Skip to content

T6841: firewall: improve config parsing for ZBF when using VRFs and interfaces attached to VRFs #907

T6841: firewall: improve config parsing for ZBF when using VRFs and interfaces attached to VRFs

T6841: firewall: improve config parsing for ZBF when using VRFs and interfaces attached to VRFs #907

name: VyOS ISO integration Test
on:
pull_request_target:
branches:
- current
paths:
- '**'
- '!.github/**'
- '!**/*.md'
permissions:
pull-requests: write
contents: read
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments
BUILD_BY: autobuild@vyos.net
DEBIAN_MIRROR: http://deb.debian.org/debian/
DEBIAN_SECURITY_MIRROR: http://deb.debian.org/debian-security
VYOS_MIRROR: https://packages.vyos.net/repositories/current/
jobs:
build_iso:
runs-on: ubuntu-24.04
timeout-minutes: 45
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
build_version: ${{ steps.version.outputs.build_version }}
steps:
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- name: Clone vyos-1x source code
uses: actions/checkout@v4
with:
path: packages/vyos-1x
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Build vyos-1x package
run: |
cd packages/vyos-1x; dpkg-buildpackage -uc -us -tc -b
- name: Generate ISO version string
id: version
run: |
echo "build_version=1.5-integration-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT
- name: Build custom ISO image
shell: bash
run: |
sudo --preserve-env ./build-vyos-image \
--architecture amd64 \
--build-by $BUILD_BY \
--build-type release \
--custom-package vyos-1x-smoketest \
--debian-mirror $DEBIAN_MIRROR \
--debian-security-mirror $DEBIAN_SECURITY_MIRROR \
--version ${{ steps.version.outputs.build_version }} \
--vyos-mirror $VYOS_MIRROR \
generic
- uses: actions/upload-artifact@v4
with:
name: vyos-${{ steps.version.outputs.build_version }}
path: |
build/live-image-amd64.hybrid.iso
build/manifest.json
test_smoketest_cli:
needs: build_iso
runs-on: ubuntu-24.04
timeout-minutes: 180
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
exit_code: ${{ steps.test.outputs.exit_code }}
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}
path: build
- name: VyOS CLI smoketests (no interfaces)
id: test
shell: bash
run: |
set -e
sudo make test-no-interfaces
if [[ $? == 0 ]]; then
echo "exit_code=success" >> $GITHUB_OUTPUT
else
echo "exit_code=fail" >> $GITHUB_OUTPUT
fi
test_interfaces_cli:
needs: build_iso
runs-on: ubuntu-24.04
timeout-minutes: 180
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
exit_code: ${{ steps.test.outputs.exit_code }}
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}
path: build
- name: VyOS CLI smoketests (interfaces only)
id: test
shell: bash
run: |
set -e
sudo make test-interfaces
if [[ $? == 0 ]]; then
echo "exit_code=success" >> $GITHUB_OUTPUT
else
echo "exit_code=fail" >> $GITHUB_OUTPUT
fi
test_config_load:
needs: build_iso
runs-on: ubuntu-24.04
timeout-minutes: 90
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
exit_code: ${{ steps.test.outputs.exit_code }}
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}
path: build
- name: VyOS config load tests
id: test
shell: bash
run: |
set -e
sudo make testc
if [[ $? == 0 ]]; then
echo "exit_code=success" >> $GITHUB_OUTPUT
else
echo "exit_code=fail" >> $GITHUB_OUTPUT
fi
test_raid1_install:
needs: build_iso
runs-on: ubuntu-24.04
timeout-minutes: 20
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
exit_code: ${{ steps.test.outputs.exit_code }}
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}
path: build
- name: VyOS RAID1 installation tests
id: test
shell: bash
run: |
set -e
sudo make testraid
if [[ $? == 0 ]]; then
echo "exit_code=success" >> $GITHUB_OUTPUT
else
echo "exit_code=fail" >> $GITHUB_OUTPUT
fi
test_encrypted_config_tpm:
needs: build_iso
runs-on: ubuntu-24.04
timeout-minutes: 30
container:
image: vyos/vyos-build:current
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
outputs:
exit_code: ${{ steps.test.outputs.exit_code }}
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}
path: build
- name: VyOS TPM encryption tests
id: test
shell: bash
run: |
set -e
sudo make testtpm
if [[ $? == 0 ]]; then
echo "exit_code=success" >> $GITHUB_OUTPUT
else
echo "exit_code=fail" >> $GITHUB_OUTPUT
fi
result:
needs:
- test_smoketest_cli
- test_interfaces_cli
- test_config_load
- test_raid1_install
- test_encrypted_config_tpm
runs-on: ubuntu-24.04
timeout-minutes: 5
if: always()
steps:
- name: Add PR comment
if: always()
uses: mshick/add-pr-comment@v2
with:
message: |
CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && needs.test_interfaces_cli.outputs.exit_code == 'success' && needs.test_config_load.outputs.exit_code == 'success' && needs.test_raid1_install.outputs.exit_code == 'success' && 'πŸ‘ passed!' || '❌ failed!' }}
### Details
[CI logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
* CLI Smoketests (no interfaces) ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && 'πŸ‘ passed' || '❌ failed' }}
* CLI Smoketests (interfaces only) ${{ needs.test_interfaces_cli.outputs.exit_code == 'success' && 'πŸ‘ passed' || '❌ failed' }}
* Config tests ${{ needs.test_config_load.outputs.exit_code == 'success' && 'πŸ‘ passed' || '❌ failed' }}
* RAID1 tests ${{ needs.test_raid1_install.outputs.exit_code == 'success' && 'πŸ‘ passed' || '❌ failed' }}
* TPM tests ${{ needs.test_encrypted_config_tpm.outputs.exit_code == 'success' && 'πŸ‘ passed' || '❌ failed' }}
message-id: "SMOKETEST_RESULTS"
allow-repeats: false
refresh-message-position: true