Skip to content

Merge pull request #98 from rprasanth/master #89

Merge pull request #98 from rprasanth/master

Merge pull request #98 from rprasanth/master #89

Workflow file for this run

name: "CI DEB"
on:
push:
branches-ignore:
- coverity_scan
pull_request:
env:
DEBIAN_FRONTEND: noninteractive
CI: 1
CI_TEST_USER: tapioca
CI_TEST_PASS: queijo
GH_ACTIONS: 1
jobs:
pre-ci:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
deb-build:
# If branch protection is in place with status checks enabled, ensure
# names are updated if new matrix entries are added or the name format
# changes.
name: "DEB Build (${{ matrix.env.NAME }})"
needs: pre-ci
if: ${{ needs.pre-ci.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
container:
image: ${{ matrix.env.OS }}
strategy:
fail-fast: false
matrix:
env:
- { "NAME": "ubuntu20", "OS": "ubuntu:20.04", "DIST": "ubuntu" }
- { "NAME": "ubuntu22", "OS": "ubuntu:22.04", "DIST": "ubuntu" }
- { "NAME": "ubuntu24", "OS": "ubuntu:24.04", "DIST": "ubuntu" }
- { "NAME": "debian10", "OS": "debian:10", "DIST": "debian" }
- { "NAME": "debian11", "OS": "debian:11", "DIST": "debian" }
- { "NAME": "debian12", "OS": "debian:12", "DIST": "debian" }
steps:
- name: "Package manager performance improvements"
run: |
sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup'
- name: "Install prerequisites"
run: |
apt-get update
apt-get install -y --no-install-recommends \
build-essential \
devscripts \
equivs \
fakeroot \
quilt \
libpam0g-dev
- uses: actions/checkout@v4
with:
lfs: false
path: pam_radius
- name: "Install build dependencies"
working-directory: pam_radius
run: |
mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
- name: "Build pam_radius packages"
working-directory: pam_radius
run: |
make deb
- name: "Install pam_radius package"
run: |
echo "#######################################################"
echo "# Install package"
dpkg -i libpam-radius-auth_*.deb
echo "#######################################################"
echo "# Show package info"
dpkg -s libpam-radius-auth
echo "#######################################################"
echo "# List package contents"
dpkg -L libpam-radius-auth
- name: "Create test user"
run: |
useradd -d /tmp ${CI_TEST_USER}
id ${CI_TEST_USER}
- name: "Install packages for testing"
run: |
apt-get update
apt-get install -y --no-install-recommends \
freeradius \
freeradius-utils \
freeradius-config \
openssh-server \
rsyslog \
sshpass
- name: "Setup FreeRADIUS, sshd, rsyslog and PAM"
working-directory: pam_radius
run: |
echo "#######################################################"
echo "# Kill services"
pkill -9 rsyslogd || :
pkill -9 freeradius || :
pkill -9 sshd || :
echo "#######################################################"
echo "# Run setup scripts"
export CI_TEST_USER="$CI_TEST_USER" CI_TEST_PASS="$CI_TEST_PASS"
for FILE in setup-rsyslog.sh setup-pam_radius.sh setup-freeradius.sh setup-sshd.sh; do
SCRIPT="${PWD}/scripts/ci/$FILE"
echo "Calling $FILE"
$SCRIPT
done
echo "#######################################################"
echo "# Start services"
/usr/sbin/rsyslogd
/usr/sbin/sshd
/usr/sbin/freeradius
echo "#######################################################"
echo "# Show processes"
ps -ef
- name: "Show config files"
run: |
for FILE in \
/etc/ssh/sshd_config \
/etc/pam.d/sshd \
/etc/pam_radius_auth.conf
do
echo "#####################################################"
echo "# $FILE"
echo
cat "$FILE"
echo
done
- name: "Positive authentication tests"
run: |
: > /var/log/auth.log
radtest -x "$CI_TEST_USER" "$CI_TEST_PASS" localhost 0 testing123
sshpass -p "${CI_TEST_PASS}" -v \
/usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \
"echo 'User logged in successfully' > /tmp/OK"
cat /tmp/OK
grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log
! grep -q "pam_radius_auth: authentication failed" /var/log/auth.log
- name: "Show positive auth logs"
run: |
cat -n /var/log/auth.log
- name: "Negative authentication tests"
run: |
: > /var/log/auth.log
if radtest -x "$CI_TEST_USER" "not$CI_TEST_PASS" localhost 0 testing123; then
echo "Something bad happened - this radtest authentication should have failed"
exit 1
fi
if sshpass -p "not$CI_TEST_PASS" -v \
/usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost \
"echo NOTOK > /tmp/NOTOK"; then
echo "Something bad happened - this ssh authentication should have failed"
exit 1
fi
grep -q "pam_radius_auth: authentication failed" /var/log/auth.log
! grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log
- name: "Show negative auth logs"
if: ${{ success() || failure() }}
run: |
cat -n /var/log/auth.log
#
# If the CI has failed and the branch is ci-debug then we start a tmate
# session to provide interactive shell access to the session.
#
# The SSH rendezvous point will be emitted continuously in the job output,
# which will look something like:
#
# SSH: ssh [email protected]
#
# For example:
#
# git push origin ci-debug --force
#
# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions
#
# ssh [email protected]
#
# Access requires that you have the private key corresponding to the
# public key of the GitHub user that initiated the job.
#
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}