forked from EmpireProject/Empire
-
-
Notifications
You must be signed in to change notification settings - Fork 585
206 lines (203 loc) · 9.97 KB
/
lint-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
name: Lint and Test
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/[email protected]
- name: Run ruff
run: |
pip install ruff==0.0.283
ruff .
matrix-prep-config:
runs-on: ubuntu-latest
steps:
- id: release
if: ${{ startsWith(github.head_ref, 'release/') || contains( github.event.pull_request.labels.*.name, 'run-all-versions') }}
run: |
echo "config={\"python-version\": [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]}" >> $GITHUB_OUTPUT
- id: not-release
if: ${{ !startsWith(github.head_ref, 'release/') }}
run: |
echo "config={\"python-version\": [\"3.8\", \"3.11\"]}" >> $GITHUB_OUTPUT
outputs:
config: ${{ steps.release.outputs.config || steps.not-release.outputs.config }}
test:
needs:
- matrix-prep-config
- lint
timeout-minutes: 30
runs-on: ubuntu-latest
name: Test Python ${{ matrix.python-version }}
strategy:
matrix: ${{ fromJson(needs.matrix-prep-config.outputs.config) }}
steps:
- uses: actions/checkout@v3
if: ${{ github.repository == 'BC-SECURITY/Empire' }}
with:
submodules: 'recursive'
# token is only needed in sponsors repo because of private submodules
# don't use token in public repo because prs from forks cannot access secrets
- uses: actions/checkout@v3
if: ${{ github.repository == 'BC-SECURITY/Empire-Sponsors' }}
with:
submodules: 'recursive'
token: ${{ secrets.RELEASE_TOKEN }}
- name: Install Poetry
run: |
curl -sL https://install.python-poetry.org | python - -y
# Poetry cache depends on OS, Python version and Poetry version.
# https://gist.github.com/gh640/233a6daf68e9e937115371c0ecd39c61
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Set up MySQL
run: |
sudo systemctl start mysql
mysql -u root -proot -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true
mysql -u root -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true
mysql -u root -proot -e "FLUSH PRIVILEGES;" || true
- name: Install dependencies
run: |
poetry env use ${{ matrix.python-version }}
poetry install
- name: Run test suite - mysql
run: |
set -o pipefail
if [ "${{ matrix.python-version }}" = "3.11" ]; then
DATABASE_USE=mysql poetry run pytest -v --runslow --cov=empire/server --junitxml=pytest.xml --cov-report=term-missing:skip-covered . | tee pytest-coverage.txt
else
DATABASE_USE=mysql poetry run pytest -v --runslow .
fi
- name: Run test suite - sqlite
if: ${{ startsWith(github.head_ref, 'release/') || contains(github.event.pull_request.labels.*.name, 'test-sqlite') }}
run: |
DATABASE_USE=sqlite poetry run pytest . -v --runslow
- name: Pytest coverage comment
if: ${{ matrix.python-version == '3.11' }}
uses: MishaKav/[email protected]
with:
pytest-coverage-path: ./pytest-coverage.txt
junitxml-path: ./pytest.xml
test_image:
# To save CI time, only run these tests on the release PRs
if: ${{ startsWith(github.head_ref, 'release/') }}
timeout-minutes: 30
runs-on: ubuntu-latest
name: Test Docker Image
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
token: ${{ secrets.RELEASE_TOKEN }}
- name: Build docker image
run: docker-compose -f .github/docker-compose.yml build
- name: Run tests on docker image
run: docker-compose -f .github/docker-compose.yml run test
- name: run structure tests base
uses: plexsystems/[email protected]
with:
image: bcsecurity/empire-test:latest
config: .github/cst-config-base.yaml
- name: run structure tests docker
uses: plexsystems/[email protected]
with:
image: bcsecurity/empire-test:latest
config: .github/cst-config-docker.yaml
test_install_script:
needs: test
timeout-minutes: 45
runs-on: ubuntu-latest
name: Test Install Script
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
depth: 0
token: ${{ secrets.RELEASE_TOKEN }}
# To save CI time, only run these tests when the install script or deps changed
- name: Get changed files using defaults
id: changed-files
uses: tj-actions/[email protected]
- name: Build images
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
run: docker-compose -f .github/install_tests/docker-compose-install-tests.yml build --parallel
- name: run structure tests base Ubuntu 20.04
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-ubuntu2004:latest
config: .github/cst-config-base.yaml
- name: run structure tests Ubuntu 20.04
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-ubuntu2004:latest
config: .github/install_tests/cst-config-ubuntu2004.yaml
- name: run structure tests base Ubuntu 22.04
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-ubuntu2204:latest
config: .github/cst-config-base.yaml
- name: run structure tests Ubuntu 22.04
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-ubuntu2204:latest
config: .github/install_tests/cst-config-ubuntu2204.yaml
- name: run structure tests base Debian 10
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-debian10:latest
config: .github/cst-config-base.yaml
- name: run structure tests Debian 10
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-debian10:latest
config: .github/install_tests/cst-config-debian10.yaml
- name: run structure tests base Debian 11
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-debian11:latest
config: .github/cst-config-base.yaml
- name: run structure tests Debian 11
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-debian11:latest
config: .github/install_tests/cst-config-debian11.yaml
- name: run structure tests Kali base
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-kalirolling:latest
config: .github/cst-config-base.yaml
- name: run structure tests Kali
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-kalirolling:latest
config: .github/install_tests/cst-config-kalirolling.yaml
- name: run structure tests Parrot base
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-parrotrolling:latest
config: .github/cst-config-base.yaml
- name: run structure tests Parrot
if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
uses: plexsystems/[email protected]
with:
image: docker.io/bcsecurity/empire-test-parrotrolling:latest
config: .github/install_tests/cst-config-parrotrolling.yaml