122 lines
4.0 KiB
YAML
122 lines
4.0 KiB
YAML
name: Offline E2E Tests
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'src/AirGap/**'
|
|
- 'src/Scanner/**'
|
|
- 'tests/offline/**'
|
|
schedule:
|
|
- cron: '0 4 * * *' # Nightly at 4 AM UTC
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
STELLAOPS_OFFLINE_MODE: 'true'
|
|
DOTNET_VERSION: '10.0.100'
|
|
|
|
jobs:
|
|
offline-e2e:
|
|
runs-on: ubuntu-22.04
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup .NET
|
|
uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: ${{ env.DOTNET_VERSION }}
|
|
|
|
- name: Cache NuGet packages
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.nuget/packages
|
|
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-nuget-
|
|
|
|
- name: Download offline bundle
|
|
run: |
|
|
# In real scenario, bundle would be pre-built and cached
|
|
# For now, create minimal fixture structure
|
|
mkdir -p ./offline-bundle/{images,feeds,policies,keys,certs,vex}
|
|
echo '{}' > ./offline-bundle/manifest.json
|
|
|
|
- name: Build in isolated environment
|
|
run: |
|
|
# Build offline test library
|
|
dotnet build src/__Libraries/StellaOps.Testing.AirGap/StellaOps.Testing.AirGap.csproj
|
|
|
|
# Build offline E2E tests
|
|
dotnet build tests/offline/StellaOps.Offline.E2E.Tests/StellaOps.Offline.E2E.Tests.csproj
|
|
|
|
- name: Run offline E2E tests with network isolation
|
|
run: |
|
|
# Set offline bundle path
|
|
export STELLAOPS_OFFLINE_BUNDLE=$(pwd)/offline-bundle
|
|
|
|
# Run tests
|
|
dotnet test tests/offline/StellaOps.Offline.E2E.Tests \
|
|
--logger "trx;LogFileName=offline-e2e.trx" \
|
|
--logger "console;verbosity=detailed" \
|
|
--results-directory ./results
|
|
|
|
- name: Verify no network calls
|
|
if: always()
|
|
run: |
|
|
# Parse test output for any NetworkIsolationViolationException
|
|
if [ -f "./results/offline-e2e.trx" ]; then
|
|
if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
|
|
echo "::error::Tests attempted network calls in offline mode!"
|
|
exit 1
|
|
else
|
|
echo "✅ No network isolation violations detected"
|
|
fi
|
|
fi
|
|
|
|
- name: Upload results
|
|
if: always()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: offline-e2e-results
|
|
path: ./results/
|
|
|
|
verify-isolation:
|
|
runs-on: ubuntu-22.04
|
|
needs: offline-e2e
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Download results
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: offline-e2e-results
|
|
path: ./results
|
|
|
|
- name: Generate summary
|
|
run: |
|
|
echo "## Offline E2E Test Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if [ -f "./results/offline-e2e.trx" ]; then
|
|
# Parse test results
|
|
TOTAL=$(grep -o 'total="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
|
|
PASSED=$(grep -o 'passed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
|
|
FAILED=$(grep -o 'failed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
|
|
|
|
echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Total Tests | ${TOTAL} |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Passed | ${PASSED} |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Failed | ${FAILED} |" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
|
|
echo "❌ **Network isolation was violated**" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "✅ **Network isolation verified - no egress detected**" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
else
|
|
echo "⚠️ No test results found" >> $GITHUB_STEP_SUMMARY
|
|
fi
|