From c4bafc9c0abec83500e0d238f863e788c5632e5d Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Mon, 16 Mar 2026 23:16:05 -0500
Subject: [PATCH] Update tests

---
 .github/workflows/check_urls.yml |  4 +--
 .github/workflows/cron.yml       |  4 +++
 .github/workflows/main.yml       |  5 +++
 .github/workflows/shellcheck.yml |  4 +--
 .github/workflows/test_set_1.yml | 53 +++++++++++++-------------------
 .github/workflows/test_set_2.yml |  4 +--
 6 files changed, 36 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/check_urls.yml b/.github/workflows/check_urls.yml
index f7afdc5..a04cd29 100644
--- a/.github/workflows/check_urls.yml
+++ b/.github/workflows/check_urls.yml
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2025 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2020-2026 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -13,7 +13,7 @@ on: workflow_call
 
 jobs:
   check_urls:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: github.repository_owner == 'hwdsl2'
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
index be53bbf..bc0094a 100644
--- a/.github/workflows/cron.yml
+++ b/.github/workflows/cron.yml
@@ -18,6 +18,10 @@ jobs:
     if: github.repository_owner == 'hwdsl2'
     uses: ./.github/workflows/check_urls.yml
 
+  test_set_1:
+    needs: check_urls
+    uses: ./.github/workflows/test_set_1.yml
+
   test_set_2:
     needs: check_urls
     uses: ./.github/workflows/test_set_2.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b6c270e..eade4a8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,6 +16,7 @@ on:
       - '**.sh'
       - '.github/workflows/main.yml'
       - '.github/workflows/shellcheck.yml'
+      - '.github/workflows/test_set_1.yml'
       - '.github/workflows/test_set_2.yml'
 
 jobs:
@@ -23,6 +24,10 @@ jobs:
     if: github.repository_owner == 'hwdsl2'
     uses: ./.github/workflows/shellcheck.yml
 
+  test_set_1:
+    needs: shellcheck
+    uses: ./.github/workflows/test_set_1.yml
+
   test_set_2:
     needs: shellcheck
     uses: ./.github/workflows/test_set_2.yml
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4420bf2..a3e3f90 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2025 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2020-2026 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -13,7 +13,7 @@ on: workflow_call
 
 jobs:
   shellcheck:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: github.repository_owner == 'hwdsl2'
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/test_set_1.yml b/.github/workflows/test_set_1.yml
index 98c9c91..0ffc04e 100644
--- a/.github/workflows/test_set_1.yml
+++ b/.github/workflows/test_set_1.yml
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2025 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2020-2026 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -17,7 +17,7 @@ jobs:
     if: github.repository_owner == 'hwdsl2'
     strategy:
       matrix:
-        os_version: ["centos:9s", "rockylinux:8", "almalinux:9", "almalinux:8", "amazonlinux:2", "oraclelinux:9", "oraclelinux:8", "oraclelinux:7"]
+        os_version: ["centos:10s", "centos:9s", "rockylinux:8", "almalinux:10", "almalinux:9", "almalinux:8", "oraclelinux:10", "oraclelinux:9", "oraclelinux:8"]
       fail-fast: false
     env:
       OS_VERSION: ${{ matrix.os_version }}
@@ -54,11 +54,9 @@ jobs:
             if [ -f /etc/oracle-release ]; then
               sleep 3
             fi
-            if ! command -v amazon-linux-extras; then
-              systemctl restart ipsec
-            fi
+            systemctl restart ipsec
             if grep -qs -i stream /etc/redhat-release \
-              && grep -qs 'release 9' /etc/redhat-release; then
+              && grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
               sleep 5
               return 0
             fi
@@ -90,14 +88,14 @@ jobs:
           cd /opt/src
           yum -y -q update
           yum -y -q install wget rsyslog
-          if grep -qs 'release 9' /etc/redhat-release; then
+          if grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             if grep -qs -i rocky /etc/redhat-release \
               || grep -qs -i alma /etc/redhat-release; then
               yum -y -q install diffutils
             fi
           fi
           if ! grep -qs -i stream /etc/redhat-release \
-            || ! grep -qs 'release 9' /etc/redhat-release; then
+            || ! grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             systemctl start rsyslog
           fi
 
@@ -111,9 +109,9 @@ jobs:
 
           systemctl restart xl2tpd
           restart_ipsec
-          if ! grep -qs 'release 9' /etc/oracle-release; then
+          if ! grep -qsE 'release (9|1[0-9])' /etc/oracle-release; then
             if ! grep -qs -i stream /etc/redhat-release \
-              || ! grep -qs 'release 9' /etc/redhat-release; then
+              || ! grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
               restart_fail2ban
               cat /var/log/fail2ban.log
             fi
@@ -121,7 +119,7 @@ jobs:
 
           netstat -anpu | grep pluto
           netstat -anpu | grep xl2tpd
-          if grep -qs 'release 9' /etc/redhat-release; then
+          if grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             nft list ruleset
             nft list ruleset | grep -q '192\.168\.42\.0/24'
             nft list ruleset | grep -q '192\.168\.43\.0/24'
@@ -134,7 +132,7 @@ jobs:
             iptables -nvL -t nat | grep -q '192\.168\.43\.0/24'
           fi
           if ! grep -qs -i stream /etc/redhat-release \
-            || ! grep -qs 'release 9' /etc/redhat-release; then
+            || ! grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             grep pluto "$log1"
             grep xl2tpd "$log2"
           fi
@@ -159,21 +157,17 @@ jobs:
           ANSWERS
           rm -f /etc/ipsec.d/vpnclient*
           if grep -qs -i stream /etc/redhat-release \
-            || grep -qs -E 'release (8|9)' /etc/oracle-release; then
+            || grep -qsE 'release (8|9|1[0-9])' /etc/oracle-release; then
             mkdir /etc/xl2tpd
           fi
-          if grep -qs 'release 9' /etc/redhat-release; then
+          if grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             if grep -qs -i rocky /etc/redhat-release \
               || grep -qs -i alma /etc/redhat-release; then
               mkdir /etc/xl2tpd
             fi
           fi
 
-          if [ "$1" != "amazon" ]; then
-            cp -f /opt/src/scripts/vpnsetup_centos.sh ./vpnsetup.sh
-          else
-            cp -f /opt/src/scripts/vpnsetup_amzn.sh ./vpnsetup.sh
-          fi
+          cp -f /opt/src/scripts/vpnsetup_centos.sh ./vpnsetup.sh
           sed -i -e '/swan_ver_latest=/s/^/#/' \
             -e '/status=0/a sed -i "/swan_ver_latest=/s/^/#/" /opt/src/ikev2.sh' \
             vpnsetup.sh
@@ -192,7 +186,7 @@ jobs:
 
           netstat -anpu | grep pluto
           netstat -anpu | grep xl2tpd
-          if grep -qs 'release 9' /etc/redhat-release; then
+          if grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             nft list ruleset
             nft list ruleset | grep -q '192\.168\.42\.0/24'
             nft list ruleset | grep -q '192\.168\.43\.0/24'
@@ -259,7 +253,7 @@ jobs:
 
           restart_ipsec
           if ! grep -qs -i stream /etc/redhat-release \
-            || ! grep -qs 'release 9' /etc/redhat-release; then
+            || ! grep -qsE 'release (9|1[0-9])' /etc/redhat-release; then
             grep pluto "$log1" | tail -n 20
           fi
           ipsec status | grep -q ikev2-cp
@@ -531,11 +525,7 @@ jobs:
             ipsec status | grep -q ikev2-cp
           done
 
-          if [ "$1" != "amazon" ]; then
-            cp -f /opt/src/scripts/extras/vpnupgrade_centos.sh ./vpnup.sh
-          else
-            cp -f /opt/src/scripts/extras/vpnupgrade_amzn.sh ./vpnup.sh
-          fi
+          cp -f /opt/src/scripts/extras/vpnupgrade_centos.sh ./vpnup.sh
           sed -i '/swan_ver_latest=/s/^/#/' vpnup.sh
 
           for ver in 5.2 ""; do
@@ -567,6 +557,8 @@ jobs:
 
           if [ "$OS_VERSION" = "centos:9s" ]; then
             echo "FROM quay.io/centos/centos:stream9" > Dockerfile
+          elif [ "$OS_VERSION" = "centos:10s" ]; then
+            echo "FROM quay.io/centos/centos:stream10" > Dockerfile
           else
             echo "FROM $OS_VERSION" > Dockerfile
           fi
@@ -575,16 +567,13 @@ jobs:
 
           ENV container docker
           WORKDIR /opt/src
-
-          RUN if command -v amazon-linux-extras; then amazon-linux-extras install -y kernel-ng; fi
           EOF
 
-          if [ "$OS_VERSION" = "centos:9s" ]; then
+          if [ "$OS_VERSION" = "centos:9s" ] || [ "$OS_VERSION" = "centos:10s" ]; then
             echo "RUN yum -y -q install systemd" >> Dockerfile
           fi
 
           cat >> Dockerfile <<'EOF'
-
           RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ "$i" = \
           systemd-tmpfiles-setup.service ] || rm -f "$i"; done); \
           rm -f /lib/systemd/system/multi-user.target.wants/*; \
@@ -609,8 +598,8 @@ jobs:
 
       - name: Test
         run: |
-          docker run -d --name "${OS_VERSION//:}-test-1" -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-            --privileged "${OS_VERSION//:}-test"
+          docker run -d --name "${OS_VERSION//:}-test-1" -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
+            --cgroupns=host --privileged "${OS_VERSION//:}-test"
           sleep 5
           docker exec "${OS_VERSION//:}-test-1" /opt/src/run.sh "${OS_VERSION::6}"
 
diff --git a/.github/workflows/test_set_2.yml b/.github/workflows/test_set_2.yml
index 74ec9c2..1af8310 100644
--- a/.github/workflows/test_set_2.yml
+++ b/.github/workflows/test_set_2.yml
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2020-2025 Lin Song <linsongui@gmail.com>
+# Copyright (C) 2020-2026 Lin Song <linsongui@gmail.com>
 #
 # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/
@@ -13,7 +13,7 @@ on: workflow_call
 
 jobs:
   test_set_2:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: github.repository_owner == 'hwdsl2'
     strategy:
       matrix: