From: Hadi Chokr <hadichokr@icloud.com>
Date: Thu, 12 Feb 2026 11:20:01 +0000 (+0100)
Subject: ci: run privileged system tests in CI
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c4fc1e8467bf6aad2b01df60a5aba0ca883b2703;p=thirdparty%2Fshadow.git

ci: run privileged system tests in CI

Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
---

diff --git a/.github/workflows/runner.yml b/.github/workflows/runner.yml
index 71e1fa5c3..64e0285f4 100644
--- a/.github/workflows/runner.yml
+++ b/.github/workflows/runner.yml
@@ -16,6 +16,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v3
+
     - name: debug
       run: |
         id
@@ -27,17 +28,22 @@ jobs:
         cat /proc/self/uid_map
         cat /proc/self/status
         systemd-detect-virt
+
     - name: Install dependencies
       id: dependencies
       uses: ./.github/actions/install-dependencies
+
     - name: configure
       run: |
         autoreconf -v -f --install
         ./autogen.sh --without-selinux --disable-man --with-yescrypt
+
     - run: make
     - run: make install DESTDIR=${HOME}/rootfs
     - run: sudo make install
+
     - name: run tests in shell with tty
+      # Run tests inside a pseudo-TTY because some parts expect one.
       shell: 'script -q -e -c "bash {0}"'
       run: |
         set -e
@@ -71,10 +77,12 @@ jobs:
 
   container-build:
     runs-on: ubuntu-latest
+    name: "container-build (${{ matrix.os }}${{ matrix.privileged && ', privileged' || '' }})"
     strategy:
       fail-fast: false
       matrix:
         os: [alpine, debian, fedora, opensuse]
+        privileged: [false, true]
 
     steps:
     - uses: actions/setup-python@v5
@@ -89,17 +97,21 @@ jobs:
         sudo apt-get update
         sudo apt-get -y install ansible
 
-    - name: Build container
+    - name: "Build container (${{ matrix.privileged && 'privileged' || 'unprivileged'}})"
       run: |
         pushd share/ansible/
-        ansible-playbook playbook.yml -i inventory.ini -e 'distribution=${{ matrix.os }}'
+        ${{ matrix.privileged && 'sudo' || '' }} ansible-playbook playbook.yml \
+          -i inventory.ini \
+          -e "distribution=${{ matrix.os }}" \
+          -e "privileged_mode=${{ matrix.privileged }}"
         popd
 
     - name: Store artifacts
+      # Always upload logs to allow debugging even on failure.
       if: always()
       uses: actions/upload-artifact@v4
       with:
-        name: ${{ matrix.os }}-build
+        name: "${{ matrix.os }}-${{ matrix.privileged && 'privileged' || 'unprivileged'}}-build"
         path: |
           ./share/ansible/build-out/config.log
           ./share/ansible/build-out/config.h