Skip to content

Restore selinux context when replacing config files #2518

Restore selinux context when replacing config files

Restore selinux context when replacing config files #2518

Workflow file for this run

name: CI
on:
pull_request:
schedule:
- cron: '0 20 * * *' # Every day at 12pm PST (UTC-8)
env:
BUILD_TYPE: Release
MOUNT: /azure-osconfig
REGISTRY: ghcr.io
jobs:
create-ci-matrix:
name: Build CI distro matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.get-matrix.outputs.matrix }}
steps:
- name: Get matrix
id: get-matrix
run: |
matrix="$(cat <<'EOL'
[
{ "name": "almalinux-9", "arch": "amd64", "tag": "latest" },
{ "name": "amazonlinux-2", "arch": "amd64", "tag": "latest" },
{ "name": "centos-7", "arch": "amd64", "tag": "latest" },
{ "name": "centos-8", "arch": "amd64", "tag": "latest" },
{ "name": "debian-10", "arch": "amd64", "tag": "latest" },
{ "name": "debian-11", "arch": "amd64", "tag": "latest" },
{ "name": "debian-12", "arch": "amd64", "tag": "latest" },
{ "name": "mariner-2", "arch": "amd64", "tag": "latest" },
{ "name": "oraclelinux-7", "arch": "amd64", "tag": "latest" },
{ "name": "oraclelinux-8", "arch": "amd64", "tag": "latest" },
{ "name": "rhel-7", "arch": "amd64", "tag": "latest" },
{ "name": "rhel-8", "arch": "amd64", "tag": "latest" },
{ "name": "rhel-9", "arch": "amd64", "tag": "latest" },
{ "name": "sles-15", "arch": "amd64", "tag": "latest" },
{ "name": "ubuntu-20.04", "arch": "amd64", "tag": "latest" },
{ "name": "ubuntu-22.04", "arch": "amd64", "tag": "latest" }
]
EOL
)"
# Skip ARM64 CI builds for now
#
# arm64Targets="$(cat <<'EOL'
# [
# { "name": "debian-10", "arch": "arm64", "tag": "sha-c689eee" },
# { "name": "debian-11", "arch": "arm64", "tag": "sha-c689eee" },
# { "name": "debian-12", "arch": "arm64", "tag": "sha-db3d4c8" },
# { "name": "ubuntu-20.04", "arch": "arm64", "tag": "sha-c689eee" },
# { "name": "ubuntu-22.04", "arch": "arm64", "tag": "sha-db3d4c8" }
# ]
# EOL
# )"
#
# Add arm64 distros only on scheduled runs to prevent long CI times for PRs
# if [ "${{ github.event_name }}" == "schedule" ]; then
# matrix=$(jq --argjson arm64Targets "$arm64Targets" '. += $arm64Targets' <<< "$matrix")
# fi
echo Distros to perform CI on: $matrix
echo matrix=$matrix >> $GITHUB_OUTPUT
unit-test:
name: Unit test
needs: create-ci-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.create-ci-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
clean: true
- name: Docker login
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
# - name: Setup QEMU
# if: ${{ matrix.target.arch != 'amd64' }}
# uses: docker/setup-qemu-action@v3
- name: Run container
id: container
uses: ./.github/actions/container-run
with:
registry: ${{ env.REGISTRY }}
container: azure/azure-osconfig/${{ matrix.target.name }}-${{ matrix.target.arch }}
mount: ${{ github.workspace }}:${{ env.MOUNT }}
tag: ${{ matrix.target.tag }}
- name: Generate build
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
cmd: |
mkdir build && cd build
cmake ../src -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++" -DCMAKE_build-type=${{ env.BUILD_TYPE }} -Duse_prov_client=ON -Dhsm_type_symm_key=ON -DCOMPILE_WITH_STRICTNESS=ON -DBUILD_TESTS=ON -DBUILD_SAMPLES=ON -DBUILD_ADAPTERS=ON -Duse_default_uuid=ON
- name: Build azure-osconfig
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
working-directory: ${{ env.MOUNT }}/build
cmd: cmake --build . --config ${{ env.BUILD_TYPE }} --parallel
- name: Run ctest
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
working-directory: ${{ env.MOUNT }}/build
cmd: ctest --verbose > ../${{ matrix.target.name }}-${{ matrix.target.arch }}.log
- name: Generate test report
uses: ./.github/actions/gtest-xml
if: success() || failure()
with:
path: ./build/gtest-output
output: ${{ matrix.target.name }}-${{ matrix.target.arch }}.xml
- uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: unit-test-${{ matrix.target.name }}-${{ matrix.target.arch }}
path: |
${{ matrix.target.name }}-${{ matrix.target.arch }}.log
${{ matrix.target.name }}-${{ matrix.target.arch }}.xml
report:
name: Report
needs: unit-test
runs-on: ubuntu-latest
permissions:
checks: write
pull-requests: write
if: always()
steps:
- name: Download Test Report Artifacts
uses: actions/download-artifact@v4
with:
path: ci-test
pattern: 'unit-test-*'
merge-multiple: true
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
with:
files: 'ci-test/*.xml'