• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1name: Run tests
2
3on: [push, pull_request]
4
5jobs:
6  build:
7
8    runs-on: ubuntu-latest
9    strategy:
10      matrix:
11        compiler: [gcc, clang]
12        python-ruby-version:
13          - {python: '3.12', ruby: '3.3'}
14          - {python: '3.12', ruby: '3.3', other: 'test-flags-override'}
15          - {python: '3.12', ruby: '3.3', other: 'test-debug'}
16          - {python: '3.12', ruby: '3.3', other: 'linker-bfd'}
17          - {python: '3.12', ruby: '3.3', other: 'linker-gold'}
18          # Test several Python versions with the latest Ruby version
19          - {python: '3.11', ruby: '3.3'}
20          - {python: '3.10', ruby: '3.3'}
21          - {python: '3.9', ruby: '3.3'}
22          - {python: '3.8', ruby: '3.3'}
23          - {python: '3.7', ruby: '3.3'}
24          - {python: 'pypy3.7', ruby: '3.3'}
25          # Test several Ruby versions with the latest Python version
26          - {python: '3.12', ruby: '3.2'}
27          - {python: '3.12', ruby: '3.1'}
28          - {python: '3.12', ruby: '3.0'}
29          - {python: '3.12', ruby: '2.7'}
30          - {python: '3.12', ruby: '2.6'}
31          - {python: '3.12', ruby: '2.5'}
32        exclude:
33          - compiler: clang
34            python-ruby-version: {python: '3.12', ruby: '3.3', other: 'linker-bfd'}
35          - compiler: clang
36            python-ruby-version: {python: '3.12', ruby: '3.3', other: 'linker-gold'}
37        include:
38          - compiler: gcc
39            python-ruby-version: {python: '3.12', ruby: '3.3', other: 'sanitizers'}
40
41    steps:
42    - uses: actions/checkout@v4
43
44    - name: Set up Python ${{ matrix.python-ruby-version.python }}
45      uses: actions/setup-python@v5
46      with:
47        python-version: ${{ matrix.python-ruby-version.python }}
48
49    - name: Set up Ruby ${{ matrix.python-ruby-version.ruby }}
50      uses: ruby/setup-ruby@v1
51      with:
52        ruby-version: ${{ matrix.python-ruby-version.ruby }}
53        bundler-cache: true
54
55    - name: Install dependencies
56      run: |
57        sudo apt-get update -q
58        sudo apt-get install -qy --no-install-recommends \
59            bison \
60            flex \
61            gawk \
62            gettext \
63            libaudit-dev \
64            libcap-dev \
65            libcap-ng-dev \
66            libcunit1-dev \
67            libdbus-glib-1-dev \
68            libpcre2-dev \
69            ruby-dev \
70            swig \
71            xmlto
72
73        pip install flake8
74
75    - name: Install Python setuptools
76      if: matrix.python-ruby-version.python == '3.12'
77      run: pip install setuptools
78
79    - name: Install Clang
80      if: ${{ matrix.compiler == 'clang' }}
81      run: sudo apt-get install -qqy clang
82
83    - name: Configure the environment
84      run: |
85        DESTDIR=/tmp/destdir
86        echo "PYTHON=python" >> $GITHUB_ENV
87        echo "RUBY=ruby" >> $GITHUB_ENV
88        echo "DESTDIR=$DESTDIR" >> $GITHUB_ENV
89
90        CC=${{ matrix.compiler }}
91        if [ "${{ matrix.python-ruby-version.other }}" = "linker-bfd" ] ; then
92            CC="$CC -fuse-ld=bfd"
93        elif [ "${{ matrix.python-ruby-version.other }}" = "linker-gold" ] ; then
94            CC="$CC -fuse-ld=gold"
95        fi
96        # https://bugs.ruby-lang.org/issues/18616
97        # https://github.com/llvm/llvm-project/issues/49958
98        if [ "${{ matrix.compiler }}" = "clang" ] && [[ "${{ matrix.python-ruby-version.ruby }}" = 3* ]] ; then
99            CC="$CC -fdeclspec"
100        fi
101        echo "CC=$CC" >> $GITHUB_ENV
102
103        EXPLICIT_MAKE_VARS=
104        if [ "${{ matrix.python-ruby-version.other }}" = "test-flags-override" ] ; then
105            # Test that overriding CFLAGS, LDFLAGS and other variables works fine
106            EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS="
107        elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then
108            # Test hat debug build works fine
109            EXPLICIT_MAKE_VARS="DEBUG=1"
110        elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then
111            sanitizers='-fsanitize=address,undefined'
112            EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS="
113            echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV
114            echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV
115        else
116            EXPLICIT_MAKE_VARS=
117        fi
118        echo "EXPLICIT_MAKE_VARS=${EXPLICIT_MAKE_VARS}" >> $GITHUB_ENV
119
120        # Find files in order of pkgconf to be able to find Python.h
121        # For example with Python 3.5:
122        # * python is located at /opt/hostedtoolcache/Python/3.5.10/x64/bin/python
123        # * sys.prefix is /opt/hostedtoolcache/Python/3.5.10/x64
124        # * Python.h is located at /opt/hostedtoolcache/Python/3.5.10/x64/include/python3.5m/Python.h
125        # * python-3.5.pc is located at /opt/hostedtoolcache/Python/3.5.10/x64/lib/pkgconfig/python-3.5.pc
126        PYTHON_SYS_PREFIX="$(python -c 'import sys;print(sys.prefix)')"
127        echo "PKG_CONFIG_PATH=${PYTHON_SYS_PREFIX}/lib/pkgconfig" >> $GITHUB_ENV
128
129        if [[ "${{ matrix.python-ruby-version.python }}" = pypy* ]] ; then
130            # PyPy does not provide a config file for pkg-config
131            # libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
132            echo "PYINC=-I${PYTHON_SYS_PREFIX}/include" >> $GITHUB_ENV
133            echo "PYLIBS=-L${PYTHON_SYS_PREFIX}/bin -lpypy3-c" >> $GITHUB_ENV
134        fi
135
136        # Display the final environment file, for debugging purpose
137        cat $GITHUB_ENV
138
139    - name: Download and install refpolicy headers for sepolgen tests
140      run: |
141        curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20220520/refpolicy-2.20220520.tar.bz2
142        tar -xvjf refpolicy.tar.bz2
143        sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
144        sudo make -C refpolicy install-headers bare
145        sudo mkdir -p /etc/selinux
146        echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
147        echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
148        sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
149        rm -r refpolicy refpolicy.tar.bz2
150
151    - name: Display versions
152      run: |
153        echo "::group::Compiler ($CC):"
154        $CC --version
155        echo "::endgroup::"
156        echo "::group::Python ($(which "$PYTHON")):"
157        $PYTHON --version
158        echo "::endgroup::"
159        echo "::group::Ruby ($(which "$RUBY")):"
160        $RUBY --version
161        echo "::endgroup::"
162
163    - name: Run tests
164      run: |
165        echo "::group::make install"
166        eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k
167        echo "::endgroup::"
168        echo "::group::make install-pywrap"
169        eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k
170        echo "::endgroup::"
171        echo "::group::make install-rubywrap"
172        eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k
173        echo "::endgroup::"
174
175        # Now that everything is installed, run "make all" to build everything which may have not been built
176        echo "::group::make all"
177        eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k
178        echo "::endgroup::"
179
180        # Set up environment variables for the tests and show variables (to help debugging issues)
181        echo "::group::Environment variables"
182        . ./scripts/env_use_destdir
183        echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
184        echo "PATH=$PATH"
185        echo "PYTHONPATH=$PYTHONPATH"
186        echo "RUBYLIB=$RUBYLIB"
187        echo "::endgroup::"
188
189        # Run tests
190        echo "::group::make test"
191        eval make test $EXPLICIT_MAKE_VARS
192        echo "::endgroup::"
193
194        if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then
195            # Test Python and Ruby wrappers
196            echo "::group::Test Python and Ruby wrappers"
197            $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
198            $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
199            echo "::endgroup::"
200
201            # Run Python linter, but not on the downloaded refpolicy
202            echo "::group::scripts/run-flake8"
203            ./scripts/run-flake8
204            echo "::endgroup::"
205        fi
206
207        echo "::group::Test .gitignore and make clean distclean"
208        # Remove every installed files
209        rm -rf "$DESTDIR"
210        # Test that "git status" looks clean, or print a clear error message
211        git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
212        # Clean up everything and show which file needs to be added to "make clean"
213        eval make clean distclean $EXPLICIT_MAKE_VARS
214        git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
215        echo "::endgroup::"
216