name: POSIX Compliance Tests on: push: branches: [ main, master, develop ] paths: - 'weed/mount/**' - 'weed/command/mount*' - 'weed/command/fuse*' - 'test/fuse_integration/**' pull_request: branches: [ main, master, develop ] paths: - 'weed/mount/**' - 'weed/command/mount*' - 'weed/command/fuse*' - 'test/fuse_integration/**' workflow_dispatch: inputs: test_type: description: 'Type of POSIX tests to run' required: true default: 'critical' type: choice options: - critical - basic - extended - full enable_external_tests: description: 'Run external test suites (slower)' required: false default: false type: boolean env: GO_VERSION: '1.21' TIMEOUT: '45m' jobs: posix-compliance-ubuntu: runs-on: ubuntu-latest timeout-minutes: 60 strategy: matrix: go-version: ['1.21', '1.22'] fuse-version: ['2.9', '3.0'] fail-fast: false steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 1 - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} cache: true cache-dependency-path: | go.sum test/fuse_integration/go.sum - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y \ fuse \ libfuse-dev \ attr \ acl \ build-essential \ git \ python3-pip # Install FUSE version specific packages if needed if [ "${{ matrix.fuse-version }}" = "3.0" ]; then sudo apt-get install -y fuse3 libfuse3-dev fi - name: Set up user permissions for FUSE run: | sudo usermod -a -G fuse $USER sudo chmod 666 /dev/fuse # Ensure fuse module is loaded sudo modprobe fuse || true - name: Install external test tools if: ${{ github.event.inputs.enable_external_tests == 'true' }} run: | # Install nfstest for POSIX API verification pip3 install --user nfstest # Install FIO for performance testing sudo apt-get install -y fio # Install additional test utilities sudo apt-get install -y stress-ng - name: Build SeaweedFS run: | make # Verify binary exists and is executable ./weed version # Make weed binary available in PATH sudo cp ./weed /usr/local/bin/weed which weed weed version - name: Run POSIX compliance tests id: posix-tests run: | cd test/fuse_integration # Initialize Go module for tests if [ ! -f go.mod ]; then go mod init seaweedfs-posix-tests go mod tidy fi # Create reports directory mkdir -p reports # Set up external tools if requested if [ "${{ github.event.inputs.enable_external_tests }}" = "true" ]; then make -f posix_Makefile setup-external-tools || true fi # Determine which tests to run TEST_TYPE="${{ github.event.inputs.test_type }}" if [ -z "$TEST_TYPE" ]; then TEST_TYPE="critical" fi echo "Running POSIX tests: $TEST_TYPE" case "$TEST_TYPE" in "critical") make -f posix_Makefile test-posix-critical ;; "basic") make -f posix_Makefile test-posix-basic ;; "extended") make -f posix_Makefile test-posix-extended ;; "full") make -f posix_Makefile test-posix-full ;; *) echo "Unknown test type: $TEST_TYPE" exit 1 ;; esac - name: Run external test suites if: ${{ github.event.inputs.enable_external_tests == 'true' }} continue-on-error: true run: | cd test/fuse_integration # Run external tests (may fail on some systems) make -f posix_Makefile test-nfstest-posix || echo "nfstest failed or not available" make -f posix_Makefile test-fio-posix || echo "FIO tests failed or not available" - name: Generate compliance report if: always() run: | cd test/fuse_integration make -f posix_Makefile generate-report - name: Upload test results uses: actions/upload-artifact@v4 if: always() with: name: posix-test-results-ubuntu-go${{ matrix.go-version }}-fuse${{ matrix.fuse-version }} path: | test/fuse_integration/reports/ test/fuse_integration/*.log retention-days: 30 - name: Upload test coverage uses: actions/upload-artifact@v4 if: always() && (github.event.inputs.test_type == 'full' || github.event.inputs.test_type == 'extended') with: name: posix-coverage-ubuntu-go${{ matrix.go-version }} path: test/fuse_integration/reports/posix_coverage.html retention-days: 14 - name: Comment PR with results if: github.event_name == 'pull_request' && always() uses: actions/github-script@v7 with: script: | const fs = require('fs'); const path = require('path'); const reportPath = 'test/fuse_integration/reports/posix_compliance_summary.txt'; if (fs.existsSync(reportPath)) { const report = fs.readFileSync(reportPath, 'utf8'); const comment = `## POSIX Compliance Test Results **Go Version:** ${{ matrix.go-version }} **FUSE Version:** ${{ matrix.fuse-version }} **Test Type:** ${{ github.event.inputs.test_type || 'critical' }}
Test Summary ``` ${report} ```
📊 Full results available in [test artifacts](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) `; github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: comment }); } posix-compliance-macos: runs-on: macos-latest timeout-minutes: 60 steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} cache: true - name: Install macFUSE run: | # Install macFUSE brew install macfuse # Note: macFUSE may require system extension approval on macOS # This step may need manual intervention in some cases - name: Build SeaweedFS run: | make ./weed version - name: Run critical POSIX tests (macOS) continue-on-error: true # macOS FUSE can be more restrictive run: | cd test/fuse_integration if [ ! -f go.mod ]; then go mod init seaweedfs-posix-tests go mod tidy fi mkdir -p reports # Run basic tests only on macOS due to FUSE limitations make -f posix_Makefile test-posix-critical - name: Upload macOS test results uses: actions/upload-artifact@v4 if: always() with: name: posix-test-results-macos path: | test/fuse_integration/reports/ test/fuse_integration/*.log retention-days: 30 security-analysis: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} - name: Install gosec run: go install github.com/securecodewarrior/gosec/v2/cmd/gosec@v2.18.2 - name: Run security analysis on FUSE code run: | # Analyze mount and FUSE-related code for security issues echo "Running gosec security analysis..." gosec -fmt json -out gosec-report.json -severity medium ./weed/mount/... ./weed/command/mount* ./weed/command/fuse* || true if [ ! -f gosec-report.json ]; then echo "Warning: gosec report not found, creating placeholder" echo '{"issues": [], "stats": {"files": 0, "lines": 0, "nosec": 0, "found": 0}, "error": "no report generated"}' > gosec-report.json fi - name: Upload security analysis results uses: actions/upload-artifact@v4 if: always() with: name: security-analysis-results path: gosec-report.json retention-days: 30 performance-baseline: runs-on: ubuntu-latest if: github.event.inputs.test_type == 'full' || github.event_name == 'schedule' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y fuse libfuse-dev fio sudo usermod -a -G fuse $USER sudo chmod 666 /dev/fuse - name: Build SeaweedFS run: make - name: Run performance baseline tests run: | cd test/fuse_integration if [ ! -f go.mod ]; then go mod init seaweedfs-posix-tests go mod tidy fi mkdir -p reports # Run performance benchmarks make -f posix_Makefile benchmark-posix make -f posix_Makefile test-fio-posix - name: Store performance baseline uses: actions/upload-artifact@v4 with: name: performance-baseline-results path: | test/fuse_integration/reports/posix_benchmark_results.log test/fuse_integration/reports/fio_*_results.log retention-days: 90 # Schedule regular compliance checks scheduled-compliance-check: runs-on: ubuntu-latest if: github.event_name == 'schedule' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y fuse libfuse-dev pip3 install --user nfstest - name: Build SeaweedFS run: make - name: Run comprehensive compliance check run: | cd test/fuse_integration make -f posix_Makefile test-posix-full make -f posix_Makefile generate-report - name: Create compliance issue if tests fail if: failure() uses: actions/github-script@v7 with: script: | const issue = await github.rest.issues.create({ owner: context.repo.owner, repo: context.repo.repo, title: 'POSIX Compliance Check Failed - ' + new Date().toISOString().split('T')[0], body: `## POSIX Compliance Check Failure The scheduled POSIX compliance check has failed. This may indicate: - Regression in FUSE mount functionality - Changes affecting POSIX compatibility - Infrastructure issues with the test environment **Action Required:** Review the test results and investigate any failures. **Test Run:** [Workflow Run](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) **Date:** ${new Date().toISOString()} --- This issue was automatically created by the POSIX compliance workflow. `, labels: ['bug', 'posix-compliance', 'automated-issue'] }); console.log('Created issue:', issue.data.number); # Schedule this workflow to run weekly # Uncomment the following lines to enable scheduled runs: # schedule: # - cron: '0 2 * * 1' # Every Monday at 2 AM UTC