libnftables-dotnet/.gitea/workflows/smoke.yml

name: smoke

on:
  push:
  pull_request:

jobs:
  smoke:
    runs-on:
      - debian-13
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Verify runner prerequisites
        run: |
          set -euo pipefail
          require_cmd() {
            if ! command -v "$1" >/dev/null 2>&1; then
              echo "Missing required command: $1" >&2
              exit 1
            fi
          }

          require_cmd bash
          require_cmd curl
          require_cmd gcc
          require_cmd pkg-config

          if ! pkg-config --exists libnftables; then
            echo "Missing libnftables pkg-config metadata on the runner host." >&2
            echo "Install the system libnftables development package before running this workflow." >&2
            exit 1
          fi

          echo "Runner prerequisites look good."
          gcc --version | head -n 1
          pkg-config --modversion libnftables

      - name: Detect runner mode
        run: |
          set -euo pipefail

          uid="$(id -u)"
          echo "RUNNER_UID=$uid" >> "$GITHUB_ENV"

          cap_net_admin=0
          if [ -r /proc/self/status ]; then
            cap_eff_hex="$(awk '/^CapEff:/ { print $2 }' /proc/self/status)"
            if [ -n "${cap_eff_hex:-}" ]; then
              cap_eff_value=$((16#$cap_eff_hex))
              if (( (cap_eff_value & (1 << 12)) != 0 )); then
                cap_net_admin=1
              fi
            fi
          fi

          echo "RUNNER_HAS_CAP_NET_ADMIN=$cap_net_admin" >> "$GITHUB_ENV"

          if [ "$uid" -eq 0 ]; then
            echo "RUNNER_IS_ROOT=1" >> "$GITHUB_ENV"
            echo "Root runner detected (uid 0)."

            if [ "$cap_net_admin" -eq 1 ]; then
              echo "RUN_PRIVILEGED_TESTS=1" >> "$GITHUB_ENV"
              echo "Privileged test lane enabled."
            else
              echo "RUN_PRIVILEGED_TESTS=0" >> "$GITHUB_ENV"
              echo "::warning::Root runner detected, but CAP_NET_ADMIN is unavailable. Privileged tests will be skipped."
            fi
          else
            echo "RUNNER_IS_ROOT=0" >> "$GITHUB_ENV"
            echo "RUN_PRIVILEGED_TESTS=0" >> "$GITHUB_ENV"
            echo "Non-root runner detected; smoke-only test lane enabled."
          fi

      - name: Install .NET SDK
        run: |
          set -euo pipefail
          curl -fsSL https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh
          bash dotnet-install.sh --channel 10.0 --quality ga --install-dir "$HOME/.dotnet"

      - name: Show .NET info
        run: |
          set -euo pipefail
          "$HOME/.dotnet/dotnet" --info

      - name: Restore
        run: |
          set -euo pipefail
          "$HOME/.dotnet/dotnet" restore

      - name: Build
        run: |
          set -euo pipefail
          "$HOME/.dotnet/dotnet" build --no-restore

      - name: Smoke tests
        run: |
          set -euo pipefail
          LIBNFTABLES_RUN_PRIVILEGED_TESTS=0 "$HOME/.dotnet/dotnet" test LibNftables.slnx --no-build --filter "Category!=Privileged"

      - name: Privileged tests
        if: env.RUN_PRIVILEGED_TESTS == '1'
        run: |
          set -euo pipefail
          LIBNFTABLES_RUN_PRIVILEGED_TESTS=1 "$HOME/.dotnet/dotnet" test LibNftables.slnx --no-build --filter "Category=Privileged"