Prepare resources in the GitHub action for test scripts (#220)

---------

Co-authored-by: Jip-Hop <2871973+Jip-Hop@users.noreply.github.com>
This commit is contained in:
Jon C. Thomason 2024-07-08 11:59:39 -04:00 committed by GitHub
parent 9da33ab2b0
commit 2d3ae20cd7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 71 additions and 33 deletions

View File

@ -16,7 +16,7 @@ on:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel # A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs: jobs:
# This workflow contains a single job called "build" # This workflow contains a single job called "build"
build: test:
# The type of runner that the job will run on # The type of runner that the job will run on
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
@ -25,6 +25,68 @@ jobs:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4 - uses: actions/checkout@v4
# Runs a single command using the runners shell - name: Tune GitHub-hosted runner network
- name: Run a one-line script uses: smorimoto/tune-github-hosted-runner-network@v1
run: sudo ./test/test.sh
# Create a network namespace in the GitHub-hosted runner VM,
# simulating a primary bridge network on TrueNAS SCALE
- name: Set up networking resources
run: |
sudo -s <<END
systemctl disable systemd-resolved --now
rm /etc/resolv.conf
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
apt-get install -qq -y systemd-container
cat <<NETWORKCONFIG >/etc/systemd/network/10-br1.network
[Match]
Kind=bridge
Name=br1
[Network]
# Default to using a /24 prefix, giving up to 253 addresses per virtual network.
Address=0.0.0.0/24
LinkLocalAddressing=yes
DHCPServer=yes
IPMasquerade=both
LLDP=yes
EmitLLDP=customer-bridge
IPv6AcceptRA=no
IPv6SendRA=yes
NETWORKCONFIG
systemctl restart systemd-networkd
ip link add name br1 type bridge
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I DOCKER-USER -i br1 -o eth0 -j ACCEPT
END
- name: Examine the GitHub-hosted runner environment
run: |
uname -r
cat /etc/os-release
python3 --version
ip addr
# # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there
# # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b
# - name: Create a parent ZFS dataset
# run: |
# sudo -s <<END
# apt-get install -y -qq zfsutils-linux
# modinfo zfs | grep version
# zfs --version
# zpool --version
# END
# Run multiple commands using the runners shell
- name: Run the test script
env:
PYTHONUNBUFFERED: 1
run: |
sudo chown 0:0 jlmkr.py test/test.sh
sudo chmod +x jlmkr.py test/test.sh
sudo ./test/test.sh

View File

@ -1,36 +1,12 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
export PYTHONUNBUFFERED=1
uname -r
cat /etc/os-release
python3 --version
apt-get update -qq && apt-get install -qq -y systemd-container
# # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there
# # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b
# apt-get install -y -qq zfsutils-linux
# modinfo zfs | grep version
# zfs --version
# zpool --version
# TODO: create a path and/or zfs pool with a space in it to test if jlmkr.py still works properly when ran from inside # TODO: create a path and/or zfs pool with a space in it to test if jlmkr.py still works properly when ran from inside
# mkdir -p "/tmp/path with space/jailmaker" # mkdir -p "/tmp/path with space/jailmaker"
chown 0:0 jlmkr.py # TODO: many more test cases and checking if actual output (text, files on disk etc.) is correct instead of just a 0 exit code
chmod +x jlmkr.py
# Setup NAT to give the jail access to the outside network
# https://wiki.archlinux.org/title/systemd-nspawn#Use_a_virtual_Ethernet_link
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I DOCKER-USER -i ve-+ -o eth0 -j ACCEPT
iptables -A INPUT -i ve-+ -p udp -m udp --dport 67 -j ACCEPT
# TODO: test jlmkr.py from inside another working directory, with a relative path to a config file to test if it uses the config file (and doesn't look for it relative to the jlmkr.py file itself) # TODO: test jlmkr.py from inside another working directory, with a relative path to a config file to test if it uses the config file (and doesn't look for it relative to the jlmkr.py file itself)
./jlmkr.py create --start --config=./templates/docker/config test --network-veth --system-call-filter='add_key' --system-call-filter='bpf' --system-call-filter='keyctl'
./jlmkr.py exec test docker run hello-world
# TODO: many more test cases and checking if actual output (text, files on disk etc.) is correct instead of just a 0 exit code ./jlmkr.py create --start --config=./templates/docker/config test
./jlmkr.py exec test docker run hello-world