Skip to content

Commit

Permalink
Merge pull request #67 from tqre/github-actions
Browse files Browse the repository at this point in the history 
GitHub actions starter
  • Loading branch information
@fishilico
fishilico authored Dec 27, 2020
2 parents 388c47c + 20c44dc commit e3eed8e
Show file tree
Hide file tree
Showing 2 changed files with 147 additions and 0 deletions.
145 changes: 145 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
name: Build

on:
push:
branches:
- master
- github-actions
paths:
- 'Dockerfile'
- 'build_and_install_all.sh'
- 'clean.sh'
- 'recv_gpg_keys.sh'
- '*/PKGBUILD'
- '.github/workflows/main.yml'
workflow_dispatch:

jobs:
build_all_packages:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2

- name: Build and install Arch Linux's SELinux support packages in a docker container
run: docker build -t arch-selinux-build .

- name: Run the container - built packages are transferred to build host
run: docker run -v "$(pwd)/pkgs:/packages" --rm arch-selinux-build

- name: Upload packages as artifacts
uses: actions/upload-artifact@v2
with:
name: Arch Linux packages for SELinux support
path: pkgs

test_packages_on_qemu:
runs-on: ubuntu-18.04
needs: build_all_packages
steps:
- name: Install QEMU to the runner and make needed directories
run: |
sudo apt-get install qemu
mkdir -v repo /tmp/{boots,arch}
- name: Download latest ArchISO bootstrap image
run: curl https://mirror.pkgbuild.com/iso/latest/archlinux-bootstrap-$(date +"%Y.%m.01")-x86_64.tar.gz --output archbootstrap.tar.gz

- name: Create new raw image for Arch Linux and mount it as a loop device
run: |
qemu-img create -f raw archlinux.raw 8G
sudo losetup --show -f -P archlinux.raw
sudo parted /dev/loop0 mklabel msdos
sudo parted -a optimal /dev/loop0 mkpart primary 0% 100%
sudo parted /dev/loop0 set 1 boot on
sudo mkfs.ext4 /dev/loop0p1
sudo tune2fs -L ROOT /dev/loop0p1
sudo mount /dev/loop0p1 /tmp/arch
- name: Get the SELinux packages from build job
uses: actions/download-artifact@v2
with:
name: Arch Linux packages for SELinux support
path: repo

- name: Prepare arch-bootstrap directory, chroot into it and install Arch with SELinux support to loop-mounted raw image
run: |
sudo tar xf archbootstrap.tar.gz -C /tmp/boots --strip-components 1
sudo cp -v repo/* /tmp/boots/var/cache/pacman/pkg
sudo /tmp/boots/usr/bin/arch-chroot /tmp/boots /bin/bash -c \
'pacman-key --init;
pacman-key --populate archlinux;
mount /dev/loop0p1 /mnt;
echo "Server = https://mirror.pkgbuild.com/\$repo/os/\$arch" >> /etc/pacman.d/mirrorlist;
echo -e "[selinux-testing]\nSigLevel = Never\nServer = file:///var/cache/pacman/pkg" >> /etc/pacman.conf;
repo-add /var/cache/pacman/pkg/selinux-testing.db.tar.xz /var/cache/pacman/pkg/*;
pacstrap /mnt base-selinux base-devel-selinux openssh-selinux linux grub;
genfstab -L /mnt >> /mnt/etc/fstab'
- name: Make testing configurations for the raw image
run: |
sudo /tmp/boots/usr/bin/arch-chroot /tmp/arch /bin/bash -c \
'ln -sfv /usr/share/zoneinfo/UTC /etc/localtime;
hwclock --systohc;
sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen;
locale-gen;
echo LANG=en_US.UTF-8 > /etc/locale.conf;
echo qemu-arch-selinux > /etc/hostname;
echo -e "127.0.0.1 localhost\n::1 localhost" > /etc/hosts;
echo -e "[Match]\nName=en*\n[Network]\nDHCP=ipv4" > /etc/systemd/network/dhcp.network;
systemctl enable systemd-networkd.service;
sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/" /etc/ssh/sshd_config;
sed -i "s/#PermitEmptyPasswords no/PermitEmptyPasswords yes/" /etc/ssh/sshd_config;
systemctl enable sshd;
sed -i 's/root:x:/root::/' /etc/passwd;
grub-install --target=i386-pc /dev/loop0;
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=0/' /etc/default/grub;
sed -i "/LINUX_DEF/c\GRUB_CMDLINE_LINUX_DEFAULT=\"security=selinux selinux=1 console=ttyS0\"" /etc/default/grub;
grub-mkconfig -o /boot/grub/grub.cfg'
- name: Unmount loop devices and convert the QEMU image to qcow2
run: |
sudo umount /tmp/boots/mnt
sudo umount /tmp/arch
sudo losetup -d /dev/loop0
qemu-img convert -f raw -O qcow2 archlinux.raw archlinux.qcow2
- name: Run test commands on the image
run: |
qemu-system-x86_64 archlinux.qcow2 \
-net nic -net user,hostfwd=tcp::10022-:22 \
-nographic -m 2048 &
sleep 25
ssh -o "StrictHostKeyChecking=no" root@localhost -p 10022 'restorecon -Rv /; ls -laZ /; sestatus'
release:
runs-on: ubuntu-18.04
needs: test_packages_on_qemu
if: github.ref == 'refs/heads/github-actions' || github.ref == 'refs/heads/master'
steps:
- name: Get packages from build artifacts
uses: actions/download-artifact@v2
with:
name: Arch Linux packages for SELinux support
path: packages

- name: Remove old release
uses: ame-yu/action-delete-latest-release@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Release all packages
uses: softprops/action-gh-release@v1
with:
tag_name: ArchLinux-SELinux
files: packages/*
body: |
# Arch Linux packages to enable SELinux support
https://wiki.archlinux.org/index.php/SELinux
Latest commit:
```
${{ github.event.head_commit.message }}
```
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
![build](https://github.com/archlinuxhardened/selinux/workflows/Build/badge.svg)

PKGBUILDs for SELinux support in Arch Linux
===========================================

Expand Down

0 comments on commit e3eed8e

Please sign in to comment.