Skip to content

sysfs: disallow absolute symlinks #4542

sysfs: disallow absolute symlinks

sysfs: disallow absolute symlinks #4542

Workflow file for this run

name: Standard Library Integration Tests
on:
pull_request:
branches: [main]
paths-ignore: # ignore docs as they are built with Netlify.
- '**/*.md'
- 'site/**'
- 'netlify.toml'
push:
branches: [main]
paths-ignore: # ignore docs as they are built with Netlify.
- '**/*.md'
- 'site/**'
- 'netlify.toml'
defaults:
run: # use bash for all operating systems unless overridden
shell: bash
env: # Update this prior to requiring a higher minor version in go.mod
GO_VERSION: "1.23"
TINYGO_VERSION: "0.33.0"
ZIG_VERSION: "0.11.0"
BINARYEN_VERSION: "116"
STDLIB_TESTS: "internal/integration_test/stdlibs"
concurrency:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.actor }}
cancel-in-progress: true
jobs:
build_zig_test_binary:
name: Build Zig test binary
runs-on: ubuntu-22.04
env:
ZIG_INSTALL: ~/zig-install
ZIG_SOURCE: ~/zig-source
BINARYEN_INSTALL: ~/binaryen-install
steps:
- name: Checkout wazero
uses: actions/checkout@v3
- uses: actions/cache@v3
id: binary-cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
key: zig-stdlib-test-binary-${{ env.ZIG_VERSION }}
path:
${{ env.STDLIB_TESTS }}/testdata/zig
- name: Install Zig build
if: steps.binary-cache.outputs.cache-hit != 'true'
run: |
mkdir -p ${{ env.ZIG_INSTALL }}
curl -sSL https://ziglang.org/download/${{ env.ZIG_VERSION }}/zig-linux-x86_64-${{ env.ZIG_VERSION }}.tar.xz | tar -xJ --strip-components=1 -C ${{ env.ZIG_INSTALL }}
- name: Download Zig source code
if: steps.binary-cache.outputs.cache-hit != 'true'
run: |
mkdir -p ${{ env.ZIG_SOURCE }}
curl -sSL https://ziglang.org/download/${{ env.ZIG_VERSION }}/zig-${{ env.ZIG_VERSION }}.tar.xz | tar -xJ --strip-components=1 -C ${{ env.ZIG_SOURCE }}
- name: Install Binaryen build
if: steps.binary-cache.outputs.cache-hit != 'true'
run: |
mkdir -p ${{ env.BINARYEN_INSTALL }}
curl -sSL https://github.com/WebAssembly/binaryen/releases/download/version_${{ env.BINARYEN_VERSION }}/binaryen-version_${{ env.BINARYEN_VERSION }}-x86_64-linux.tar.gz | tar -xz --strip-components=1 -C ${{ env.BINARYEN_INSTALL }}
- name: Build Stdlib test binary
if: steps.binary-cache.outputs.cache-hit != 'true'
run: |
PATH=${{ env.ZIG_INSTALL }}:${{ env.BINARYEN_INSTALL }}/bin:$PATH
cd ${{ env.STDLIB_TESTS }}
make build.zig zigroot=${{ env.ZIG_SOURCE }}
zig:
needs: build_zig_test_binary
name: Zig (${{ matrix.os.name }}, ${{ matrix.os.arch }})
runs-on: ${{ matrix.os.version }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
# version is too verbose to be present in the name, so we use the name instead.
# Note that it'd be better to use runner.os in the name, but the runner context is not available in the name field.
os:
- version: ubuntu-22.04
name: Ubuntu
arch: amd64
- version: macos-14
name: macOS
arch: arm64
- version: windows-2022
name: Windows
arch: amd64
steps:
- name: Checkout wazero
uses: actions/checkout@v3
- uses: actions/cache@v3
id: binary-cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
# We need this cache to run tests.
fail-on-cache-miss: true
key: zig-stdlib-test-binary-${{ env.ZIG_VERSION }}
path:
${{ env.STDLIB_TESTS }}/testdata/zig
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Run built test binaries
run: |
cd ${{ env.STDLIB_TESTS }}
go test -bench='BenchmarkZig' -timeout=20m -benchtime=1x
build_tinygo_test_binary:
name: Build TinyGo test binary
runs-on: ubuntu-22.04
steps:
- name: Checkout wazero
uses: actions/checkout@v3
- uses: actions/cache@v3
id: binary-cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
key: tinygo-test-binaries-${{ env.TINYGO_VERSION }}
path:
${{ env.STDLIB_TESTS }}/testdata/tinygo
- name: Install TinyGo
if: steps.binary-cache.outputs.cache-hit != 'true'
run: | # installing via curl so commands are similar on OS/x
tinygo_version=${{ env.TINYGO_VERSION }}
curl -sSL https://github.com/tinygo-org/tinygo/releases/download/v${tinygo_version}/tinygo${tinygo_version}.linux-amd64.tar.gz | sudo tar -C /usr/local -xzf -
echo "TINYGOROOT=/usr/local/tinygo" >> $GITHUB_ENV
echo "/usr/local/tinygo/bin" >> $GITHUB_PATH
- uses: actions/setup-go@v4
if: steps.binary-cache.outputs.cache-hit != 'true'
with:
go-version: ${{ env.GO_VERSION }}
- name: Build Test Binaries
if: steps.binary-cache.outputs.cache-hit != 'true'
run: |
cd ${{ env.STDLIB_TESTS }}
make build.tinygo
tinygo:
needs: build_tinygo_test_binary
name: TinyGo (${{ matrix.os.name }}, ${{ matrix.os.arch }})
runs-on: ${{ matrix.os.version }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
# version is too verbose to be present in the name, so we use the name instead.
# Note that it'd be better to use runner.os in the name, but the runner context is not available in the name field.
os:
- version: ubuntu-22.04
name: Ubuntu
arch: amd64
- version: macos-14
name: macOS
arch: arm64
- version: windows-2022
name: Windows
arch: amd64
steps:
- name: Checkout wazero
uses: actions/checkout@v3
- uses: actions/cache@v3
id: binary-cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
# We need this cache to run tests.
fail-on-cache-miss: true
key: tinygo-test-binaries-${{ env.TINYGO_VERSION }}
path:
${{ env.STDLIB_TESTS }}/testdata/tinygo
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Run test binaries
run: |
cd ${{ env.STDLIB_TESTS }}
go test -bench='BenchmarkTinyGo' -timeout=20m -benchtime=1x
wasi-testsuite:
name: wasi-testsuite
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
os: [ubuntu-22.04, macos-14, windows-2022]
steps:
- uses: actions/cache@v3
id: cache
with:
path:
~/go/pkg/mod
key: integration-test-wasi-testsuite-${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout wazero
uses: actions/checkout@v3
- name: Install wazero
run: go install ./cmd/wazero
- name: Checkout wasi-testsuite
uses: actions/checkout@v3
with:
repository: WebAssembly/wasi-testsuite
# prod/testsuite-base branch, as of May 12, 2023.
# TODO: once the wasi-testsuite is stable, we should use the latest tag instead of a branch.
ref: c9c751586fd86b321d595bbef13f2c7403cfdbc5
path: wasi-testsuite
- name: Initialize Python environment
uses: actions/setup-python@v4
with:
python-version: '3.11' # latest version of python 3
cache: pip
- name: Install dependencies
working-directory: wasi-testsuite/test-runner
run: |
python3 -m pip install -r requirements.txt
- name: Run all wasi-testsuite
working-directory: wasi-testsuite
run: |
python3 test-runner/wasi_test_runner.py \
-t ./tests/assemblyscript/testsuite/ \
./tests/c/testsuite/ \
./tests/rust/testsuite/ \
-f ../.github/wasi_testsuite_skip.json \
-r ../.github/wasi_testsuite_adapter.py
go_tests:
# Due to the embedding of the GOROOT of the building env(https://github.com/golang/go/blob/3c59639b902fada0a2e5a6a35bafd10fc9183b89/src/os/os_test.go#L112),
# we have to build and cache on each OS unlike others in this file.
name: Go-${{ matrix.go-version }} (${{ matrix.os.name }}, ${{ matrix.os.arch }})
runs-on: ${{ matrix.os.version }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
# version is too verbose to be present in the name, so we use the name instead.
# Note that it'd be better to use runner.os in the name, but the runner context is not available in the name field.
os:
- version: ubuntu-22.04
name: Ubuntu
arch: amd64
- version: macos-14
name: macOS
arch: arm64
- version: windows-2022
name: Windows
arch: amd64
go-version:
- "1.23"
- "1.21"
steps:
- id: setup-go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
- name: Checkout wazero
uses: actions/checkout@v3
- name: Cache Go test binaries
id: cache-go-test-binaries
uses: actions/cache@v3
with:
path:
${{ env.STDLIB_TESTS }}/testdata/go
# Use precise Go version from setup-go as patch version differences can effect tests.
key: go-wasip1-binaries-${{ matrix.os.version }}-${{ steps.setup-go.outputs.go-version }}-${{ matrix.os.arch }}
- if: ${{ steps.cache-go-test-binaries.outputs.cache-hit != 'true' }}
name: Build Test Binaries
run: |
cd ${{ env.STDLIB_TESTS }}
make build.gowasip1
# The wasip1 stdlib tests are really path sensitive, so they expect a writeable /tmp directory to be available.
# We create it at the root of `C:`. This is normally only necessary on GHA Windows runners.
- if: ${{ matrix.os.name == 'Windows' }}
run: |
mkdir /c/tmp
- name: Run built test binaries
run: |
cd ${{ env.STDLIB_TESTS }}
go test -bench='BenchmarkWasip1' -timeout=20m -benchtime=1x
libsodium:
name: libsodium (${{ matrix.os.name }}, ${{ matrix.os.arch }})
runs-on: ${{ matrix.os.version }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
# version is too verbose to be present in the name, so we use the name instead.
# Note that it'd be better to use runner.os in the name, but the runner context is not available in the name field.
os:
- version: ubuntu-22.04
name: Ubuntu
arch: amd64
- version: macos-14
name: macOS
arch: arm64
steps:
- name: Checkout wazero
uses: actions/checkout@v3
- uses: actions/cache@v3
id: binary-cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
# We need this cache to run tests.
fail-on-cache-miss: true
key: tinygo-test-binaries-${{ env.TINYGO_VERSION }}
path:
${{ env.STDLIB_TESTS }}/testdata/tinygo
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
- name: Download test binaries
run: make libsodium
- name: Run test binaries
run: go test ./internal/integration_test/libsodium -bench=. -benchtime=1x