Add comment to ufw firewall rule so it's easier to figure out what it's from in the future
#2562
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: [ 'master', 'main' ] | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| check-signoff: | |
| if: "github.event_name == 'pull_request'" | |
| uses: "matrix-org/backend-meta/.github/workflows/sign-off.yml@v2" | |
| complement-internal: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 # Checkout complement | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: go.mod | |
| - name: "Run internal Complement tests" | |
| run: | | |
| go test ./internal/... | |
| - name: "Run Homerunner tests" # use a simple static dendrite image to sanity check homerunner works | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| run: | | |
| mkdir -p homeserver | |
| # Latest official dendrite release is still using Debian Stretch as a base, hence the specific commit | |
| wget -O - "https://github.com/matrix-org/dendrite/archive/0489d16f95a3d9f1f5bc532e2060bd2482d7b156.tar.gz" | tar -xz --strip-components=1 -C homeserver | |
| (cd homeserver && docker build -t complement-dendrite -f build/scripts/Complement.Dockerfile .) | |
| (cd cmd/homerunner/test && ./test.sh) | |
| complement: | |
| name: Complement (${{ matrix.homeserver }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false # ensure if synapse fails we keep running dendrite and vice-versa | |
| matrix: | |
| include: | |
| - homeserver: Synapse | |
| repo: element-hq/synapse | |
| tags: synapse_blacklist | |
| packages: ./tests/msc3874 ./tests/msc3902 ./tests/msc4306 | |
| env: "COMPLEMENT_ENABLE_DIRTY_RUNS=1 COMPLEMENT_SHARE_ENV_PREFIX=PASS_ PASS_SYNAPSE_COMPLEMENT_DATABASE=sqlite" | |
| timeout: 20m | |
| - homeserver: Dendrite | |
| repo: element-hq/dendrite | |
| tags: dendrite_blacklist | |
| packages: "" | |
| env: "COMPLEMENT_ENABLE_DIRTY_RUNS=1" | |
| timeout: 10m | |
| steps: | |
| - uses: actions/checkout@v3 # Checkout complement | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: go.mod | |
| # Similar steps as dockerfiles/ComplementCIBuildkite.Dockerfile but on the host. We need | |
| # to do this so we can _be_ the host when running Complement so we can snaffle all the ports. If | |
| # we run Complement _in_ Docker then we can't -p all high numbered ports which then breaks federation | |
| # servers which listen on random high numbered ports. | |
| - name: "Install Complement Dependencies" | |
| run: | | |
| go install -v github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest | |
| mkdir .gotestfmt/github -p | |
| cp .ci/complement_package.gotpl .gotestfmt/github/package.gotpl | |
| gotestfmt -help | |
| - name: "Checkout corresponding ${{ matrix.homeserver }} branch" | |
| shell: bash | |
| run: | | |
| mkdir -p homeserver | |
| # Attempt to use the version of the homeserver which best matches the | |
| # current build. | |
| # | |
| # 1. If we are not on complement's default branch, check if there's a | |
| # similarly named branch (GITHUB_HEAD_REF for pull requests, | |
| # otherwise GITHUB_REF). | |
| # 2. otherwise, use the default homeserver branch ("HEAD") | |
| for BRANCH_NAME in "$GITHUB_HEAD_REF" "${GITHUB_REF#refs/heads/}" "HEAD"; do | |
| # Skip empty branch names, merge commits, and our default branch. | |
| # (If we are on complement's default branch, we want to fall through to the HS's default branch | |
| # rather than using the HS's 'master'/'main'). | |
| case "$BRANCH_NAME" in | |
| "" | refs/pull/* | main | master) | |
| continue | |
| ;; | |
| esac | |
| (wget -O - "https://github.com/${{ matrix.repo }}/archive/$BRANCH_NAME.tar.gz" | tar -xz --strip-components=1 -C homeserver) && break | |
| done | |
| # Build homeserver image | |
| # Build the base Synapse dockerfile and then build a Complement-specific image from that base. | |
| - run: | | |
| docker build -t matrixdotorg/synapse:latest -f docker/Dockerfile . | |
| docker build -t matrixdotorg/synapse-workers:latest -f docker/Dockerfile-workers . | |
| docker build -t homeserver -f docker/complement/Dockerfile docker/complement | |
| if: ${{ matrix.homeserver == 'Synapse' }} | |
| working-directory: homeserver | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| # Build the Complement-specific dendrite image from the dockerfile in the Dendrite repo. | |
| # We don't use the dockerfiles in the Complement repo as they tend to get stale quickly. | |
| - run: docker build -t homeserver -f build/scripts/Complement.Dockerfile . | |
| if: ${{ matrix.homeserver == 'Dendrite' }} | |
| working-directory: homeserver | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| - run: | | |
| set -o pipefail && | |
| ${{ matrix.env }} go test -v -json -tags "${{ matrix.tags }}" -timeout "${{ matrix.timeout }}" ./tests ./tests/csapi ${{ matrix.packages }} | .ci/scripts/gotestfmt | |
| shell: bash # required for pipefail to be A Thing. pipefail is required to stop gotestfmt swallowing non-zero exit codes | |
| name: Run Complement Tests | |
| env: | |
| COMPLEMENT_BASE_IMAGE: homeserver | |
| DOCKER_BUILDKIT: 1 |