tasks: Bind the host's podman API socket #517
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tests | |
| on: [pull_request] | |
| jobs: | |
| unit-tests: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y make python3-pyflakes python3-pep8 | |
| - name: Run unit tests | |
| run: make check | |
| tasks: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # enough permissions for tests-scan to work | |
| pull-requests: read | |
| statuses: write | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v3 | |
| with: | |
| # need this to get origin/main for git diff | |
| fetch-depth: 0 | |
| - name: Rebase to current main | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git rebase origin/main | |
| # HACK: Ubuntu 22.04 has podman 3.4, which isn't compatible with podman-remote 4 in our tasks container | |
| # This PPA is a backport of podman 4.3 from Debian 12; drop this when moving `runs-on:` to ubuntu-24.04 | |
| - name: Update to newer podman | |
| run: | | |
| sudo add-apt-repository -y ppa:quarckster/containers | |
| sudo apt install -y podman | |
| systemctl --user daemon-reload | |
| # HACK: run-local.sh tries to do this with setfacl, which works on a developer | |
| # machine but isn't enough on Ubuntu 22.04 (GH workflow) | |
| - name: Allow tasks container to access podman socket | |
| run: | | |
| systemctl --user start podman.socket | |
| chmod o+rw $XDG_RUNTIME_DIR/podman/podman.sock | |
| - name: Check which containers changed | |
| id: containers_changed | |
| run: | | |
| tasks=$(git diff --name-only origin/main..HEAD -- tasks/ | grep -Ev 'run-local.sh|openssl.cnf|README' || true) | |
| # print for debugging | |
| echo "tasks: $tasks" | |
| [ -z "$tasks" ] || echo "::set-output name=tasks::true" | |
| - name: Build tasks container if it changed | |
| if: steps.containers_changed.outputs.tasks | |
| run: make tasks-container | |
| - name: Test local deployment | |
| run: | | |
| echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token | |
| PRN=$(echo "$GITHUB_REF" | cut -f3 -d '/') | |
| tasks/run-local.sh -p $PRN -t ~/.config/github-token |