]> git.ipfire.org Git - thirdparty/pdns.git/blob - .github/workflows/build-and-test-all.yml
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dnsdist: Apply suggestions from code review, delint
[thirdparty/pdns.git] / .github / workflows / build-and-test-all.yml
1 ---
2 name: 'Build and test everything'
3
4 on:
5 push:
6 pull_request:
7 workflow_call:
8 inputs:
9 branch-name:
10 description: 'Checkout to a specific branch'
11 required: true
12 default: ''
13 type: string
14 schedule:
15 - cron: '0 22 * * 3'
16
17 permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
18 contents: read
19
20 env:
21 COMPILER: clang
22 CLANG_VERSION: '13'
23 # github.workspace variable points to the Runner home folder. Container home folder defined below.
24 REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}'
25 BUILDER_VERSION: '0.0.0-git1'
26 COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }}
27 LLVM_PROFILE_FILE: "/tmp/code-%p.profraw"
28 OPTIMIZATIONS: yes
29 DECAF_SUPPORT: yes
30
31 jobs:
32 build-auth:
33 name: build auth
34 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
35 runs-on: ubuntu-22.04
36 container:
37 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
38 env:
39 ASAN_OPTIONS: detect_leaks=0
40 FUZZING_TARGETS: yes
41 SANITIZERS: asan+ubsan
42 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
43 UNIT_TESTS: yes
44 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
45 defaults:
46 run:
47 working-directory: ./pdns-${{ env.BUILDER_VERSION }}
48 steps:
49 - uses: actions/checkout@v4
50 with:
51 fetch-depth: 5
52 submodules: recursive
53 ref: ${{ inputs.branch-name }}
54 - name: get timestamp for cache
55 id: get-stamp
56 run: |
57 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
58 shell: bash
59 working-directory: .
60 - run: mkdir -p ~/.ccache
61 working-directory: .
62 - name: let GitHub cache our ccache data
63 uses: actions/cache@v4
64 with:
65 path: ~/.ccache
66 key: auth-ccache-${{ steps.get-stamp.outputs.stamp }}
67 restore-keys: auth-ccache-
68 - run: inv ci-autoconf
69 working-directory: .
70 - run: inv ci-auth-configure
71 working-directory: .
72 - run: inv ci-make-distdir
73 working-directory: .
74 - run: inv ci-auth-configure
75 - run: inv ci-auth-make-bear # This runs under pdns-$BUILDER_VERSION/pdns/
76 - run: inv ci-auth-install-remotebackend-test-deps
77 - run: inv ci-auth-run-unit-tests
78 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
79 if: ${{ env.COVERAGE == 'yes' }}
80 working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns
81 - name: Coveralls Parallel auth unit
82 if: ${{ env.COVERAGE == 'yes' }}
83 uses: coverallsapp/github-action@v2
84 with:
85 flag-name: auth-unit-${{ matrix.sanitizers }}
86 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
87 parallel: true
88 allow-empty: true
89 - run: inv ci-make-install
90 - run: ccache -s
91 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
92 - name: Store the binaries
93 uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
94 with:
95 name: pdns-auth-${{ env.normalized-branch-name }}
96 path: /opt/pdns-auth
97 retention-days: 1
98
99 build-recursor:
100 name: build recursor
101 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
102 runs-on: ubuntu-22.04
103 strategy:
104 matrix:
105 sanitizers: [ubsan+asan, tsan]
106 container:
107 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
108 env:
109 ASAN_OPTIONS: detect_leaks=0
110 SANITIZERS: ${{ matrix.sanitizers }}
111 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
112 UNIT_TESTS: yes
113 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
114 defaults:
115 run:
116 working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
117 steps:
118 - uses: actions/checkout@v4
119 with:
120 fetch-depth: 5
121 submodules: recursive
122 ref: ${{ inputs.branch-name }}
123 - name: get timestamp for cache
124 id: get-stamp
125 run: |
126 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
127 shell: bash
128 working-directory: .
129 - run: mkdir -p ~/.ccache
130 working-directory: .
131 - name: let GitHub cache our ccache data
132 uses: actions/cache@v4
133 with:
134 path: ~/.ccache
135 key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
136 restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
137 - run: inv ci-install-rust ${{ env.REPO_HOME }}
138 working-directory: ./pdns/recursordist/
139 - run: inv ci-autoconf
140 working-directory: ./pdns/recursordist/
141 - run: inv ci-rec-configure
142 working-directory: ./pdns/recursordist/
143 - run: inv ci-make-distdir
144 working-directory: ./pdns/recursordist/
145 - run: inv ci-rec-configure
146 - run: inv ci-rec-make-bear
147 - run: inv ci-rec-run-unit-tests
148 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
149 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
150 - name: Coveralls Parallel rec unit
151 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
152 uses: coverallsapp/github-action@v2
153 with:
154 flag-name: rec-unit-${{ matrix.sanitizers }}
155 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
156 parallel: true
157 allow-empty: true
158 - run: inv ci-make-install
159 - run: ccache -s
160 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
161 - name: Store the binaries
162 uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
163 with:
164 name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
165 path: /opt/pdns-recursor
166 retention-days: 1
167
168 build-dnsdist:
169 name: build dnsdist
170 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
171 runs-on: ubuntu-22.04
172 strategy:
173 matrix:
174 sanitizers: [ubsan+asan, tsan]
175 features: [least, full]
176 exclude:
177 - sanitizers: tsan
178 features: least
179 container:
180 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
181 env:
182 ASAN_OPTIONS: detect_leaks=0
183 SANITIZERS: ${{ matrix.sanitizers }}
184 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
185 UNIT_TESTS: yes
186 FUZZING_TARGETS: yes
187 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
188 defaults:
189 run:
190 working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
191 steps:
192 - uses: actions/checkout@v4
193 with:
194 fetch-depth: 5
195 submodules: recursive
196 ref: ${{ inputs.branch-name }}
197 - name: get timestamp for cache
198 id: get-stamp
199 run: |
200 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
201 shell: bash
202 working-directory: .
203 - run: mkdir -p ~/.ccache
204 working-directory: .
205 - name: let GitHub cache our ccache data
206 uses: actions/cache@v4
207 with:
208 path: ~/.ccache
209 key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
210 restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
211 - run: inv ci-install-rust ${{ env.REPO_HOME }}
212 working-directory: ./pdns/dnsdistdist/
213 - run: inv ci-build-and-install-quiche
214 working-directory: ./pdns/dnsdistdist/
215 - run: inv ci-autoconf
216 working-directory: ./pdns/dnsdistdist/
217 - run: inv ci-dnsdist-configure ${{ matrix.features }}
218 working-directory: ./pdns/dnsdistdist/
219 - run: inv ci-make-distdir
220 working-directory: ./pdns/dnsdistdist/
221 - run: inv ci-dnsdist-configure ${{ matrix.features }}
222 - run: inv ci-dnsdist-make-bear
223 - run: inv ci-dnsdist-run-unit-tests
224 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
225 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
226 - name: Coveralls Parallel dnsdist unit
227 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
228 uses: coverallsapp/github-action@v2
229 with:
230 flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
231 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
232 parallel: true
233 allow-empty: true
234 - run: inv ci-make-install
235 - run: ccache -s
236 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
237 - name: Store the binaries
238 uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
239 with:
240 name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
241 path: /opt/dnsdist
242 retention-days: 1
243
244 test-auth-api:
245 needs: build-auth
246 runs-on: ubuntu-22.04
247 container:
248 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
249 env:
250 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
251 ASAN_OPTIONS: detect_leaks=0
252 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
253 AUTH_BACKEND_IP_ADDR: "172.17.0.1"
254 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
255 strategy:
256 matrix:
257 include:
258 - backend: gsqlite3
259 image: coscale/docker-sleep
260 - backend: gmysql
261 image: mysql:5
262 - backend: gpgsql
263 image: postgres:9
264 - backend: lmdb
265 image: coscale/docker-sleep
266 fail-fast: false
267 services:
268 database:
269 image: ${{ matrix.image }}
270 env:
271 POSTGRES_USER: runner
272 POSTGRES_HOST_AUTH_METHOD: trust
273 MYSQL_ALLOW_EMPTY_PASSWORD: 1
274 ports:
275 - 3306:3306
276 - 5432:5432
277 # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
278 options: >-
279 --restart always
280 steps:
281 - uses: actions/checkout@v4
282 with:
283 fetch-depth: 5
284 submodules: recursive
285 ref: ${{ inputs.branch-name }}
286 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
287 - name: Fetch the binaries
288 uses: actions/download-artifact@v4
289 with:
290 name: pdns-auth-${{ env.normalized-branch-name }}
291 path: /opt/pdns-auth
292 - run: inv apt-fresh
293 - run: inv install-clang-runtime
294 - run: inv install-auth-test-deps -b ${{ matrix.backend }}
295 - run: inv test-api auth -b ${{ matrix.backend }}
296 - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
297 if: ${{ env.COVERAGE == 'yes' }}
298 - name: Coveralls Parallel auth API ${{ matrix.backend }}
299 if: ${{ env.COVERAGE == 'yes' }}
300 uses: coverallsapp/github-action@v2
301 with:
302 flag-name: auth-api-${{ matrix.backend }}
303 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
304 parallel: true
305 allow-empty: true
306
307 test-auth-backend:
308 needs: build-auth
309 runs-on: ubuntu-22.04
310 container:
311 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
312 env:
313 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
314 ASAN_OPTIONS: detect_leaks=0
315 LDAPHOST: ldap://ldapserver/
316 ODBCINI: /github/home/.odbc.ini
317 AUTH_BACKEND_IP_ADDR: "172.17.0.1"
318 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
319 strategy:
320 matrix:
321 include:
322 - backend: remote
323 image: coscale/docker-sleep
324 env: {}
325 ports: []
326 - backend: gmysql
327 image: mysql:5
328 env:
329 MYSQL_ALLOW_EMPTY_PASSWORD: 1
330 ports:
331 - 3306:3306
332 - backend: gmysql
333 image: mariadb:10
334 env:
335 MYSQL_ALLOW_EMPTY_PASSWORD: 1
336 ports:
337 - 3306:3306
338 - backend: gpgsql
339 image: postgres:9
340 env:
341 POSTGRES_USER: runner
342 POSTGRES_HOST_AUTH_METHOD: trust
343 ports:
344 - 5432:5432
345 - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms
346 image: coscale/docker-sleep
347 env: {}
348 ports: []
349 - backend: lmdb
350 image: coscale/docker-sleep
351 env: {}
352 ports: []
353 - backend: bind
354 image: coscale/docker-sleep
355 env: {}
356 ports: []
357 - backend: geoip
358 image: coscale/docker-sleep
359 env: {}
360 ports: []
361 - backend: lua2
362 image: coscale/docker-sleep
363 env: {}
364 ports: []
365 - backend: tinydns
366 image: coscale/docker-sleep
367 env: {}
368 ports: []
369 - backend: authpy
370 image: coscale/docker-sleep
371 env: {}
372 ports: []
373 - backend: godbc_sqlite3
374 image: coscale/docker-sleep
375 env: {}
376 ports: []
377 - backend: godbc_mssql
378 image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
379 env:
380 ACCEPT_EULA: Y
381 SA_PASSWORD: 'SAsa12%%-not-a-secret-password'
382 ports:
383 - 1433:1433
384 - backend: ldap
385 image: powerdns/ldap-regress:1.2.4-1
386 env:
387 LDAP_LOG_LEVEL: 0
388 CONTAINER_LOG_LEVEL: 4
389 ports:
390 - 389:389
391 - backend: geoip_mmdb
392 image: coscale/docker-sleep
393 env: {}
394 ports: []
395 fail-fast: false
396 services:
397 database:
398 image: ${{ matrix.image }}
399 env: ${{ matrix.env }}
400 ports: ${{ matrix.ports }}
401 # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
402 options: >-
403 --restart always
404 steps:
405 - uses: actions/checkout@v4
406 with:
407 fetch-depth: 5
408 submodules: recursive
409 ref: ${{ inputs.branch-name }}
410 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
411 - name: Fetch the binaries
412 uses: actions/download-artifact@v4
413 with:
414 name: pdns-auth-${{ env.normalized-branch-name }}
415 path: /opt/pdns-auth
416 # FIXME: install recursor for backends that have ALIAS
417 - run: inv install-clang-runtime
418 - run: inv install-auth-test-deps -b ${{ matrix.backend }}
419 - run: inv test-auth-backend -b ${{ matrix.backend }}
420 - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
421 if: ${{ env.COVERAGE == 'yes' }}
422 - name: Coveralls Parallel auth backend ${{ matrix.backend }}
423 if: ${{ env.COVERAGE == 'yes' }}
424 uses: coverallsapp/github-action@v2
425 with:
426 flag-name: auth-backend-${{ matrix.backend }}
427 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
428 parallel: true
429 allow-empty: true
430
431 test-ixfrdist:
432 needs: build-auth
433 runs-on: ubuntu-22.04
434 container:
435 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
436 env:
437 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
438 ASAN_OPTIONS: detect_leaks=0
439 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
440 steps:
441 - uses: actions/checkout@v4
442 with:
443 fetch-depth: 5
444 submodules: recursive
445 ref: ${{ inputs.branch-name }}
446 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
447 - name: Fetch the binaries
448 uses: actions/download-artifact@v4
449 with:
450 name: pdns-auth-${{ env.normalized-branch-name }}
451 path: /opt/pdns-auth
452 - run: inv install-clang-runtime
453 - run: inv install-auth-test-deps
454 - run: inv test-ixfrdist
455 - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE
456 if: ${{ env.COVERAGE == 'yes' }}
457 - name: Coveralls Parallel ixfrdist
458 if: ${{ env.COVERAGE == 'yes' }}
459 uses: coverallsapp/github-action@v2
460 with:
461 flag-name: ixfrdist
462 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
463 parallel: true
464 allow-empty: true
465
466 test-recursor-api:
467 needs: build-recursor
468 runs-on: ubuntu-22.04
469 strategy:
470 matrix:
471 sanitizers: [ubsan+asan, tsan]
472 dist_name: [debian]
473 dist_release_name: [bookworm]
474 pdns_repo_version: ['48']
475 container:
476 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
477 env:
478 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
479 ASAN_OPTIONS: detect_leaks=0
480 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
481 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
482 steps:
483 - uses: actions/checkout@v4
484 with:
485 fetch-depth: 5
486 submodules: recursive
487 ref: ${{ inputs.branch-name }}
488 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
489 - name: Fetch the binaries
490 uses: actions/download-artifact@v4
491 with:
492 name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
493 path: /opt/pdns-recursor
494 - run: inv apt-fresh
495 - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
496 - run: inv install-clang-runtime
497 - run: inv install-rec-test-deps
498 - run: inv test-api recursor
499 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
500 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
501 - name: Coveralls Parallel recursor API
502 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
503 uses: coverallsapp/github-action@v2
504 with:
505 flag-name: rec-api
506 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
507 parallel: true
508 allow-empty: true
509
510 test-recursor-regression:
511 needs: build-recursor
512 runs-on: ubuntu-22.04
513 strategy:
514 matrix:
515 sanitizers: [ubsan+asan, tsan]
516 dist_name: [debian]
517 dist_release_name: [bookworm]
518 pdns_repo_version: ['48']
519 container:
520 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
521 env:
522 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
523 ASAN_OPTIONS: detect_leaks=0
524 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
525 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
526 steps:
527 # - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
528 - uses: actions/checkout@v4
529 with:
530 fetch-depth: 5
531 submodules: recursive
532 ref: ${{ inputs.branch-name }}
533 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
534 - name: Fetch the binaries
535 uses: actions/download-artifact@v4
536 with:
537 name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
538 path: /opt/pdns-recursor
539 - run: inv apt-fresh
540 - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
541 - run: inv install-clang-runtime
542 - run: inv install-rec-test-deps
543 - run: inv test-regression-recursor
544 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
545 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
546 - name: Coveralls Parallel recursor regression
547 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
548 uses: coverallsapp/github-action@v2
549 with:
550 flag-name: rec-regression
551 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
552 parallel: true
553 allow-empty: true
554
555 test-recursor-bulk:
556 name: 'test rec *mini* bulk'
557 needs: build-recursor
558 runs-on: ubuntu-22.04
559 strategy:
560 matrix:
561 sanitizers: [ubsan+asan, tsan]
562 threads: [1, 2, 3, 4, 8]
563 mthreads: [2048]
564 shards: [1, 2, 1024]
565 container:
566 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
567 env:
568 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
569 ASAN_OPTIONS: detect_leaks=0
570 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
571 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
572 steps:
573 - uses: actions/checkout@v4
574 with:
575 fetch-depth: 5
576 submodules: recursive
577 ref: ${{ inputs.branch-name }}
578 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
579 - name: Fetch the binaries
580 uses: actions/download-artifact@v4
581 with:
582 name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
583 path: /opt/pdns-recursor
584 - run: inv install-clang-runtime
585 - run: inv install-rec-bulk-deps
586 - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
587 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
588 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
589 - name: Coveralls Parallel recursor bulk
590 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
591 uses: coverallsapp/github-action@v2
592 with:
593 flag-name: rec-regression-bulk
594 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
595 parallel: true
596 allow-empty: true
597
598 test-dnsdist-regression:
599 needs: build-dnsdist
600 runs-on: ubuntu-22.04
601 strategy:
602 matrix:
603 sanitizers: [ubsan+asan, tsan]
604 container:
605 image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
606 env:
607 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
608 # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
609 ASAN_OPTIONS: detect_leaks=0:intercept_send=0
610 TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
611 # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
612 SKIP_INCLUDEDIR_TESTS: yes
613 SANITIZERS: ${{ matrix.sanitizers }}
614 COVERAGE: yes
615 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
616 steps:
617 - uses: actions/checkout@v4
618 with:
619 fetch-depth: 5
620 submodules: recursive
621 ref: ${{ inputs.branch-name }}
622 - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
623 - name: Fetch the binaries
624 uses: actions/download-artifact@v4
625 with:
626 name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
627 path: /opt/dnsdist
628 - run: inv install-clang-runtime
629 - run: inv install-dnsdist-test-deps
630 - run: inv test-dnsdist
631 - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
632 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
633 - name: Coveralls Parallel dnsdist regression
634 if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
635 uses: coverallsapp/github-action@v2
636 with:
637 flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
638 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
639 parallel: true
640 allow-empty: true
641
642 swagger-syntax-check:
643 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
644 runs-on: ubuntu-22.04
645 # FIXME: https://github.com/PowerDNS/pdns/pull/12880
646 # container:
647 # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
648 # options: --sysctl net.ipv6.conf.all.disable_ipv6=0
649 steps:
650 - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
651 - uses: actions/checkout@v4
652 with:
653 fetch-depth: 5
654 submodules: recursive
655 ref: ${{ inputs.branch-name }}
656 - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
657 - run: inv install-swagger-tools
658 - run: inv swagger-syntax-check
659
660 collect:
661 needs:
662 - build-auth
663 - build-dnsdist
664 - build-recursor
665 - swagger-syntax-check
666 - test-auth-api
667 - test-auth-backend
668 - test-dnsdist-regression
669 - test-ixfrdist
670 - test-recursor-api
671 - test-recursor-regression
672 - test-recursor-bulk
673 if: success() || failure()
674 runs-on: ubuntu-22.04
675 steps:
676 - name: Coveralls Parallel Finished
677 if: ${{ env.COVERAGE == 'yes' }}
678 uses: coverallsapp/github-action@v2
679 with:
680 parallel-finished: true
681 - name: Install jq and yq
682 run: "sudo snap install jq yq"
683 - name: Fail job if any of the previous jobs failed
684 run: "for i in `echo '${{ toJSON(needs) }}' | jq '.[].result' | tr -d '\"'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;"
685 - uses: actions/checkout@v4
686 with:
687 fetch-depth: 5
688 submodules: recursive
689 ref: ${{ inputs.branch-name }}
690 - name: Get list of jobs in the workflow
691 run: "yq e '.jobs | keys' .github/workflows/build-and-test-all.yml | awk '{print $2}' | grep -v collect | sort | tee /tmp/workflow-jobs-list.yml"
692 - name: Get list of prerequisite jobs
693 run: "echo '${{ toJSON(needs) }}' | jq 'keys | .[]' | tr -d '\"' | sort | tee /tmp/workflow-needs-list.yml"
694 - name: Fail if there is a job missing on the needs list
695 run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi"
696
697 # FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier
Unnamed repository; edit this file 'description' to name the repository.