New feature: containment: add runtime limits and optional cgroup targeting #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lshell Tests | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| pytest: | |
| name: Pytest Unit/Integration Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: "3.10" | |
| - name: Set up Python path | |
| run: echo "PYTHONPATH=$PWD" >> $GITHUB_ENV | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pytest | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Install the lshell package | |
| run: pip install . | |
| - name: Test with pytest | |
| run: | | |
| pytest | |
| lint: | |
| name: Lint + Flake8 | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.8", "3.9", "3.10"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Set up Python path | |
| run: echo "PYTHONPATH=$PWD" >> $GITHUB_ENV | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pylint flake8 | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Analyse with pylint and flake8 | |
| run: | | |
| pylint lshell test | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| fuzz-security-parser: | |
| name: Fuzz Security Parser/Policy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install just | |
| uses: taiki-e/install-action@just | |
| - name: Fuzz security parser/policy | |
| timeout-minutes: 45 | |
| run: | | |
| just test-fuzz-security-parser 20000 | |
| ssh-e2e: | |
| name: SSH End-to-End (Docker + Ansible) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run SSH end-to-end tests | |
| run: | | |
| docker compose -f docker-compose.e2e.yml up --build --abort-on-container-exit --exit-code-from ansible-runner ansible-runner | |
| - name: Cleanup SSH E2E stack | |
| if: always() | |
| run: | | |
| docker compose -f docker-compose.e2e.yml down -v --remove-orphans |