Prepare resources in the GitHub action for test scripts (#220)
--------- Co-authored-by: Jip-Hop <2871973+Jip-Hop@users.noreply.github.com>
This commit is contained in:
parent
9da33ab2b0
commit
2d3ae20cd7
|
@ -16,7 +16,7 @@ on:
|
||||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||||
jobs:
|
jobs:
|
||||||
# This workflow contains a single job called "build"
|
# This workflow contains a single job called "build"
|
||||||
build:
|
test:
|
||||||
# The type of runner that the job will run on
|
# The type of runner that the job will run on
|
||||||
runs-on: ubuntu-24.04
|
runs-on: ubuntu-24.04
|
||||||
|
|
||||||
|
@ -25,6 +25,68 @@ jobs:
|
||||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
# Runs a single command using the runners shell
|
- name: Tune GitHub-hosted runner network
|
||||||
- name: Run a one-line script
|
uses: smorimoto/tune-github-hosted-runner-network@v1
|
||||||
run: sudo ./test/test.sh
|
|
||||||
|
# Create a network namespace in the GitHub-hosted runner VM,
|
||||||
|
# simulating a primary bridge network on TrueNAS SCALE
|
||||||
|
- name: Set up networking resources
|
||||||
|
run: |
|
||||||
|
sudo -s <<END
|
||||||
|
|
||||||
|
systemctl disable systemd-resolved --now
|
||||||
|
rm /etc/resolv.conf
|
||||||
|
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
|
||||||
|
|
||||||
|
apt-get install -qq -y systemd-container
|
||||||
|
|
||||||
|
cat <<NETWORKCONFIG >/etc/systemd/network/10-br1.network
|
||||||
|
[Match]
|
||||||
|
Kind=bridge
|
||||||
|
Name=br1
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
# Default to using a /24 prefix, giving up to 253 addresses per virtual network.
|
||||||
|
Address=0.0.0.0/24
|
||||||
|
LinkLocalAddressing=yes
|
||||||
|
DHCPServer=yes
|
||||||
|
IPMasquerade=both
|
||||||
|
LLDP=yes
|
||||||
|
EmitLLDP=customer-bridge
|
||||||
|
IPv6AcceptRA=no
|
||||||
|
IPv6SendRA=yes
|
||||||
|
NETWORKCONFIG
|
||||||
|
|
||||||
|
systemctl restart systemd-networkd
|
||||||
|
ip link add name br1 type bridge
|
||||||
|
|
||||||
|
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
iptables -I DOCKER-USER -i br1 -o eth0 -j ACCEPT
|
||||||
|
END
|
||||||
|
|
||||||
|
- name: Examine the GitHub-hosted runner environment
|
||||||
|
run: |
|
||||||
|
uname -r
|
||||||
|
cat /etc/os-release
|
||||||
|
python3 --version
|
||||||
|
ip addr
|
||||||
|
|
||||||
|
# # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there
|
||||||
|
# # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b
|
||||||
|
# - name: Create a parent ZFS dataset
|
||||||
|
# run: |
|
||||||
|
# sudo -s <<END
|
||||||
|
# apt-get install -y -qq zfsutils-linux
|
||||||
|
# modinfo zfs | grep version
|
||||||
|
# zfs --version
|
||||||
|
# zpool --version
|
||||||
|
# END
|
||||||
|
|
||||||
|
# Run multiple commands using the runners shell
|
||||||
|
- name: Run the test script
|
||||||
|
env:
|
||||||
|
PYTHONUNBUFFERED: 1
|
||||||
|
run: |
|
||||||
|
sudo chown 0:0 jlmkr.py test/test.sh
|
||||||
|
sudo chmod +x jlmkr.py test/test.sh
|
||||||
|
sudo ./test/test.sh
|
||||||
|
|
30
test/test.sh
30
test/test.sh
|
@ -1,36 +1,12 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
export PYTHONUNBUFFERED=1
|
|
||||||
|
|
||||||
uname -r
|
|
||||||
cat /etc/os-release
|
|
||||||
python3 --version
|
|
||||||
|
|
||||||
apt-get update -qq && apt-get install -qq -y systemd-container
|
|
||||||
|
|
||||||
# # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there
|
|
||||||
# # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b
|
|
||||||
# apt-get install -y -qq zfsutils-linux
|
|
||||||
# modinfo zfs | grep version
|
|
||||||
# zfs --version
|
|
||||||
# zpool --version
|
|
||||||
|
|
||||||
# TODO: create a path and/or zfs pool with a space in it to test if jlmkr.py still works properly when ran from inside
|
# TODO: create a path and/or zfs pool with a space in it to test if jlmkr.py still works properly when ran from inside
|
||||||
# mkdir -p "/tmp/path with space/jailmaker"
|
# mkdir -p "/tmp/path with space/jailmaker"
|
||||||
|
|
||||||
chown 0:0 jlmkr.py
|
# TODO: many more test cases and checking if actual output (text, files on disk etc.) is correct instead of just a 0 exit code
|
||||||
chmod +x jlmkr.py
|
|
||||||
|
|
||||||
# Setup NAT to give the jail access to the outside network
|
|
||||||
# https://wiki.archlinux.org/title/systemd-nspawn#Use_a_virtual_Ethernet_link
|
|
||||||
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
||||||
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
iptables -I DOCKER-USER -i ve-+ -o eth0 -j ACCEPT
|
|
||||||
iptables -A INPUT -i ve-+ -p udp -m udp --dport 67 -j ACCEPT
|
|
||||||
|
|
||||||
# TODO: test jlmkr.py from inside another working directory, with a relative path to a config file to test if it uses the config file (and doesn't look for it relative to the jlmkr.py file itself)
|
# TODO: test jlmkr.py from inside another working directory, with a relative path to a config file to test if it uses the config file (and doesn't look for it relative to the jlmkr.py file itself)
|
||||||
./jlmkr.py create --start --config=./templates/docker/config test --network-veth --system-call-filter='add_key' --system-call-filter='bpf' --system-call-filter='keyctl'
|
|
||||||
./jlmkr.py exec test docker run hello-world
|
|
||||||
|
|
||||||
# TODO: many more test cases and checking if actual output (text, files on disk etc.) is correct instead of just a 0 exit code
|
./jlmkr.py create --start --config=./templates/docker/config test
|
||||||
|
./jlmkr.py exec test docker run hello-world
|
||||||
|
|
Loading…
Reference in New Issue