ../uutils/util/fetch-gnu.sh)
- name: Restore files for faster configure and skipping make
uses: actions/cache@v5
id: cache-config-gnu
with:
path: |
gnu/config.cache
gnu/src/getlimits
key: ${{ runner.os }}-gnu-config-${{ hashFiles('gnu/NEWS') }}-${{ hashFiles('uutils/util/build-gnu.sh') }} # use build-gnu.sh for extremely safe caching
#### Build environment setup
- name: Install dependencies
shell: bash
run: |
## Install dependencies
sudo apt-get update
## Check that build-gnu.sh works on the non SELinux system by installing libselinux only on lima
sudo apt-get install -y gperf gdb python3-pyinotify valgrind libexpect-perl libacl1-dev libattr1-dev libcap-dev attr quilt
curl http://launchpadlibrarian.net/831710181/automake_1.18.1-3_all.deb > automake-1.18.deb
sudo dpkg -i --force-depends automake-1.18.deb
- name: Add various locales
shell: bash
run: |
## Add various locales
echo "Before:"
locale -a
## Some tests fail with 'cannot change locale (en_US.ISO-8859-1): No such file or directory'
## Some others need a French locale
sudo locale-gen
sudo locale-gen --keep-existing fr_FR
sudo locale-gen --keep-existing fr_FR.UTF-8
sudo locale-gen --keep-existing es_ES.UTF-8
sudo locale-gen --keep-existing sv_SE
sudo locale-gen --keep-existing sv_SE.UTF-8
sudo locale-gen --keep-existing en_US
sudo locale-gen --keep-existing en_US.UTF-8
sudo locale-gen --keep-existing ru_RU.KOI8-R
sudo locale-gen --keep-existing fa_IR.UTF-8 # Iran
sudo locale-gen --keep-existing am_ET.UTF-8 # Ethiopia
sudo locale-gen --keep-existing th_TH.UTF-8 # Thailand
sudo locale-gen --keep-existing zh_CN.GB18030 # China
sudo update-locale
echo "After:"
locale -a
### Build
- name: Build binaries
shell: bash
run: |
## Build binaries
cd 'uutils'
env PROFILE=release-small bash util/build-gnu.sh
- name: Save files for faster configure and skipping make
uses: actions/cache/save@v5
if: always() && steps.cache-config-gnu.outputs.cache-hit != 'true'
with:
path: |
gnu/config.cache
gnu/src/getlimits
key: ${{ runner.os }}-gnu-config-${{ hashFiles('gnu/NEWS') }}-${{ hashFiles('uutils/util/build-gnu.sh') }}
### Run tests as user
- name: Run GNU tests
shell: bash
run: |
## Use unshare
sudo sysctl -w kernel.unprivileged_userns_clone=1
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
## Run GNU tests
path_GNU='gnu'
path_UUTILS='uutils'
bash "uutils/util/run-gnu-test.sh"
- name: Extract testing info from individual logs into JSON
shell: bash
run : |
path_UUTILS='uutils'
python uutils/util/gnu-json-result.py gnu/tests > ${{ env.TEST_FULL_SUMMARY_FILE }}
### Run tests as root
- name: Run GNU root tests
shell: bash
run: |
## Run GNU root tests
path_GNU='gnu'
path_UUTILS='uutils'
bash "uutils/util/run-gnu-test.sh" run-root
- name: Extract testing info from individual logs (run as root) into JSON
shell: bash
run : |
path_UUTILS='uutils'
python uutils/util/gnu-json-result.py gnu/tests > ${{ env.TEST_ROOT_FULL_SUMMARY_FILE }}
### This shell has been changed from "bash" to this command
### "script" will start a pty and the -q command removes the "script" initiation log
### the -e flag makes it propagate the error code and -c runs the command in a pty
### the primary purpose of this change is to run the tty GNU tests
### The reason its separated from the rest of the tests is because one test can corrupt the other
### tests through the use of the shared terminal and it changes the environment that the other
### tests are run in, which can cause different results.
- name: Run GNU stty tests
shell: 'script -q -e -c "bash {0}"'
run: |
## Run GNU root tests
path_GNU='gnu'
path_UUTILS='uutils'
bash "uutils/util/run-gnu-test.sh" run-tty
- name: Extract testing info from individual logs (stty) into JSON
shell: bash
run : |
path_UUTILS='uutils'
python uutils/util/gnu-json-result.py gnu/tests > ${{ env.TEST_STTY_FULL_SUMMARY_FILE }}
### Upload artifacts
- name: Upload full json results
uses: actions/upload-artifact@v6
with:
name: gnu-full-result
path: ${{ env.TEST_FULL_SUMMARY_FILE }}
- name: Upload root json results
uses: actions/upload-artifact@v6
with:
name: gnu-root-full-result
path: ${{ env.TEST_ROOT_FULL_SUMMARY_FILE }}
- name: Upload stty json results
uses: actions/upload-artifact@v6
with:
name: gnu-stty-full-result
path: ${{ env.TEST_STTY_FULL_SUMMARY_FILE }}
- name: Compress test logs
shell: bash
run : |
# Compress logs before upload (fails otherwise)
gzip gnu/tests/*/*.log
- name: Upload test logs
uses: actions/upload-artifact@v6
with:
name: test-logs
path: |
gnu/tests/*.log
gnu/tests/*/*.log.gz
selinux:
name: Run GNU tests (SELinux)
runs-on: ubuntu-24.04
steps:
#### Get the code, setup cache
- name: Checkout code (uutils)
uses: actions/checkout@v6
with:
path: 'uutils'
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: "./uutils -> target"
- name: Checkout code (GNU coreutils)
run: (mkdir -p gnu && cd gnu && bash ../uutils/util/fetch-gnu.sh)
#### Lima build environment setup
- name: Setup Lima
uses: lima-vm/lima-actions/setup@v1
id: lima-actions-setup
- name: Cache ~/.cache/lima
uses: actions/cache@v5
with:
path: ~/.cache/lima
key: lima-${{ steps.lima-actions-setup.outputs.version }}
- name: Start Fedora VM with SELinux
run: limactl start --plain --name=default --cpus=4 --disk=40 --memory=8 --network=lima:user-v2 template:fedora
- name: Verify SELinux Status and Configuration
run: |
lima getenforce
lima ls -laZ /etc/selinux
lima sudo sestatus
# Ensure we're running in enforcing mode
lima sudo setenforce 1
lima getenforce
# Create test files with SELinux contexts for testing
lima sudo mkdir -p /var/test_selinux
lima sudo touch /var/test_selinux/test_file
lima sudo chcon -t etc_t /var/test_selinux/test_file
lima ls -Z /var/test_selinux/test_file # Verify context
- name: Install dependencies in VM
run: |
lima sudo dnf -y update
lima sudo dnf -y install autoconf bison gperf gcc gdb jq libacl-devel libattr-devel libcap-devel libselinux-devel attr rustup clang-devel automake patch quilt
lima rustup-init -y --profile=minimal --default-toolchain stable
- name: Copy the sources to VM
run: |
rsync -a -e ssh . lima-default:~/work/
### Build
- name: Build binaries
run: |
lima bash -c "cd ~/work/uutils/ && SELINUX_ENABLED=1 PROFILE=release-small bash util/build-gnu.sh"
### Run tests as user
- name: Generate SELinux tests list
run: |
# Find and list all tests that require SELinux
lima bash -c "cd ~/work/gnu/ && grep -l 'require_selinux_' -r tests/ > ~/work/uutils/selinux-tests.txt"
lima bash -c "cd ~/work/uutils/ && cat selinux-tests.txt"
# Count the tests
lima bash -c "cd ~/work/uutils/ && echo 'Found SELinux tests:'; wc -l selinux-tests.txt"
- name: Run GNU SELinux tests
run: |
lima sudo setenforce 1
lima getenforce
lima cat /proc/filesystems
lima bash -c "cd ~/work/uutils/ && bash util/run-gnu-test.sh \$(cat selinux-tests.txt)"
- name: Extract testing info from individual logs into JSON
shell: bash
run : |
lima bash -c "cd ~/work/gnu/ && python3 ../uutils/util/gnu-json-result.py tests > ~/work/${{ env.TEST_SELINUX_FULL_SUMMARY_FILE }}"
### Run tests as root
- name: Run GNU SELinux root tests
run: |
lima bash -c "cd ~/work/uutils/ && CI=1 bash util/run-gnu-test.sh run-root \$(cat selinux-tests.txt)"
- name: Extract testing info from individual logs (run as root) into JSON
shell: bash
run : |
lima bash -c "cd ~/work/gnu/ && python3 ../uutils/util/gnu-json-result.py tests > ~/work/${{ env.TEST_SELINUX_ROOT_FULL_SUMMARY_FILE }}"
### Upload artifacts
- name: Collect test logs and test results from VM
run: |
mkdir -p gnu/tests-selinux
# Copy the json output back from the Lima VM to the host
rsync -v -a -e ssh lima-default:~/work/*.json ./
# Copy the test directory now
rsync -v -a -e ssh lima-default:~/work/gnu/tests/ ./gnu/tests-selinux/
- name: Upload SELinux json results
uses: actions/upload-artifact@v6
with:
name: selinux-gnu-full-result
path: ${{ env.TEST_SELINUX_FULL_SUMMARY_FILE }}
- name: Upload SELinux root json results
uses: actions/upload-artifact@v6
with:
name: selinux-root-gnu-full-result
path: ${{ env.TEST_SELINUX_ROOT_FULL_SUMMARY_FILE }}
- name: Compress SELinux test logs
shell: bash
run : |
# Compress logs before upload (fails otherwise)
gzip gnu/tests-selinux/*/*.log
- name: Upload SELinux test logs
uses: actions/upload-artifact@v6
with:
name: selinux-test-logs
path: |
gnu/tests-selinux/*.log
gnu/tests-selinux/*/*.log.gz
smack:
name: Run GNU tests (SMACK)
runs-on: ubuntu-24.04
steps:
- name: Checkout code (uutils)
uses: actions/checkout@v6
with:
path: 'uutils'
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
- uses: Swatinem/rust-cache@v2
with:
workspaces: "./uutils -> target"
- name: Checkout code (GNU coreutils)
run: (mkdir -p gnu && cd gnu && bash ../uutils/util/fetch-gnu.sh)
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y qemu-system-x86 zstd cpio
- name: Run GNU SMACK tests
run: |
cd uutils
bash util/run-gnu-tests-smack-ci.sh "$GITHUB_WORKSPACE/gnu" "$GITHUB_WORKSPACE/gnu/tests-smack"
- name: Extract testing info into JSON
run: |
python3 uutils/util/gnu-json-result.py gnu/tests-smack > ${{ env.TEST_SMACK_FULL_SUMMARY_FILE }}
- name: Upload SMACK json results
uses: actions/upload-artifact@v6
with:
name: smack-gnu-full-result
path: ${{ env.TEST_SMACK_FULL_SUMMARY_FILE }}
- name: Compress SMACK test logs
run: gzip gnu/tests-smack/*/*.log 2>/dev/null || true
- name: Upload SMACK test logs
uses: actions/upload-artifact@v6
with:
name: smack-test-logs
path: |
gnu/tests-smack/*.log
gnu/tests-smack/*/*.log.gz
aggregate:
needs: [native, selinux, smack]
permissions:
actions: read # for dawidd6/action-download-artifact to query and download artifacts
contents: read # for actions/checkout to fetch code
pull-requests: read # for dawidd6/action-download-artifact to query commit hash
name: Aggregate GNU test results
runs-on: ubuntu-24.04
steps:
- name: Initialize workflow variables
id: vars
shell: bash
run: |
## VARs setup
outputs() { step_id="${{ github.action }}"; for var in "$@" ; do echo steps.${step_id}.outputs.${var}="${!var}"; echo "${var}=${!var}" >> $GITHUB_OUTPUT; done; }
#
TEST_SUMMARY_FILE='gnu-result.json'
AGGREGATED_SUMMARY_FILE='aggregated-result.json'
outputs TEST_SUMMARY_FILE AGGREGATED_SUMMARY_FILE
- name: Checkout code (uutils)
uses: actions/checkout@v6
with:
path: 'uutils'
persist-credentials: false
- name: Retrieve reference artifacts
uses: dawidd6/action-download-artifact@v12
# ref: <https://github.com/dawidd6/action-download-artifact>
continue-on-error: true ## don't break the build for missing reference artifacts (may be expired or just not generated yet)
with:
workflow: GnuTests.yml
branch: "${{ env.DEFAULT_BRANCH }}"
# workflow_conclusion: success ## (default); * but, if commit with failed GnuTests is merged into the default branch, future commits will all show regression errors in GnuTests CI until o/w fixed
workflow_conclusion: completed ## continually recalibrates to last commit of default branch with a successful GnuTests (ie, "self-heals" from GnuTest regressions, but needs more supervision for/of regressions)
path: "reference"
- name: Download full json results
uses: actions/download-artifact@v7
with:
name: gnu-full-result
path: results
merge-multiple: true
- name: Download root json results
uses: actions/download-artifact@v7
with:
name: gnu-root-full-result
path: results
merge-multiple: true
- name: Download stty json results
uses: actions/download-artifact@v7
with:
name: gnu-stty-full-result
path: results
merge-multiple: true
- name: Download selinux json results
uses: actions/download-artifact@v7
with:
name: selinux-gnu-full-result
path: results
merge-multiple: true
- name: Download selinux root json results
uses: actions/download-artifact@v7
with:
name: selinux-root-gnu-full-result
path: results
merge-multiple: true
- name: Download smack json results
uses: actions/download-artifact@v7
with:
name: smack-gnu-full-result
path: results
merge-multiple: true
- name: Extract/summarize testing info
id: summary
shell: bash
run: |
## Extract/summarize testing info
outputs() { step_id="${{ github.action }}"; for var in "$@" ; do echo steps.${step_id}.outputs.${var}="${!var}"; echo "${var}=${!var}" >> $GITHUB_OUTPUT; done; }
path_UUTILS='uutils'
json_count=$(ls -l results/*.json | wc -l)
if [[ "$json_count" -ne 6 ]]; then
echo "::error ::Failed to download all results json files (expected 6 files, found $json_count); failing early"
ls -lR results || true
exit 1
fi
# Look at all individual results and summarize
eval $(python3 uutils/util/analyze-gnu-results.py -o=${{ steps.vars.outputs.AGGREGATED_SUMMARY_FILE }} results/*.json)
if [[ "$TOTAL" -eq 0 || "$TOTAL" -eq 1 ]]; then
echo "::error ::Failed to parse test results from '${{ env.TEST_FULL_SUMMARY_FILE }}'; failing early"
exit 1
fi
output="GNU tests summary = TOTAL: $TOTAL / PASS: $PASS / FAIL: $FAIL / ERROR: $ERROR / SKIP: $SKIP"
echo "${output}"
if [[ "$FAIL" -gt 0 || "$ERROR" -gt 0 ]]; then
echo "::warning ::${output}"
fi
jq -n \
--arg date "$(date --rfc-email)" \
--arg sha "$GITHUB_SHA" \
--arg total "$TOTAL" \
--arg pass "$PASS" \
--arg skip "$SKIP" \
--arg fail "$FAIL" \
--arg xpass "$XPASS" \
--arg error "$ERROR" \
'{($date): { sha: $sha, total: $total, pass: $pass, skip: $skip, fail: $fail, xpass: $xpass, error: $error, }}' > '${{ steps.vars.outputs.TEST_SUMMARY_FILE }}'
HASH=$(sha1sum '${{ steps.vars.outputs.TEST_SUMMARY_FILE }}' | cut --delim=" " -f 1)
outputs HASH
- name: Upload SHA1/ID of 'test-summary'
uses: actions/upload-artifact@v6
with:
name: "${{ steps.summary.outputs.HASH }}"
path: "${{ steps.vars.outputs.TEST_SUMMARY_FILE }}"
- name: Upload test results summary
uses: actions/upload-artifact@v6
with:
name: test-summary
path: "${{ steps.vars.outputs.TEST_SUMMARY_FILE }}"
- name: Upload aggregated json results
uses: actions/upload-artifact@v6
with:
name: aggregated-result
path: ${{ steps.vars.outputs.AGGREGATED_SUMMARY_FILE }}
- name: Compare test failures VS reference
shell: bash
run: |
## Compare test failures VS reference using JSON files
REF_SUMMARY_FILE='reference/aggregated-result/aggregated-result.json'
CURRENT_SUMMARY_FILE='${{ steps.vars.outputs.AGGREGATED_SUMMARY_FILE }}'
REPO_DEFAULT_BRANCH='${{ env.DEFAULT_BRANCH }}'
path_UUTILS='uutils'
# Path to ignore file for intermittent issues
IGNORE_INTERMITTENT="uutils/.github/workflows/ignore-intermittent.txt"
# Set up comment directory
COMMENT_DIR="reference/comment"
mkdir -p ${COMMENT_DIR}
echo ${{ github.event.number }} > ${COMMENT_DIR}/NR
COMMENT_LOG="${COMMENT_DIR}/result.txt"
COMPARISON_RESULT=0
if test -f "${CURRENT_SUMMARY_FILE}"; then
if test -f "${REF_SUMMARY_FILE}"; then
echo "Reference summary SHA1/ID: $(sha1sum -- "${REF_SUMMARY_FILE}")"
echo "Current summary SHA1/ID: $(sha1sum -- "${CURRENT_SUMMARY_FILE}")"
python3 uutils/util/compare_test_results.py \
--ignore-file "${IGNORE_INTERMITTENT}" \
--output "${COMMENT_LOG}" \
"${CURRENT_SUMMARY_FILE}" "${REF_SUMMARY_FILE}"
COMPARISON_RESULT=$?
else
echo "::warning ::Skipping test comparison; no prior reference summary is available at '${REF_SUMMARY_FILE}'."
fi
else
echo "::error ::Failed to find summary of test results (missing '${CURRENT_SUMMARY_FILE}'); failing early"
exit 1
fi
if [ ${COMPARISON_RESULT} -eq 1 ]; then
echo "ONLY_INTERMITTENT=false" >> $GITHUB_ENV
echo "::error ::Found new non-intermittent test failures"
exit 1
else
echo "ONLY_INTERMITTENT=true" >> $GITHUB_ENV
echo "::notice ::No new test failures detected"
fi
- name: Upload comparison log (for GnuComment workflow)
if: success() || failure() # run regardless of prior step success/failure
uses: actions/upload-artifact@v6
with:
name: comment
path: reference/comment/
- name: Compare test summary VS reference
if: success() || failure() # run regardless of prior step success/failure
shell: bash
run: |
## Compare test summary VS reference
REF_SUMMARY_FILE='reference/test-summary/gnu-result.json'
if test -f "${REF_SUMMARY_FILE}"; then
echo "Reference SHA1/ID: $(sha1sum -- "${REF_SUMMARY_FILE}")"
mv "${REF_SUMMARY_FILE}" main-gnu-result.json
python uutils/util/compare_gnu_result.py
else
echo "::warning ::Skipping test summary comparison; no prior reference summary is available."
fi