feat(cli): add --enable-chroot for transparent host binary execution #19
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Chroot Integration Tests | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-chroot-languages: | |
| name: Test Chroot Language Support | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Setup Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Setup Go | |
| uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Verify host tools are available | |
| run: | | |
| echo "=== Verifying host tools ===" | |
| echo "Node.js: $(node --version)" | |
| echo "npm: $(npm --version)" | |
| echo "Python: $(python3 --version)" | |
| echo "pip: $(pip3 --version)" | |
| echo "Go: $(go version)" | |
| echo "Git: $(git --version)" | |
| echo "curl: $(curl --version | head -1)" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build project | |
| run: npm run build | |
| - name: Build local containers | |
| run: | | |
| echo "=== Building local containers ===" | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ | |
| - name: Pre-test cleanup | |
| run: | | |
| echo "=== Pre-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Run chroot language tests | |
| run: | | |
| echo "=== Running chroot language tests ===" | |
| npm run test:integration -- --testPathPattern="chroot-languages" --verbose | |
| env: | |
| JEST_TIMEOUT: 180000 | |
| - name: Post-test cleanup | |
| if: always() | |
| run: | | |
| echo "=== Post-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Collecting failure logs ===" | |
| docker ps -a || true | |
| docker logs awf-squid 2>&1 || true | |
| docker logs awf-agent 2>&1 || true | |
| ls -la /tmp/awf-* 2>/dev/null || true | |
| sudo cat /tmp/awf-*/squid-logs/access.log 2>/dev/null || true | |
| test-chroot-package-managers: | |
| name: Test Chroot Package Managers | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| needs: test-chroot-languages # Run after language tests pass | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Setup Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Setup Go | |
| uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1 | |
| with: | |
| ruby-version: '3.2' | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Setup Java | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: Verify host tools are available | |
| run: | | |
| echo "=== Verifying host tools ===" | |
| echo "Node.js: $(node --version)" | |
| echo "npm: $(npm --version)" | |
| echo "Python: $(python3 --version)" | |
| echo "pip: $(pip3 --version)" | |
| echo "Go: $(go version)" | |
| echo "Ruby: $(ruby --version)" | |
| echo "Gem: $(gem --version)" | |
| echo "Rust: $(rustc --version)" | |
| echo "Cargo: $(cargo --version)" | |
| echo "Java: $(java --version 2>&1 | head -1)" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build project | |
| run: npm run build | |
| - name: Build local containers | |
| run: | | |
| echo "=== Building local containers ===" | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ | |
| - name: Pre-test cleanup | |
| run: | | |
| echo "=== Pre-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Run chroot package manager tests | |
| run: | | |
| echo "=== Running chroot package manager tests ===" | |
| npm run test:integration -- --testPathPattern="chroot-package-managers" --verbose | |
| env: | |
| JEST_TIMEOUT: 300000 | |
| - name: Post-test cleanup | |
| if: always() | |
| run: | | |
| echo "=== Post-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Collecting failure logs ===" | |
| docker ps -a || true | |
| docker logs awf-squid 2>&1 || true | |
| docker logs awf-agent 2>&1 || true | |
| ls -la /tmp/awf-* 2>/dev/null || true | |
| sudo cat /tmp/awf-*/squid-logs/access.log 2>/dev/null || true | |
| test-chroot-edge-cases: | |
| name: Test Chroot Edge Cases | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: test-chroot-languages # Run after language tests pass | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build project | |
| run: npm run build | |
| - name: Build local containers | |
| run: | | |
| echo "=== Building local containers ===" | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/squid:latest containers/squid/ | |
| docker build -t ghcr.io/githubnext/gh-aw-firewall/agent:latest containers/agent/ | |
| - name: Pre-test cleanup | |
| run: | | |
| echo "=== Pre-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Run chroot edge case tests | |
| run: | | |
| echo "=== Running chroot edge case tests ===" | |
| npm run test:integration -- --testPathPattern="chroot-edge-cases" --verbose | |
| env: | |
| JEST_TIMEOUT: 180000 | |
| - name: Post-test cleanup | |
| if: always() | |
| run: | | |
| echo "=== Post-test cleanup ===" | |
| ./scripts/ci/cleanup.sh || true | |
| - name: Collect logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Collecting failure logs ===" | |
| docker ps -a || true | |
| docker logs awf-squid 2>&1 || true | |
| docker logs awf-agent 2>&1 || true | |
| ls -la /tmp/awf-* 2>/dev/null || true | |
| sudo cat /tmp/awf-*/squid-logs/access.log 2>/dev/null || true |