Skip to content

Only try to apply grsec_lock once #1137

Only try to apply grsec_lock once

Only try to apply grsec_lock once #1137

Workflow file for this run

name: CI
on: [push, pull_request]
defaults:
run:
shell: bash
jobs:
lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu_version:
- focal
- noble
container: ubuntu:${{ matrix.ubuntu_version }}
steps:
- name: Install Git
run: |
apt-get update && apt-get install --yes git
- uses: actions/checkout@v4
- name: Install dependencies
run: |
DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install --yes --no-install-recommends \
build-essential python3-virtualenv python3-dev enchant-2 file apache2-dev jq libarchive-tools
virtualenv .venv
# TODO: this should be one step, but there are too many conflicting dependencies
./.venv/bin/pip install -r securedrop/requirements/python3/test-requirements.txt
./.venv/bin/pip install -r securedrop/requirements/python3/requirements.txt
./.venv/bin/pip install -r securedrop/requirements/python3/develop-requirements.txt
- name: Run lint
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE
source .venv/bin/activate
make lint
make verify-mo
test-app:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu_version:
- focal
- noble
steps:
- uses: actions/checkout@v4
- name: Build image
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
- name: Run application tests
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-app
test-functional:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu_version:
- focal
- noble
steps:
- uses: actions/checkout@v4
- name: Build image
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
- name: Run functional tests
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-functional
test-pageslayout:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu_version:
- focal
- noble
steps:
- uses: actions/checkout@v4
- name: Build image
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
- name: Run page layout tests
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-pageslayout
- name: Validate HTML (informational)
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make validate-test-html || true
- name: Validate accessibility (informational)
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} make accessibility-summary || true
rust:
runs-on: ubuntu-latest
# Keep version in sync with rust-toolchain.toml
container: rust:1.81.0
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
rustup component add rustfmt
rustup component add clippy
- name: Lint and test Rust code
run: |
make rust-lint
make rust-test
updater-gui-tests:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- name: Install dependencies
run: |
apt-get update && apt-get install --yes git libqt5designer5 python3-venv
- uses: actions/checkout@v4
- name: Install Python dependencies
run: |
cd journalist_gui
python3 -m venv .venv/ && source .venv/bin/activate
pip install --require-hashes -r dev-requirements.txt
- name: Run tests
run: |
cd journalist_gui
source .venv/bin/activate
QT_QPA_PLATFORM=offscreen python3 test_gui.py -v
admin-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run tests
run: |
make -C admin test