docs: Add security issues section to README (#157) #109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: codejail-ci | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| codejail_ci: | |
| name: tests | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.TOOLS_EDX_ECR_USER_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.TOOLS_EDX_ECR_USER_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Parse custom apparmor profile | |
| run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox-python3.8.bin.python | |
| - name: Pull codejail CI image | |
| run: docker pull 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail:latest | |
| - name: Build latest code changes into CI image | |
| run: | | |
| docker build --cache-from 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail \ | |
| -t 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail . | |
| - name: Run container with custom apparmor profile and codejail CI image | |
| run: | | |
| docker run --name=codejail --privileged -d --security-opt apparmor=apparmor_profile \ | |
| 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail tail -f /dev/null | |
| - name: Run Non Proxy Tests | |
| run: docker exec -t codejail bash -c 'make clean && make test_no_proxy' | |
| - name: Run Proxy Tests | |
| run: docker exec -t codejail bash -c 'make clean && make test_proxy' | |
| - name: Run Quality Tests | |
| run: docker exec -t codejail bash -c 'make quality' |