-
Notifications
You must be signed in to change notification settings - Fork 49
159 lines (147 loc) · 6.58 KB
/
qa.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: QA & sanity checks
on:
push:
branches:
- main
tags:
- "*"
pull_request:
env:
apt_dependencies: >-
ca-certificates curl dconf-cli gcc gettext git libnss-wrapper libsmbclient-dev
libkrb5-dev libwbclient-dev pkg-config python3-coverage samba sudo
libglib2.0-dev gvfs libpam0g-dev
jobs:
sanity:
name: Code sanity
# Put the runner here instead of GH project config as it’s not available to the forked repositories
# otherwise when submitting PRs: https://github.com/orgs/community/discussions/44322.
# workflow environements don’t work either.
runs-on: ubuntu-24.04
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ${{ env.apt_dependencies }}
- name: work around permission issue with git vulnerability (we are local here). TO REMOVE
run: git config --global --add safe.directory /__w/adsys/adsys
- uses: actions/checkout@v4
- name: Go code sanity check
uses: canonical/desktop-engineering/gh-actions/go/code-sanity@main
with:
golangci-lint-configfile: ".golangci-ci.yaml"
tools-directory: "tools"
generate-diff-paths-to-ignore: po/* docs/**/*.md README.md
go-build-script: |
go build ./...
go generate -x -tags=tools ./pam
- name: C code formatting
uses: jidicula/[email protected]
with:
include-regex: '^.*\.(c|h)$' # Makes sure to run only on C (source and header) files
exclude-regex: 'vendor' # Excludes the vendor directory
if: ${{ always() }}
tests:
name: Tests
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Install dependencies
run: |
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ${{ env.apt_dependencies }}
# Coverage dependencies
go install github.com/AlekSi/gocov-xml@latest
go install github.com/axw/gocov/gocov@latest
dotnet tool install -g dotnet-reportgenerator-globaltool
- name: Set required environment variables
run: echo "SUDO_PACKAGES=$(cat debian/tests/.sudo-packages)" >> $GITHUB_ENV
- name: Authenticate to docker local registry and pull image with our token
run: |
set -eu
echo "${{ github.token }}" | docker login https://docker.pkg.github.com -u ${GITHUB_ACTOR} --password-stdin
docker pull docker.pkg.github.com/ubuntu/adsys/systemdaemons:0.1
- name: Run tests
run: |
set -eu
go test -coverpkg=./... -coverprofile=/tmp/coverage.out -covermode=set ./...
# Run integration tests that need sudo
# Use command substitution to preserve go binary path (sudo does not preserve path even with -E)
sudo -E $(which go) test -coverpkg=./... -coverprofile=/tmp/coverage.sudo.out -covermode=set $SUDO_PACKAGES
# Combine coverage files, and filter out test utilities and generated files
coverage_dir="$(pwd)/coverage"
cod_cov_dir="${coverage_dir}/codecov"
mkdir -p "${cod_cov_dir}"
combined_cov_file="${coverage_dir}/coverage.combined.out"
go_only_cov_file="${coverage_dir}/coverage.go-only.out"
echo "mode: set" > "${combined_cov_file}"
grep -hv -e "testutils" -e "pb.go:" -e "/e2e/" -e "mode: set" /tmp/coverage.out /tmp/coverage.sudo.out >> "${combined_cov_file}"
# Prepare XML coverage report
grep -hv -e "adsys-gpolist" -e "cert-autoenroll" "${combined_cov_file}" > "${go_only_cov_file}"
gocov convert "${go_only_cov_file}" | gocov-xml > "${coverage_dir}/coverage.xml"
reportgenerator -reports:"${coverage_dir}/*.xml" -targetdir:"${cod_cov_dir}" -reporttypes:Cobertura
- name: Upload XML coverage report as artifact
uses: actions/upload-artifact@v4
with:
name: coverage.zip
path: ./coverage/codecov/Cobertura.xml
- name: Run tests (with race detector)
run: |
go test -race ./...
# Use command substitution to preserve go binary path (sudo does not preserve path even with -E)
sudo -E $(which go) test -race ${{ env.sudo_packages }}
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
files: ./coverage/codecov/Cobertura.xml
token: ${{ secrets.CODECOV_TOKEN }}
adwatchd-tests:
name: Windows tests for adwatchd
runs-on: windows-latest
env:
packages: ./internal/loghooks ./internal/watchdservice ./internal/watchdtui ./internal/watcher ./internal/config/watchd ./cmd/adwatchd ./cmd/adwatchd/integration_tests
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Build installer
run: |
tag=$(git describe --tags)
export GOFLAGS=-ldflags=-X=github.com/ubuntu/adsys/internal/consts.Version=$tag
# Transforms git describe output:
# - from X.Y.Z-P-gSHA to X.Y.Z.P for untagged commits
# - from vX.Y.Z to X.Y.Z for tagged commits
INSTALLER_VERSION=$(echo $tag | tr -d v | tr '-' '.' | cut -d. -f-4)
go build ./cmd/adwatchd
iscc.exe //DAPP_VERSION=$INSTALLER_VERSION installer/setup.iss
shell: bash
- name: Run tests
run: go test ${{ env.packages }}
- name: Run tests (with race detector)
env:
ADSYS_SKIP_INTEGRATION_TESTS: 1
run: go test -race ${{ env.packages }}
# There are some cryptic "The pipe has been closed" errors on Windows
# that arise from running the tests with the race detector enabled. We
# believe this originates outside our code, thus we avoid running the
# integration suite with the race detector.
#
# As the Linux job already exercises the entire testsuite with race
# detection enabled and the code is mostly platform independent, this
# should be a safe action to take.
- name: Attach installer artifact to workflow run
uses: actions/upload-artifact@v4
with:
name: adwatchd_setup
path: installer/Output/adwatchd_setup.exe
- name: Draft release and publish installer artifact
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: installer/Output/adwatchd_setup.exe