fix CVE-2025-22872 and CVE-2025-22871 #770
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Precommit - Integration Tests | |
| on: | |
| pull_request_target: | |
| branches: | |
| - '*' | |
| paths-ignore: | |
| - 'docs/**' | |
| - 'README.md' | |
| - 'CHANGELOG.md' | |
| - 'PROJECT' | |
| - 'LICENSE' | |
| - 'mesh-worker-service/README.md' | |
| - 'tools/README.md' | |
| # cancel old workflow if new one is triggered | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: read-all | |
| jobs: | |
| integration: | |
| runs-on: ubuntu-latest | |
| env: | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| GSA_CREDENTIAL: ${{ secrets.GSA_CREDENTIAL }} | |
| timeout-minutes: 80 | |
| strategy: | |
| matrix: | |
| case: | |
| - name: integration test | |
| e2e: ".ci/tests/integration/e2e.yaml" | |
| - name: integration test with tls | |
| e2e: ".ci/tests/integration/e2e_with_tls.yaml" | |
| - name: integration test with oauth2 | |
| e2e: ".ci/tests/integration-oauth2/e2e.yaml" | |
| - name: integration test with downloader | |
| e2e: ".ci/tests/integration-oauth2/e2e_with_downloader.yaml" | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@v1.3.0 | |
| with: | |
| # this might remove tools that are actually needed, | |
| # if set to "true" but frees about 6 GB | |
| tool-cache: false | |
| # all of these default to true, but feel free to set to | |
| # "false" if necessary for your workflow | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| large-packages: true | |
| docker-images: true | |
| swap-storage: true | |
| # the runner machine has a disk /dev/sdb1 which mounted to /mnt, and it has more free disk than /dev/sda1. | |
| # we can use it to save docker's data to avoid bookie error due to lack of disk. | |
| - name: change docker data dir | |
| run: | | |
| sudo service docker stop | |
| echo '{ "exec-opts": ["native.cgroupdriver=cgroupfs"], "cgroup-parent": "/actions_job", "data-root": "/mnt/docker" }' | sudo tee /etc/docker/daemon.json | |
| sudo service docker start | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup ssh access to build runner VM | |
| uses: ./.github/actions/ssh-access | |
| with: | |
| limit-access-to-actor: true | |
| - uses: apache/skywalking-infra-e2e@v1.2.0 | |
| with: | |
| e2e-file: ${{matrix.case.e2e}} | |
| - name: Wait for ssh connection when build fails | |
| uses: ./.github/actions/ssh-access | |
| if: failure() | |
| continue-on-error: true | |
| with: | |
| action: wait | |
| - name: Cleanup | |
| if: ${{ failure() }} | |
| run: e2e cleanup -c ${{matrix.case.e2e}} |