CI #49521
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI/CD Automated Quick Start and Test Suite | |
| # a collection of unit tests (with many side effects) that assert various | |
| # components of the graphical shell and ensure that initial bootstrap and | |
| # post-install scripts work as intended under the current stable distribution | |
| # of Debian GNU/Linux | |
| name: CI | |
| on: | |
| push: | |
| pull_request: | |
| schedule: | |
| - cron: "* */6 * * *" | |
| jobs: | |
| Install: | |
| runs-on: ubuntu-latest | |
| container: debian:bookworm | |
| steps: | |
| - name: Install prerequisite software | |
| run: apt-get update && apt-get install -y git wget sudo | |
| - name: Checkout dotfiles and bootstrap system | |
| run: | | |
| git clone --bare \ | |
| "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" ~/.config/meta | |
| git --git-dir=$HOME/.config/meta --work-tree=$HOME \ | |
| reset $GITHUB_SHA --hard | |
| - name: Run post-install system config scripts in order | |
| shell: bash -le {0} | |
| env: | |
| TERM: rxvt | |
| run: yes n | bash -lc post-install | |
| - name: Update website and run cron job tasks with kagami | |
| shell: bash -le {0} | |
| env: | |
| GH_PAT: ${{ secrets.GH_PAT }} | |
| SITE_REPO: microsounds/microsounds.github.io | |
| # if: ${{ github.event_name == 'push' }} | |
| run: | | |
| git clone "$GITHUB_SERVER_URL/$SITE_REPO" ~/site | |
| cd ~/site | |
| kagami | |
| git remote set-url \ | |
| origin "https://$GH_PAT@${GITHUB_SERVER_URL##*/}/$SITE_REPO" | |
| # assign bot commits to the gh-actions account | |
| git config user.name 'github-actions[bot]' | |
| git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
| # pull in changes since cloning | |
| # if last commit was a [CI] commit, amend last commit and push -f | |
| git pull --rebase --autostash | |
| case "$(git log -1 --pretty="%B")" in | |
| "[CI]"*) | |
| git reset --soft HEAD~1 | |
| git checkin | |
| git push -f;; | |
| *) git shove | |
| esac | |
| - name: Test nano-overlay ssh-sign file encryption | |
| shell: bash -le {0} | |
| env: | |
| TERM: rxvt | |
| EXTERN_EDITOR: cat | |
| run: | | |
| for f in $(seq 10); do | |
| for g in rsa ed25519; do | |
| case $g in | |
| rsa) bits=$(seq 1024 $((1024 * 6)) | shuf | head -n 1);; | |
| ed25519) bits=256;; | |
| esac | |
| secret="$f taro bubble teas! >‿<" | |
| echo "$secret" > ok | |
| echo "$g-$bits" | figlet -f big | |
| yes y | ssh-keygen -q -f "$g-$bits" -t $g -b $bits -N '' -m pem | |
| echo 'ENCRYPTING' | |
| yes y | nano-overlay -i "$g-$bits" -s ok || exit 1 | |
| { gzip -d | tar -xO enc | file -; } < ok | fgrep 'openssl' || exit 1 | |
| echo 'READBACK' | |
| nano-overlay -i "$g-$bits" -s ok | fgrep "$secret" || exit 1 | |
| if [ -f prev_key ]; then | |
| echo 'TESTING PREVIOUS ITERATION KEY' | |
| nano-overlay -i prev_key -s ok && \ | |
| { echo '!!!! SECURITY FAILURE !!!!' | figlet -f banner; exit 1; } | |
| fi | |
| mv -v "$g-$bits" prev_key | |
| mv -v "$g-$bits.pub" prev_key.pub | |
| rm -rf "$g-$bits"* | |
| done | |
| done | |
| rm -rf ~/site | |
| - name: Assert and test various components of the graphical shell | |
| shell: bash -le {0} | |
| env: | |
| TERM: rxvt | |
| run: | | |
| GIT_WORK_TREE="$HOME" GIT_DIR="$HOME/.config/meta" path-gitstatus -p | |
| fgrep 'stdc.syntax' < ~/.local/share/nano/c.nanorc | |
| bash -lc colors | |
| cpp -P <<- EOF | |
| #include <colors/nightdrive.h> | |
| EOF | |
| twopass ffmpeg -loglevel quiet -s 1920x1080 -t 0.2 -f rawvideo \ | |
| -i /dev/urandom -c:v libvpx -b:v 100M -an noise.webm | |
| mpv --vo=null noise.webm | |
| nano-overlay --version | |
| pfetch |