From 320b34e4762512b718526fe823da3e472670ba49 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Oct 2024 17:53:03 -0700 Subject: [PATCH 01/12] ci/gha: bump ubuntu to 22.04 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e7984e3..1aaf438 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -10,7 +10,7 @@ on: jobs: commit: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 # Only check commits on pull requests. if: github.event_name == 'pull_request' steps: @@ -28,7 +28,7 @@ jobs: error: 'Subject too long (max 72)' lint: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 @@ -50,7 +50,7 @@ jobs: run: codespell cross: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: cross @@ -76,7 +76,7 @@ jobs: matrix: go-version: [1.21.x, 1.22.x] race: ["-race", ""] - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 From f91e1d14568a165cf8a6e6795f206249368ed21b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Oct 2024 18:23:19 -0700 Subject: [PATCH 02/12] pkg/pwalk,pkg/pwalkdir: fix gosec in tests Fix the following gosec warnings in tests by using uint32 everywhere, so we don't have to do a single cast: pkg/pwalk/pwalk_test.go:29:20: G115: integer overflow conversion int -> uint32 (gosec) if count != uint32(total) { ^ pkg/pwalk/pwalk_test.go:73:15: G115: integer overflow conversion int -> uint32 (gosec) max := uint32(total / 2) ^ pkg/pwalk/pwalk_test.go:86:21: G115: integer overflow conversion int -> uint32 (gosec) if count != uint32(total) { ^ pkg/pwalkdir/pwalkdir_test.go:32:20: G115: integer overflow conversion int -> uint32 (gosec) if count != uint32(total) { ^ pkg/pwalkdir/pwalkdir_test.go:76:15: G115: integer overflow conversion int -> uint32 (gosec) max := uint32(total / 2) ^ pkg/pwalkdir/pwalkdir_test.go:89:21: G115: integer overflow conversion int -> uint32 (gosec) if count != uint32(total) { ^ While at it, - switch from atomic op (atomic.AddUint32) to atomic type (atomic.Int32) with methods, which is more error-prone; - rename max to maxFiles as the former is now a built-in function. Signed-off-by: Kir Kolyshkin --- pkg/pwalk/pwalk_test.go | 27 +++++++++++++++------------ pkg/pwalkdir/pwalkdir_test.go | 27 +++++++++++++++------------ 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/pkg/pwalk/pwalk_test.go b/pkg/pwalk/pwalk_test.go index 66f6def..21adce4 100644 --- a/pkg/pwalk/pwalk_test.go +++ b/pkg/pwalk/pwalk_test.go @@ -12,21 +12,22 @@ import ( ) func TestWalk(t *testing.T) { - var count uint32 + var ac atomic.Uint32 concurrency := runtime.NumCPU() * 2 dir, total := prepareTestSet(t, 3, 2, 1) err := WalkN(dir, func(_ string, _ os.FileInfo, _ error) error { - atomic.AddUint32(&count, 1) + ac.Add(1) return nil }, concurrency) if err != nil { t.Errorf("Walk failed: %v", err) } - if count != uint32(total) { + count := ac.Load() + if count != total { t.Errorf("File count mismatch: found %d, expected %d", count, total) } @@ -41,7 +42,7 @@ func TestWalkTopLevelErrNotExistNotIgnored(t *testing.T) { // https://github.com/opencontainers/selinux/issues/199 func TestWalkRaceWithRemoval(t *testing.T) { - var count uint32 + var ac atomic.Uint32 concurrency := runtime.NumCPU() * 2 // This test is still on a best-effort basis, meaning it can still pass // when there is a bug in the code, but the larger the test set is, the @@ -55,10 +56,11 @@ func TestWalkRaceWithRemoval(t *testing.T) { go os.RemoveAll(dir) err := WalkN(dir, func(_ string, _ os.FileInfo, _ error) error { - atomic.AddUint32(&count, 1) + ac.Add(1) return nil }, concurrency) + count := int(ac.Load()) t.Logf("found %d of %d files", count, total) if err != nil { t.Fatalf("expected nil, got %v", err) @@ -66,30 +68,31 @@ func TestWalkRaceWithRemoval(t *testing.T) { } func TestWalkDirManyErrors(t *testing.T) { - var count uint32 + var ac atomic.Uint32 dir, total := prepareTestSet(t, 3, 3, 2) - max := uint32(total / 2) + maxFiles := total / 2 e42 := errors.New("42") err := Walk(dir, func(_ string, _ os.FileInfo, _ error) error { - if atomic.AddUint32(&count, 1) > max { + if ac.Add(1) > maxFiles { return e42 } return nil }) + count := ac.Load() t.Logf("found %d of %d files", count, total) if err == nil { t.Errorf("Walk succeeded, but error is expected") - if count != uint32(total) { + if count != total { t.Errorf("File count mismatch: found %d, expected %d", count, total) } } } -func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) { +func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { for d := 0; d < dirs; d++ { var dir string dir, err = os.MkdirTemp(prefix, "d-") @@ -109,7 +112,7 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) if levels == 0 { continue } - var c int + var c uint32 if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { return } @@ -124,7 +127,7 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) // // Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 // Total files: total_dirs * files -func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total int) { +func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { tb.Helper() var err error diff --git a/pkg/pwalkdir/pwalkdir_test.go b/pkg/pwalkdir/pwalkdir_test.go index 35e7655..7c0aa0f 100644 --- a/pkg/pwalkdir/pwalkdir_test.go +++ b/pkg/pwalkdir/pwalkdir_test.go @@ -16,20 +16,21 @@ import ( ) func TestWalkDir(t *testing.T) { - var count uint32 + var ac atomic.Uint32 concurrency := runtime.NumCPU() * 2 dir, total := prepareTestSet(t, 3, 2, 1) err := WalkN(dir, func(_ string, _ fs.DirEntry, _ error) error { - atomic.AddUint32(&count, 1) + ac.Add(1) return nil }, concurrency) if err != nil { t.Errorf("Walk failed: %v", err) } - if count != uint32(total) { + count := ac.Load() + if count != total { t.Errorf("File count mismatch: found %d, expected %d", count, total) } @@ -45,7 +46,7 @@ func TestWalkDirTopLevelErrNotExistNotIgnored(t *testing.T) { // https://github.com/opencontainers/selinux/issues/199 func TestWalkDirRaceWithRemoval(t *testing.T) { - var count uint32 + var ac atomic.Uint32 concurrency := runtime.NumCPU() * 2 // This test is still on a best-effort basis, meaning it can still pass // when there is a bug in the code, but the larger the test set is, the @@ -59,10 +60,11 @@ func TestWalkDirRaceWithRemoval(t *testing.T) { go os.RemoveAll(dir) err := WalkN(dir, func(_ string, _ fs.DirEntry, _ error) error { - atomic.AddUint32(&count, 1) + ac.Add(1) return nil }, concurrency) + count := ac.Load() t.Logf("found %d of %d files", count, total) if err != nil { t.Fatalf("expected nil, got %v", err) @@ -70,29 +72,30 @@ func TestWalkDirRaceWithRemoval(t *testing.T) { } func TestWalkDirManyErrors(t *testing.T) { - var count uint32 + var ac atomic.Uint32 dir, total := prepareTestSet(t, 3, 3, 2) - max := uint32(total / 2) + maxFiles := total / 2 e42 := errors.New("42") err := Walk(dir, func(_ string, _ fs.DirEntry, _ error) error { - if atomic.AddUint32(&count, 1) > max { + if ac.Add(1) > maxFiles { return e42 } return nil }) + count := ac.Load() t.Logf("found %d of %d files", count, total) if err == nil { t.Error("Walk succeeded, but error is expected") - if count != uint32(total) { + if count != total { t.Errorf("File count mismatch: found %d, expected %d", count, total) } } } -func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) { +func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { for d := 0; d < dirs; d++ { var dir string dir, err = os.MkdirTemp(prefix, "d-") @@ -112,7 +115,7 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) if levels == 0 { continue } - var c int + var c uint32 if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { return } @@ -127,7 +130,7 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) // // Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 // Total files: total_dirs * files -func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total int) { +func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { tb.Helper() var err error From 1b90d80607c45fe602024dbf3b3493f59a22f41b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 10:42:25 -0700 Subject: [PATCH 03/12] go.mod: bump go to 1.21, drop min/max Currently supported go versions are 1.22 and 1.23. Drop min and max functions now, as Go 1.21 has built-in ones. Signed-off-by: Kir Kolyshkin --- go-selinux/selinux_linux.go | 15 --------------- go.mod | 2 +- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index c80c109..e069d6b 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -639,21 +639,6 @@ func (m mlsRange) String() string { return low + "-" + high } -// TODO: remove min and max once Go < 1.21 is not supported. -func max(a, b uint) uint { - if a > b { - return a - } - return b -} - -func min(a, b uint) uint { - if a < b { - return a - } - return b -} - // calculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) // of a source and target range. // The glblub is calculated as the greater of the low sensitivities and diff --git a/go.mod b/go.mod index 56328f1..404b3d1 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,5 @@ module github.com/opencontainers/selinux -go 1.19 +go 1.21 require golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 From 4e984f597b5b79b3e6d3ad28132acf579c4a7e39 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 11:11:07 -0700 Subject: [PATCH 04/12] parseLevelItem: limit to 31 bits, return int Most of parseLevelItem users will cast its result to int. On a 32-bit platform this means we may end up with a negative number. So, let's limit bitSize to 31 in a call to ParseUint, and return int so there are less typecasts in the code. Also, change MLS level to use int, for the same reason (less typecasts). This fixes the following gosec warnings: go-selinux/selinux_linux.go:505:30: G115: integer overflow conversion uint -> int (gosec) bitset.SetBit(bitset, int(i), 1) ^ go-selinux/selinux_linux.go:512:29: G115: integer overflow conversion uint -> int (gosec) bitset.SetBit(bitset, int(cat), 1) ^ go-selinux/selinux_linux.go:626:31: G115: integer overflow conversion uint -> int (gosec) low := "s" + strconv.Itoa(int(m.low.sens)) ^ go-selinux/selinux_linux.go:635:32: G115: integer overflow conversion uint -> int (gosec) high := "s" + strconv.Itoa(int(m.high.sens)) ^ Signed-off-by: Kir Kolyshkin --- go-selinux/selinux_linux.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index e069d6b..32668ee 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -45,7 +45,7 @@ type selinuxState struct { type level struct { cats *big.Int - sens uint + sens int } type mlsRange struct { @@ -501,14 +501,14 @@ func catsToBitset(cats string) (*big.Int, error) { return nil, err } for i := catstart; i <= catend; i++ { - bitset.SetBit(bitset, int(i), 1) + bitset.SetBit(bitset, i, 1) } } else { cat, err := parseLevelItem(ranges[0], category) if err != nil { return nil, err } - bitset.SetBit(bitset, int(cat), 1) + bitset.SetBit(bitset, cat, 1) } } @@ -516,16 +516,17 @@ func catsToBitset(cats string) (*big.Int, error) { } // parseLevelItem parses and verifies that a sensitivity or category are valid -func parseLevelItem(s string, sep levelItem) (uint, error) { +func parseLevelItem(s string, sep levelItem) (int, error) { if len(s) < minSensLen || levelItem(s[0]) != sep { return 0, ErrLevelSyntax } - val, err := strconv.ParseUint(s[1:], 10, 32) + const bitSize = 31 // Make sure the result fits into signed int32. + val, err := strconv.ParseUint(s[1:], 10, bitSize) if err != nil { return 0, err } - return uint(val), nil + return int(val), nil //nolint:gosec } // parseLevel fills a level from a string that contains @@ -622,7 +623,7 @@ func (l *level) equal(l2 *level) bool { // String returns an mlsRange as a string. func (m mlsRange) String() string { - low := "s" + strconv.Itoa(int(m.low.sens)) + low := "s" + strconv.Itoa(m.low.sens) if m.low.cats != nil && m.low.cats.BitLen() > 0 { low += ":" + bitsetToStr(m.low.cats) } @@ -631,7 +632,7 @@ func (m mlsRange) String() string { return low } - high := "s" + strconv.Itoa(int(m.high.sens)) + high := "s" + strconv.Itoa(m.high.sens) if m.high.cats != nil && m.high.cats.BitLen() > 0 { high += ":" + bitsetToStr(m.high.cats) } From 8658896d4dcda330923470bc4b6aeb68f23c7032 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 15:01:43 -0700 Subject: [PATCH 05/12] Silence a SELINUX_MAGIC gosec warning Gosec doesn't like this code: go-selinux/selinux_linux.go:141:11: G115: integer overflow conversion int64 -> uint32 (gosec) if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { ^ But it is correct because - buf.Type is int64 or int32, depending on the platform; - unix.SELINUX_MAGIC is untyped int which overflows int32 (i.e. it becomes negative). So the best type to use here is uint32. Signed-off-by: Kir Kolyshkin --- go-selinux/selinux_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 32668ee..12a83d8 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -138,7 +138,7 @@ func verifySELinuxfsMount(mnt string) bool { return false } - if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { + if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { //nolint:gosec return false } if (buf.Flags & unix.ST_RDONLY) != 0 { From 4f8573cf757ae77aed10528c33db36ba1328b4ec Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 15:10:53 -0700 Subject: [PATCH 06/12] Silence a gosec warning Gosec complains: go-selinux/selinux_linux.go:587:14: G115: integer overflow conversion uint -> int (gosec) for i := int(c.TrailingZeroBits()); i < c.BitLen(); i++ { ^ This is indeed a valid concern in case TrailingZeroBits returns a value which uses a highest bit (i.e. more than MaxInt32 or MaxInt64, depending on the platform). But I think this is highly unlikely. Signed-off-by: Kir Kolyshkin --- go-selinux/selinux_linux.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 12a83d8..08d837d 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -583,7 +583,8 @@ func bitsetToStr(c *big.Int) string { var str string length := 0 - for i := int(c.TrailingZeroBits()); i < c.BitLen(); i++ { + i0 := int(c.TrailingZeroBits()) //nolint:gosec + for i := i0; i < c.BitLen(); i++ { if c.Bit(i) == 0 { continue } From b73456e82f3da5509ab4b7e846825ed4dffc336a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 15:13:07 -0700 Subject: [PATCH 07/12] ci: bump golangci-lint to v1.61 The new version produces the following warnings: WARN [config_reader] The configuration option `linters.govet.check-shadowing` is deprecated. Please enable `shadow` instead, if you are not using `enable-all`. WARN The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar. so fix the configuration accordingly. Note we do not enable copyloopvar since it requires Go 1.22 and we're currently have it set to Go 1.21. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- .golangci.yml | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 1aaf438..1d547e6 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -37,7 +37,7 @@ jobs: cache: false # golangci-lint-action does its own caching - uses: golangci/golangci-lint-action@v6 with: - version: v1.56 + version: v1.61 codespell: runs-on: ubuntu-22.04 @@ -66,7 +66,7 @@ jobs: cache: false # golangci-lint-action does its own caching - uses: golangci/golangci-lint-action@v6 with: - version: v1.56 + version: v1.61 - name: test-stubs run: make test diff --git a/.golangci.yml b/.golangci.yml index a570a2e..9fe4df6 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -6,7 +6,6 @@ linters: enable: - dupword # Detects duplicate words. - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. - - exportloopref # Detects pointers to enclosing loop variables. - gocritic # Metalinter; detects bugs, performance, and styling issues. - gofumpt # Detects whether code was gofumpt-ed. - gosec # Detects security problems. @@ -22,7 +21,6 @@ linters: - unconvert # Detects unnecessary type conversions. linters-settings: govet: - check-shadowing: true enable-all: true settings: shadow: From 66544d520c20c3a1a9661a198dc45a15a82ee749 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 15:35:50 -0700 Subject: [PATCH 08/12] ci: re-add caching for golangci-lint job Since v5, golangci-lint-action relies on actions/setup-go for caching, so remove "cache: false" from actions/setup-go to re-enable caching. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 1d547e6..0417fe2 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -34,7 +34,6 @@ jobs: - uses: actions/setup-go@v5 with: go-version: 1.22.x - cache: false # golangci-lint-action does its own caching - uses: golangci/golangci-lint-action@v6 with: version: v1.61 @@ -63,7 +62,6 @@ jobs: - uses: actions/setup-go@v5 with: go-version: 1.22.x - cache: false # golangci-lint-action does its own caching - uses: golangci/golangci-lint-action@v6 with: version: v1.61 From b015726604c7b6d977d7c624c70fb791f9c3b4bd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 15:37:51 -0700 Subject: [PATCH 09/12] ci: add Go 1.23 to test matrix Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0417fe2..939fca7 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: [1.21.x, 1.22.x] + go-version: [1.21.x, 1.22.x, 1.23.x] race: ["-race", ""] runs-on: ubuntu-22.04 steps: From 078f2925bbce5b67c347dc1ba69c67d25a38c2e0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 16:51:36 -0700 Subject: [PATCH 10/12] ci: add 32-bit test Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 939fca7..bc5ef70 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -88,3 +88,7 @@ jobs: - name: test run: make TESTFLAGS="${{ matrix.race }}" test + + - name: test 32-bit + if: ${{ matrix.race }} == "" # -race is not supported on linux/386 + run: make GOARCH=386 test From f56d30b9a29909937ad1f0838555846f09de5a67 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 17:07:39 -0700 Subject: [PATCH 11/12] ci: add all-done job The sole reason is to simplify branch protection rules, requiring just this one to be passed. I tried but could not find a way to list all other jobs, so had to add all of them manually. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index bc5ef70..40e3aa5 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -92,3 +92,15 @@ jobs: - name: test 32-bit if: ${{ matrix.race }} == "" # -race is not supported on linux/386 run: make GOARCH=386 test + + all-done: + needs: + - commit + - lint + - codespell + - cross + - test-stubs + - test + runs-on: ubuntu-22.04 + steps: + - run: echo "All jobs completed" From cad2b36634ff748c68c1ad2617ff536d5e375812 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Oct 2024 18:32:38 -0700 Subject: [PATCH 12/12] [test] ci: add actuated CI Actuated runners have Ubuntu with SELinux configured, so we can actually run the test cases here (most of which require SELinux enabled). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 59 ++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 40e3aa5..88a1741 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -93,6 +93,64 @@ jobs: if: ${{ matrix.race }} == "" # -race is not supported on linux/386 run: make GOARCH=386 test + test-actuated: + runs-on: actuated-arm64-6cpu-8gb + steps: +# https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md +# vmmeter start + - name: Prepare arkade + uses: alexellis/arkade-get@master + with: + crane: latest + print-summary: false + + - name: Install vmmeter + run: | + crane export --platform linux/arm64 ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin + + - name: Run vmmeter + uses: self-actuated/vmmeter-action@master +# vmmeter end + + - uses: actions/checkout@v4 + + - name: enable selinux + run: | + sudo apt update + sudo apt install -y policycoreutils selinux-basics selinux-policy-default selinux-utils + sudo selinux-activate + #------------ + sestatus + #------------ + + - name: host info + run: | + set -x + # Sync `set -x` outputs with command ouputs + exec 2>&1 + # Version + uname -a + cat /etc/os-release + # SELinux + sestatus + + - name: install Go + uses: actions/setup-go@v5 + with: + go-version: 1.23.x + + - name: build + run: make build + + - name: test + run: make test + + - name: test -race + run: make TESTFLAGS="-race" test + + - name: test 32-bit + run: make GOARCH=arm test + all-done: needs: - commit @@ -101,6 +159,7 @@ jobs: - cross - test-stubs - test + - test-actuated runs-on: ubuntu-22.04 steps: - run: echo "All jobs completed"