Skip to content

o/assertstate, o/snapstate: always validate existence of snap-resource-pair for asserted components #32369

o/assertstate, o/snapstate: always validate existence of snap-resource-pair for asserted components

o/assertstate, o/snapstate: always validate existence of snap-resource-pair for asserted components #32369

Workflow file for this run

name: Tests
on:
pull_request:
branches: [ "master", "release/**", "core-snap-security-release/**", "security-release/**" ]
push:
branches: [ "master", "release/**", "core-snap-security-release/**", "security-release/**" ]
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
snap-builds:
uses: ./.github/workflows/snap-builds.yaml
with:
runs-on: ${{ matrix.runs-on }}
toolchain: ${{ matrix.toolchain }}
variant: ${{ matrix.variant }}
strategy:
matrix:
runs-on:
- '["ubuntu-22.04"]'
# Tags to identify the self-hosted runners to use from
# internal runner collection. See internal self-hosted
# runners doc for the complete list of options.
- '["self-hosted", "Linux", "jammy", "ARM64", "large"]'
toolchain:
- default
- FIPS
variant:
# test version is a build of snapd with test keys and should
# only be installed by test runners. The pristine versions
# are the build that should be installed by human users.
- pristine
- test
# Exclude building everything for ARM but the version for testing
# to keep the number of builds down as we currently don't have a
# clear need for these excluded builds.
exclude:
- runs-on: '["self-hosted", "Linux", "jammy", "ARM64", "large"]'
toolchain: FIPS
- runs-on: '["self-hosted", "Linux", "jammy", "ARM64", "large"]'
variant: pristine
cache-build-deps:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# needed for git commit history
fetch-depth: 0
# NOTE: checkout the code in a fixed location, even for forks, as this
# is relevant for go's import system.
path: ./src/github.com/snapcore/snapd
# Fetch base ref, needed for golangci-lint
- name: Fetching base ref ${{ github.base_ref }}
run: |
cd ${{ github.workspace }}/src/github.com/snapcore/snapd
git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
# golang latest ensures things work on the edge
- name: Download Debian dependencies
run: |
sudo apt clean
sudo apt update
sudo apt build-dep -d -y ${{ github.workspace }}/src/github.com/snapcore/snapd
# for indent
sudo apt install texinfo autopoint
- name: Copy dependencies
run: |
sudo tar cvf cached-apt.tar /var/cache/apt
- name: upload Debian dependencies
uses: actions/upload-artifact@v4
with:
name: debian-dependencies
path: ./cached-apt.tar
static-checks:
uses: ./.github/workflows/static-checks.yaml
needs: [cache-build-deps]
with:
runs-on: ubuntu-latest
gochannel: ${{ matrix.gochannel }}
strategy:
# we cache successful runs so it's fine to keep going
fail-fast: false
matrix:
gochannel:
- 1.18
- latest/stable
branch-static-checks:
runs-on: ubuntu-latest
needs: [cache-build-deps]
if: github.ref != 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# needed for git commit history
fetch-depth: 0
- name: check-branch-ubuntu-daily-spread
run: |
# Compare the daily system in master and in the current branch
wget -q -O test_master.yaml https://raw.githubusercontent.com/snapcore/snapd/master/.github/workflows/test.yaml
system_daily="$(yq '.jobs.spread.strategy.matrix.include.[] | select(.group == "ubuntu-daily") | .systems' test_master.yaml)"
current_daily="$(yq '.jobs.spread.strategy.matrix.include.[] | select(.group == "ubuntu-daily") | .systems' .github/workflows/test.yaml)"
test "$system_daily" == "$current_daily"
shell: bash
unit-tests:
uses: ./.github/workflows/unit-tests.yaml
needs: [static-checks]
with:
runs-on: ubuntu-22.04
gochannel: ${{ matrix.gochannel }}
unit-scenario: ${{ matrix.unit-scenario }}
strategy:
# we cache successful runs so it's fine to keep going
fail-fast: false
matrix:
gochannel:
- 1.18
- latest/stable
unit-scenario:
- normal
# TODO run unit tests of C code
unit-tests-special:
uses: ./.github/workflows/unit-tests.yaml
needs: [static-checks]
with:
runs-on: ubuntu-22.04
gochannel: ${{ matrix.gochannel }}
unit-scenario: ${{ matrix.unit-scenario }}
strategy:
# we cache successful runs so it's fine to keep going
fail-fast: false
matrix:
gochannel:
- 1.18
- latest/stable
unit-scenario:
- snapd_debug
- withbootassetstesting
- nosecboot
- faultinject
- race
- snapdusergo
unit-tests-cross-distro:
uses: ./.github/workflows/unit-tests-cross-distro.yaml
needs: [static-checks]
with:
runs-on: ubuntu-latest
distro: ${{ matrix.distro }}
strategy:
fail-fast: false
matrix:
distro:
# TODO add arch?
- fedora:latest
- opensuse/tumbleweed
code-coverage:
needs: [unit-tests, unit-tests-special]
runs-on: ubuntu-20.04
env:
GOPATH: ${{ github.workspace }}
# Set PATH to ignore the load of magic binaries from /usr/local/bin And
# to use the go snap automatically. Note that we install go from the
# snap in a step below. Without this we get the GitHub-controlled latest
# version of go.
PATH: /snap/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:${{ github.workspace }}/bin
GOROOT: ""
steps:
- name: Download the coverage files
uses: actions/download-artifact@v4
with:
pattern: coverage-files-*
path: .coverage/
merge-multiple: true
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
# uploading to codecov occasionally fails, so continue running the test
# workflow regardless of the upload
continue-on-error: true
with:
fail_ci_if_error: true
flags: unittests
name: codecov-umbrella
files: .coverage/coverage-*.cov
verbose: true
spread:
uses: ./.github/workflows/spread-tests.yaml
needs: [unit-tests, snap-builds]
name: "spread ${{ matrix.group }}"
with:
# Github doesn't support passing sequences as parameters.
# Instead here we create a json array and pass it as a string.
# Then in the spread workflow it turns it into a sequence
# using the fromJSON expression.
runs-on: '["self-hosted", "spread-enabled"]'
group: ${{ matrix.group }}
backend: ${{ matrix.backend }}
systems: ${{ matrix.systems }}
tasks: ${{ matrix.tasks }}
rules: ${{ matrix.rules }}
strategy:
# FIXME: enable fail-fast mode once spread can cancel an executing job.
# Disable fail-fast mode as it doesn't function with spread. It seems
# that cancelling tasks requires short, interruptible actions and
# interrupting spread, notably, does not work today. As such disable
# fail-fast while we tackle that problem upstream.
fail-fast: false
matrix:
include:
- group: amazon-linux
backend: google-distro-1
systems: 'amazon-linux-2-64 amazon-linux-2023-64'
tasks: 'tests/...'
rules: 'main'
- group: arch-linux
backend: google-distro-2
systems: 'arch-linux-64'
tasks: 'tests/...'
rules: 'main'
- group: centos
backend: google-distro-2
systems: 'centos-9-64'
tasks: 'tests/...'
rules: 'main'
- group: debian-req
backend: google-distro-1
systems: 'debian-11-64'
tasks: 'tests/...'
rules: 'main'
- group: debian-not-req
backend: google-distro-1
systems: 'debian-12-64 debian-sid-64'
tasks: 'tests/...'
rules: 'main'
- group: fedora
backend: openstack
systems: 'fedora-40-64 fedora-41-64'
tasks: 'tests/...'
rules: 'main'
- group: opensuse
backend: google-distro-2
systems: 'opensuse-15.5-64 opensuse-15.6-64 opensuse-tumbleweed-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-trusty
backend: google
systems: 'ubuntu-14.04-64'
tasks: 'tests/smoke/ tests/main/canonical-livepatch tests/main/canonical-livepatch-14.04'
rules: 'trusty'
- group: ubuntu-xenial-bionic
backend: google
systems: 'ubuntu-16.04-64 ubuntu-18.04-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-focal-jammy
backend: google
systems: 'ubuntu-20.04-64 ubuntu-22.04-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-noble
backend: google
systems: 'ubuntu-24.04-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-no-lts
backend: google
systems: ''
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-daily
backend: google
systems: 'ubuntu-24.10-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-core-18
backend: google-core
systems: 'ubuntu-core-18-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-core-20
backend: google-core
systems: 'ubuntu-core-20-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-core-22
backend: google-core
systems: 'ubuntu-core-22-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-core-24
backend: google-core
systems: 'ubuntu-core-24-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-arm64
backend: google-arm
systems: 'ubuntu-20.04-arm-64 ubuntu-core-22-arm-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-secboot
backend: google
systems: 'ubuntu-secboot-20.04-64'
tasks: 'tests/...'
rules: 'main'
- group: ubuntu-fips
backend: google-pro
systems: 'ubuntu-fips-22.04-64'
tasks: 'tests/fips/...'
rules: 'main'
- group: nested-ubuntu-18.04
backend: google-nested
systems: 'ubuntu-18.04-64'
tasks: 'tests/nested/...'
rules: 'nested'
- group: nested-ubuntu-20.04
backend: google-nested
systems: 'ubuntu-20.04-64'
tasks: 'tests/nested/...'
rules: 'nested'
- group: nested-ubuntu-22.04
backend: google-nested
systems: 'ubuntu-22.04-64'
tasks: 'tests/nested/...'
rules: 'nested'
- group: nested-ubuntu-24.04
backend: google-nested
systems: 'ubuntu-24.04-64'
tasks: 'tests/nested/...'
rules: 'nested'