Skip to content
Integration

Simplify combined fixed-length tuple typing #121

Sign in to view logs

Simplify combined fixed-length tuple typing

Simplify combined fixed-length tuple typing #121

Workflow file for this run

.github/workflows/integration.yaml at 64f71d4
---
name: Integration
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
jobs:
integration:
name: Integration
runs-on: ubuntu-24.04
strategy:
matrix:
py_version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
secondary: ["BIND9", "Knot"]
steps:
- name: Checkout
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Enable Python ${{ matrix.py_version }}
id: setup-python
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.py_version }}
- name: Set BIND9 test environment variables
if: matrix.secondary == 'BIND9'
run: |
echo "GHA_SZH_DAEMON=BIND9" >> "$GITHUB_ENV"
echo "GHA_SZH_CFILE=devel/zone-handler.yaml.bind.in" >> "$GITHUB_ENV"
- name: Set Knot test environment variables
if: matrix.secondary == 'Knot'
run: |
echo "GHA_SZH_DAEMON=Knot" >> "$GITHUB_ENV"
echo "GHA_SZH_CFILE=devel/zone-handler.yaml.knot.in" >> "$GITHUB_ENV"
- name: Install Knot
if: matrix.secondary == 'Knot'
run: |
sudo ln -s /dev/null /etc/systemd/system/knot.service
sudo apt-get install --yes knot
- name: Install named
run: |
sudo ln -s /dev/null /etc/systemd/system/named.service
sudo apt-get install --yes bind9
- name: Extend named apparmor profile
run: |
sudo install --owner=root --group=root --mode=0644 --no-target-directory devel/apparmor_local_named /etc/apparmor.d/local/usr.sbin.named
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named
- name: Create system user for primary named service
run: sudo adduser --no-create-home --home /var/cache/primary --group --system primary
- name: Bind to additional localhost ip for primary named service
run: sudo ip address add 127.0.0.7/8 dev lo
- name: Create directories for primary named service
run: |
sudo install --owner=root --group=root --mode=0755 --directory /etc/primary /etc/primary/zones
sudo install --owner=root --group=primary --mode=0775 --directory /var/cache/primary
- name: Install example zone(s) on primary named service
run: |
sudo install --owner=root --group=root --mode=0644 --no-target-directory devel/example-zone /etc/primary/zones/example.com.zone
sudo install --owner=root --group=root --mode=0644 --no-target-directory devel/example-zone /etc/primary/zones/example.net.zone
sudo install --owner=root --group=root --mode=0644 --no-target-directory devel/example-zone /etc/primary/zones/example.org.zone
- name: Provide configuration for primary named service
run: >
sudo install --owner=root --group=root --mode=0644
devel/primary/named.conf devel/primary/named.conf.options devel/primary/named.conf.local
/etc/primary/
- name: Provide systemd service for primary named service
run: sudo install --owner=root --group=root --mode=0644 devel/primary/primary.service /etc/systemd/system/
- name: Start primary named services
run: sudo systemctl start primary.service
- name: Provide configuration for secondary regular named service
if: matrix.secondary == 'BIND9'
run: >
sudo install --owner=root --group=root --mode=0644
devel/named/named.conf.options devel/named/named.conf.local
/etc/bind/
- name: Start secondary named services
if: matrix.secondary == 'BIND9'
run: |
sudo rm /etc/systemd/system/named.service
sudo systemctl start named.service
- name: Provide configuration for Knot
if: matrix.secondary == 'Knot'
run: sudo install --owner=root --group=root --mode=0644 devel/knot/knot.conf /etc/knot/
- name: Start Knot services
if: matrix.secondary == 'Knot'
run: |
sudo rm /etc/systemd/system/knot.service
sudo systemctl start knot.service
- name: Create sanely owned /myopt
run: sudo install --owner=root --group=root --mode=0755 --directory /myopt
- name: Install ssh-zone-handler
run: |
sudo "$python_binary" -m venv /myopt/ssh-zone-handler
sudo /myopt/ssh-zone-handler/bin/pip3 install .
env:
python_binary: ${{ steps.setup-python.outputs.python-path }}
- name: Create Alice's ssh key
run: ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_alice_ed25519 -C alice
- name: Generate /etc/zone-handler.yaml
run: >
sed -e "s#__ALICE_SSH_KEY__#$(cat ~/.ssh/id_alice_ed25519.pub)#" < "$GHA_SZH_CFILE"
| sudo install --owner=root --group=root --mode=0644 --no-target-directory /dev/stdin /etc/zone-handler.yaml
- name: Run szh-verify command against known good config files
run: |
/myopt/ssh-zone-handler/bin/szh-verify ./tests/data/knot-example-config.yaml
/myopt/ssh-zone-handler/bin/szh-verify ./tests/data/bind-example-config.yaml
/myopt/ssh-zone-handler/bin/szh-verify ./tests/data/bind-alternative-config.yaml
- name: Run szh-verify command against non-existing config file
run: |
if /myopt/ssh-zone-handler/bin/szh-verify ./completly-bogus-filename; then
echo "Failed to fail expected fail."; exit 1
fi
- name: Run szh-verify command against invalid config file
run: |
if /myopt/ssh-zone-handler/bin/szh-verify ./tests/data/outdated-config.yaml; then
echo "Failed to fail expected fail."; exit 1
fi
- name: Setup user accounts
run: |
sudo adduser --comment "Zone Handler" --disabled-password --shell /bin/dash zones
sudo adduser --system --ingroup systemd-journal szh-logviewer
sudo adduser --system szh-sshdcmd
- name: Generate sudoers file
run: >
/myopt/ssh-zone-handler/bin/szh-sudoers
| sudo EDITOR="tee" visudo -f /etc/sudoers.d/zone-handler
- name: Install sshd
run: sudo apt-get install --yes openssh-server
- name: Update sshd configuration
run: |
sed -e "s#__INSTALL_PATH__#/myopt/ssh-zone-handler#" < devel/sshd_match.in | sudo tee --append /etc/ssh/sshd_config
sudo systemctl restart ssh.service
- name: Prime ~/.ssh/known_hosts
run: echo "127.0.0.1 $(cat /etc/ssh/ssh_host_ed25519_key.pub)" >> ~/.ssh/known_hosts
- name: Run test
run: |
mkdir ./devel/.dynamic
cp ./devel/gha_alice_ssh_conf ./devel/.dynamic/ssh_conf
/usr/bin/python3 ./integration/run-integration-tests "$GHA_SZH_DAEMON"