Only try to apply grsec_lock once #1137
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
ubuntu_version: | |
- focal | |
- noble | |
container: ubuntu:${{ matrix.ubuntu_version }} | |
steps: | |
- name: Install Git | |
run: | | |
apt-get update && apt-get install --yes git | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install --yes --no-install-recommends \ | |
build-essential python3-virtualenv python3-dev enchant-2 file apache2-dev jq libarchive-tools | |
virtualenv .venv | |
# TODO: this should be one step, but there are too many conflicting dependencies | |
./.venv/bin/pip install -r securedrop/requirements/python3/test-requirements.txt | |
./.venv/bin/pip install -r securedrop/requirements/python3/requirements.txt | |
./.venv/bin/pip install -r securedrop/requirements/python3/develop-requirements.txt | |
- name: Run lint | |
run: | | |
git config --global --add safe.directory $GITHUB_WORKSPACE | |
source .venv/bin/activate | |
make lint | |
make verify-mo | |
test-app: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
ubuntu_version: | |
- focal | |
- noble | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build image | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true | |
- name: Run application tests | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-app | |
test-functional: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
ubuntu_version: | |
- focal | |
- noble | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build image | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true | |
- name: Run functional tests | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-functional | |
test-pageslayout: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
ubuntu_version: | |
- focal | |
- noble | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build image | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true | |
- name: Run page layout tests | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-pageslayout | |
- name: Validate HTML (informational) | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make validate-test-html || true | |
- name: Validate accessibility (informational) | |
run: | | |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make accessibility-summary || true | |
rust: | |
runs-on: ubuntu-latest | |
# Keep version in sync with rust-toolchain.toml | |
container: rust:1.81.0 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
rustup component add rustfmt | |
rustup component add clippy | |
- name: Lint and test Rust code | |
run: | | |
make rust-lint | |
make rust-test | |
updater-gui-tests: | |
runs-on: ubuntu-latest | |
container: debian:bookworm | |
steps: | |
- name: Install dependencies | |
run: | | |
apt-get update && apt-get install --yes git libqt5designer5 python3-venv | |
- uses: actions/checkout@v4 | |
- name: Install Python dependencies | |
run: | | |
cd journalist_gui | |
python3 -m venv .venv/ && source .venv/bin/activate | |
pip install --require-hashes -r dev-requirements.txt | |
- name: Run tests | |
run: | | |
cd journalist_gui | |
source .venv/bin/activate | |
QT_QPA_PLATFORM=offscreen python3 test_gui.py -v | |
admin-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run tests | |
run: | | |
make -C admin test |