-
Notifications
You must be signed in to change notification settings - Fork 180
181 lines (152 loc) · 6.28 KB
/
CI-production-testing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
name: CI-production
on:
pull_request:
branches:
- 'master'
- '!develop'
jobs:
test_slips_locally:
# runs the tests on a GH VM
runs-on: ubuntu-20.04
# 2 hours timeout
timeout-minutes: 7200
steps:
- uses: actions/checkout@v3
with:
ref: 'develop'
# Fetch all history for all tags and branches
fetch-depth: ''
- name: Install slips dependencies
run: sudo apt-get -y --no-install-recommends install python3 redis-server python3-pip python3-certifi python3-dev build-essential file lsof net-tools iproute2 iptables python3-tzlocal nfdump tshark git whois golang nodejs notify-osd yara libnotify-bin
- name: Install Zeek
run: |
sudo echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list
curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null
sudo apt update
sudo apt install -y --no-install-recommends zeek
sudo ln -s /opt/zeek/bin/zeek /usr/local/bin/bro
- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: Install Python dependencies
run:
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Start redis server
run: redis-server --daemonize yes
- name: Run unit tests
run: python3 -m pytest tests/ --ignore="tests/test_daemon.py" --ignore="tests/test_database.py" --ignore="tests/integration_tests" -n 7 -p no:warnings -vv -s
- name: Run database unit tests
run: python3 -m pytest tests/test_database.py -p no:warnings -vv
- name: Run daemon unit tests
run: python3 -m pytest tests/test_daemon.py -p no:warnings -vv
- name: Clear redis cache
run: ./slips.py -cc
- name: Integration tests
run: python3 -m pytest -s tests/integration_tests/test_dataset.py -p no:warnings -vv
- name: Config file tests
run: python3 -m pytest -s tests/integration_tests/test_config_files.py -p no:warnings -vv
- name: Upload Artifact
# run this job whether the above jobs failed or passed
if: success() || failure()
uses: actions/upload-artifact@v3
with:
name: test_slips_locally-integration-tests-output
path: |
output/integration_tests
test_slips_in_docker:
# runs the tests in a docker(built by this job) on stop of a GH VM
runs-on: ubuntu-20.04
# 2 hours timeout
timeout-minutes: 7200
strategy:
matrix:
include:
- type: ubuntu-image
name: ubuntu-image
image_name: slips
path: ./docker/ubuntu-image/Dockerfile
#
# #TODO our unit tests dont support macos yet
# - type: macosm1-image
# name: macosm1-image
# image_name: slips_macos_m1
# path: ./docker/macosm1-image/Dockerfile
steps:
# clone slips and checkout branch
# By default it checks out only one commit
- uses: actions/checkout@v3
with:
ref: 'develop'
# build slips from target dockerfile, but don't push
- name: Build our ${{ matrix.name }} from dockerfile
id: docker_build_slips
uses: docker/build-push-action@v2
with:
context: ./
file: ${{ matrix.path }}
tags: stratosphereips/${{ matrix.image_name }}:latest
push: false
# use the built image to run unit tests inside docker
# we ignore the blocking module unit tests because we cannot run
# docker with -cap-add=NET_ADMIN and use iptables in GH actions
- name: Run unit tests inside docker
uses: addnab/docker-run-action@v3
with:
image: stratosphereips/slips:latest
run: |
git reset --hard
git pull & git checkout origin/develop
redis-server --daemonize yes
python3 -m pytest tests/ --ignore="tests/test_daemon.py" --ignore="tests/test_database.py" --ignore="tests/integration_tests" -n 7 -p no:warnings -vv -s
- name: Run database tests inside docker
uses: addnab/docker-run-action@v3
with:
image: stratosphereips/slips:latest
run: |
git reset --hard
git pull & git checkout origin/develop
redis-server --daemonize yes
python3 -m pytest tests/test_database.py -p no:warnings -vv
- name: Run daemon tests inside docker
uses: addnab/docker-run-action@v3
with:
image: stratosphereips/slips:latest
run: |
git reset --hard
git pull & git checkout origin/develop
redis-server --daemonize yes
python3 -m pytest tests/test_daemon.py -p no:warnings -vv
- name: Run integration tests inside docker
uses: addnab/docker-run-action@v3
with:
image: stratosphereips/slips:latest
# mount the host's output/ dir to docker's output/ dir, the goal is to access integration
# tests output in docker from the host to upload it later
options: -v ${{ github.workspace }}/output:/StratosphereLinuxIPS/output
run: |
git reset --hard
git pull & git checkout origin/develop
redis-server --daemonize yes
python3 -m pytest -s tests/integration_tests/test_dataset.py -p no:warnings -vv
- name: Run config file integration tests inside docker
uses: addnab/docker-run-action@v3
with:
image: stratosphereips/slips:latest
# mount the host's output/ dir to docker's output/ dir, the goal is to access integration
# tests output in docker from the host to upload it later
options: -v ${{ github.workspace }}/output:/StratosphereLinuxIPS/output
run: |
git reset --hard
git pull & git checkout origin/develop
redis-server --daemonize yes
python3 -m pytest -s tests/integration_tests/test_config_files.py -p no:warnings -vv
- name: Upload Artifact
# run this job whether the above jobs failed or passed
if: success() || failure()
uses: actions/upload-artifact@v3
with:
name: test_slips_in_docker-integration-tests-output
path: |
${{ github.workspace }}/output/integration_tests