mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-06 07:22:14 +08:00
68 lines
2.9 KiB
YAML
68 lines
2.9 KiB
YAML
name: FreeBSD tests
|
|
|
|
on:
|
|
pull_request:
|
|
types: [labeled, synchronize]
|
|
|
|
jobs:
|
|
freebsd:
|
|
runs-on: ubuntu-latest
|
|
name: FreeBSD
|
|
timeout-minutes: 180
|
|
if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
- name: Functional tests under FreeBSD
|
|
uses: cross-platform-actions/action@master
|
|
with:
|
|
operating_system: freebsd
|
|
version: '13.2'
|
|
shell: bash
|
|
sync_files: runner-to-vm
|
|
run: |
|
|
# source this to get the $SSH_DIR var properly filled
|
|
source lib/shell/functions.inc
|
|
# a few debug commands
|
|
set -x
|
|
freebsd-version
|
|
id
|
|
# to do proper tests, we need the fs to have ACLs enabled
|
|
sudo mount -o acls /
|
|
# install required packages
|
|
sudo pkg update
|
|
sudo pkg install -y bash rsync ca_root_nss jq fping screen flock curl
|
|
# create required folder
|
|
sudo mkdir -p /opt/bastion
|
|
# copy bastion code to the proper location
|
|
sudo rsync -a . /opt/bastion/
|
|
# save default ssh config, so we can restore it when we're done,
|
|
# or the github action will fail because the post-run actions it'll
|
|
# try to do over ssh won't complete due to our modified ssh config
|
|
sudo tar czf /opt/bastion/ssh_config.tar.gz $SSH_DIR/
|
|
# setup bastion
|
|
sudo /opt/bastion/bin/admin/packages-check.sh -i
|
|
sudo /opt/bastion/bin/admin/install-ttyrec.sh -s
|
|
sudo /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s
|
|
sudo /opt/bastion/bin/admin/install-mkhash-helper.sh -s
|
|
sudo /opt/bastion/bin/admin/install --new-install
|
|
# by default, this is 0700, but we'll run those as non-root
|
|
sudo chmod 0755 /opt/bastion/tests
|
|
# generate two sets of keys
|
|
ssh-keygen -t ed25519 -f id_user -N ''
|
|
ssh-keygen -t ed25519 -f id_root -N ''
|
|
# setup the local bastion for tests
|
|
sudo env WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey="$(cat id_user.pub)" root_pubkey="$(cat id_root.pub)" TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh
|
|
# run the tests, then in post-run, restore saved ssh config and restart sshd
|
|
/opt/bastion/tests/functional/launch_tests_on_instance.sh \
|
|
--has-mfa=0 \
|
|
--has-mfa-password=1 \
|
|
--has-pamtester=1 \
|
|
--skip-consistency-check \
|
|
--remote-etc-bastion=/usr/local/etc/bastion \
|
|
--slowness-factor=2 \
|
|
--post-run="sudo tar xzf /opt/bastion/ssh_config.tar.gz -C / ; sudo /etc/rc.d/sshd restart" \
|
|
127.0.0.1 22 0 user5000 id_user id_root
|
|
# for some reason, any other command below is skipped, so don't try to add anything,
|
|
# augment --post-run in the script above instead, if needed.
|