-
Notifications
You must be signed in to change notification settings - Fork 1
138 lines (115 loc) · 5.18 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: ci
on:
push:
pull_request:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
PLATFORMS: linux/amd64
permissions:
packages: write
jobs:
make_check:
runs-on: ubuntu-22.04
steps:
- name: "Checkout sfunnel"
uses: actions/checkout@v4
with:
path: sfunnel
fetch-depth: 0
fetch-tags: 1
- name: "Install deps..."
run: |
sudo add-apt-repository universe
sudo apt-get update
sudo apt-get install -y clang make iproute2 bridge-utils python3 \
python3-scapy python3-pip libbpf-dev \
libelf-dev linux-headers-generic \
linux-libc-dev llvm iptables
sudo pip3 install pytest
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/asm
- name: "Allow test traffic in iptables/nftables"
run: |
sudo iptables -L -n
sudo iptables -t nat -L -n
sudo iptables -I FORWARD -s 11.1.1.1 -j ACCEPT
- name: "Run tests..."
run: cd sfunnel/test && make VERBOSE=1
docker_build_and_publish:
needs: [make_check]
runs-on: ubuntu-22.04
steps:
- name: "Checkout sfunnel"
uses: actions/checkout@v4
with:
path: sfunnel
fetch-depth: 0
fetch-tags: 1
- name: "Set up Docker buildx"
uses: docker/setup-buildx-action@v3
- name: "Login to GitHub Container Registry (ghcr.io)"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
- name: "Build container"
run: |
#Cross-build
cd sfunnel
echo "Fix mess with tags in actions/checkout..."
git fetch -f && git fetch -f --tags
docker buildx build --platform ${PLATFORMS} -t sfunnel --build-arg VERSION="$(git describe)" --build-arg COMMIT="${GITHUB_SHA}" --load -f docker/Dockerfile .
- name: "[TEST] Run container with default ruleset..."
run: |
set -o pipefail
docker run --privileged sfunnel:latest 2>&1 | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "Using default ruleset" output || (echo "ERROR: unable to validate it loads default ruleset" && exit 1)
- name: "[TEST] Run container with custom ruleset file..."
run: |
RULE="ip saddr 127.0.0.1 udp dport 80 actions unfunnel udp"
echo "$RULE" > ruleset
set -o pipefail
docker run --privileged -v `pwd`/ruleset:/opt/sfunnel/src/ruleset 2>&1 sfunnel:latest | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
grep "$RULE" output || (echo "ERROR: unable to validate it loads custom file ruleset" && exit 1)
- name: "[TEST] Run container with custom ruleset via SFUNNEL_RULESET..."
run: |
RULE="ip saddr 127.0.0.2 udp dport 80 actions unfunnel udp" #Should override ruleset file with 127.0.0.1
set -o pipefail
docker run -e SFUNNEL_RULESET="$RULE" --privileged -v `pwd`/ruleset:/opt/sfunnel/src/ruleset sfunnel:latest 2>&1 | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "SFUNNEL_RULESET='$RULE'" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
grep "Compiling sfunnel with custom ruleset" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
grep "$RULE" output || (echo "ERROR: unable to validate it loads custom ruleset via SFUNNEL_RULESET" && exit 1)
- name: "[TEST] Run container with custom params ..."
run: |
set -o pipefail
docker run -e N_ATTEMPTS=7 -e RETRY_DELAY=3 -e IFACES="lo" --privileged sfunnel:latest 2>&1 | tee output
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "ERROR: container execution FAILED!"
exit 1
fi
grep "\$N_ATTEMPTS='7'" output || (echo "ERROR: unable to validate it loads params (N_ATTEMPTS)" && exit 1)
grep "\$RETRY_DELAY='3'" output || (echo "ERROR: unable to validate it loads params (RETRY_DELAY)" && exit 1)
grep "\$IFACES='lo'" output || (echo "ERROR: unable to validate it loads params (IFACES)" && exit 1)
- name: "Push to ghcr"
run: |
cd sfunnel
export TAG=$(git describe HEAD | sed 's/-.*$//g' | tr -d "v")
export EXACT_TAG=$(git describe --exact-match --match "v*" || echo "")
echo "TAG=${TAG}, EXACT_TAG=${EXACT_TAG}"
if [[ "${EXACT_TAG}" != "" ]]; then
echo "Pushing to ghcr.io..."
docker buildx build --platform ${PLATFORMS} --push -f docker/Dockerfile . --tag ghcr.io/${GITHUB_REPOSITORY}:${TAG}
fi