]> git.ipfire.org Git - thirdparty/pdns.git/blob - .circleci/config.yml
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dnsdist: Add a new query rules chain triggered after a cache miss
[thirdparty/pdns.git] / .circleci / config.yml
1 version: 2.1
2
3 commands:
4 checkout-shallow:
5 description: "Do a shallow checkout of the repository"
6 steps:
7 - run:
8 name: Install git and openssh
9 command: apt-get update && apt-get -qq -y install openssh-client git
10 - run:
11 name: Store the keyid for the git repo
12 command: mkdir -p $HOME/.ssh && ssh-keyscan $(echo ${CIRCLE_REPOSITORY_URL} | sed 's,.*@\([^:]*\):.*,\1,') > $HOME/.ssh/known_hosts
13 - run:
14 name: Clone the repo
15 command: |
16 mkdir -p /opt/project
17 if [ -n "$CIRCLE_PR_NUMBER" ]
18 then
19 echo === Checking out PR "$CIRCLE_PR_NUMBER" from "$CIRCLE_REPOSITORY_URL"
20 git clone --depth 1 $CIRCLE_REPOSITORY_URL /opt/project
21 cd /opt/project
22 git fetch --depth 1 origin +refs/pull/${CIRCLE_PR_NUMBER}/merge
23 git checkout -qf FETCH_HEAD
24 else
25 echo === Checking out branch "${CIRCLE_BRANCH}" from "$CIRCLE_REPOSITORY_URL"
26 git clone --depth 1 --branch $CIRCLE_BRANCH $CIRCLE_REPOSITORY_URL /opt/project
27 fi
28 cd /opt/project
29 git --no-pager show -s
30
31 get-workspace:
32 description: "Attach workspace to /opt and symlink checkout into home"
33 steps:
34 - run:
35 name: ensure ca-certificates is installed
36 command: apt-get update && apt-get -qq -y install ca-certificates
37 - attach_workspace:
38 at: /opt
39 - run:
40 name: symlink checkout into home
41 command: rmdir ~/project && ln -s /opt/project ~/project
42 - run:
43 name: include $BASH_ENV for both interactive and non-interactive shells
44 command: echo '. $BASH_ENV' >> $HOME/.bashrc
45
46 install-clang-8:
47 description: install clang-8 from backports
48 steps:
49 - run:
50 name: add backports and install clang-8
51 command: |
52 echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list
53 apt-get update
54 apt-get -qq -t buster-backports --no-install-recommends install clang-8 llvm-8
55
56 # FIXME: the build-essential wart below is misformatted intentionally to remind us to replace the remotebackend testing deps with Debian packages
57 auth-regress-setup:
58 description: Prepare the environment for auth regression tests
59 steps:
60 - get-workspace
61 - install-auth-deps
62 - install-clang-8 # for the symbolizer
63 - run:
64 name: Install test dependencies
65 command: |
66 apt-get -y -qq install \
67 authbind \
68 bc \
69 bind9utils \
70 build-essential libsqlite3-dev libzmq3-dev \
71 curl \
72 default-jre-headless \
73 dnsutils \
74 gawk \
75 git \
76 ldnsutils \
77 libnet-dns-perl \
78 pdns-recursor \
79 socat \
80 sqlite3 \
81 unbound-host
82 - run:
83 name: Install jdnssectools
84 command: |
85 if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then
86 apt-get install -qq -y wget
87 wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz
88 tar xfz jdnssec-tools-0.14.tar.gz -C $HOME
89 rm jdnssec-tools-0.14.tar.gz
90 fi
91 echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV
92 - run:
93 name: Allow missing tools in verify-dnssec-zone
94 command: touch regression-tests/tests/verify-dnssec-zone/allow-missing
95 - run:
96 name: Start PowerDNS Recursor in the background
97 command: pdns_recursor
98 background: true
99 - run:
100 name: Set up authbind
101 command: |
102 touch /etc/authbind/byport/53
103 chmod 755 /etc/authbind/byport/53
104
105 auth-regress:
106 description: Run one auth regression context
107 parameters:
108 skip:
109 type: string
110 default: ""
111 rootskip:
112 type: string
113 default: ""
114 doroot:
115 type: boolean
116 default: true
117 context:
118 type: string
119 default: ""
120 prefix:
121 type: string
122 default: "/opt/pdns-auth/"
123 steps:
124 - run:
125 workdir: ~/project/regression-tests
126 name: Run << parameters.context >> tests
127 command: |
128 [ -e ./vars ] && . ./vars
129 export
130 rm -rf tests/*/skip
131 for t in << parameters.skip >>
132 do
133 touch tests/$t/skip
134 done
135 PDNS=<< parameters.prefix >>sbin/pdns_server \
136 PDNS2=<< parameters.prefix >>sbin/pdns_server \
137 SDIG=<< parameters.prefix >>bin/sdig \
138 NOTIFY=<< parameters.prefix >>bin/pdns_notify \
139 NSEC3DIG=<< parameters.prefix >>bin/nsec3dig \
140 SAXFR=<< parameters.prefix >>bin/saxfr \
141 ZONE2SQL=<< parameters.prefix >>bin/zone2sql \
142 ZONE2LDAP=<< parameters.prefix >>bin/zone2ldap \
143 PDNSUTIL=<< parameters.prefix >>bin/pdnsutil \
144 PDNSCONTROL=<< parameters.prefix >>bin/pdns_control \
145 RESOLVERIP=127.0.0.1 \
146 ./start-test-stop 5300 << parameters.context >>
147 - when:
148 condition: << parameters.doroot >>
149 steps:
150 - run:
151 workdir: ~/project/regression-tests.rootzone
152 name: Run << parameters.context >> tests for the root zone
153 command: |
154 [ -e ../regression-tests/vars ] && . ../regression-tests/vars
155 rm -rf tests/*/skip
156 for t in << parameters.rootskip >>
157 do
158 touch tests/$t/skip
159 done
160 PDNS=<< parameters.prefix >>sbin/pdns_server \
161 PDNS2=<< parameters.prefix >>sbin/pdns_server \
162 SDIG=<< parameters.prefix >>bin/sdig \
163 NOTIFY=<< parameters.prefix >>bin/pdns_notify \
164 NSEC3DIG=<< parameters.prefix >>bin/nsec3dig \
165 SAXFR=<< parameters.prefix >>bin/saxfr \
166 ZONE2SQL=<< parameters.prefix >>bin/zone2sql \
167 ZONE2LDAP=<< parameters.prefix >>bin/zone2ldap \
168 PDNSUTIL=<< parameters.prefix >>bin/pdnsutil \
169 PDNSCONTROL=<< parameters.prefix >>bin/pdns_control \
170 RESOLVERIP=127.0.0.1 \
171 ./start-test-stop 5300 << parameters.context >>
172
173 install-auth-deps:
174 description: Install all libraries needed to run the auth
175 steps:
176 - run: |
177 apt-get install -qq -y --no-install-recommends \
178 default-libmysqlclient-dev \
179 libboost-all-dev \
180 libcdb1 \
181 libcurl4 \
182 libgeoip1 \
183 libkrb5-3 \
184 libldap-2.4-2 \
185 liblmdb0 \
186 libluajit-5.1-2 \
187 libmaxminddb0 \
188 libp11-kit0 \
189 libpq5 \
190 libsodium23 \
191 libssl1.1 \
192 libsystemd0 \
193 libyaml-cpp0.6 \
194 softhsm2 \
195 unixodbc
196
197 install-dnsdist-deps:
198 description: "Install all libraries needed for testing dnsdist"
199 steps:
200 - run: apt-get update
201 - run:
202 command: |
203 apt-get install -qq -y \
204 libluajit-5.1-2 \
205 libboost-all-dev \
206 libcap2 \
207 libcdb1 \
208 libcurl4-openssl-dev \
209 libfstrm0 \
210 libgnutls30 \
211 libh2o-evloop0.13 \
212 liblmdb0 \
213 libnghttp2-dev \
214 libre2-5 \
215 libssl-dev \
216 libsystemd0 \
217 libsodium23 \
218 patch \
219 protobuf-compiler \
220 python3-venv
221
222 install-auth-dev-deps:
223 description: Install all packages needed to build the auth
224 steps:
225 - run: apt-get update
226 - run:
227 command: |
228 apt-get install -qq -y --no-install-recommends \
229 autoconf \
230 automake \
231 bison \
232 bzip2 \
233 curl \
234 default-libmysqlclient-dev \
235 flex \
236 g++ \
237 git \
238 libboost-all-dev \
239 libcdb-dev \
240 libcurl4-openssl-dev \
241 libgeoip-dev \
242 libkrb5-dev \
243 libldap2-dev \
244 liblmdb-dev \
245 libluajit-5.1-dev \
246 libmaxminddb-dev \
247 libp11-kit-dev \
248 libpq-dev \
249 libsodium-dev \
250 libsqlite3-dev \
251 libssl-dev \
252 libsystemd-dev \
253 libtool \
254 libyaml-cpp-dev \
255 libzmq3-dev \
256 make \
257 pkg-config \
258 python3-venv \
259 ragel \
260 ruby-bundler \
261 ruby2.5-dev \
262 sqlite3 \
263 systemd \
264 unixodbc-dev \
265 wget
266
267 add-auth-repo:
268 description: "Add the debian repo for the auth"
269 parameters:
270 version:
271 type: string
272 default: "45"
273 distro:
274 type: string
275 default: "debian"
276 release:
277 type: string
278 default: "buster"
279 steps:
280 - run:
281 name: "Install dependencies"
282 command: "apt-get update && apt-get install -qq -y curl gnupg2"
283 - run:
284 name: "Install apt-keys"
285 command: |
286 if [ "<< parameters.version >>" = "master" ]; then
287 curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc
288 else
289 curl https://repo.powerdns.com/FD380FBB-pub.asc -o /etc/apt/trusted.gpg.d/FD380FBB-pub.asc
290 fi
291 - run:
292 name: "Add repository"
293 command: |
294 echo 'deb [arch=amd64] http://repo.powerdns.com/<< parameters.distro >> << parameters.release >>-auth-<< parameters.version>> main' >> /etc/apt/sources.list.d/pdns.list
295 - run:
296 name: "add pinning"
297 command: |
298 echo 'Package: pdns-*' > /etc/apt/preferences.d/pdns
299 echo 'Pin: origin repo.powerdns.com' >> /etc/apt/preferences.d/pdns
300 echo 'Pin-Priority: 600' >> /etc/apt/preferences.d/pdns
301 - run:
302 name: update apt cache
303 command: apt-get update
304
305 setup-ccache:
306 description: Install .ccache and set $PATH
307 steps:
308 - run:
309 name: Install ccache
310 command: apt-get update && apt-get -qq -y install ccache
311 - run:
312 name: Setup ccache in $PATH
313 command: echo 'export PATH=/usr/lib/ccache:$PATH' >> $BASH_ENV
314
315 save-ccache-cache:
316 description: Store the .ccache directory
317 parameters:
318 product:
319 type: string
320 default: ""
321 steps:
322 - save_cache:
323 key: ccache-cache-{{ arch }}-<< parameters.product >>-{{ .Branch }}
324 paths:
325 - ~/.ccache
326
327 restore-cache-ccache:
328 description: Restore the .ccache directory
329 parameters:
330 product:
331 type: string
332 default: ""
333 steps:
334 - setup-ccache
335 - run:
336 name: ensure ca-certificates is installed
337 command: apt-get update && apt-get -qq -y install ca-certificates
338 - restore_cache:
339 keys:
340 - ccache-cache-{{ arch }}-<< parameters.product >>-{{ .Branch }}
341 - ccache-cache-{{ arch }}-<< parameters.product >>-
342
343 jobs:
344 checkout:
345 resource_class: small
346
347 docker:
348 - image: debian:buster
349 auth:
350 username: powerdnsreadonly
351 password: $DOCKERHUB_PASSWORD
352
353 steps:
354 - checkout-shallow
355 - persist_to_workspace:
356 root: /opt
357 paths:
358 - project
359
360 build-auth:
361 docker:
362 - image: debian:buster
363 auth:
364 username: powerdnsreadonly
365 password: $DOCKERHUB_PASSWORD
366 environment:
367 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1'
368 ASAN_OPTIONS: detect_leaks=0
369 steps:
370 - get-workspace
371 - install-auth-dev-deps
372 - install-clang-8
373 - restore-cache-ccache:
374 product: auth
375 - run:
376 name: autoconf
377 command: BUILDER_VERSION=0.0.0-git1 autoreconf -vfi
378 - run:
379 name: configure
380 command: |
381 CC='clang-8' \
382 CXX='clang++-8' \
383 CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
384 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
385 ./configure \
386 --enable-option-checking=fatal \
387 --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' \
388 --enable-systemd \
389 --enable-tools \
390 --enable-unit-tests \
391 --enable-backend-unit-tests \
392 --enable-fuzz-targets \
393 --enable-experimental-pkcs11 \
394 --enable-remotebackend-zeromq \
395 --with-lmdb=/usr \
396 --with-libsodium \
397 --prefix=/opt/pdns-auth \
398 --enable-ixfrdist \
399 --enable-asan \
400 --enable-ubsan
401 - run:
402 name: build
403 command: make -j3 -k
404 - save-ccache-cache:
405 product: auth
406 - run:
407 name: Install the binaries
408 command: make install
409 - persist_to_workspace:
410 root: /opt
411 paths:
412 - pdns-auth
413
414 test-auth-regress-bind:
415 resource_class: small
416
417 docker:
418 - image: debian:buster
419 auth:
420 username: powerdnsreadonly
421 password: $DOCKERHUB_PASSWORD
422 environment:
423 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1'
424 ASAN_OPTIONS: detect_leaks=0
425 - image: mysql:5 # for the hybrid test
426 environment:
427 MYSQL_ALLOW_EMPTY_PASSWORD: 1
428 auth:
429 username: powerdnsreadonly
430 password: $DOCKERHUB_PASSWORD
431 steps:
432 - auth-regress-setup
433 - run:
434 command: apt-get install -qq -y p11-kit softhsm2
435 - auth-regress:
436 context: bind-dnssec-pkcs11
437 - run:
438 command: apt-get install -qq -y default-mysql-client
439 - run:
440 command: |
441 cat >> ~/.my.cnf \<<- __EOF__
442 [client]
443 protocol=TCP
444 __EOF__
445 - run:
446 name: Set up mysql client lib to force TCP
447 command: echo 'export GMYSQLHOST=127.0.0.1' > ./vars
448 workdir: ~/project/regression-tests
449 - auth-regress:
450 context: bind-hybrid-nsec3
451
452 workflows:
453 version: 2
454
455 build-and-test-all:
456 jobs:
457 - checkout
458 - build-auth:
459 requires:
460 - checkout
Unnamed repository; edit this file 'description' to name the repository.