summaryrefslogtreecommitdiffstats
path: root/.github/workflows/unit_tests.sh
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows/unit_tests.sh')
-rwxr-xr-x.github/workflows/unit_tests.sh26
1 files changed, 22 insertions, 4 deletions
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index c1a5ede..4433d84 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -42,22 +42,38 @@ set -ex
MESON_ARGS=(-Dcryptolib=${CRYPTOLIB:-auto})
+# (Re)set the current oom-{score-}adj. For some reason root on GH actions is able to _decrease_
+# its oom-score even after dropping all capabilities (including CAP_SYS_RESOURCE), until the
+# score is explicitly changed after sudo. No idea what's going on, but it breaks
+# exec-oomscoreadjust-negative.service from test-execute when running unprivileged.
+choom -p $$ -n 0
+
for phase in "${PHASES[@]}"; do
case $phase in
SETUP)
info "Setup phase"
- # PPA with some newer build dependencies
- add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
- add-apt-repository -y --no-update --enable-source
+ # This is added by default, and it is often broken, but we don't need anything from it
+ rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
+ # add-apt-repository --enable-source does not work on deb822 style sources.
+ for f in /etc/apt/sources.list.d/*.sources; do
+ sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
+ done
apt-get -y update
apt-get -y build-dep systemd
apt-get -y install "${ADDITIONAL_DEPS[@]}"
- pip3 install -r .github/workflows/requirements.txt --require-hashes
+ pip3 install -r .github/workflows/requirements.txt --require-hashes --break-system-packages
+
+ # Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
+ # part of test-execute gets skipped, since it can't run systemd-executor
+ chmod o+x /home/runner
+ capsh --drop=all -- -c "stat $PWD/meson.build"
;;
RUN|RUN_GCC|RUN_CLANG|RUN_CLANG_RELEASE)
if [[ "$phase" =~ ^RUN_CLANG ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
if [[ "$phase" == RUN_CLANG ]]; then
# The docs build is slow and is not affected by compiler/flags, so do it just once
MESON_ARGS+=(-Dman=enabled)
@@ -82,6 +98,8 @@ for phase in "${PHASES[@]}"; do
if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
# Build fuzzer regression tests only with clang (for now),
# see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
# -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764