aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* CI: run linters outside the containerGravatar MarkKoz2021-12-27-36/+44
| | | | | | | | Remove the dependency on the container so the lint job can run in parallel with the build job. More time has to be spent installing Python dependencies, but this is made up for by not having to download and load the image artefact in addition to not having to wait for the build job.
* CI: specify service name to coverallsGravatar MarkKoz2021-12-27-1/+1
| | | | See https://github.com/TheKevJames/coveralls-python/issues/240
* CI: remove SHA from image build GHA cache scopeGravatar MarkKoz2021-12-26-1/+1
| | | | | | Unlike the cache action, the build-push action's GHA cache feature seems to only do an exact comparison for the scope. Thus, new commits lead to cache misses.
* CI: combine coverage data from all matrix jobsGravatar MarkKoz2021-12-26-21/+39
|
* CI: pass artefact name as an input to workflowsGravatar MarkKoz2021-12-26-10/+28
| | | | | | Make the artefact and file names identical to simplify things. The artefact name doesn't have to be unique anyway since it can only be downloaded by the same workflow run.
* CI: use buildx's integrated GH Actions cache featureGravatar MarkKoz2021-12-26-12/+18
|
* CI: use build-push-action to output an image tarballGravatar MarkKoz2021-12-26-4/+1
| | | | | | | load: true was already creating a tarball, but it was getting immediately loaded. Since no other Docker builds run in this job, it's useless to load it. The action can still be leveraged to create the tarball instead of manually invoking `docker save`.
* CI: use reusable workflows as jobs in main workflowGravatar MarkKoz2021-12-26-242/+27
|
* CI: create a reusable deployment workflowGravatar MarkKoz2021-12-26-0/+96
|
* CI: create a reusable test workflowGravatar MarkKoz2021-12-26-0/+74
|
* CI: create a reusable lint workflowGravatar MarkKoz2021-12-26-0/+52
|
* CI: create a reusable build workflowGravatar MarkKoz2021-12-26-0/+88
|
* Merge #132 - fix entrypoint and support Python argsGravatar Mark2022-01-15-9/+119
|\
| * Fix typo in commentGravatar Mark2022-01-15-1/+1
| | | | | | Co-authored-by: wookie184 <[email protected]>
| * Change entrypoint tests to integration testsGravatar MarkKoz2021-12-27-35/+25
| | | | | | | | No more mocks!
| * Skip coverage of if __name__ == "__main__":Gravatar MarkKoz2021-12-26-1/+1
| |
| * Add tests for main()Gravatar MarkKoz2021-12-26-0/+49
| |
| * Forward the NsJail exit code from the entrypointGravatar MarkKoz2021-12-26-0/+4
| |
| * Test argument parsing for entry pointGravatar MarkKoz2021-12-26-0/+51
| |
| * Add option to pass Python args via main entry pointGravatar MarkKoz2021-12-26-8/+24
| | | | | | | | | | | | Python args are specified as a single string because if they were positional, there wouldn't be a way to distinguish them from NsJail's args.
| * Fix #124 passing NsJail arguments via main entrypointGravatar MarkKoz2021-12-26-1/+1
|/
* Merge pull request #136 from python-discord/feat/tests/135/rel-path-coverageGravatar Hassan Abouelela2021-12-29-7/+6
|\ | | | | Store relative paths in coverage data
| * Store relative paths in coverage dataGravatar MarkKoz2021-12-28-7/+6
|/ | | | | | | Also remove the reliance on the container needing to mount the host's files to the same directory during local testing. Fix #135
* Do not run Kubernetes deployment on self-hosted runnerGravatar Joe Banks2021-12-26-1/+1
|
* Merge pull request #127 from python-discord/feat/nsjail/102/cgroupv2Gravatar Joe Banks2021-12-26-1060/+378
|\
| * CI: disable setup-python action on self-hosted runnerGravatar MarkKoz2021-12-25-1/+1
| | | | | | | | | | | | Python 3.9 is available on the self-hosted runner and is sufficient to run coveralls. Trying to get the setup-python action supported on the self-hosted runner proved to be problematic.
| * CI: create a matrix with a self-hosted runner with cgroupv2Gravatar MarkKoz2021-12-21-6/+18
| | | | | | | | | | | | The self-hosted runner has cgroupv2 enabled. It's only needed to run the tests on a cgroupv2 system. Only lint, push the image, and deploy it on one runner to avoid redundancy.
| * Ignore swap limits if the swap controller is disabledGravatar MarkKoz2021-12-21-2/+70
| | | | | | | | | | | | | | | | Fix NsJail failing to set the swap limit because it tries to write to a file that doesn't exist. Log a warning if swap is on, the swap controller is disabled, and the NsJail config is attempting to limit swap memory.
| * Remove dynamic cgroupv1 creationGravatar MarkKoz2021-12-21-64/+27
| | | | | | | | | | Memory limit of the parent doesn't need to be modified because NsJail is now able to set the swap limit itself.
| * Add a test for #83Gravatar MarkKoz2021-12-21-0/+123
| |
| * Show a warning if use_cgroupv2 is true but only a v1 fs is detectedGravatar MarkKoz2021-12-21-0/+7
| | | | | | | | | | | | The NsJail config can be overridden by command-line arguments. However, there is no way to negate `--use_cgroupv2`. Hence, manual correction of the config by the user is required.
| * Disable pip version checks in the Docker imageGravatar MarkKoz2021-12-21-0/+1
| |
| * Set NsJail log level to warning during API testsGravatar MarkKoz2021-12-21-0/+3
| |
| * Install numpy before running tests locallyGravatar MarkKoz2021-12-21-1/+2
| | | | | | | | | | | | `test_numpy_import` fails when running with `pipenv run tests`, since numpy was not installed. Modify the pipenv script to install numpy before starting the tests.
| * Fix NsJail args testGravatar MarkKoz2021-12-21-1/+2
| | | | | | | | | | Dynamically calculate the position of the arguments rather than hard-coding them.
| * Set the max swap size through NsJailGravatar MarkKoz2021-12-20-4/+2
| |
| * Update NsJailGravatar MarkKoz2021-12-20-979/+49
| | | | | | | | | | | | | | The updated versions adds support for telling NsJail to set the max swap memory in the cgroup. Resolve #125
| * Use the system locale's encoding for cgroup filesGravatar MarkKoz2021-12-20-2/+2
| | | | | | | | | | They're encoded with the system's locale, so that's what should be used to read them.
| * Add cgroupv2 initialisationGravatar MarkKoz2021-12-20-6/+46
| | | | | | | | | | | | | | | | Ensure the cgroupv2 mount exists, subtree_control is not empty, and swap is disabled. Fix #126 Fix #102
| * Account for NsJail's use_cgroupv2 setting when detecting cgroup versionGravatar MarkKoz2021-12-20-15/+38
| |
| * Move cgroup functions to a new utility moduleGravatar MarkKoz2021-12-21-61/+69
|/
* Excluded the snekbox/config_pb2.py from coverage (#130)Gravatar Nightfurex2021-12-22-1/+3
|
* Merge pull request #119 from python-discord/fix-tests-protobufGravatar Joe Banks2021-12-20-327/+324
|\
| * Rename Generated ProtoBuf ConfigGravatar Hassan Abouelela2021-12-20-223/+199
| | | | | | | | | | | | | | Remove the rename step from the protobuf generation script to get around a bug causing failures in the test suite. Signed-off-by: Hassan Abouelela <[email protected]>
| * Bump & Lock Protobuf to 3.19Gravatar Hassan Abouelela2021-12-19-104/+125
|/ | | | | | | | Bumps protobuf from ~=3.14 to ==3.19. 3.19 was already a valid upgrade from ~=3.14, but it introduced a breaking bug. The dependency has been locked for now to avoid any more unintended bugs. Signed-off-by: Hassan Abouelela <[email protected]>
* Merge pull request #123 from Akarys42/patch-1Gravatar Joe Banks2021-12-10-1/+1
|\
| * Remove myself from the codeownersGravatar Matteo Bertucci2021-12-10-1/+1
|/
* Merge pull request #121 from python-discord/cgroupsv2Gravatar Hassan Abouelela2021-12-07-1/+20
|\ | | | | Add the --use_cgroupv2 flag when relevant
| * Log cgroup version at startupGravatar Matteo Bertucci2021-12-07-2/+4
| |
| * Add the --use_cgroupv2 flag when relevantGravatar Matteo Bertucci2021-12-07-1/+18
|/ | | | According to https://github.com/google/nsjail/pull/119, the flag should be passed for NsJail to try to use cgroupv2. This commit will use the /sys/fs/cgroup structure to guess the installed version, and depending on the version add that flag.
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-29 10:02:10 +0000