Pam random cleanups and fixes #762
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: QA & sanity checks | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| pull_request: | |
| env: | |
| apt_deps: >- | |
| libpam0g-dev | |
| test_apt_deps: >- | |
| ffmpeg | |
| # In Rust the grpc stubs are generated at build time | |
| # so we always need to install the protobuf compilers | |
| # when building the NSS crate. | |
| protobuf_compilers: >- | |
| protobuf-compiler | |
| jobs: | |
| go-sanity: | |
| name: "Go: Code sanity" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt install -y ${{ env.apt_deps }} | |
| - uses: actions/checkout@v4 | |
| - name: Go code sanity check | |
| uses: canonical/desktop-engineering/gh-actions/go/code-sanity@main | |
| with: | |
| golangci-lint-configfile: ".golangci.yaml" | |
| tools-directory: "tools" | |
| env: | |
| # The PAM module generator relies on this environment variable to define the output directory for the modules. | |
| # If it does not exist, it uses a default value but emits a warning which fails the action so we need to | |
| # define the variable for the action to pass successfully. | |
| AUTHD_PAM_MODULES_PATH: "/tmp/authd_pam_modules" | |
| - name: Build cmd/authd with withexamplebroker tag | |
| run: | | |
| set -eu | |
| go build -tags withexamplebroker ./cmd/authd | |
| - name: Generate PAM module | |
| run: | | |
| set -eu | |
| find pam -name '*.so' -print -delete | |
| go generate -C pam -x | |
| test -e pam/pam_authd.so | |
| test -e pam/go-loader/pam_go_loader.so | |
| - name: Generate PAM module with pam_debug tag | |
| run: | | |
| set -eu | |
| find pam -name '*.so' -print -delete | |
| go generate -C pam -x -tags pam_debug | |
| test -e pam/pam_authd.so | |
| test -e pam/go-loader/pam_go_loader.so | |
| rust-sanity: | |
| name: "Rust: Code sanity" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt update | |
| sudo DEBIAN_FRONTEND=noninteractive apt install -y ${{ env.apt_deps }} ${{ env.protobuf_compilers}} | |
| - uses: actions/checkout@v4 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| components: rustfmt, clippy | |
| - name: Build crate | |
| uses: actions-rs/cargo@v1 | |
| with: | |
| command: build | |
| args: --all-features | |
| - name: Check code format with rustfmt | |
| uses: actions-rs/cargo@v1 | |
| with: | |
| command: fmt | |
| - name: Check code format with clippy | |
| uses: actions-rs/clippy-check@v1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| args: --all-features | |
| go-tests: | |
| name: "Go: Tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo DEBIAN_FRONTEND=noninteractive apt update | |
| # The integration tests build the NSS crate, so we need the cargo build dependencies in order to run them. | |
| sudo DEBIAN_FRONTEND=noninteractive apt install -y ${{ env.apt_deps }} ${{ env.protobuf_compilers}} ${{ env.test_apt_deps }} | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install VHS and ttyd for integration tests | |
| run: | | |
| set -eu | |
| go install github.com/charmbracelet/vhs@latest | |
| # VHS requires ttyd >= 1.7.2 to work properly. | |
| wget https://github.com/tsl0922/ttyd/releases/download/1.7.4/ttyd.x86_64 | |
| chmod +x ttyd.x86_64 | |
| sudo mv ttyd.x86_64 /usr/bin/ttyd | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: nightly # We need nightly to enable instrumentation for coverage. | |
| override: true | |
| components: llvm-tools-preview | |
| - name: Install grcov | |
| run: | | |
| set -eu | |
| cargo install grcov | |
| - name: Run tests (with coverage collection) | |
| run: | | |
| set -eu | |
| # The coverage is not written if the output directory does not exist, so we need to create it. | |
| raw_cov_dir="/tmp/raw_files" | |
| rm -fr "${raw_cov_dir}" | |
| mkdir -p "${raw_cov_dir}" | |
| # Overriding the default coverage directory is not an exported flag of go test (yet), so | |
| # we need to override it using the test.gocoverdir flag instead. | |
| #TODO: Update when https://go-review.googlesource.com/c/go/+/456595 is merged. | |
| go test -cover -covermode=set ./... -shuffle=on -args -test.gocoverdir="${raw_cov_dir}" | |
| # Convert the raw coverage data into textfmt so we can merge the Rust one into it | |
| go tool covdata textfmt -i="${raw_cov_dir}" -o="/tmp/coverage.out" | |
| # Append the Rust coverage data to the Go one | |
| cat "${raw_cov_dir}/rust-cov/rust2go_coverage" >>"/tmp/coverage.out" | |
| # Filter out the testutils package and the pb.go file | |
| grep -v -e "testutils" -e "pb.go" "/tmp/coverage.out" >"/tmp/coverage.out.filtered" | |
| - name: Run tests (with race detector) | |
| run: | | |
| go test -race ./... | |
| - name: Run PAM tests (with Address Sanitizer) | |
| env: | |
| # Do not optimize, keep debug symbols and frame pointer for better | |
| # stack trace information in case of ASAN errors. | |
| CGO_CFLAGS: "-O0 -g3 -fno-omit-frame-pointer" | |
| run: | | |
| # Use `-dwarflocationlists` to give ASAN a better time to unwind the stack trace | |
| go test -asan -gcflags="-dwarflocationlists=true" ./pam/pam_test ./pam/gdm/ | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: /tmp/coverage.out.filtered |