Skip to content
build

fix: Disable apparmor_restrict_unprivileged_userns on CI #2951

Sign in to view logs

fix: Disable apparmor_restrict_unprivileged_userns on CI

fix: Disable apparmor_restrict_unprivileged_userns on CI #2951

Workflow file for this run

.github/workflows/ci.yml at 9b55403
name: build
on:
push:
branches:
- main
pull_request:
jobs:
test:
name: Test
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: true
- name: Disable apparmor_restrict_unprivileged_userns # ref: https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
- name: Check oldstable
uses: k1LoW/oldstable@v1
- name: Run tests
run: make ci
- name: Run octocov
uses: k1LoW/octocov-action@v1
race:
name: Check race
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: true
- name: Run tests
run: make race
lint:
name: Lint
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: true
- name: Run lint
uses: reviewdog/action-golangci-lint@v2
with:
fail_on_error: true
go_version_file: go.mod
golangci_lint_flags: --timeout=5m
cache: false
- name: Run gostyle
uses: k1LoW/gostyle-action@v1
with:
config-file: .gostyle.yml
fail-on-error: true
- name: Run govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ''
go-version-file: go.mod
repo-checkout: false
go-package: ./...
os-test:
name: Run on each OS
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Check out source code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Run runbook
run: go run ./cmd/runn/main.go run ./testdata/book/github.yml
shell: bash