[apparmor] Exploring CI pipeline for integration tests of selected features
Zygmunt Krynicki
me at zygoon.pl
Fri Nov 15 16:06:15 UTC 2024
Hi!
I'm looking into adding or selecting tests to run at pull request time that would run checks against new apparmor parser and a list of curated kernels with the intent of capturing key use-cases relevant to snapd.
Snapd is a major user of apparmor, both for itself and for all the generated profiles for snap applications and services. We want to contribute and maintain tests that would capture several key interactions so that they both do not regress and if any parser work requires adapting the rules, would give the snapd team a heads-start to prepare for the next release of apparmor.
For context, snapd is distributed in two distinct ways, as a typical distribution package but also as a snap package, which is installed by another copy of snapd already on the system. The snap package does ship with a copy of apparmor parser built from sources and uses specifically for snapd's internal needs.
My initial plan is to look at all the tests present in the repository, play around with pipelines in my fork of the project and then contribute something that would run in under 5 minutes - excluding the time to build apparmor parser in another job of the pipeline - while capturing as much of the essential and perhaps tricky operations of snapd as we can.
I'm very much open for feedback, unless someone strongly disagress on direction I will start proposing early MRs for review next week.
My initial plan is to start with a system that can use typical Debian, Ubuntu vanilla Upstream kernels as the starting set. Details will be fleshed out over time.
Best regards
ZK
More information about the AppArmor
mailing list