ci
¶
Tasks intended for use under continuous integration.
Presently, this tends to assume CircleCI, but it is intended to be generic & we’ll accept patches to make any Circle-isms configurable.
Most of it involves setting up to run a test suite under a special user who is
allowed to run sudo
and who also needs a password to do so. This allows
testing sudo-related functionality which would otherwise suffer
false-positives, since most CI environments allow passwordless sudo for the
default user.
Thus, the pattern is:
use that default user’s sudo privileges to generate the special user (if they don’t already exist in the image)
as the default user, execute the test suite runner via
sudo -u <user>
the test suite will then at times run its own
sudo someprogram
& be prompted for its password (which the test suite should read from the config data, same as this outer set of tasks does).
Note
This module defines default values for the ci.sudo
config subtree, but
if you’re using an execution environment where the default sudoers group
isn’t sudo
(eg wheel
) you’ll want to override ci.sudo.group
in
your own config files.
- invocations.ci.make_sshable(c)¶
Set up passwordless SSH keypair & authorized_hosts access to localhost.
- invocations.ci.make_sudouser(c)¶
Create a passworded sudo-capable user.
Used by other tasks to execute the test suite so sudo tests work.