1+ name : RunsOn Tests
2+
3+ on :
4+ workflow_dispatch :
5+
6+ jobs :
7+ test-host-outbound :
8+ runs-on :
9+ - runs-on=${{ github.run_id }}
10+ - runner=2cpu-linux-x64
11+ - image=ubuntu22-stepsecurity-x64
12+ steps :
13+ - name : Harden Runner
14+ uses : step-security/harden-runner@rc
15+ with :
16+ egress-policy : audit
17+ allowed-endpoints : >
18+ github.com:443
19+ goreleaser.com:443
20+
21+
22+ name : Checkout code
23+ uses : actions/checkout@v3
24+
25+ - name : Run outbound calls from host
26+ run : |
27+ start_time=$(date +%s)
28+ end_time=$((start_time + 90)) # 5 minutes = 300 seconds
29+
30+ while [ $(date +%s) -lt $end_time ]; do
31+ curl -I https://www.google.com
32+ curl -I https://goreleaser.com
33+ sleep 10 # wait 10 seconds between calls
34+ done
35+
36+ test-docker-outbound :
37+ runs-on :
38+ - runs-on=${{ github.run_id }}
39+ - runner=2cpu-linux-x64
40+ - image=ubuntu22-stepsecurity-x64
41+ steps :
42+ - name : Harden Runner
43+ uses : step-security/harden-runner@rc
44+ with :
45+ egress-policy : block
46+ allowed-endpoints : >
47+ archive.ubuntu.com:80
48+ github.com:443
49+ goreleaser.com:443
50+ production.cloudflare.docker.com:443
51+ docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443
52+ *.docker.io:443
53+ security.ubuntu.com:80
54+
55+ - name : Checkout code
56+ uses : actions/checkout@v3
57+
58+ - name : Run outbound calls from within Docker container
59+ continue-on-error : true
60+ run : |
61+ # Start the container
62+ docker run --rm -d --name test-container ubuntu:latest sleep 90
63+
64+ # Install curl in the container
65+ docker exec test-container apt-get update
66+ docker exec test-container apt-get install -y curl
67+
68+ # Print /etc/resolv.conf from the container
69+ docker exec test-container cat /etc/resolv.conf
70+
71+ # Make outbound calls
72+ for i in {1..9}; do
73+ docker exec test-container curl -I https://www.google.com
74+ docker exec test-container curl -I https://goreleaser.com
75+ sleep 10 # wait 10 seconds between calls
76+ done
77+
78+ # Stop the container
79+ docker stop test-container
80+
81+
82+ test-docker-build-outbound :
83+ runs-on :
84+ - runs-on=${{ github.run_id }}
85+ - runner=2cpu-linux-x64
86+ - image=ubuntu22-stepsecurity-x64
87+ steps :
88+ - name : Harden Runner
89+ uses : step-security/harden-runner@rc
90+ with :
91+ egress-policy : audit
92+ allowed-endpoints : >
93+ archive.ubuntu.com:80
94+ auth.docker.io:443
95+ github.com:443
96+ goreleaser.com:443
97+ production.cloudflare.docker.com:443
98+ docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443
99+ registry-1.docker.io:443
100+ security.ubuntu.com:80
101+
102+ name : Checkout code
103+ uses : actions/checkout@v3
104+
105+ - name : Build Docker image and test outbound calls during build
106+ continue-on-error : true
107+ run : |
108+ # Create a Dockerfile that installs curl and makes outbound calls
109+ cat <<EOF > Dockerfile
110+ FROM ubuntu:latest
111+ RUN apt-get update && apt-get install -y curl
112+ RUN for i in {1..9}; do curl -I https://www.google.com && curl -I https://goreleaser.com; sleep 10; done
113+ EOF
114+
115+ # Build the Docker image
116+ docker build -t test-image .
117+
118+ # Print /etc/resolv.conf from the build container (temporary container used during build)
119+ container_id=$(docker create test-image)
120+ docker start $container_id
121+ docker exec $container_id cat /etc/resolv.conf
122+ docker stop $container_id
123+ docker rm $container_id
124+
125+ name : Print Docker logs with journalctl
126+ run : |
127+ sudo journalctl -u docker.service --no-pager
128+ shell : bash
129+
130+ test-long-running-docker :
131+ runs-on :
132+ - runs-on=${{ github.run_id }}
133+ - runner=2cpu-linux-x64
134+ - image=ubuntu22-stepsecurity-x64
135+ steps :
136+ - name : Harden Runner
137+ uses : step-security/harden-runner@rc
138+ with :
139+ egress-policy : block
140+ allowed-endpoints : >
141+ archive.ubuntu.com:80
142+ auth.docker.io:443
143+ github.com:443
144+ goreleaser.com:443
145+ production.cloudflare.docker.com:443
146+ registry-1.docker.io:443
147+ docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com:443
148+ security.ubuntu.com:80
149+
150+
151+ name : Checkout code
152+ uses : actions/checkout@v3
153+
154+ - name : Run long-running Docker container with outbound calls
155+ continue-on-error : true
156+ run : |
157+ # Start the long-running container
158+ docker run --rm -d --name long-running-container ubuntu:latest bash -c "
159+ apt-get update && apt-get install -y curl &&
160+ while true; do
161+ curl -I https://www.google.com;
162+ curl -I https://goreleaser.com;
163+ sleep 10;
164+ done
165+ "
166+
167+ # Print /etc/resolv.conf from the container
168+ docker exec long-running-container cat /etc/resolv.conf
169+
170+ # Let the container run for 5 minutes
171+ sleep 90
172+
173+ # Stop the container
174+ docker stop long-running-container
175+
176+
0 commit comments