Tasks intended for use under continuous integration.

Presently, this tends to assume CircleCI, but it is intended to be generic & we’ll accept patches to make any Circle-isms configurable.

Most of it involves setting up to run a test suite under a special user who is allowed to run sudo and who also needs a password to do so. This allows testing sudo-related functionality which would otherwise suffer false-positives, since most CI environments allow passwordless sudo for the default user.

Thus, the pattern is:

  • use that default user’s sudo privileges to generate the special user (if they don’t already exist in the image)

  • as the default user, execute the test suite runner via sudo -u <user>

  • the test suite will then at times run its own sudo someprogram & be prompted for its password (which the test suite should read from the config data, same as this outer set of tasks does).


This module defines default values for the ci.sudo config subtree, but if you’re using an execution environment where the default sudoers group isn’t sudo (eg wheel) you’ll want to override in your own config files.

Set up passwordless SSH keypair & authorized_hosts access to localhost.

Create a passworded sudo-capable user.

Used by other tasks to execute the test suite so sudo tests work., command)

Run some command under CI-oriented sudo subshell/virtualenv.


command (str) – Command string to run, e.g. inv coverage, inv integration, etc. (Does not necessarily need to be an Invoke task, but…)