Skip to content

Merge pull request #98 from rprasanth/master #91

Merge pull request #98 from rprasanth/master

Merge pull request #98 from rprasanth/master #91

Workflow file for this run

name: CI
on:
push:
branches-ignore:
- coverity_scan
pull_request:
env:
ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1
LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50
M_PERTURB: "0x42"
DEBIAN_FRONTEND: noninteractive
CI: 1
GH_ACTIONS: 1
CI_TEST_USER: tapioca
CI_TEST_PASS: queijo
jobs:
pre-ci:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
ci:
needs: pre-ci
if: ${{ needs.pre-ci.outputs.should_skip != 'true' }}
runs-on: ${{ matrix.env.OS }}
strategy:
fail-fast: false
matrix:
env:
- { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "", NAME: linux-gcc }
- { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "-O2 -g3", NAME: linux-gcc-O2-g3 }
- { CC: gcc, OS: ubuntu-20.04, BUILD_CFLAGS: "-DNDEBUG", NAME: linux-gcc-ndebug }
- { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "", NAME: linux-clang }
- { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "-O2 -g3", NAME: linux-clang-O2-g3 }
- { CC: clang, OS: ubuntu-20.04, BUILD_CFLAGS: "-DNDEBUG", NAME: linux-clang-ndebug }
env: ${{ matrix.env }}
# If branch protection is in place with status checks enabled, ensure
# names are updated if new matrix entries are added or the name format
# changes.
name: "master-${{ matrix.env.NAME }}"
steps:
# Checkout, but defer pulling LFS objects until we've restored the cache
- uses: actions/checkout@v2
with:
lfs: false
- name: Package manager performance improvements
run: |
sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup'
echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections
sudo dpkg-reconfigure man-db
sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf
- name: Install build dependencies based CI packages
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt
sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
- name: Install LLVM 10
if: ${{ matrix.env.CC == 'clang' }}
run: |
sudo apt-get install -y --no-install-recommends clang-10 llvm-10 gdb
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 60 && sudo update-alternatives --set clang /usr/bin/clang-10
sudo update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer /usr/bin/llvm-symbolizer-10 60 && sudo update-alternatives --set llvm-symbolizer /usr/bin/llvm-symbolizer-10
- name: Set compiler to GCC 10
if: ${{ matrix.env.CC == 'gcc' }}
run: |
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 60 && sudo update-alternatives --set gcc /usr/bin/gcc-10
- name: Show versions
run: |
$CC --version
make --version
- name: Configure
run: |
if $CC -v 2>&1 | grep -q clang; then
echo "Enabling sanitizers"
enable_sanitizers="--enable-address-sanitizer --enable-leak-sanitizer"
else
enable_sanitizers=""
fi
CFLAGS="${BUILD_CFLAGS}" ./configure -C --enable-werror \
$enable_sanitizers \
|| cat ./config.log
- name: Make
run: |
make -j `nproc` 2> build.warnings.log
- name: "Check if we have 'warnings'"
run: |
count=$(cat build.warnings.log | wc -l)
if [ $count -gt 0 ]; then
echo "ERROR: We can't continue due to the below 'build warnings'"
echo "----------------------------------------------------------"
cat build.warnings.log
echo "----------------------------------------------------------"
exit 666
fi
- name: Install /lib/security/pam_radius_auth.so
run: |
sudo make install
sudo ls -l /lib/security/
- name: Create the CI_TEST_USER user in /etc/passwd (no-password)
run: |
sudo useradd -d /tmp ${CI_TEST_USER}
id ${CI_TEST_USER}
- name: Setup FreeRADIUS/SSHD/SYSLOG-NG/PAM then run full CI tests
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends \
freeradius freeradius-utils freeradius-config \
syslog-ng \
openssh-server sshpass
echo "#######################################################"
echo "## Stop the services syslog-ng/sshd/freeradius"
sudo rm -f /var/log/auth.log # Needed to see the last results
sudo systemctl restart syslog-ng
sudo systemctl stop ssh
sudo systemctl stop freeradius
echo "#######################################################"
echo "## Setup the services"
export CI_TEST_USER="$CI_TEST_USER" CI_TEST_PASS="$CI_TEST_PASS"
for i in setup-pam_radius.sh setup-freeradius.sh setup-sshd.sh; do
script="./scripts/ci/$i"
echo "Calling $i"
sudo -E $script
done
echo "#######################################################"
echo "## Start the services syslog-ng/sshd/freeradius"
sudo systemctl start ssh
sudo systemctl start freeradius
echo "#######################################################"
echo "## Show processes"
ps aux | grep -E "([r]adius|[s]sh|[s]yslog)"
- name: Content of /etc/ssh/sshd_config
run: |
cat /etc/ssh/sshd_config
- name: Content of /etc/pam.d/sshd
run: |
cat /etc/pam.d/sshd
- name: Content of /etc/pam_radius_auth.conf
run: |
cat /etc/pam_radius_auth.conf
- name: Validate freeradius instance using radtest
run: |
radtest -x $CI_TEST_USER $CI_TEST_PASS localhost 0 testing123
- name: Run ssh authorization over pam_radius
run: |
if ! sshpass -p "${CI_TEST_PASS}" -v \
/usr/bin/ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 ${CI_TEST_USER}@localhost id; then
echo "ERROR: Something goes wrong with the SSH + PAM_RADIUS authentication!"
echo "############## Show the logs in /var/log/auth.log"
sudo cat -n /var/log/auth.log
exit 1
fi
- name: "Looking for 'pam_radius_auth: authentication succeeded' in /var/log/auth.log"
run: |
echo "#######################################################"
echo "## Show the logs in /var/log/auth.log"
sudo cat -n /var/log/auth.log
if ! sudo grep -q "pam_radius_auth: authentication succeeded" /var/log/auth.log; then
echo "ERROR: Something goes wrong with the SSH + PAM_RADIUS authentication!"
exit 1
fi
#
# If the CI has failed and the branch is ci-debug then we start a tmate
# session to provide interactive shell access to the session.
#
# The SSH rendezvous point will be emitted continuously in the job output,
# which will look something like:
#
# SSH: ssh [email protected]
#
# For example:
#
# git push origin ci-debug --force
#
# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions
#
# ssh [email protected]
#
# Access requires that you have the private key corresponding to the
# public key of the GitHub user that initiated the job.
#
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}