Skip to content

Commit 4e567e1

Browse files
akerouantonakerouanton
committed
ci: run integration tests with firewalld enabled
Signed-off-by: Albin Kerouanton <[email protected]>
1 parent 8883db2 commit 4e567e1

2 files changed

Lines changed: 50 additions & 8 deletions

File tree

.github/workflows/.test.yml

Lines changed: 48 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,28 @@ jobs:
3636
runs-on: ubuntu-20.04
3737
timeout-minutes: 120 # guardrails timeout for the whole job
3838
continue-on-error: ${{ github.event_name != 'pull_request' }}
39+
strategy:
40+
fail-fast: false
41+
matrix:
42+
mode:
43+
- ""
44+
- firewalld
3945
steps:
4046
-
4147
name: Checkout
4248
uses: actions/checkout@v4
4349
-
4450
name: Set up runner
4551
uses: ./.github/actions/setup-runner
52+
-
53+
name: Prepare
54+
run: |
55+
CACHE_DEV_SCOPE=dev
56+
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
57+
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
58+
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
59+
fi
60+
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
4661
-
4762
name: Set up Docker Buildx
4863
uses: docker/setup-buildx-action@v3
@@ -65,11 +80,18 @@ jobs:
6580
name: Prepare reports
6681
if: always()
6782
run: |
68-
mkdir -p bundles /tmp/reports
83+
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
84+
if [ -n "${{ matrix.mode }}" ]; then
85+
reportsName="$reportsName-${{ matrix.mode }}"
86+
fi
87+
reportsPath=/tmp/reports/$reportsName
88+
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
89+
90+
mkdir -p bundles $reportsPath
6991
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
70-
tar -xzf /tmp/reports.tar.gz -C /tmp/reports
71-
sudo chown -R $(id -u):$(id -g) /tmp/reports
72-
tree -nh /tmp/reports
92+
tar -xzf /tmp/reports.tar.gz -C $reportsPath
93+
sudo chown -R $(id -u):$(id -g) $reportsPath
94+
tree -nh $reportsPath
7395
-
7496
name: Send to Codecov
7597
uses: codecov/codecov-action@v4
@@ -83,7 +105,7 @@ jobs:
83105
if: always()
84106
uses: actions/upload-artifact@v4
85107
with:
86-
name: test-reports-unit-${{ inputs.storage }}
108+
name: test-reports-unit-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
87109
path: /tmp/reports/*
88110
retention-days: 1
89111

@@ -104,7 +126,7 @@ jobs:
104126
name: Download reports
105127
uses: actions/download-artifact@v4
106128
with:
107-
name: test-reports-unit-${{ inputs.storage }}
129+
pattern: test-reports-unit-${{ inputs.storage }}-*
108130
path: /tmp/reports
109131
-
110132
name: Install teststat
@@ -218,6 +240,7 @@ jobs:
218240
- ""
219241
- rootless
220242
- systemd
243+
- firewalld
221244
#- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
222245
steps:
223246
-
@@ -240,6 +263,10 @@ jobs:
240263
echo "SYSTEMD=true" >> $GITHUB_ENV
241264
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
242265
fi
266+
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
267+
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
268+
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
269+
fi
243270
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
244271
-
245272
name: Set up Docker Buildx
@@ -377,6 +404,9 @@ jobs:
377404
fail-fast: false
378405
matrix:
379406
test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
407+
mode:
408+
- ""
409+
- firewalld
380410
steps:
381411
-
382412
name: Checkout
@@ -387,6 +417,15 @@ jobs:
387417
-
388418
name: Set up tracing
389419
uses: ./.github/actions/setup-tracing
420+
-
421+
name: Prepare
422+
run: |
423+
CACHE_DEV_SCOPE=dev
424+
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
425+
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
426+
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
427+
fi
428+
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
390429
-
391430
name: Set up Docker Buildx
392431
uses: docker/setup-buildx-action@v3
@@ -414,6 +453,9 @@ jobs:
414453
if: always()
415454
run: |
416455
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
456+
if [ -n "${{ matrix.mode }}" ]; then
457+
reportsName="$reportsName-${{ matrix.mode }}"
458+
fi
417459
reportsPath=/tmp/reports/$reportsName
418460
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
419461

hack/dind-systemd

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ fi
5959
# Allow connections coming from the host (through eth0). This is needed to
6060
# access the daemon port (independently of which port is used), or run a
6161
# 'remote' Delve session, etc...
62-
if [ ${DOCKER_FIREWALLD:-} = "true" ]; then
62+
if [ "${DOCKER_FIREWALLD:-}" = "true" ]; then
6363
cat > /etc/firewalld/zones/trusted.xml << EOF
6464
<?xml version="1.0" encoding="utf-8"?>
6565
<zone target="ACCEPT">
@@ -76,7 +76,7 @@ env > /etc/docker-entrypoint-env
7676
cat > /etc/systemd/system/docker-entrypoint.target << EOF
7777
[Unit]
7878
Description=the target for docker-entrypoint.service
79-
Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ ${DOCKER_FIREWALLD:-} = "true" ] && echo firewalld.service)
79+
Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ "${DOCKER_FIREWALLD:-}" = "true" ] && echo firewalld.service)
8080
EOF
8181

8282
quoted_args="$(printf " %q" "${@}")"

0 commit comments

Comments
 (0)