chore: fix FreeBSD GitHub Action #659
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: FreeBSD tests | |
on: | |
pull_request: | |
types: [labeled, synchronize] | |
jobs: | |
freebsd: | |
runs-on: macos-12 | |
name: FreeBSD | |
timeout-minutes: 45 | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:full') || contains(github.event.pull_request.labels.*.name, 'tests:long') || contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Functional tests under FreeBSD | |
uses: cross-platform-actions/action@master | |
with: | |
operating_system: freebsd | |
version: '13.2' | |
shell: bash | |
sync_files: runner-to-vm | |
run: | | |
# source this to get the $SSH_DIR var properly filled | |
source lib/shell/functions.inc | |
# a few debug commands | |
set -exu | |
freebsd-version | |
id | |
# to do proper tests, we need the fs to have ACLs enabled | |
sudo mount -o acls / | |
# install required packages | |
sudo pkg update | |
sudo pkg install -y bash rsync ca_root_nss jq fping screen flock curl | |
# create required folder | |
sudo mkdir -p /opt/bastion | |
# copy bastion code to the proper location | |
sudo rsync -a . /opt/bastion/ | |
# save default ssh config, so we can restore it when we're done, | |
# or the github action will fail because the post-run actions it'll | |
# try to do over ssh won't complete due to our modified ssh config | |
sudo tar czf /opt/bastion/ssh_config.tar.gz $SSH_DIR/ | |
# setup bastion | |
sudo /opt/bastion/bin/admin/packages-check.sh -i | |
sudo /opt/bastion/bin/admin/install-ttyrec.sh -s | |
sudo /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s | |
sudo /opt/bastion/bin/admin/install-mkhash-helper.sh -s | |
sudo /opt/bastion/bin/admin/install --new-install | |
# by default, this is 0700, but we'll run those as non-root | |
sudo chmod 0755 /opt/bastion/tests | |
# generate two sets of keys | |
ssh-keygen -t ed25519 -f id_user -N '' | |
ssh-keygen -t ed25519 -f id_root -N '' | |
# setup the local bastion for tests | |
sudo env WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey="$(cat id_user.pub)" root_pubkey="$(cat id_root.pub)" TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh | |
# run the tests | |
/opt/bastion/tests/functional/launch_tests_on_instance.sh --has-mfa=0 --has-mfa-password=1 --has-pamtester=1 --skip-consistency-check --remote-etc-bastion=/usr/local/etc/bastion 127.0.0.1 22 0 user5000 id_user id_root | |
# restore saved ssh config | |
sudo tar xzf /opt/bastion/ssh_config.tar.gz -C / | |
# restart ssh so that the config is taken into account | |
sudo /etc/rc.d/sshd restart | |
# now, the post-run of cross-platform-actions will work |