1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
name: CI
# Runs CI for pull requests and pushes to main
on:
pull_request:
push:
branches:
- main
# schedule:
# - cron: 0 14 * * MON-FRI # Every weekday at 14:00 UTC
permissions: {}
jobs:
# Check that binary can be built
build:
name: Build
runs-on: ubuntu-24.04
timeout-minutes: 5
strategy:
matrix:
go-version: [1.23.x]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Install Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: ${{ matrix.go-version }}
- name: Install dependencies
run: go mod download
- name: Build
run: go build -v -o /dev/null
nix-build:
name: Nix Build
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Check Nix flake inputs
uses: DeterminateSystems/flake-checker-action@3164002371bc90729c68af0e24d5aacf20d7c9f6 # v12
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@90bb610b90bf290cad97484ba341453bd1cbefea # v19
- name: Build
run: nix build .
# Run integration tests
test:
needs: build
name: 'Integration Tests'
runs-on: ${{ matrix.runs_on }}
timeout-minutes: 8
strategy:
matrix:
runs_on: [ubuntu-24.04, ubuntu-24.04-arm]
os: [ubuntu, centos, arch, opensuse]
exclude:
- runs_on: ubuntu-24.04-arm
os: arch
env:
OS_TYPE: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Install Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version-file: 'go.mod'
- name: Install Docker
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Install dependencies
run: go mod download
- name: Run integration tests
run: go test -tags=integration ./test/integration -timeout=15m -count=1 -parallel=2 -v
lint-scripts:
name: Shell Scripts Lint & Test
runs-on: ubuntu-24.04
container:
image: opensuse/tumbleweed:latest@sha256:986254198727cae8fed32f1f07d2a7c0b8b344ffa3032cf75cd6da3cb49faafd
steps:
- name: Install packages
run: |
zypper refresh
zypper --non-interactive install --no-recommends git wget ShellCheck shunit2 findutils python313-bashate
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Run ShellCheck
run: |
echo "Running ShellCheck on all .sh files under scripts/"
find scripts/ -type f -name '*.sh' | while read -r file; do
echo "🔍 Checking $file"
shellcheck "$file"
done
- name: Run shunit2 tests
run: |
echo "Running shUnit2 on all .sh files under scripts/test"
find scripts/test -type f -name '*.sh' | while read -r file; do
echo "🔍 Checking $file"
bash "$file"
done
- name: Check scripts with bashate
run: |
echo "Running bashate on all .sh files under scripts/"
find scripts/ -type f -name '*.sh' | while read -r file; do
echo "🔍 Checking $file"
bashate -i E006 "$file"
done
- name: Check wget url pipe
run: |
set -euo pipefail
RAW_URL="https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/${GITHUB_SHA}/scripts/install-linux.sh"
echo "Testing URL: $RAW_URL"
set +e
output=$(wget -qO- "$RAW_URL" | bash 2>&1)
result=$?
set -e
if [[ "$result" -ne 1 ]]; then
echo "❌ Expected exit code 1 but got $result"
exit 1
fi
if ! grep -q "Error: sudo is not installed. Please install it first" <<< "$output"; then
echo "❌ Expected error message not found in output"
exit 1
fi
echo "✅ Script behaved as expected when piping to bash"
|
