v0.1.0 #70
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| test-macos: | |
| name: macOS Integration Tests | |
| runs-on: macos-15-xlarge | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run unit tests | |
| run: cargo nextest run --profile ci --bins --verbose | |
| - name: Run smoke tests | |
| run: cargo nextest run --profile ci --test smoke_test --verbose | |
| - name: Run weak mode integration tests | |
| run: | | |
| # On macOS, we only support weak mode due to PF limitations | |
| # (PF translation rules cannot match on user/group) | |
| cargo nextest run --profile ci --test weak_integration --verbose | |
| test-linux: | |
| name: Linux Tests (${{ matrix.privilege }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| privilege: [root, sudo] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run unit tests | |
| run: cargo nextest run --profile ci --bins --verbose | |
| - name: Run smoke tests | |
| run: cargo nextest run --profile ci --test smoke_test --verbose | |
| - name: Debug TLS environment | |
| run: | | |
| echo "=== Debugging TLS/Certificate Environment ===" | |
| chmod +x scripts/debug_tls_env.sh | |
| ./scripts/debug_tls_env.sh | |
| sudo ./scripts/debug_tls_env.sh | |
| - name: Debug network environment (CI only) | |
| run: | | |
| echo "=== Network Debug Information ===" | |
| echo "1. Network interfaces:" | |
| ip link show | |
| echo "" | |
| echo "2. Listening ports:" | |
| sudo ss -lntp | |
| echo "" | |
| echo "3. NFTables rules:" | |
| sudo nft list ruleset || echo "No nftables rules" | |
| echo "" | |
| echo "4. IPTables rules (if any):" | |
| sudo iptables -L -v -n || echo "No iptables rules" | |
| echo "" | |
| echo "5. /etc/netns directory:" | |
| sudo ls -la /etc/netns/ 2>/dev/null || echo "No /etc/netns directory" | |
| echo "" | |
| echo "6. Network namespaces:" | |
| sudo ip netns list || echo "No namespaces" | |
| echo "=== End Network Debug ===" | |
| - name: Run Linux jail integration tests (root variant) | |
| if: matrix.privilege == 'root' | |
| run: | | |
| # Run tests directly as root (GitHub Actions runner is already non-root) | |
| # Use full path to cargo since PATH may not be preserved with sudo | |
| sudo -E $(which cargo) nextest run --profile ci --test linux_integration --verbose | |
| - name: Run Linux jail integration tests (sudo variant) | |
| if: matrix.privilege == 'sudo' | |
| run: | | |
| # Ensure ip netns support is available | |
| sudo ip netns list || true | |
| # Run the Linux-specific jail tests with sudo from regular user | |
| # Use full path to cargo and nextest since sudo doesn't preserve PATH | |
| sudo -E $(which cargo) nextest run --profile ci --test linux_integration --verbose | |
| test-weak: | |
| name: Weak Mode Integration Tests (Linux) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run weak mode integration tests | |
| run: cargo nextest run --profile ci --test weak_integration --verbose | |
| clippy: | |
| name: Clippy (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run clippy | |
| run: cargo clippy --all-targets -- -D warnings | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Check formatting | |
| run: cargo fmt -- --check |