Add effective group as the first element in the call to set groups
#2734
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
permissions: read-all | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
merge_group: | |
branches: | |
- main | |
jobs: | |
e2e-tests: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_UNDER_TEST: ours | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Run all E2E tests | |
working-directory: test-framework | |
run: cargo test -p e2e-tests | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-og: | |
runs-on: ubuntu-latest | |
env: | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Test sudo-test itself | |
working-directory: test-framework | |
run: cargo test -p sudo-test | |
- name: Run all compliance tests against original sudo | |
working-directory: test-framework | |
run: cargo test -p sudo-compliance-tests -- --include-ignored | |
compliance-tests: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
env: | |
SUDO_TEST_PROFRAW_DIR: /tmp/profraw | |
SUDO_TEST_VERBOSE_DOCKER_BUILD: 1 | |
CI: true | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: set up docker buildx | |
run: docker buildx create --name builder --use | |
- name: cache docker layers | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a | |
with: | |
path: /tmp/.buildx-cache | |
key: docker-buildx-rs-${{ github.sha }} | |
restore-keys: docker-buildx-rs- | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Run gated compliance tests against sudo-rs | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: cargo test -p sudo-compliance-tests | |
- name: Check that we didn't forget to gate a passing compliance test | |
working-directory: test-framework | |
env: | |
SUDO_UNDER_TEST: ours | |
run: | | |
tmpfile="$(mktemp)" | |
cargo test -p sudo-compliance-tests -- --ignored | tee "$tmpfile" | |
grep 'test result: FAILED. 0 passed' "$tmpfile" || ( echo "expected ALL tests to fail but at least one passed; the passing tests must be un-#[ignore]-d" && exit 1 ) | |
- name: prevent the cache from growing too large | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
compliance-tests-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "compliance-tests" | |
workspaces: | | |
test-framework | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: clippy sudo-test | |
working-directory: test-framework | |
run: cargo clippy -p sudo-test --no-deps -- --deny warnings | |
- name: clippy compliance-tests | |
working-directory: test-framework | |
run: cargo clippy -p sudo-compliance-tests --tests --no-deps -- --deny warnings | |
- name: Check that all ignored tests are linked to a GH issue | |
working-directory: test-framework/sudo-compliance-tests | |
run: | | |
grep -r '#\[ignore' ./src | grep -v -e '"gh' -e '"wontfix"' && echo 'found ignored tests not linked to a GitHub issue. please like them using the format #[ignore = "gh123"]' && exit 1; true | |
build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install llvm-tools component | |
run: rustup component add llvm-tools | |
- name: Add cargo-llvm-cov | |
uses: taiki-e/install-action@a22e1808bbd53573c0b897cc089c64643401af7d | |
with: | |
tool: cargo-llvm-cov | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install libpam0g-dev | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "stable" | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Build | |
run: cargo build --workspace --all-targets --all-features --release | |
- name: Run tests | |
run: cargo llvm-cov --workspace --all-features --all-targets --release --lcov --output-path lcov.info | |
- name: Upload code coverage | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
files: lcov.info | |
build-and-test-minimal: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install nightly rust | |
run: | | |
rustup set profile minimal | |
rustup override set nightly | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install libpam0g-dev | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "nightly" | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Update to minimal direct dependencies | |
run: cargo update -Zdirect-minimal-versions | |
- name: Build | |
run: cargo build --workspace --all-targets --all-features --release | |
- name: Run tests | |
run: cargo test --workspace --all-features --all-targets --release | |
build-and-test-msrv: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install rust 1.70 | |
run: rustup override set 1.70 | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install libpam0g-dev | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "msrv" | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Build | |
run: cargo build --workspace --all-targets --all-features --release | |
- name: Run tests | |
run: cargo test --workspace --all-features --all-targets --release | |
miri: | |
needs: build-and-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install nightly rust and miri | |
run: | | |
rustup set profile minimal | |
rustup override set nightly | |
rustup component add miri | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install libpam0g-dev | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: miri | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Run tests | |
run: cargo miri test --workspace --all-features miri | |
check-bindings: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install libpam0g-dev | |
- name: Install rust-bindgen | |
uses: taiki-e/install-action@a22e1808bbd53573c0b897cc089c64643401af7d | |
with: | |
tool: [email protected] | |
- name: Install cargo-minify | |
run: cargo install --locked --git https://github.com/tweedegolf/cargo-minify cargo-minify | |
- name: Regenerate bindings | |
run: make -B pam-sys | |
- name: Check for differences | |
run: git diff --exit-code | |
format: | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Run rustfmt | |
run: cargo fmt --all -- --check | |
clippy: | |
needs: format | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "stable" | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Run clippy | |
run: cargo clippy --no-deps --all-targets --all-features -- --deny warnings | |
docs: | |
needs: clippy | |
runs-on: ubuntu-latest | |
env: | |
RUSTDOCFLAGS: "-D warnings" | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Rust Cache | |
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
with: | |
shared-key: "stable" | |
- name: Register rust problem matcher | |
run: echo "::add-matcher::.github/problem-matchers/rust.json" | |
- name: Build docs | |
run: cargo doc --no-deps --document-private-items --all-features | |
audit: | |
needs: clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install cargo-audit | |
uses: taiki-e/install-action@a22e1808bbd53573c0b897cc089c64643401af7d | |
with: | |
tool: cargo-audit | |
- name: Run audit | |
run: cargo audit |