-
Notifications
You must be signed in to change notification settings - Fork 1
121 lines (100 loc) · 4.24 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: ci
on:
push:
pull_request:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
PLATFORMS: linux/amd64
permissions:
packages: write
jobs:
make_check:
runs-on: ubuntu-22.04
steps:
- name: "Checkout sfunnel"
uses: actions/checkout@v4
with:
path: sfunnel
fetch-depth: 0
fetch-tags: 1
- name: "Install deps..."
run: |
sudo add-apt-repository universe
sudo apt-get update
sudo apt-get install -y clang make iproute2 bridge-utils python3 \
python3-scapy python3-pip libbpf-dev \
libelf-dev linux-headers-generic \
linux-libc-dev llvm iptables
sudo pip3 install pytest
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/asm
- name: "Allow test traffic in iptables/nftables"
run: |
sudo iptables -L -n
sudo iptables -t nat -L -n
sudo iptables -I FORWARD -s 11.1.1.1 -j ACCEPT
- name: "Run tests..."
run: cd sfunnel/test && make VERBOSE=1
docker_build_and_publish:
needs: [make_check]
runs-on: ubuntu-22.04
steps:
- name: "Checkout sfunnel"
uses: actions/checkout@v4
with:
path: sfunnel
fetch-depth: 0
fetch-tags: 1
- name: "Set up Docker buildx"
uses: docker/setup-buildx-action@v3
- name: "Login to GitHub Container Registry (ghcr.io)"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
- name: "Build container"
run: |
#Cross-build
cd sfunnel
export TAG=$(git describe HEAD | sed 's/-.*$//g' | tr -d "v")
EXACT_TAG=$(git describe --exact-match --match "v*" || echo "")
docker buildx build --platform ${PLATFORMS} -t sfunnel --load -f docker/Dockerfile .
- name: "[TEST] Run container with default ruleset..."
run: |
set -o pipefail
docker run --privileged sfunnel:latest 2>&1 | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "Using default ruleset" output || (echo "ERROR: unable to validate it loads default ruleset" && exit 1)
- name: "[TEST] Run container with custom ruleset file..."
run: |
RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel udp"
echo "$RULE" > ruleset
set -o pipefail
docker run --privileged -v `pwd`/ruleset:/opt/sfunnel/src/ruleset 2>&1 sfunnel:latest | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
grep "$RULE" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
- name: "[TEST] Run container with custom ruleset via SFUNNEL_RULESET..."
run: |
RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel udp" #Should override ruleset file with 127.0.0.1
set -o pipefail
docker run -e SFUNNEL_RULESET="$RULE" --privileged -v `pwd`/ruleset:/opt/sfunnel/src/ruleset sfunnel:latest 2>&1 | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "SFUNNEL_RULESET='$RULE'" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
grep "$RULE" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
- name: "Push to ghcr"
run: |
if [[ "${EXACT_TAG}" != "" ]]; then
echo "Pushing to ghcr.io..."
docker buildx build --platform ${PLATFORMS} --push -f docker/Dockerfile . --tag ghcr.io/${GITHUB_REPOSITORY}:${TAG}
fi