Skip to content

security: add CT executeTemplate to default function_denylist #17712

security: add CT executeTemplate to default function_denylist

security: add CT executeTemplate to default function_denylist #17712

Workflow file for this run

name: Core CI Tests
on:
pull_request:
paths-ignore:
- 'README.md'
- 'CHANGELOG.md'
- '.changelog/**'
- '.tours/**'
- 'contributing/**'
- 'demo/**'
- 'dev/**'
- 'e2e/terraform/**'
- 'e2e/ui/**'
- 'integrations/**'
- 'pkg/**'
- 'scripts/**'
- 'terraform/**'
- 'ui/**'
- 'website/**'
push:
branches:
- main
- release/**
paths-ignore:
- 'README.md'
- 'CHANGELOG.md'
- '.changelog/**'
- '.tours/**'
- 'contributing/**'
- 'demo/**'
- 'dev/**'
- 'e2e/terraform/**'
- 'e2e/ui/**'
- 'integrations/**'
- 'pkg/**'
- 'scripts/**'
- 'terraform/**'
- 'ui/**'
- 'website/**'
env:
VERBOSE: 1
GOTESTARCH: amd64
CONSUL_VERSION: 1.14.4
VAULT_VERSION: 1.12.2
NOMAD_SLOW_TEST: 0
NOMAD_TEST_LOG_LEVEL: OFF
jobs:
checks:
uses: ./.github/workflows/checks.yaml
compile:
needs: [checks]
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04, macos-14, windows-2019]
runs-on: ${{matrix.os}}
timeout-minutes: 20
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache: ${{ contains(runner.name, 'Github Actions') }}
go-version-file: .go-version
cache-dependency-path: '**/go.sum'
- name: Run make dev
run: |
make bootstrap
make dev
tests-api:
needs: [checks]
runs-on: custom-linux-xl-nomad-22.04
timeout-minutes: 8
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache: true
go-version-file: .go-version
cache-dependency-path: '**/go.sum'
- name: Run API tests
env:
GOTEST_MOD: api
run: |
make bootstrap
make generate-all
sudo sed -i 's!Defaults!#Defaults!g' /etc/sudoers
sudo -E env "PATH=$PATH" make test-nomad-module
tests-groups:
needs: [checks]
runs-on: ubuntu-22.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
groups:
- nomad
- client
- command
- drivers
- quick
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache: ${{ contains(runner.name, 'Github Actions') }}
go-version-file: .go-version
cache-dependency-path: '**/go.sum'
- name: Install optional dependencies
if: ${{ matrix.groups == 'drivers' }}
run: sudo apt update && sudo apt install qemu-system
- name: Run Matrix Tests
env:
GOTEST_GROUP: ${{matrix.groups}}
run: |
make bootstrap
make generate-all
make dev
sudo -E env "PATH=$PATH" hc-install install -version ${{env.VAULT_VERSION}} -path '${{env.GOPATH}}/bin' vault
sudo -E env "PATH=$PATH" hc-install install -version ${{env.CONSUL_VERSION}} -path '${{env.GOPATH}}/bin' consul
sudo sed -i 's!Defaults!#Defaults!g' /etc/sudoers
sudo -E env "PATH=$PATH" make test-nomad
permissions:
contents: read
id-token: write