mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
ci: run integration tests with firewalld enabled
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
This commit is contained in:
Albin Kerouanton
54
.github/workflows/.test.yml
vendored
54
.github/workflows/.test.yml
vendored
@@ -36,6 +36,12 @@ jobs:
|
|||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
timeout-minutes: 120 # guardrails timeout for the whole job
|
timeout-minutes: 120 # guardrails timeout for the whole job
|
||||||
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
mode:
|
||||||
|
- ""
|
||||||
|
- firewalld
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
@@ -43,6 +49,15 @@ jobs:
|
|||||||
-
|
-
|
||||||
name: Set up runner
|
name: Set up runner
|
||||||
uses: ./.github/actions/setup-runner
|
uses: ./.github/actions/setup-runner
|
||||||
|
-
|
||||||
|
name: Prepare
|
||||||
|
run: |
|
||||||
|
CACHE_DEV_SCOPE=dev
|
||||||
|
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
||||||
|
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
|
||||||
|
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
||||||
|
fi
|
||||||
|
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
||||||
-
|
-
|
||||||
name: Set up Docker Buildx
|
name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
@@ -65,11 +80,18 @@ jobs:
|
|||||||
name: Prepare reports
|
name: Prepare reports
|
||||||
if: always()
|
if: always()
|
||||||
run: |
|
run: |
|
||||||
mkdir -p bundles /tmp/reports
|
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
|
||||||
|
if [ -n "${{ matrix.mode }}" ]; then
|
||||||
|
reportsName="$reportsName-${{ matrix.mode }}"
|
||||||
|
fi
|
||||||
|
reportsPath=/tmp/reports/$reportsName
|
||||||
|
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
mkdir -p bundles $reportsPath
|
||||||
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
|
find bundles -path '*/root/*overlay2' -prune -o -type f \( -name '*-report.json' -o -name '*.log' -o -name '*.out' -o -name '*.prof' -o -name '*-report.xml' \) -print | xargs sudo tar -czf /tmp/reports.tar.gz
|
||||||
tar -xzf /tmp/reports.tar.gz -C /tmp/reports
|
tar -xzf /tmp/reports.tar.gz -C $reportsPath
|
||||||
sudo chown -R $(id -u):$(id -g) /tmp/reports
|
sudo chown -R $(id -u):$(id -g) $reportsPath
|
||||||
tree -nh /tmp/reports
|
tree -nh $reportsPath
|
||||||
-
|
-
|
||||||
name: Send to Codecov
|
name: Send to Codecov
|
||||||
uses: codecov/codecov-action@v4
|
uses: codecov/codecov-action@v4
|
||||||
@@ -83,7 +105,7 @@ jobs:
|
|||||||
if: always()
|
if: always()
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: test-reports-unit-${{ inputs.storage }}
|
name: test-reports-unit-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
|
||||||
path: /tmp/reports/*
|
path: /tmp/reports/*
|
||||||
retention-days: 1
|
retention-days: 1
|
||||||
|
|
||||||
@@ -104,7 +126,7 @@ jobs:
|
|||||||
name: Download reports
|
name: Download reports
|
||||||
uses: actions/download-artifact@v4
|
uses: actions/download-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: test-reports-unit-${{ inputs.storage }}
|
pattern: test-reports-unit-${{ inputs.storage }}-*
|
||||||
path: /tmp/reports
|
path: /tmp/reports
|
||||||
-
|
-
|
||||||
name: Install teststat
|
name: Install teststat
|
||||||
@@ -218,6 +240,7 @@ jobs:
|
|||||||
- ""
|
- ""
|
||||||
- rootless
|
- rootless
|
||||||
- systemd
|
- systemd
|
||||||
|
- firewalld
|
||||||
#- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
|
#- rootless-systemd FIXME: https://github.com/moby/moby/issues/44084
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
@@ -240,6 +263,10 @@ jobs:
|
|||||||
echo "SYSTEMD=true" >> $GITHUB_ENV
|
echo "SYSTEMD=true" >> $GITHUB_ENV
|
||||||
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
|
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}systemd"
|
||||||
fi
|
fi
|
||||||
|
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
||||||
|
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
|
||||||
|
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
||||||
|
fi
|
||||||
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
||||||
-
|
-
|
||||||
name: Set up Docker Buildx
|
name: Set up Docker Buildx
|
||||||
@@ -377,6 +404,9 @@ jobs:
|
|||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
|
test: ${{ fromJson(needs.integration-cli-prepare.outputs.matrix) }}
|
||||||
|
mode:
|
||||||
|
- ""
|
||||||
|
- firewalld
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
@@ -387,6 +417,15 @@ jobs:
|
|||||||
-
|
-
|
||||||
name: Set up tracing
|
name: Set up tracing
|
||||||
uses: ./.github/actions/setup-tracing
|
uses: ./.github/actions/setup-tracing
|
||||||
|
-
|
||||||
|
name: Prepare
|
||||||
|
run: |
|
||||||
|
CACHE_DEV_SCOPE=dev
|
||||||
|
if [[ "${{ matrix.mod }}" == *"firewalld"* ]]; then
|
||||||
|
echo "DOCKER_FIREWALLD=true" >> $GITHUB_ENV
|
||||||
|
CACHE_DEV_SCOPE="${CACHE_DEV_SCOPE}firewalld"
|
||||||
|
fi
|
||||||
|
echo "CACHE_DEV_SCOPE=${CACHE_DEV_SCOPE}" >> $GITHUB_ENV
|
||||||
-
|
-
|
||||||
name: Set up Docker Buildx
|
name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
@@ -414,6 +453,9 @@ jobs:
|
|||||||
if: always()
|
if: always()
|
||||||
run: |
|
run: |
|
||||||
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
|
reportsName=$(echo -n "${{ matrix.test }}" | sha256sum | cut -d " " -f 1)
|
||||||
|
if [ -n "${{ matrix.mode }}" ]; then
|
||||||
|
reportsName="$reportsName-${{ matrix.mode }}"
|
||||||
|
fi
|
||||||
reportsPath=/tmp/reports/$reportsName
|
reportsPath=/tmp/reports/$reportsName
|
||||||
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
|
echo "TESTREPORTS_NAME=$reportsName" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ fi
|
|||||||
# Allow connections coming from the host (through eth0). This is needed to
|
# Allow connections coming from the host (through eth0). This is needed to
|
||||||
# access the daemon port (independently of which port is used), or run a
|
# access the daemon port (independently of which port is used), or run a
|
||||||
# 'remote' Delve session, etc...
|
# 'remote' Delve session, etc...
|
||||||
if [ ${DOCKER_FIREWALLD:-} = "true" ]; then
|
if [ "${DOCKER_FIREWALLD:-}" = "true" ]; then
|
||||||
cat > /etc/firewalld/zones/trusted.xml << EOF
|
cat > /etc/firewalld/zones/trusted.xml << EOF
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<zone target="ACCEPT">
|
<zone target="ACCEPT">
|
||||||
@@ -76,7 +76,7 @@ env > /etc/docker-entrypoint-env
|
|||||||
cat > /etc/systemd/system/docker-entrypoint.target << EOF
|
cat > /etc/systemd/system/docker-entrypoint.target << EOF
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=the target for docker-entrypoint.service
|
Description=the target for docker-entrypoint.service
|
||||||
Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ ${DOCKER_FIREWALLD:-} = "true" ] && echo firewalld.service)
|
Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ "${DOCKER_FIREWALLD:-}" = "true" ] && echo firewalld.service)
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
quoted_args="$(printf " %q" "${@}")"
|
quoted_args="$(printf " %q" "${@}")"
|
||||||
|
|||||||
Reference in New Issue
Block a user