2024-03-02 22:36:38 +01:00
|
|
|
name: Integration Tests
|
2024-12-09 17:15:38 +01:00
|
|
|
# To debug locally on a branch, and when needing secrets
|
|
|
|
|
# change this to include `push` so the build is ran on
|
|
|
|
|
# the main repository.
|
2024-03-02 22:36:38 +01:00
|
|
|
on: [pull_request]
|
|
|
|
|
concurrency:
|
|
|
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
|
|
|
cancel-in-progress: true
|
|
|
|
|
jobs:
|
|
|
|
|
integration-test:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
strategy:
|
|
|
|
|
fail-fast: false
|
|
|
|
|
matrix:
|
|
|
|
|
test:
|
|
|
|
|
- TestACLHostsInNetMapTable
|
|
|
|
|
- TestACLAllowUser80Dst
|
|
|
|
|
- TestACLDenyAllPort80
|
|
|
|
|
- TestACLAllowUserDst
|
|
|
|
|
- TestACLAllowStarDst
|
|
|
|
|
- TestACLNamedHostsCanReachBySubnet
|
|
|
|
|
- TestACLNamedHostsCanReach
|
|
|
|
|
- TestACLDevice1CanAccessDevice2
|
2024-07-18 11:08:25 +05:30
|
|
|
- TestPolicyUpdateWhileRunningWithCLIInDatabase
|
2025-02-01 09:16:51 +00:00
|
|
|
- TestAuthKeyLogoutAndReloginSameUser
|
|
|
|
|
- TestAuthKeyLogoutAndReloginNewUser
|
2025-02-23 14:10:25 -08:00
|
|
|
- TestAuthKeyLogoutAndReloginSameUserExpiredKey
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestOIDCAuthenticationPingAll
|
|
|
|
|
- TestOIDCExpireNodesBasedOnTokenExpiry
|
2024-10-18 06:59:27 -06:00
|
|
|
- TestOIDC024UserCreation
|
2024-12-23 00:46:36 +08:00
|
|
|
- TestOIDCAuthenticationWithPKCE
|
2025-02-01 09:16:51 +00:00
|
|
|
- TestOIDCReloginSameNodeNewUser
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestAuthWebFlowAuthenticationPingAll
|
|
|
|
|
- TestAuthWebFlowLogoutAndRelogin
|
|
|
|
|
- TestUserCommand
|
|
|
|
|
- TestPreAuthKeyCommand
|
|
|
|
|
- TestPreAuthKeyCommandWithoutExpiry
|
|
|
|
|
- TestPreAuthKeyCommandReusableEphemeral
|
2024-05-02 11:53:16 +02:00
|
|
|
- TestPreAuthKeyCorrectUserLoggedInCommand
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestApiKeyCommand
|
|
|
|
|
- TestNodeTagCommand
|
2024-11-26 15:16:06 +01:00
|
|
|
- TestNodeAdvertiseTagCommand
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestNodeCommand
|
|
|
|
|
- TestNodeExpireCommand
|
|
|
|
|
- TestNodeRenameCommand
|
|
|
|
|
- TestNodeMoveCommand
|
2024-07-18 11:08:25 +05:30
|
|
|
- TestPolicyCommand
|
2024-08-30 16:58:29 +02:00
|
|
|
- TestPolicyBrokenConfigCommand
|
2024-11-22 20:23:05 +08:00
|
|
|
- TestDERPVerifyEndpoint
|
2024-08-19 11:41:05 +02:00
|
|
|
- TestResolveMagicDNS
|
2024-12-13 07:52:40 +00:00
|
|
|
- TestResolveMagicDNSExtraRecordsPath
|
2024-08-19 11:41:05 +02:00
|
|
|
- TestValidateResolvConf
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestDERPServerScenario
|
2024-09-21 12:05:36 +02:00
|
|
|
- TestDERPServerWebsocketScenario
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestPingAllByIP
|
|
|
|
|
- TestPingAllByIPPublicDERP
|
|
|
|
|
- TestEphemeral
|
2024-09-03 00:22:17 -07:00
|
|
|
- TestEphemeralInAlternateTimezone
|
2024-07-18 10:01:59 +02:00
|
|
|
- TestEphemeral2006DeletedTooQuickly
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestPingAllByHostname
|
|
|
|
|
- TestTaildrop
|
2024-10-17 18:45:33 +03:00
|
|
|
- TestUpdateHostnameFromClient
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestExpireNode
|
2024-02-23 10:59:24 +01:00
|
|
|
- TestNodeOnlineStatus
|
|
|
|
|
- TestPingAllByIPManyUpDown
|
2024-09-11 12:00:32 +02:00
|
|
|
- Test2118DeletingOnlineNodePanics
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestEnablingRoutes
|
|
|
|
|
- TestHASubnetRouterFailover
|
|
|
|
|
- TestEnableDisableAutoApprovedRoute
|
2024-09-05 16:46:20 +02:00
|
|
|
- TestAutoApprovedSubRoute2068
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestSubnetRouteACL
|
2025-02-23 14:10:25 -08:00
|
|
|
- TestEnablingExitRoutes
|
2024-03-02 22:36:38 +01:00
|
|
|
- TestHeadscale
|
|
|
|
|
- TestCreateTailscale
|
|
|
|
|
- TestTailscaleNodesJoiningHeadcale
|
|
|
|
|
- TestSSHOneUserToAll
|
|
|
|
|
- TestSSHMultipleUsersAllToAll
|
|
|
|
|
- TestSSHNoSSHConfigured
|
|
|
|
|
- TestSSHIsBlockedInACL
|
|
|
|
|
- TestSSHUserOnlyIsolation
|
|
|
|
|
database: [postgres, sqlite]
|
2024-12-09 17:15:38 +01:00
|
|
|
env:
|
|
|
|
|
# Github does not allow us to access secrets in pull requests,
|
|
|
|
|
# so this env var is used to check if we have the secret or not.
|
|
|
|
|
# If we have the secrets, meaning we are running on push in a fork,
|
|
|
|
|
# there might be secrets available for more debugging.
|
|
|
|
|
# If TS_OAUTH_CLIENT_ID and TS_OAUTH_SECRET is set, then the job
|
|
|
|
|
# will join a debug tailscale network, set up SSH and a tmux session.
|
|
|
|
|
# The SSH will be configured to use the SSH key of the Github user
|
|
|
|
|
# that triggered the build.
|
|
|
|
|
HAS_TAILSCALE_SECRET: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
2024-03-02 22:36:38 +01:00
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
|
with:
|
|
|
|
|
fetch-depth: 2
|
2024-03-13 13:43:06 +01:00
|
|
|
- name: Get changed files
|
|
|
|
|
id: changed-files
|
|
|
|
|
uses: dorny/paths-filter@v3
|
|
|
|
|
with:
|
|
|
|
|
filters: |
|
|
|
|
|
files:
|
|
|
|
|
- '*.nix'
|
|
|
|
|
- 'go.*'
|
|
|
|
|
- '**/*.go'
|
|
|
|
|
- 'integration_test/'
|
|
|
|
|
- 'config-example.yaml'
|
2024-12-09 17:15:38 +01:00
|
|
|
- name: Tailscale
|
|
|
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
|
|
|
uses: tailscale/github-action@v2
|
|
|
|
|
with:
|
|
|
|
|
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
|
|
|
|
oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
|
|
|
|
|
tags: tag:gh
|
|
|
|
|
- name: Setup SSH server for Actor
|
|
|
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
|
|
|
uses: alexellis/setup-sshd-actor@master
|
2024-03-02 22:36:38 +01:00
|
|
|
- uses: DeterminateSystems/nix-installer-action@main
|
2024-03-13 13:43:06 +01:00
|
|
|
if: steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
2024-03-13 13:43:06 +01:00
|
|
|
if: steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
- uses: satackey/action-docker-layer-caching@main
|
2024-03-13 13:43:06 +01:00
|
|
|
if: steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
continue-on-error: true
|
|
|
|
|
- name: Run Integration Test
|
|
|
|
|
uses: Wandalen/wretry.action@master
|
2024-03-13 13:43:06 +01:00
|
|
|
if: steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
env:
|
|
|
|
|
USE_POSTGRES: ${{ matrix.database == 'postgres' && '1' || '0' }}
|
|
|
|
|
with:
|
|
|
|
|
attempt_limit: 5
|
|
|
|
|
command: |
|
|
|
|
|
nix develop --command -- docker run \
|
|
|
|
|
--tty --rm \
|
|
|
|
|
--volume ~/.cache/hs-integration-go:/go \
|
|
|
|
|
--name headscale-test-suite \
|
|
|
|
|
--volume $PWD:$PWD -w $PWD/integration \
|
|
|
|
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
|
|
|
--volume $PWD/control_logs:/tmp/control \
|
|
|
|
|
--env HEADSCALE_INTEGRATION_POSTGRES=${{env.USE_POSTGRES}} \
|
2025-03-10 16:20:29 +01:00
|
|
|
--env HEADSCALE_EXPERIMENTAL_POLICY_V2=0 \
|
2024-03-02 22:36:38 +01:00
|
|
|
golang:1 \
|
|
|
|
|
go run gotest.tools/gotestsum@latest -- ./... \
|
|
|
|
|
-failfast \
|
|
|
|
|
-timeout 120m \
|
|
|
|
|
-parallel 1 \
|
|
|
|
|
-run "^${{ matrix.test }}$"
|
|
|
|
|
- uses: actions/upload-artifact@v4
|
2024-03-13 13:43:06 +01:00
|
|
|
if: always() && steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
with:
|
2025-03-10 16:20:29 +01:00
|
|
|
name: ${{ matrix.test }}-${{matrix.database}}-${{matrix.policy}}-logs
|
2024-03-02 22:36:38 +01:00
|
|
|
path: "control_logs/*.log"
|
|
|
|
|
- uses: actions/upload-artifact@v4
|
2024-03-13 13:43:06 +01:00
|
|
|
if: always() && steps.changed-files.outputs.files == 'true'
|
2024-03-02 22:36:38 +01:00
|
|
|
with:
|
2025-03-10 16:20:29 +01:00
|
|
|
name: ${{ matrix.test }}-${{matrix.database}}-${{matrix.policy}}-pprof
|
2024-03-02 22:36:38 +01:00
|
|
|
path: "control_logs/*.pprof.tar"
|
2024-12-09 17:15:38 +01:00
|
|
|
- name: Setup a blocking tmux session
|
|
|
|
|
if: ${{ env.HAS_TAILSCALE_SECRET }}
|
|
|
|
|
uses: alexellis/block-with-tmux-action@master
|
