mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
40aba05742
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="08c6903cd8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="9f265659d3"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
212 lines
7.2 KiB
YAML
212 lines
7.2 KiB
YAML
name: Integration Tests
|
|
run-name: Triggered from ${{ github.event_name }} by ${{ github.actor }}
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
domain_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/domain"
|
|
domain_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
api_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/api"
|
|
api_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
web_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/web"
|
|
web_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
elixir_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/elixir"
|
|
elixir_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
relay_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/debug/relay"
|
|
relay_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
gateway_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/debug/gateway"
|
|
gateway_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
client_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/debug/client"
|
|
client_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
http_test_server_image:
|
|
required: false
|
|
type: string
|
|
default: "ghcr.io/firezone/debug/http-test-server"
|
|
http_test_server_tag:
|
|
required: false
|
|
type: string
|
|
default: ${{ github.sha }}
|
|
|
|
env:
|
|
COMPOSE_PARALLEL_LIMIT: 1 # Temporary fix for https://github.com/docker/compose/pull/12752 until compose v2.36.0 lands on GitHub actions runners.
|
|
|
|
jobs:
|
|
integration-tests:
|
|
name: ${{ matrix.test.name || matrix.test.script }}
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
env:
|
|
DOMAIN_IMAGE: ${{ inputs.domain_image }}
|
|
DOMAIN_TAG: ${{ inputs.domain_tag }}
|
|
API_IMAGE: ${{ inputs.api_image }}
|
|
API_TAG: ${{ inputs.api_tag }}
|
|
WEB_IMAGE: ${{ inputs.web_image }}
|
|
WEB_TAG: ${{ inputs.web_tag }}
|
|
RELAY_IMAGE: ${{ inputs.relay_image }}
|
|
RELAY_TAG: ${{ inputs.relay_tag }}
|
|
GATEWAY_IMAGE: ${{ inputs.gateway_image }}
|
|
GATEWAY_TAG: ${{ inputs.gateway_tag }}
|
|
CLIENT_IMAGE: ${{ inputs.client_image }}
|
|
CLIENT_TAG: ${{ inputs.client_tag }}
|
|
ELIXIR_IMAGE: ${{ inputs.elixir_image }}
|
|
ELIXIR_TAG: ${{ inputs.elixir_tag }}
|
|
HTTP_TEST_SERVER_IMAGE: ${{ inputs.http_test_server_image }}
|
|
HTTP_TEST_SERVER_TAG: ${{ inputs.http_test_server_tag }}
|
|
FIREZONE_INC_BUF: true
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test:
|
|
- script: curl-api-down
|
|
- script: curl-api-restart
|
|
- script: curl-ecn
|
|
- script: dns
|
|
- script: dns-api-down
|
|
- script: dns-nm
|
|
- script: dns-two-resources
|
|
- script: systemd/dns-systemd-resolved
|
|
- script: tcp-dns
|
|
# Setting both client and gateway to random masquerade will force relay-relay candidate pair
|
|
- name: download-double-symmetric-nat
|
|
script: download
|
|
client_masquerade: random
|
|
gateway_masquerade: random
|
|
rust_log: debug
|
|
stop_containers: relay-2 # Force single relay
|
|
skip: true
|
|
- script: download-packet-loss
|
|
rust_log: debug
|
|
- script: download-roaming-network
|
|
# Too noisy can cause flaky tests due to the amount of data
|
|
rust_log: debug
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/ghcr-docker-login
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
# We need at least Docker v28.1 which is not yet available on GitHub actions runners
|
|
- uses: docker/setup-docker-action@b60f85385d03ac8acfca6d9996982511d8620a19 # v4.3.0
|
|
- name: Seed database
|
|
run: docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.migrate --migrations-path priv/repo/migrations --migrations-path priv/repo/manual_migrations && mix ecto.seed'
|
|
- name: Start docker compose in the background
|
|
run: |
|
|
set -xe
|
|
|
|
if [[ -n "${{ matrix.test.rust_log }}" ]]; then
|
|
export RUST_LOG="${{ matrix.test.rust_log }}"
|
|
fi
|
|
|
|
if [[ -n "${{ matrix.test.client_masquerade }}" ]]; then
|
|
export CLIENT_MASQUERADE="${{ matrix.test.client_masquerade }}"
|
|
fi
|
|
|
|
if [[ -n "${{ matrix.test.gateway_masquerade }}" ]]; then
|
|
export GATEWAY_MASQUERADE="${{ matrix.test.gateway_masquerade }}"
|
|
fi
|
|
|
|
docker compose build client-router gateway-router relay-1-router relay-2-router api-router
|
|
|
|
# Start one-by-one to avoid variability in service startup order
|
|
docker compose up -d dns.httpbin.search.test --no-build
|
|
docker compose up -d httpbin --no-build
|
|
docker compose up -d download.httpbin --no-build
|
|
docker compose up -d api web domain --no-build
|
|
docker compose up -d otel --no-build
|
|
docker compose up -d relay-1 --no-build
|
|
docker compose up -d relay-2 --no-build
|
|
docker compose up -d gateway --no-build
|
|
docker compose up -d client --no-build
|
|
|
|
if [[ -n "${{ matrix.test.stop_containers }}" ]]; then
|
|
docker compose stop ${{ matrix.test.stop_containers }}
|
|
fi
|
|
|
|
# Wait a few seconds for the services to fully start. GH runners are
|
|
# slow, so this gives the Client enough time to initialize its tun interface,
|
|
# for example.
|
|
# Intended to mitigate <https://github.com/firezone/firezone/issues/5830>
|
|
sleep 3
|
|
|
|
docker compose up veth-config
|
|
|
|
- run: ./scripts/tests/${{ matrix.test.script }}.sh
|
|
if: ${{ matrix.test.skip != 'true' }}
|
|
|
|
- name: Ensure Client emitted no warnings
|
|
if: "!cancelled()"
|
|
run: |
|
|
# Disabling checksum offloading causes one or two "I/O error (os error 5)" warnings
|
|
docker compose logs client | \
|
|
grep --invert "I/O error (os error 5)" | \
|
|
grep "WARN" && exit 1 || exit 0
|
|
- name: Show Client logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs client
|
|
|
|
- name: Show Relay-1 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-1
|
|
|
|
- name: Show Relay-2 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-2
|
|
|
|
- name: Ensure Gateway emitted no warnings
|
|
if: "!cancelled()"
|
|
run: |
|
|
# Disabling checksum offloading causes one or two "I/O error (os error 5)" warnings
|
|
docker compose logs gateway | \
|
|
grep --invert "I/O error (os error 5)" | \
|
|
grep "WARN" && exit 1 || exit 0
|
|
- name: Show Gateway logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs gateway
|
|
|
|
- name: Show API logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs api
|