From 8032ce31e37107ea538ebb50b7e792cf5fd3fe21 Mon Sep 17 00:00:00 2001 From: Dylan Arbour Date: Tue, 27 Feb 2024 09:41:07 -0500 Subject: Test with root access in GitHub workflows To enable tests that require privileged root access, this commit tests with `sudo`. The Java and Python jobs have additional permissions issues, so they are also configured and made with `sudo`. A small permissions fix is required before running tests to allow non-root users to execute within the `/home/runner` directory. This change also removes the custom directories that were required without root access. Reviewed-by: Andrew Clayton Signed-off-by: Dylan Arbour --- .github/workflows/ci.yml | 44 +++++++++++++------------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5368ae9..d5a2529b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,22 +53,6 @@ jobs: steps: - uses: actions/checkout@v4 - # Creates and outputs directories used by tests (/usr/local is unfriendly) - - name: Configure directories - id: dir - run: | - PREFIX=${HOME}/.unit - BIN=${PREFIX}/bin - VAR=${PREFIX}/var - mkdir -p $BIN - mkdir -p $VAR - - echo "prefix=${PREFIX}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_PATH" - echo "var=${VAR}" >> "$GITHUB_OUTPUT" - cat "$GITHUB_OUTPUT" - # Provides module, language version and testpath from build name - name: Output build metadata id: metadata @@ -127,15 +111,6 @@ jobs: - name: Configure unit run: | ./configure \ - --prefix=${{ steps.dir.outputs.prefix }} \ - --sbindir=${{ steps.dir.outputs.bin }} \ - --logdir=${{ steps.dir.outputs.var }}/log \ - --log=${{ steps.dir.outputs.var }}/log/unit/unit.log \ - --runstatedir=${{ steps.dir.outputs.var }}/run \ - --pid=${{ steps.dir.outputs.var }}/run/unit/unit.pid \ - --control=unix:${{ steps.dir.outputs.var }}/run/unit/control.sock \ - --modules=${{ steps.dir.outputs.prefix }}/lib/unit/modules \ - --statedir=${{ steps.dir.outputs.var }}/state/unit \ --tests \ --openssl \ --njs \ @@ -179,12 +154,12 @@ jobs: - name: Configure java run: | - ./configure java + sudo ./configure java if: steps.metadata.outputs.module == 'java' - name: Make java run: | - make java + sudo make java if: steps.metadata.outputs.module == 'java' ## @@ -266,12 +241,12 @@ jobs: - name: Configure python3 run: | - ./configure python --config=python3-config + sudo ./configure python --config=python3-config if: steps.metadata.outputs.module == 'python' - name: Make python3 run: | - make python3 + sudo make python3 if: steps.metadata.outputs.module == 'python' ## @@ -321,6 +296,13 @@ jobs: ## Tests ## + # /home/runner will be root only after calling sudo above + # Ensure all users and processes can execute + - name: Fix permissions + run: | + sudo chmod -R +x /home/runner + namei -l ${{ github.workspace }} + # Install python3 if not present - uses: actions/setup-python@v5 with: @@ -329,11 +311,11 @@ jobs: - name: Install pytest run: | - pip install pytest + sudo -H pip install pytest if: steps.metadata.outputs.module != 'wasm' - name: Run ${{ steps.metadata.outputs.module }} tests run: | - pytest --print-log ${{ steps.metadata.outputs.testpath }} + sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} # Skip pytest if wasm build, as there are no tests yet if: steps.metadata.outputs.module != 'wasm' -- cgit