Closed arbourd closed 3 months ago
Re: @ac000
A more general question is do we need to do all the configuring and compiling as root?
I know this is just a throwaway environment, but from a principle of least privilege, is it really only the actual pytests that need to be run as root?
This is actually how I started, but, there are issues with the Java and Python tests: for whatever reasons there are issues with requiring sudo
either during the configure or make steps. I am happy to try and make it work though, if we want to try and use sudo
as little as possible.
Specifically:
Even if we can do most of it without sudo and only use sudo for the bits that currently require it...
@ac000 All done. I will rebase and clean up the commits before merging. 2nd commit is the specific-sudoing.
I would like to see the final result before merging...
OK, change looks good.
Commit message just needs re-wrapping. We want to wrap commit messages after 72 chars. Keep in mind that when viewing commit messages in git, it will put 4 chars of padding at the beginning of each line, so in a standard 80 char terminal you will get your message centred with 4 chars of padding each side.
And seeing as you asked, I've added your Signed-off-by and my Reviewed-by to the message. So it looks like
Test with root access in GitHub workflows
To enable tests that require privileged root access, this commit tests
with `sudo`. The Java and Python jobs have additional permissions
issues, so they are also configured and made with `sudo`.
A small permissions fix is required before running tests to allow
non-root users to execute within the `/home/runner` directory.
This change also removes the custom directories that were required
without root access.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Dylan Arbour <d.arbour@f5.com>
and in git it looks like
commit 639bff661a12ca999c34477c93ad39d105b44e93 (HEAD -> sutest)
Author: Dylan Arbour <d.arbour@f5.com>
Date: Tue Feb 27 09:41:07 2024 -0500
Test with root access in GitHub workflows
To enable tests that require privileged root access, this commit tests
with `sudo`. The Java and Python jobs have additional permissions
issues, so they are also configured and made with `sudo`.
A small permissions fix is required before running tests to allow
non-root users to execute within the `/home/runner` directory.
This change also removes the custom directories that were required
without root access.
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Dylan Arbour <d.arbour@f5.com>
You'll notice I also made a couple of minor tweaks to the message while I was at it...
To enable tests that require privileged root access, this commit tests with
sudo
. The Java and Python jobs have additional permissions issues, so they are also configured and made withsudo
.A small permissions fix is required before running tests to allow non-root users to execute within the
/home/runner
directory.This change also removes the custom directories that were required without root access.