diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index bba8f36..1cca86e 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -34,7 +34,7 @@ env: jobs: test: - name: Test + name: Test (ubuntu-latest on self-hosted) runs-on: self-hosted timeout-minutes: 30 @@ -424,11 +424,31 @@ jobs: echo "=== Testing ${{ matrix.build_config.name }} build (CGO_ENABLED=${{ matrix.build_config.cgo_enabled }}, tags=${{ matrix.build_config.tags }}) ===" CGO_ENABLED=${{ matrix.build_config.cgo_enabled }} go test -tags "${{ matrix.build_config.tags }}" -v ./tests/unit/... || true - - name: Run GPU matrix tests - ${{ matrix.build_config.name }} + - name: Run plugin quota tests run: | - echo "=== GPU Golden Test Matrix - ${{ matrix.build_config.name }} ===" - CGO_ENABLED=${{ matrix.build_config.cgo_enabled }} go test -tags "${{ matrix.build_config.tags }}" -v ./tests/unit/gpu/ -run TestGoldenGPUStatus || true - CGO_ENABLED=${{ matrix.build_config.cgo_enabled }} go test -tags "${{ matrix.build_config.tags }}" -v ./tests/unit/gpu/ -run TestBuildTagMatrix || true + echo "=== Running Plugin GPU Quota tests ===" + go test -v ./tests/unit/scheduler/... -run TestPluginQuota + + - name: Run service templates tests + run: | + echo "=== Running Service Templates tests ===" + go test -v ./tests/unit/scheduler/... -run TestServiceTemplate + + - name: Run scheduler tests + run: | + echo "=== Running Scheduler tests ===" + go test -v ./tests/unit/scheduler/... -run TestScheduler + + - name: Run vLLM plugin tests + run: | + echo "=== Running vLLM Plugin tests ===" + go test -v ./tests/unit/worker/plugins/... -run TestVLLM + + - name: Run audit tests + run: | + echo "=== Running Audit Logging tests ===" + go test -v ./tests/unit/security/... -run TestAudit + go test -v ./tests/integration/audit/... build-trigger: name: Trigger Build Workflow diff --git a/.forgejo/workflows/security-modes-test.yml b/.forgejo/workflows/security-modes-test.yml index 6f2f32d..11b794a 100644 --- a/.forgejo/workflows/security-modes-test.yml +++ b/.forgejo/workflows/security-modes-test.yml @@ -175,24 +175,39 @@ EOF echo "All required HIPAA fields have corresponding tests" - - name: Run security custom vet rules + - name: Validate plugin configuration for ${{ matrix.security_mode }} mode run: | - echo "=== Running custom vet rules for security ===" + echo "=== Validating plugin configuration for ${{ matrix.security_mode }} mode ===" - # Check if fetchml-vet tool exists - if [ -d "tools/fetchml-vet" ]; then - cd tools/fetchml-vet - go build -o fetchml-vet ./cmd/fetchml-vet/ - cd ../.. - - # Run the custom vet analyzer - ./tools/fetchml-vet/fetchml-vet ./... || { - echo "Custom vet found issues - review required" - exit 1 - } - else - echo "fetchml-vet tool not found - skipping custom vet" - fi + CONFIG_FILE="${{ matrix.config_file }}" + + # Check plugin configuration based on security mode + case "${{ matrix.security_mode }}" in + hipaa) + echo "Checking HIPAA mode: plugins should be disabled" + if grep -A 5 "plugins:" "$CONFIG_FILE" | grep -q "enabled: false"; then + echo "✓ Plugins are disabled for HIPAA compliance" + else + echo "⚠ Warning: Plugins may not be properly disabled in HIPAA mode" + fi + ;; + standard) + echo "Checking standard mode: plugins should be enabled with security" + if grep -A 10 "plugins:" "$CONFIG_FILE" | grep -q "enabled: true"; then + echo "✓ Plugins are enabled in standard mode" + # Check for security settings + if grep -A 20 "plugins:" "$CONFIG_FILE" | grep -q "require_password: true"; then + echo "✓ Plugin security (password) is enabled" + fi + fi + ;; + dev) + echo "Checking dev mode: plugins should be enabled (relaxed security)" + if grep -A 10 "plugins:" "$CONFIG_FILE" | grep -q "enabled: true"; then + echo "✓ Plugins are enabled in dev mode" + fi + ;; + esac - name: Security mode test summary if: always()