Skip to content

feat: get ticket path from krb5 when updating current user policies #2432

feat: get ticket path from krb5 when updating current user policies

feat: get ticket path from krb5 when updating current user policies #2432

Workflow file for this run

name: QA & sanity checks
on:
push:
branches:
- main
tags:
- "*"
pull_request:
env:
apt_dependencies: >-
ca-certificates curl dconf-cli gcc gettext git libnss-wrapper libsmbclient-dev
libkrb5-dev libwbclient-dev pkg-config python3-coverage samba sudo
libglib2.0-dev gvfs
jobs:
sanity:
name: Code sanity
runs-on: ubuntu-latest
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ${{ env.apt_dependencies }}
- name: work around permission issue with git vulnerability (we are local here). TO REMOVE
run: git config --global --add safe.directory /__w/adsys/adsys
- uses: actions/checkout@v4
- name: Go code sanity check
uses: canonical/desktop-engineering/gh-actions/go/code-sanity@main
with:
golangci-lint-configfile: ".golangci-ci.yaml"
tools-directory: "tools"
- name: C code formatting
uses: jidicula/[email protected]
with:
include-regex: '^.*\.(c|h)$' # Makes sure to run only on C (source and header) files
exclude-regex: 'vendor' # Excludes the vendor directory
if: ${{ always() }}
tests:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Install dependencies
run: |
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ${{ env.apt_dependencies }}
- name: Set required environment variables
run: echo "SUDO_PACKAGES=$(cat debian/tests/.sudo-packages)" >> $GITHUB_ENV
- name: Authenticate to docker local registry and pull image with our token
run: |
set -eu
echo "${{ github.token }}" | docker login https://docker.pkg.github.com -u ${GITHUB_ACTOR} --password-stdin
docker pull docker.pkg.github.com/ubuntu/adsys/systemdaemons:0.1
- name: Run tests
run: |
set -eu
go test -coverpkg=./... -coverprofile=/tmp/coverage.out -covermode=set ./...
# Run integration tests that need sudo
# Use command substitution to preserve go binary path (sudo does not preserve path even with -E)
sudo -E $(which go) test -coverpkg=./... -coverprofile=/tmp/coverage.sudo.out -covermode=set $SUDO_PACKAGES
# Combine coverage files, and filter out test utilities and generated files
grep -hv -e "testutils" -e "pb.go:" -e "/e2e/" /tmp/coverage.out /tmp/coverage.sudo.out > /tmp/coverage.combined.out
- name: Run tests (with race detector)
run: |
go test -race ./...
# Use command substitution to preserve go binary path (sudo does not preserve path even with -E)
sudo -E $(which go) test -race ${{ env.sudo_packages }}
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: /tmp/coverage.combined.out
adwatchd-tests:
name: Windows tests for adwatchd
runs-on: windows-latest
env:
packages: ./internal/loghooks ./internal/watchdservice ./internal/watchdtui ./internal/watcher ./internal/config/watchd ./cmd/adwatchd/integration_tests
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Build installer
run: |
tag=$(git describe --tags)
export GOFLAGS=-ldflags=-X=github.com/ubuntu/adsys/internal/consts.Version=$tag
# Transforms git describe output:
# - from X.Y.Z-P-gSHA to X.Y.Z.P for untagged commits
# - from vX.Y.Z to X.Y.Z for tagged commits
INSTALLER_VERSION=$(echo $tag | tr -d v | tr '-' '.' | cut -d. -f-4)
go build ./cmd/adwatchd
iscc.exe //DAPP_VERSION=$INSTALLER_VERSION installer/setup.iss
shell: bash
- name: Run tests
run: go test ${{ env.packages }}
- name: Run tests (with race detector)
env:
ADSYS_SKIP_INTEGRATION_TESTS: 1
run: go test -race ${{ env.packages }}
# There are some cryptic "The pipe has been closed" errors on Windows
# that arise from running the tests with the race detector enabled. We
# believe this originates outside our code, thus we avoid running the
# integration suite with the race detector.
#
# As the Linux job already exercises the entire testsuite with race
# detection enabled and the code is mostly platform independent, this
# should be a safe action to take.
- name: Attach installer artifact to workflow run
uses: actions/upload-artifact@v4
with:
name: adwatchd_setup
path: installer/Output/adwatchd_setup.exe
- name: Draft release and publish installer artifact
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: installer/Output/adwatchd_setup.exe