diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..4279132 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,30 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events for any branch + push: + branches: [ "**" ] + pull_request: + branches: [ "**" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-24.04 + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: sudo ./test/test.sh \ No newline at end of file diff --git a/test/test.sh b/test/test.sh new file mode 100755 index 0000000..45de121 --- /dev/null +++ b/test/test.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -euo pipefail + +export PYTHONUNBUFFERED=1 + +uname -r +cat /etc/os-release +python3 --version + +apt-get update -qq && apt-get install -qq -y systemd-container + +# # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there +# # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b +# apt-get install -y -qq zfsutils-linux +# modinfo zfs | grep version +# zfs --version +# zpool --version + +# TODO: create a path and/or zfs pool with a space in it to test if jlmkr.py still works properly when ran from inside +# mkdir -p "/tmp/path with space/jailmaker" + +chown 0:0 jlmkr.py +chmod +x jlmkr.py + +# Setup NAT to give the jail access to the outside network +# https://wiki.archlinux.org/title/systemd-nspawn#Use_a_virtual_Ethernet_link +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -I DOCKER-USER -i ve-+ -o eth0 -j ACCEPT +iptables -A INPUT -i ve-+ -p udp -m udp --dport 67 -j ACCEPT + +# TODO: test jlmkr.py from inside another working directory, with a relative path to a config file to test if it uses the config file (and doesn't look for it relative to the jlmkr.py file itself) +./jlmkr.py create --start --config=./templates/docker/config test --network-veth --system-call-filter='add_key' --system-call-filter='bpf' --system-call-filter='keyctl' +./jlmkr.py exec test docker run hello-world + +# TODO: many more test cases and checking if actual output (text, files on disk etc.) is correct instead of just a 0 exit code \ No newline at end of file