From 03ee2773a2d11a7d6caddbf882ab1a9252ce2b83 Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Tue, 29 Oct 2024 12:29:18 +0100 Subject: [PATCH 1/5] ci: Add gotestsum workflow --- .github/workflows/gotestsum.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/gotestsum.yaml diff --git a/.github/workflows/gotestsum.yaml b/.github/workflows/gotestsum.yaml new file mode 100644 index 000000000..472aa8a10 --- /dev/null +++ b/.github/workflows/gotestsum.yaml @@ -0,0 +1,27 @@ +name: Run Go tests with human-readable output + +# Run this workflow on pushes to the main branch, on tags, and on pull requests. +on: + push: + branches: + - main + tags: + - "*" + pull_request: + +env: + GO_TESTS_TIMEOUT: 20m + +jobs: + go-tests: + name: "Go: Tests" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + - name: Install gotestsum + run: go install go install gotest.tools/gotestsum@latest + - name: Run tests with gotestsum + run: gotestsum --junitfile unit-tests.xml --format github-actions From d891f1ab5e648f194c974f81cf0cb1a4191786fc Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Tue, 29 Oct 2024 12:30:55 +0100 Subject: [PATCH 2/5] XXX: Temporarily remove QA checks for faster CI runs --- .github/workflows/cla-check.yaml | 12 -- .github/workflows/git.yml | 12 -- .github/workflows/qa.yaml | 268 ------------------------------- 3 files changed, 292 deletions(-) delete mode 100644 .github/workflows/cla-check.yaml delete mode 100644 .github/workflows/git.yml delete mode 100644 .github/workflows/qa.yaml diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml deleted file mode 100644 index 32aca7f84..000000000 --- a/.github/workflows/cla-check.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: Check if CLA is signed -on: [pull_request_target] - -jobs: - cla-check: - name: Check if CLA is signed - runs-on: ubuntu-latest - steps: - - name: Check if CLA signed - uses: canonical/has-signed-canonical-cla@v1 - with: - accept-existing-contributors: true diff --git a/.github/workflows/git.yml b/.github/workflows/git.yml deleted file mode 100644 index e3f3a5cfc..000000000 --- a/.github/workflows/git.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Git Checks - -on: [pull_request] - -jobs: - block-fixup: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Block Fixup Commit Merge - uses: 13rac1/block-fixup-merge-action@v2.0.0 diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml deleted file mode 100644 index 6218cadb4..000000000 --- a/.github/workflows/qa.yaml +++ /dev/null @@ -1,268 +0,0 @@ -name: QA & sanity checks -on: - push: - branches: - - main - tags: - - "*" - pull_request: - -env: - DEBIAN_FRONTEND: noninteractive - GO_TESTS_TIMEOUT: 20m - apt_deps: >- - libpam-dev - libglib2.0-dev - libpwquality-dev - - test_apt_deps: >- - cracklib-runtime - ffmpeg - - # In Rust the grpc stubs are generated at build time - # so we always need to install the protobuf compilers - # when building the NSS crate. - protobuf_compilers: >- - protobuf-compiler - -jobs: - go-sanity: - name: "Go: Code sanity" - runs-on: ubuntu-latest - steps: - - name: Install dependencies - run: | - sudo apt update - sudo apt install -y ${{ env.apt_deps }} - - uses: actions/checkout@v4 - - name: Go code sanity check - uses: canonical/desktop-engineering/gh-actions/go/code-sanity@main - with: - golangci-lint-configfile: ".golangci.yaml" - tools-directory: "tools" - - name: Build cmd/authd with withexamplebroker tag - run: | - set -eu - go build -tags withexamplebroker ./cmd/authd - - name: Run PAM client for interactive testing purposes - run: | - set -eu - go run -tags withpamrunner ./pam/tools/pam-runner login --exec-debug - - name: Generate PAM module - run: | - set -eu - find pam -name '*.so' -print -delete - go generate -C pam -x - test -e pam/pam_authd.so - test -e pam/go-exec/pam_authd_exec.so - - name: Generate PAM module with pam_debug tag - run: | - set -eu - find pam -name '*.so' -print -delete - go generate -C pam -x -tags pam_debug - test -e pam/pam_authd.so - test -e pam/go-exec/pam_authd_exec.so - - rust-sanity: - name: "Rust: Code sanity" - runs-on: ubuntu-latest - steps: - - name: Install dependencies - run: | - sudo apt update - sudo apt install -y ${{ env.apt_deps }} ${{ env.protobuf_compilers}} - - uses: actions/checkout@v4 - - name: Rust code sanity check - uses: canonical/desktop-engineering/gh-actions/rust/code-sanity@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - - c-sanity: - name: "C Code sanity" - runs-on: ubuntu-latest - env: - CFLAGS: "-Werror" - steps: - - name: Install dependencies - run: | - set -eu - - sudo apt update - sudo apt install -y ${{ env.apt_deps }} clang-tools clang - - name: Prepare report dir - run: | - set -eu - - scan_build_dir=$(mktemp -d --tmpdir scan-build-dir-XXXXXX) - echo SCAN_BUILD_REPORTS_PATH="${scan_build_dir}" >> $GITHUB_ENV - - uses: actions/checkout@v4 - - name: Run scan build on GDM extensions - run: | - set -eu - - scan-build -v -o "${SCAN_BUILD_REPORTS_PATH}" clang ${CFLAGS} \ - -Wno-gnu-variable-sized-type-not-at-end \ - pam/internal/gdm/extension.h - - name: Run scan build on go-exec module - run: | - set -eu - - scan-build -v -o "${SCAN_BUILD_REPORTS_PATH}" clang ${CFLAGS} \ - -DAUTHD_TEST_MODULE=1 \ - $(pkg-config --cflags --libs gio-unix-2.0 gio-2.0) \ - -lpam -shared -fPIC \ - pam/go-exec/module.c - - name: Upload scan build reports - uses: actions/upload-artifact@v4 - with: - name: authd-${{ github.job }}-artifacts-${{ github.run_attempt }} - path: ${{ env.SCAN_BUILD_REPORTS_PATH }} - - go-tests: - name: "Go: Tests" - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - test: ["coverage", "race", "asan"] - steps: - - name: Install dependencies - run: | - sudo apt update - - # The integration tests build the NSS crate, so we need the cargo build dependencies in order to run them. - sudo apt install -y ${{ env.apt_deps }} ${{ env.protobuf_compilers}} ${{ env.test_apt_deps }} - - name: Install PAM and GLib debug symbols - run: | - set -eu - sudo apt-get install ubuntu-dbgsym-keyring -y - echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted universe multiverse - deb http://ddebs.ubuntu.com $(lsb_release -cs)-updates main restricted universe multiverse - deb http://ddebs.ubuntu.com $(lsb_release -cs)-proposed main restricted universe multiverse" | \ - sudo tee -a /etc/apt/sources.list.d/ddebs.list - # Sometimes ddebs archive is stuck, so in case of failure we need to go manual - sudo apt update -y || true - if ! sudo apt install -y libpam-modules-dbgsym libpam0*-dbgsym libglib2.0-0*-dbgsym; then - sudo apt install -y ubuntu-dev-tools - pull-lp-ddebs pam $(lsb_release -cs) - pull-lp-ddebs glib2.0 $(lsb_release -cs) - sudo apt install -y ./libpam0*.ddeb ./libpam-modules*.ddeb ./libglib2.0-0*-dbgsym*.ddeb - sudo apt remove -y ubuntu-dev-tools - sudo apt autoremove -y - fi - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - - name: Install VHS and ttyd for integration tests - run: | - set -eu - go install github.com/charmbracelet/vhs@latest - - # VHS requires ttyd >= 1.7.2 to work properly. - wget https://github.com/tsl0922/ttyd/releases/download/1.7.4/ttyd.x86_64 - chmod +x ttyd.x86_64 - sudo mv ttyd.x86_64 /usr/bin/ttyd - - - name: Install rust - if: matrix.test != 'asan' - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: nightly # We need nightly to enable instrumentation for coverage. - override: true - components: llvm-tools-preview - - name: Install grcov - if: matrix.test == 'coverage' - run: | - set -eu - cargo install grcov - - name: Prepare tests artifacts path - run: | - set -eu - - artifacts_dir=$(mktemp -d --tmpdir authd-test-artifacts-XXXXXX) - echo AUTHD_TEST_ARTIFACTS_PATH="${artifacts_dir}" >> $GITHUB_ENV - - echo ASAN_OPTIONS="log_path=${artifacts_dir}/asan.log:print_stats=true" >> $GITHUB_ENV - - name: Run tests (with coverage collection) - if: matrix.test == 'coverage' - env: - G_DEBUG: "fatal-criticals" - run: | - set -eu - - # The coverage is not written if the output directory does not exist, so we need to create it. - cov_dir="$(pwd)/coverage" - cod_cov_dir="$(pwd)/coverage/codecov" - raw_cov_dir="${cov_dir}/raw" - mkdir -p "${raw_cov_dir}" "${cod_cov_dir}" - - # Overriding the default coverage directory is not an exported flag of go test (yet), so - # we need to override it using the test.gocoverdir flag instead. - #TODO: Update when https://go-review.googlesource.com/c/go/+/456595 is merged. - go test -timeout ${GO_TESTS_TIMEOUT} -cover -covermode=set ./... -coverpkg=./... -shuffle=on -args -test.gocoverdir="${raw_cov_dir}" - - # Convert the raw coverage data into textfmt so we can merge the Rust one into it - go tool covdata textfmt -i="${raw_cov_dir}" -o="${cov_dir}/coverage.out" - - # Append the Rust coverage data to the Go one - cat "${raw_cov_dir}/rust-cov/rust2go_coverage" >>"${cov_dir}/coverage.out" - - # Filter out the testutils package and the pb.go file - grep -v -e "testutils" -e "pb.go" "${cov_dir}/coverage.out" >"${cod_cov_dir}/coverage.out.filtered" - - # Move gcov output to coverage dir - mv "${raw_cov_dir}"/*.gcov "${cod_cov_dir}" - - - name: Run tests (with race detector) - if: matrix.test == 'race' - env: - GO_TESTS_TIMEOUT: 35m - run: | - go test -timeout ${GO_TESTS_TIMEOUT} -race ./... - - - name: Run PAM tests (with Address Sanitizer) - if: matrix.test == 'asan' - env: - # Do not optimize, keep debug symbols and frame pointer for better - # stack trace information in case of ASAN errors. - CGO_CFLAGS: "-O0 -g3 -fno-omit-frame-pointer" - G_DEBUG: "fatal-criticals" - GO_TESTS_TIMEOUT: 30m - # Use these flags to give ASAN a better time to unwind the stack trace - GO_GC_FLAGS: -N -l - run: | - go test -C ./pam/internal -asan -gcflags=all="${GO_GC_FLAGS}" -timeout ${GO_TESTS_TIMEOUT} ./... || exit_code=$? - if [ "${exit_code}" -ne 0 ]; then - cat "${AUTHD_TEST_ARTIFACTS_PATH}"/asan.log* || true - exit ${exit_code} - fi - - pushd ./pam/integration-tests - go test -asan -gcflags=all="${GO_GC_FLAGS}" -c - # FIXME: Suppression may be removed with newer libpam, as the one we ship in ubuntu as some leaks - env LSAN_OPTIONS=suppressions=$(pwd)/lsan.supp \ - ./integration-tests.test \ - -test.timeout ${GO_TESTS_TIMEOUT} \ - || exit_code=$? - popd - - # We're logging to a file, and this is useful for having artifacts, but we still may want to see it in logs: - cat "${AUTHD_TEST_ARTIFACTS_PATH}"/asan.log* || true - - exit ${exit_code} - - - name: Upload coverage to Codecov - if: matrix.test == 'coverage' - uses: codecov/codecov-action@v4 - with: - directory: ./coverage/codecov - token: ${{ secrets.CODECOV_TOKEN }} - - - name: Upload test failures artifacts - if: failure() - uses: actions/upload-artifact@v4 - with: - name: authd-${{ github.job }}-${{ matrix.test }}-artifacts-${{ github.run_attempt }} - path: ${{ env.AUTHD_TEST_ARTIFACTS_PATH }} From 7f149fd33d661e721c6c4d8db38bffdfc71f34b5 Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Tue, 29 Oct 2024 12:41:10 +0100 Subject: [PATCH 3/5] fixup! ci: Add gotestsum workflow --- .github/workflows/gotestsum.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gotestsum.yaml b/.github/workflows/gotestsum.yaml index 472aa8a10..773567895 100644 --- a/.github/workflows/gotestsum.yaml +++ b/.github/workflows/gotestsum.yaml @@ -22,6 +22,6 @@ jobs: with: go-version-file: go.mod - name: Install gotestsum - run: go install go install gotest.tools/gotestsum@latest + run: go install gotest.tools/gotestsum@latest - name: Run tests with gotestsum run: gotestsum --junitfile unit-tests.xml --format github-actions From f5272fb7728987f683713849bc1804eb8d11af4e Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Tue, 29 Oct 2024 14:00:54 +0100 Subject: [PATCH 4/5] ci: Add gotestsum workflow --- .github/workflows/gotestfmt.yaml | 52 ++++++++++++++++++++++++++++++++ .github/workflows/gotestsum.yaml | 2 +- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/gotestfmt.yaml diff --git a/.github/workflows/gotestfmt.yaml b/.github/workflows/gotestfmt.yaml new file mode 100644 index 000000000..65b6c78b1 --- /dev/null +++ b/.github/workflows/gotestfmt.yaml @@ -0,0 +1,52 @@ +name: Run Go tests with gotestfmt + +# Run this workflow on pushes to the main branch, on tags, and on pull requests. +on: + push: + branches: + - main + tags: + - "*" + pull_request: + +env: + GO_TESTS_TIMEOUT: 20m + +jobs: + build: + name: Test + runs-on: ubuntu-latest + steps: + # Checkout your project with git + - name: Checkout + uses: actions/checkout@v4 + + # Install Go on the VM running the action. + - name: Set up Go + uses: actions/setup-go@v5 + + # Install gotestfmt on the VM running the action. + - name: Set up gotestfmt + uses: gotesttools/gotestfmt-action@v2 + with: + # Optional: pass GITHUB_TOKEN to avoid rate limiting. + token: ${{ secrets.GITHUB_TOKEN }} + + # Alternatively, install using go install + - name: Set up gotestfmt + run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest + + # Run tests with nice formatting. Save the original log in /tmp/gotest.log + - name: Run tests + run: | + set -euo pipefail + go test -json -v ./... 2>&1 | tee /tmp/gotest.log | gotestfmt + + # Upload the original go test log as an artifact for later review. + - name: Upload test log + uses: actions/upload-artifact@v4 + if: always() + with: + name: test-log + path: /tmp/gotest.log + if-no-files-found: error \ No newline at end of file diff --git a/.github/workflows/gotestsum.yaml b/.github/workflows/gotestsum.yaml index 773567895..141922eb1 100644 --- a/.github/workflows/gotestsum.yaml +++ b/.github/workflows/gotestsum.yaml @@ -1,4 +1,4 @@ -name: Run Go tests with human-readable output +name: Run Go tests with gotestsum # Run this workflow on pushes to the main branch, on tags, and on pull requests. on: From c636bb0180e4db7b39043292589dfc5731737840 Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Tue, 29 Oct 2024 14:07:42 +0100 Subject: [PATCH 5/5] gotestsum: hide output --- .github/workflows/gotestsum.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gotestsum.yaml b/.github/workflows/gotestsum.yaml index 141922eb1..5e353f1b0 100644 --- a/.github/workflows/gotestsum.yaml +++ b/.github/workflows/gotestsum.yaml @@ -24,4 +24,4 @@ jobs: - name: Install gotestsum run: go install gotest.tools/gotestsum@latest - name: Run tests with gotestsum - run: gotestsum --junitfile unit-tests.xml --format github-actions + run: gotestsum --junitfile unit-tests.xml --format github-actions --hide-summary=output