fix(aggregators): distinguish restored-but-disabled adapters from unc… #254

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main, dev]
	pull_request:

	permissions:
	contents: read

	jobs:
	test:
	runs-on: ubuntu-24.04
	timeout-minutes: 10
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
	with:
	go-version-file: go.mod
	# internal/clientvalidators runs the shipped JS validators in a Node
	# subprocess for cross-language parity. Setup must precede `go test`.
	- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
	with:
	node-version: '20'
	- run: go vet ./...
	- run: go mod verify
	- run: go test ./...

	cross-build:
	runs-on: ubuntu-24.04
	timeout-minutes: 10
	strategy:
	fail-fast: false
	matrix:
	include:
	- { arch: arm64, goarch: arm64, goarm: "" }
	- { arch: armhf, goarch: arm, goarm: "7" }
	concurrency:
	group: cross-build-${{ matrix.arch }}-${{ github.ref }}
	cancel-in-progress: true
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
	with:
	go-version-file: go.mod
	- name: cross-compile airplanes-webconfig-${{ matrix.arch }}
	env:
	GOOS: linux
	GOARCH: ${{ matrix.goarch }}
	GOARM: ${{ matrix.goarm }}
	CGO_ENABLED: "0"
	run: \|
	go build -trimpath -buildvcs=false \
	-ldflags "-s -w -X main.version=${{ github.sha }} -X main.commitSha=${{ github.sha }}" \
	-o airplanes-webconfig-${{ matrix.arch }} \
	./cmd/webconfig
	file airplanes-webconfig-${{ matrix.arch }}

	shell-lint:
	runs-on: ubuntu-24.04
	timeout-minutes: 5
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Install shellcheck
	run: \|
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends shellcheck
	- name: shellcheck
	run: \|
	shellcheck -x install.sh scripts/lib/install-common.sh \
	files/usr/local/lib/airplanes-webconfig/*.sh \
	files/usr/local/lib/airplanes-webconfig/aggregator-run \
	files/usr/local/bin/apl-wifi \
	files/usr/local/bin/apl-aggregator \
	files/usr/local/lib/airplanes-webconfig/aggregators/*.desc \
	files/usr/local/lib/airplanes/*.sh
	- name: bash -n
	run: \|
	for f in install.sh scripts/lib/install-common.sh \
	files/usr/local/lib/airplanes-webconfig/*.sh \
	files/usr/local/lib/airplanes-webconfig/aggregator-run \
	files/usr/local/bin/apl-wifi \
	files/usr/local/bin/apl-aggregator \
	files/usr/local/lib/airplanes-webconfig/aggregators/*.desc \
	files/usr/local/lib/airplanes/*.sh; do
	bash -n "$f"
	done

	visudo:
	runs-on: ubuntu-24.04
	timeout-minutes: 5
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: visudo -cf
	run: \|
	for f in files/etc/sudoers.d/*; do
	name="$(basename "$f")"
	sudo cp "$f" "/etc/sudoers.d/$name"
	sudo chmod 0440 "/etc/sudoers.d/$name"
	sudo chown root:root "/etc/sudoers.d/$name"
	sudo visudo -cf "/etc/sudoers.d/$name"
	done

	bats:
	runs-on: ubuntu-24.04
	timeout-minutes: 10
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Install bats
	run: \|
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends bats
	- name: Run bats suite
	run: bats test/bats/

	build-release-smoke:
	# Exercise scripts/lib/build-release.sh end-to-end and inspect the produced
	# release tarball. Catches release-pipeline regressions (missing installer
	# in the rootfs payload, wrong sudoers mode, missing assets) before they
	# ship via release.yml — which calls the same script.
	runs-on: ubuntu-24.04
	timeout-minutes: 10
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
	with:
	go-version-file: go.mod
	- name: build a v9.9.9 release locally
	run: \|
	bash scripts/lib/build-release.sh \
	--version v9.9.9 \
	--output "$RUNNER_TEMP/release" \
	--kind stable
	- name: assert all five assets present
	run: \|
	for f in airplanes-webconfig-arm64 airplanes-webconfig-armhf rootfs.tar.gz manifest.json SHA256SUMS; do
	[ -s "$RUNNER_TEMP/release/$f" ] \|\| { echo "missing $f"; exit 1; }
	done
	- name: verify SHA256SUMS
	working-directory: ${{ runner.temp }}/release
	run: sha256sum -c SHA256SUMS
	- name: assert sudoers files carry mode 0440 in tarball
	run: \|
	# File entries only (drop the directory entry). Each line that
	# references files under etc/sudoers.d/ must start with -r--r-----.
	bad="$(tar -tzvf "$RUNNER_TEMP/release/rootfs.tar.gz" \| \
	awk '/^-/ && $NF ~ /etc\/sudoers\.d\// && $1 != "-r--r-----" {print}')"
	if [ -n "$bad" ]; then
	echo "found sudoers file(s) with wrong mode:"
	echo "$bad"
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(aggregators): distinguish restored-but-disabled adapters from unc… #254

Workflow file

fix(aggregators): distinguish restored-but-disabled adapters from unc… #254

Uh oh!

Workflow file for this run