Skip to content
CI

Sprint 2: SSH bastion #49

Sign in to view logs

Sprint 2: SSH bastion

Sprint 2: SSH bastion #49

Workflow file for this run

.github/workflows/ci.yml at 9ebe462
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
# Restrict GITHUB_TOKEN permissions to read-only by default
permissions:
contents: read
jobs:
build:
name: Build and Test (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04, ubuntu-24.04]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
cmake \
libcurl4-openssl-dev \
libjson-c-dev \
libpam0g-dev \
curl \
jq
- name: Configure CMake
run: cmake -B build -DCMAKE_BUILD_TYPE=Release
- name: Build
run: cmake --build build --parallel
- name: Run tests
run: |
cd build
ctest --output-on-failure
- name: Check PAM module symbols
run: |
echo "Checking exported PAM symbols..."
nm -D build/pam_llng.so.* | grep -E "pam_sm_(authenticate|setcred|acct_mgmt)" || exit 1
echo "All required PAM symbols found"
- name: Verify enrollment script syntax
run: bash -n scripts/llng-pam-enroll
build-debug:
name: Build Debug with Sanitizers
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
cmake \
libcurl4-openssl-dev \
libjson-c-dev \
libpam0g-dev
- name: Configure CMake with Debug and Sanitizers
run: |
cmake -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer"
- name: Build
run: cmake --build build --parallel
- name: Run tests with sanitizers
env:
ASAN_OPTIONS: detect_leaks=1
run: |
cd build
ctest --output-on-failure
package-deb:
name: Build Debian Package
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
cmake \
libcurl4-openssl-dev \
libjson-c-dev \
libpam0g-dev
- name: Configure and build
run: |
cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build --parallel
- name: Create Debian package
run: |
cd build
cpack -G DEB
- name: Upload Debian package
uses: actions/upload-artifact@v4
with:
name: debian-package
path: build/*.deb
retention-days: 7
build-rpm:
name: Build RPM (Rocky Linux ${{ matrix.version }})
runs-on: ubuntu-latest
needs: build
container: rockylinux:${{ matrix.version }}
strategy:
matrix:
version: [9]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
dnf install -y epel-release dnf-plugins-core
dnf config-manager --set-enabled crb
dnf install -y \
cmake \
gcc \
make \
pam-devel \
libcurl-devel \
json-c-devel \
openssl-devel \
rpm-build \
systemd-rpm-macros
- name: Build RPM
run: |
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
tar czf ~/rpmbuild/SOURCES/pam-llng-1.0.0.tar.gz \
--transform 's,^,pam-llng-1.0.0/,' \
--exclude='.git' .
rpmbuild -ba rpm/pam-llng.spec
- name: Upload RPM package
uses: actions/upload-artifact@v4
with:
name: rpm-package-el${{ matrix.version }}
path: ~/rpmbuild/RPMS/*/*.rpm
retention-days: 7
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
with:
scandir: './scripts'
severity: warning