Cleanup #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
jobs: | |
test: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-22.04 | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Checks-out repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Enable cache | |
uses: actions/cache@v4 | |
with: | |
path: $GITHUB_WORKSPACE/cache | |
key: cache | |
- name: Prepare directories | |
run: | | |
sudo mkdir -p "$GITHUB_WORKSPACE/cache/apt" | |
sudo mkdir -p "$GITHUB_WORKSPACE/cache/certs" | |
sudo mkdir -p "$GITHUB_WORKSPACE/cache/bin" | |
sudo chown -R 2000:root "$GITHUB_WORKSPACE/cache/apt" | |
sudo chown -R 2000:root "$GITHUB_WORKSPACE/cache/certs" | |
sudo chown -R $(id -u) "$GITHUB_WORKSPACE/cache/bin" | |
sudo chmod g+w "$GITHUB_WORKSPACE/cache" | |
sudo chown $(id -u) "$GITHUB_WORKSPACE/cache" | |
- name: Start apt proxy | |
run: | | |
docker run --rm -d --expose 443 --expose 80 --pull always \ | |
--name apt-front \ | |
--read-only \ | |
--cap-drop=ALL \ | |
--cap-add=CAP_NET_BIND_SERVICE \ | |
--env TLS_AUTO=ignore_loaded_certs \ | |
--env TLS=internal \ | |
--env IS_PROXY=true \ | |
--env DOMAIN=apt-front.local \ | |
--env PORT=443 \ | |
--env PORT_HTTP=80 \ | |
--env ADDITIONAL_DOMAINS=*.debian.org \ | |
--volume "$GITHUB_WORKSPACE/cache/certs":/certs \ | |
--volume "$GITHUB_WORKSPACE/cache/apt":/data \ | |
docker.io/dubodubonduponey/aptutil:bullseye-2021-08-01 | |
- name: test | |
run: | | |
# Set the path and install the tools | |
export PATH="$HOME/bin:$PATH" | |
./hack/helpers/install-tools.sh | |
# Start buildkit | |
bkaddr="$(./hack/helpers/start-buildkit.sh 2>/dev/null)" | |
# Sanity check | |
echo "Sanity checks" | |
cue version | |
hadolint --version | |
shellcheck --version | |
buildctl --version | |
buildctl --addr "$bkaddr" debug workers | |
docker logs --tail 200 apt-front | |
# Lint | |
./hack/lint.sh | |
# Test, with our injected proxy and environment | |
./hack/test.sh \ | |
--inject bk="$bkaddr" \ | |
--inject ip="$(docker inspect apt-front | jq -rc .[0].NetworkSettings.Networks.bridge.IPAddress)" \ | |
--inject trust="$(sudo cat "$GITHUB_WORKSPACE/cache/certs/pki/authorities/local/root.crt")" \ | |
".github/workflows/environment.cue" |