Skip to content

Test podman & docker with AppArmor & SELinux #1649

Test podman & docker with AppArmor & SELinux

Test podman & docker with AppArmor & SELinux #1649

Workflow file for this run

name: CI
on: [push, pull_request_target]
# Note how this runs on:pull_request_target and not on:pull_request!
# The difference is that this runs always with the ci.yaml, tool.py and context
# of the master branch. This is necessary to allow accessing the API credential secrets
# which shouldn't be used with an untrusted tool.py.
# The PR code is checked out into a subdirectory (opensuse-jobgroups-pr) and checked with
# the tool.py from the master branch.
jobs:
static-check:
runs-on: ubuntu-latest
container:
image: docker://registry.opensuse.org/devel/openqa/ci/tw/containers/tumbleweed:o3-jobgroups
steps:
- name: Git Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Git Checkout PR
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
path: opensuse-jobgroups-pr
fetch-depth: 0
- name: Get modified job group yaml files
id: changed-files
run: |
git config --global --add safe.directory '*'
git config --global user.email "[email protected]"
git config --global user.name "CI Workflow"
real_origin_url=$(git remote get-url origin)
cd opensuse-jobgroups-pr
git remote set-url origin $real_origin_url
git fetch origin master:omaster
git rebase omaster
git diff --diff-filter="ACMRTUXD" omaster job_groups/
CHANGED_FILES=$(git diff --diff-filter="ACMRTUX" --name-only origin/master job_groups/ | tr '\n' ' ')
echo $CHANGED_FILES
echo "files=${CHANGED_FILES}" >> $GITHUB_OUTPUT
- name: Run yamllint for modified job group schedules
run: |
cd opensuse-jobgroups-pr
yamllint -f github job_groups.yaml ${{ steps.changed-files.outputs.files }}
- name: Check for orphaned yaml files
env:
APIKEY: "${{ secrets.APIKEY }}"
APISECRET: "${{ secrets.APISECRET }}"
run: |
cd opensuse-jobgroups-pr
../tool.py --orphans --github
- name: Check for correct yaml headers
env:
APIKEY: "${{ secrets.APIKEY }}"
APISECRET: "${{ secrets.APISECRET }}"
run: |
cd opensuse-jobgroups-pr
../tool.py --headers --github
- name: Run serverside checks
env:
APIKEY: "${{ secrets.APIKEY }}"
APISECRET: "${{ secrets.APISECRET }}"
run: |
cd opensuse-jobgroups-pr
../tool.py --dry-run --push --github
- name: Clone os-autoinst-distri-opensuse repository
uses: actions/checkout@v3
with:
repository: os-autoinst/os-autoinst-distri-opensuse
ref: refs/heads/master
path: os-autoinst-distri-opensuse
clean: false
fetch-depth: 1
- name: Check if YAML_SCHEDULE and YAML_TEST_DATA exist in os-autoinst-distri-opensuse
run: |
for file in ${{ steps.changed-files.outputs.files }}; do
echo "Checking references in '${file}'"
for file_ref in $(grep -oP '^[^#]*(YAML_SCHEDULE|YAML_TEST_DATA):\s\K.*' opensuse-jobgroups-pr/$file | tr -d "'" | tr -d '"' | sort -u | grep -v "^$" | awk "{print \"os-autoinst-distri-opensuse/\" \$0}") ; do
echo "Checking reference from '${file}' to '${file_ref}'"
if ! test -f "$file_ref" ; then
echo "::error file=${file}::Reference to non existing '${file_ref}'"
echo "Error: Reference from '${file}' to non existing '${file_ref}'"
exit 1
fi
done
done