117 lines
3.6 KiB
YAML
117 lines
3.6 KiB
YAML
name: smoke
|
|
|
|
on:
|
|
push:
|
|
pull_request:
|
|
|
|
jobs:
|
|
smoke:
|
|
runs-on:
|
|
- debian-13
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Verify runner prerequisites
|
|
run: |
|
|
set -euo pipefail
|
|
require_cmd() {
|
|
if ! command -v "$1" >/dev/null 2>&1; then
|
|
echo "Missing required command: $1" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
require_cmd bash
|
|
require_cmd curl
|
|
require_cmd gcc
|
|
require_cmd pkg-config
|
|
|
|
if ! pkg-config --exists libnftables; then
|
|
echo "Missing libnftables pkg-config metadata on the runner host." >&2
|
|
echo "Install the system libnftables development package before running this workflow." >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Runner prerequisites look good."
|
|
gcc --version | head -n 1
|
|
pkg-config --modversion libnftables
|
|
|
|
- name: Detect runner mode
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
uid="$(id -u)"
|
|
echo "RUNNER_UID=$uid" >> "$GITHUB_ENV"
|
|
|
|
cap_net_admin=0
|
|
if [ -r /proc/self/status ]; then
|
|
cap_eff_hex="$(awk '/^CapEff:/ { print $2 }' /proc/self/status)"
|
|
if [ -n "${cap_eff_hex:-}" ]; then
|
|
cap_eff_value=$((16#$cap_eff_hex))
|
|
if (( (cap_eff_value & (1 << 12)) != 0 )); then
|
|
cap_net_admin=1
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
echo "RUNNER_HAS_CAP_NET_ADMIN=$cap_net_admin" >> "$GITHUB_ENV"
|
|
|
|
if [ "$uid" -eq 0 ]; then
|
|
echo "RUNNER_IS_ROOT=1" >> "$GITHUB_ENV"
|
|
echo "Root runner detected (uid 0)."
|
|
|
|
if [ "$cap_net_admin" -eq 1 ]; then
|
|
echo "RUN_PRIVILEGED_TESTS=1" >> "$GITHUB_ENV"
|
|
echo "Privileged test lane enabled."
|
|
else
|
|
echo "RUN_PRIVILEGED_TESTS=0" >> "$GITHUB_ENV"
|
|
echo "::warning::Root runner detected, but CAP_NET_ADMIN is unavailable. Privileged tests will be skipped."
|
|
fi
|
|
else
|
|
echo "RUNNER_IS_ROOT=0" >> "$GITHUB_ENV"
|
|
echo "RUN_PRIVILEGED_TESTS=0" >> "$GITHUB_ENV"
|
|
echo "Non-root runner detected; smoke-only test lane enabled."
|
|
fi
|
|
|
|
- name: Resolve .NET SDK
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if command -v dotnet >/dev/null 2>&1 && dotnet --list-sdks | grep -Eq '^10\.'; then
|
|
echo "Using preinstalled .NET 10 SDK from PATH."
|
|
echo "DOTNET_CMD=dotnet" >> "$GITHUB_ENV"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Preinstalled .NET 10 SDK not found. Installing local SDK copy."
|
|
curl -fsSL https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh
|
|
bash dotnet-install.sh --channel 10.0 --quality ga --install-dir "$HOME/.dotnet"
|
|
echo "DOTNET_CMD=$HOME/.dotnet/dotnet" >> "$GITHUB_ENV"
|
|
|
|
- name: Show .NET info
|
|
run: |
|
|
set -euo pipefail
|
|
"${DOTNET_CMD}" --info
|
|
|
|
- name: Restore
|
|
run: |
|
|
set -euo pipefail
|
|
"${DOTNET_CMD}" restore
|
|
|
|
- name: Build
|
|
run: |
|
|
set -euo pipefail
|
|
"${DOTNET_CMD}" build --no-restore
|
|
|
|
- name: Smoke tests
|
|
run: |
|
|
set -euo pipefail
|
|
LIBNFTABLES_RUN_PRIVILEGED_TESTS=0 "${DOTNET_CMD}" test LibNftables.slnx --no-build --filter "Category!=Privileged"
|
|
|
|
- name: Privileged tests
|
|
if: env.RUN_PRIVILEGED_TESTS == '1'
|
|
run: |
|
|
set -euo pipefail
|
|
LIBNFTABLES_RUN_PRIVILEGED_TESTS=1 "${DOTNET_CMD}" test LibNftables.slnx --no-build --filter "Category=Privileged"
|