Add TLS debugging and certificate generation improvements #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| test-macos: | |
| name: macOS Integration Tests | |
| runs-on: macos-15-xlarge | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run unit tests | |
| run: cargo test --bins --verbose | |
| - name: Run smoke tests | |
| run: cargo test --test smoke_test --verbose | |
| - name: Run macOS integration tests (with sudo) | |
| run: | | |
| # The tests require root privileges for PF rules on macOS | |
| # GitHub Actions provides passwordless sudo on macOS runners | |
| # Use -E to preserve environment and full path to cargo | |
| sudo -E $(which cargo) test --test macos_integration --verbose | |
| test-linux: | |
| name: Linux Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| rust: [stable] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run unit tests | |
| run: cargo test --bins --verbose | |
| - name: Run smoke tests | |
| run: cargo test --test smoke_test --verbose | |
| - name: Run jail integration tests | |
| run: cargo test --test jail_integration --verbose | |
| - name: Debug TLS environment | |
| run: | | |
| echo "=== Debugging TLS/Certificate Environment ===" | |
| chmod +x scripts/debug_tls_env.sh | |
| ./scripts/debug_tls_env.sh | |
| sudo ./scripts/debug_tls_env.sh | |
| echo "=== End TLS Debug ===" | |
| - name: Run Linux jail integration tests (with sudo) | |
| run: | | |
| # Ensure ip netns support is available | |
| sudo ip netns list || true | |
| # Run the Linux-specific jail tests with root privileges | |
| # Use full path to cargo since sudo doesn't preserve PATH | |
| sudo -E $(which cargo) test --test linux_integration --verbose | |
| test-weak: | |
| name: Weak Mode Integration Tests (Linux) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Run weak mode integration tests | |
| run: cargo test --test weak_integration --verbose | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run clippy | |
| run: cargo clippy -- -D warnings | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Check formatting | |
| run: cargo fmt -- --check |