mirror of https://github.com/trailofbits/algo
Github Actions (#1681)
parent
eb40ade096
commit
53dfc570eb
@ -0,0 +1,160 @@
|
||||
name: Main
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: actions/setup-python@v1
|
||||
with:
|
||||
python-version: '3.7'
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt update -y
|
||||
python -m pip install --upgrade pip
|
||||
pip install -r requirements.txt
|
||||
sudo snap install shellcheck
|
||||
pip install ansible-lint
|
||||
|
||||
- name: Checks and linters
|
||||
run: |
|
||||
/snap/bin/shellcheck algo install.sh
|
||||
ansible-playbook main.yml --syntax-check
|
||||
ansible-lint -v *.yml roles/{local,cloud-*}/*/*.yml
|
||||
|
||||
scripted-deploy:
|
||||
runs-on: ubuntu-16.04
|
||||
strategy:
|
||||
matrix:
|
||||
UBUNTU_VERSION: ["18.04", "19.04", "19.10"]
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: actions/setup-python@v1
|
||||
with:
|
||||
python-version: '3.7'
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt update -y
|
||||
sudo add-apt-repository -yu ppa:wireguard/wireguard
|
||||
sudo apt install -y \
|
||||
python3-pip \
|
||||
lxd \
|
||||
expect-dev \
|
||||
debootstrap \
|
||||
tree \
|
||||
bridge-utils \
|
||||
dnsutils \
|
||||
build-essential \
|
||||
libssl-dev \
|
||||
libffi-dev \
|
||||
python3-dev \
|
||||
linux-headers-$(uname -r) \
|
||||
wireguard \
|
||||
libxml2-utils \
|
||||
crudini \
|
||||
fping \
|
||||
strongswan \
|
||||
libstrongswan-standard-plugins \
|
||||
resolvconf
|
||||
|
||||
python3 -m pip install --upgrade pip
|
||||
python3 -m pip install -r requirements.txt
|
||||
|
||||
- name: Provision
|
||||
env:
|
||||
DEPLOY: cloud-init
|
||||
UBUNTU_VERSION: ${{ matrix.UBUNTU_VERSION }}
|
||||
run: |
|
||||
ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
|
||||
# sed -i "s/^reduce_mtu:\s0$/reduce_mtu: 80/" config.cfg
|
||||
sudo -E ./tests/pre-deploy.sh
|
||||
|
||||
- name: Deployment
|
||||
run: |
|
||||
until sudo lxc exec algo -- test -f /var/log/cloud-init-output.log; do echo 'Log file not found, Sleep for 3 seconds'; sleep 3; done
|
||||
( sudo lxc exec algo -- tail -f /var/log/cloud-init-output.log & )
|
||||
until sudo lxc exec algo -- test -f /var/lib/cloud/data/result.json; do
|
||||
echo 'Cloud init is not finished. Sleep for 30 seconds';
|
||||
sleep 30;
|
||||
done
|
||||
sudo lxc exec algo -- test -f /opt/algo/configs/localhost/.config.yml
|
||||
sudo lxc exec algo -- tar zcf /root/algo-configs.tar -C /opt/algo/configs/ .
|
||||
sudo lxc file pull algo/root/algo-configs.tar ./
|
||||
sudo tar -C ./configs -zxf algo-configs.tar
|
||||
|
||||
- name: Tests
|
||||
run: |
|
||||
set -x
|
||||
sudo -E bash -x ./tests/wireguard-client.sh
|
||||
sudo env "PATH=$PATH" ./tests/ipsec-client.sh
|
||||
sudo ./tests/ssh-tunnel.sh
|
||||
|
||||
local-deploy:
|
||||
runs-on: ubuntu-16.04
|
||||
strategy:
|
||||
matrix:
|
||||
UBUNTU_VERSION: ["18.04", "19.04", "19.10"]
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: actions/setup-python@v1
|
||||
with:
|
||||
python-version: '3.7'
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
set -x
|
||||
sudo add-apt-repository -yu ppa:wireguard/wireguard
|
||||
sudo add-apt-repository -yu ppa:ubuntu-lxc/stable
|
||||
sudo apt update -y
|
||||
sudo apt install -y \
|
||||
python3-pip \
|
||||
lxd \
|
||||
expect-dev \
|
||||
debootstrap \
|
||||
tree \
|
||||
bridge-utils \
|
||||
dnsutils \
|
||||
build-essential \
|
||||
libssl-dev \
|
||||
libffi-dev \
|
||||
python3-dev \
|
||||
linux-headers-$(uname -r) \
|
||||
wireguard \
|
||||
libxml2-utils \
|
||||
crudini \
|
||||
fping \
|
||||
strongswan \
|
||||
libstrongswan-standard-plugins \
|
||||
resolvconf
|
||||
|
||||
python3 -m pip install --upgrade pip
|
||||
python3 -m pip install -r requirements.txt
|
||||
|
||||
- name: Provision
|
||||
env:
|
||||
DEPLOY: docker
|
||||
UBUNTU_VERSION: ${{ matrix.UBUNTU_VERSION }}
|
||||
run: |
|
||||
ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
|
||||
sed -i "s/^reduce_mtu:\s0$/reduce_mtu: 80/" config.cfg
|
||||
sudo -E ./tests/pre-deploy.sh
|
||||
|
||||
- name: Deployment
|
||||
env:
|
||||
DEPLOY: docker
|
||||
UBUNTU_VERSION: ${{ matrix.UBUNTU_VERSION }}
|
||||
run: |
|
||||
docker build -t local/algo .
|
||||
./tests/local-deploy.sh
|
||||
./tests/update-users.sh
|
||||
|
||||
- name: Tests
|
||||
run: |
|
||||
set -x
|
||||
sudo bash -x ./tests/wireguard-client.sh
|
||||
sudo env "PATH=$PATH" bash -x ./tests/ipsec-client.sh
|
||||
sudo bash -x ./tests/ssh-tunnel.sh
|
@ -1,129 +0,0 @@
|
||||
---
|
||||
language: python
|
||||
python: "3.7"
|
||||
dist: xenial
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
addons:
|
||||
apt:
|
||||
sources: &default_sources
|
||||
- sourceline: 'ppa:ubuntu-lxc/stable'
|
||||
- sourceline: 'ppa:wireguard/wireguard'
|
||||
packages: &default_packages
|
||||
- python3-pip
|
||||
- lxd
|
||||
- expect-dev
|
||||
- debootstrap
|
||||
- tree
|
||||
- bridge-utils
|
||||
- dnsutils
|
||||
- build-essential
|
||||
- libssl-dev
|
||||
- libffi-dev
|
||||
- python3-dev
|
||||
- linux-headers-$(uname -r)
|
||||
- wireguard
|
||||
- libxml2-utils
|
||||
- crudini
|
||||
- fping
|
||||
- strongswan
|
||||
- libstrongswan-standard-plugins
|
||||
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/lxc/
|
||||
pip: true
|
||||
|
||||
before_cache:
|
||||
- mkdir $HOME/lxc
|
||||
- sudo tar cf $HOME/lxc/cache.tar /var/lib/lxd/images/
|
||||
- sudo chown $USER. $HOME/lxc/cache.tar
|
||||
|
||||
custom_scripts:
|
||||
provisioning: &provisioning
|
||||
- ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
|
||||
- sudo ./tests/pre-deploy.sh
|
||||
- 'sed -i "s/^reduce_mtu:\s0$/reduce_mtu: 20/" config.cfg'
|
||||
tests: &tests
|
||||
- sudo ./tests/wireguard-client.sh
|
||||
- sudo env "PATH=$PATH" ./tests/ipsec-client.sh
|
||||
- sudo ./tests/ssh-tunnel.sh
|
||||
|
||||
stages:
|
||||
- &tests-and-linters
|
||||
stage: Tests
|
||||
name: code checks and linters
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- shellcheck
|
||||
script:
|
||||
- pip install ansible-lint
|
||||
- shellcheck algo install.sh
|
||||
- ansible-playbook main.yml --syntax-check
|
||||
- ansible-lint -v *.yml roles/{local,cloud-*}/*/*.yml
|
||||
|
||||
- &deploy-local
|
||||
stage: Deploy
|
||||
name: local deployment from docker
|
||||
addons:
|
||||
apt:
|
||||
sources: *default_sources
|
||||
packages: *default_packages
|
||||
before_install: *provisioning
|
||||
before_script:
|
||||
- docker build -t travis/algo .
|
||||
- ./tests/local-deploy.sh
|
||||
- ./tests/update-users.sh
|
||||
script: *tests
|
||||
|
||||
- &deploy-cloudinit
|
||||
stage: Deploy
|
||||
name: cloud-init deployment
|
||||
addons:
|
||||
apt:
|
||||
sources: *default_sources
|
||||
packages: *default_packages
|
||||
env: DEPLOY=cloud-init
|
||||
before_install: *provisioning
|
||||
before_script:
|
||||
- until sudo lxc exec algo -- test -f /var/log/cloud-init-output.log; do echo 'Log file not found, Sleep for 3 seconds'; sleep 3; done
|
||||
- ( sudo lxc exec algo -- tail -f /var/log/cloud-init-output.log & )
|
||||
- |
|
||||
until sudo lxc exec algo -- test -f /var/lib/cloud/data/result.json; do
|
||||
echo 'Cloud init is not finished. Sleep for 30 seconds';
|
||||
sleep 30;
|
||||
done
|
||||
- sudo lxc exec algo -- test -f /opt/algo/configs/localhost/.config.yml
|
||||
- sudo lxc exec algo -- tar zcf /root/algo-configs.tar -C /opt/algo/configs/ .
|
||||
- sudo lxc file pull algo/root/algo-configs.tar ./
|
||||
- sudo tar -C ./configs -zxf algo-configs.tar
|
||||
script: *tests
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
include:
|
||||
- <<: *tests-and-linters
|
||||
- <<: *deploy-local
|
||||
name: 'Ubuntu 18.04: local deployment from docker'
|
||||
env: DEPLOY=docker UBUNTU_VERSION=18.04
|
||||
- <<: *deploy-local
|
||||
name: 'Ubuntu 19.04: local deployment from docker'
|
||||
env: DEPLOY=docker UBUNTU_VERSION=19.04
|
||||
- <<: *deploy-local
|
||||
name: 'Ubuntu 19.10: local deployment from docker'
|
||||
env: DEPLOY=docker UBUNTU_VERSION=19.10
|
||||
- <<: *deploy-cloudinit
|
||||
name: 'Ubuntu 18.04: cloud-init deployment'
|
||||
env: DEPLOY=cloud-init UBUNTU_VERSION=18.04
|
||||
- <<: *deploy-cloudinit
|
||||
name: 'Ubuntu 19.04: cloud-init deployment'
|
||||
env: DEPLOY=cloud-init UBUNTU_VERSION=19.04
|
||||
- <<: *deploy-cloudinit
|
||||
name: 'Ubuntu 19.10: cloud-init deployment'
|
||||
env: DEPLOY=cloud-init UBUNTU_VERSION=19.10
|
||||
|
||||
notifications:
|
||||
email: false
|
Loading…
Reference in New Issue