2 name: 'Build and test everything'
10 permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
16 # github.workspace variable points to the Runner home folder. Container home folder defined below.
17 REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}'
18 BUILDER_VERSION: '0.0.0-git1'
20 LLVM_PROFILE_FILE: "/tmp/code-%p.profraw"
27 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
30 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
32 ASAN_OPTIONS: detect_leaks=0
34 SANITIZERS: asan+ubsan
35 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
37 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
40 working-directory: ./pdns-${{ env.BUILDER_VERSION }}
42 - uses: actions/checkout@v4
46 - name: get timestamp for cache
49 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
52 - run: mkdir -p ~/.ccache
54 - name: let GitHub cache our ccache data
55 uses: actions/cache@v3
58 key: auth-ccache-${{ steps.get-stamp.outputs.stamp }}
59 restore-keys: auth-ccache-
60 - run: inv ci-autoconf
62 - run: inv ci-auth-configure
64 - run: inv ci-make-distdir
66 - run: inv ci-auth-configure
67 - run: inv ci-auth-make-bear # This runs under pdns-$BUILDER_VERSION/pdns/
68 - run: inv ci-auth-install-remotebackend-test-deps
69 - run: inv ci-auth-run-unit-tests
70 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
71 working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns
72 - name: Coveralls Parallel auth unit
73 uses: coverallsapp/github-action@v2
75 flag-name: auth-unit-${{ matrix.sanitizers }}
76 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
79 - run: inv ci-make-install
81 - name: Store the binaries
82 uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
90 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
94 sanitizers: [ubsan+asan, tsan]
96 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
98 ASAN_OPTIONS: detect_leaks=0
99 SANITIZERS: ${{ matrix.sanitizers }}
100 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
102 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
105 working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
107 - uses: actions/checkout@v4
110 submodules: recursive
111 - name: get timestamp for cache
114 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
117 - run: mkdir -p ~/.ccache
119 - name: let GitHub cache our ccache data
120 uses: actions/cache@v3
123 key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
124 restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
125 - run: inv ci-install-rust ${{ env.REPO_HOME }}
126 working-directory: ./pdns/recursordist/
127 - run: inv ci-autoconf
128 working-directory: ./pdns/recursordist/
129 - run: inv ci-rec-configure
130 working-directory: ./pdns/recursordist/
131 - run: inv ci-make-distdir
132 working-directory: ./pdns/recursordist/
133 - run: inv ci-rec-configure
134 - run: inv ci-rec-make-bear
135 - run: inv ci-rec-run-unit-tests
136 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
137 if: ${{ matrix.sanitizers != 'tsan' }}
138 - name: Coveralls Parallel rec unit
139 if: ${{ matrix.sanitizers != 'tsan' }}
140 uses: coverallsapp/github-action@v2
142 flag-name: rec-unit-${{ matrix.sanitizers }}
143 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
146 - run: inv ci-make-install
148 - name: Store the binaries
149 uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
151 name: pdns-recursor-${{ matrix.sanitizers }}
152 path: /opt/pdns-recursor
157 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
158 runs-on: ubuntu-20.04
161 sanitizers: [ubsan+asan, tsan]
162 features: [least, full]
167 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
169 ASAN_OPTIONS: detect_leaks=0
170 SANITIZERS: ${{ matrix.sanitizers }}
171 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
174 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
177 working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
179 - uses: actions/checkout@v4
182 submodules: recursive
183 - name: get timestamp for cache
186 echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
189 - run: mkdir -p ~/.ccache
191 - name: let GitHub cache our ccache data
192 uses: actions/cache@v3
195 key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
196 restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
197 - run: inv ci-install-rust ${{ env.REPO_HOME }}
198 working-directory: ./pdns/dnsdistdist/
199 - run: inv ci-build-and-install-quiche
200 working-directory: ./pdns/dnsdistdist/
201 - run: inv ci-autoconf
202 working-directory: ./pdns/dnsdistdist/
203 - run: inv ci-dnsdist-configure ${{ matrix.features }}
204 working-directory: ./pdns/dnsdistdist/
205 - run: inv ci-make-distdir
206 working-directory: ./pdns/dnsdistdist/
207 - run: inv ci-dnsdist-configure ${{ matrix.features }}
208 - run: inv ci-dnsdist-make-bear
209 - run: inv ci-dnsdist-run-unit-tests
210 - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
211 if: ${{ matrix.sanitizers != 'tsan' }}
212 - name: Coveralls Parallel dnsdist unit
213 if: ${{ matrix.sanitizers != 'tsan' }}
214 uses: coverallsapp/github-action@v2
216 flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
217 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
220 - run: inv ci-make-install
222 - name: Store the binaries
223 uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
225 name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}
231 runs-on: ubuntu-20.04
233 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
235 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
236 ASAN_OPTIONS: detect_leaks=0
237 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
238 AUTH_BACKEND_IP_ADDR: "172.17.0.1"
239 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
244 image: coscale/docker-sleep
250 image: coscale/docker-sleep
254 image: ${{ matrix.image }}
256 POSTGRES_USER: runner
257 POSTGRES_HOST_AUTH_METHOD: trust
258 MYSQL_ALLOW_EMPTY_PASSWORD: 1
262 # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
266 - uses: actions/checkout@v4
269 submodules: recursive
270 - name: Fetch the binaries
271 uses: actions/download-artifact@v3
276 - run: inv install-clang-runtime
277 - run: inv install-auth-test-deps -b ${{ matrix.backend }}
278 - run: inv test-api auth -b ${{ matrix.backend }}
279 - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
280 - name: Coveralls Parallel auth API ${{ matrix.backend }}
281 uses: coverallsapp/github-action@v2
283 flag-name: auth-api-${{ matrix.backend }}
284 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
290 runs-on: ubuntu-20.04
292 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
294 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
295 ASAN_OPTIONS: detect_leaks=0
296 LDAPHOST: ldap://ldapserver/
297 ODBCINI: /github/home/.odbc.ini
298 AUTH_BACKEND_IP_ADDR: "172.17.0.1"
299 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
304 image: coscale/docker-sleep
310 MYSQL_ALLOW_EMPTY_PASSWORD: 1
316 MYSQL_ALLOW_EMPTY_PASSWORD: 1
322 POSTGRES_USER: runner
323 POSTGRES_HOST_AUTH_METHOD: trust
326 - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms
327 image: coscale/docker-sleep
331 image: coscale/docker-sleep
335 image: coscale/docker-sleep
339 image: coscale/docker-sleep
343 image: coscale/docker-sleep
347 image: coscale/docker-sleep
351 image: coscale/docker-sleep
354 - backend: godbc_sqlite3
355 image: coscale/docker-sleep
358 - backend: godbc_mssql
359 image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
362 SA_PASSWORD: 'SAsa12%%'
366 image: powerdns/ldap-regress:1.2.4-1
369 CONTAINER_LOG_LEVEL: 4
372 - backend: geoip_mmdb
373 image: coscale/docker-sleep
379 image: ${{ matrix.image }}
380 env: ${{ matrix.env }}
381 ports: ${{ matrix.ports }}
382 # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
386 - uses: actions/checkout@v4
389 submodules: recursive
390 - name: Fetch the binaries
391 uses: actions/download-artifact@v3
395 # FIXME: install recursor for backends that have ALIAS
396 - run: inv install-clang-runtime
397 - run: inv install-auth-test-deps -b ${{ matrix.backend }}
398 - run: inv test-auth-backend -b ${{ matrix.backend }}
399 - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
400 - name: Coveralls Parallel auth backend ${{ matrix.backend }}
401 uses: coverallsapp/github-action@v2
403 flag-name: auth-backend-${{ matrix.backend }}
404 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
410 runs-on: ubuntu-20.04
412 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
414 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
415 ASAN_OPTIONS: detect_leaks=0
416 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
418 - uses: actions/checkout@v4
421 submodules: recursive
422 - name: Fetch the binaries
423 uses: actions/download-artifact@v3
427 - run: inv install-clang-runtime
428 - run: inv install-auth-test-deps
429 - run: inv test-ixfrdist
430 - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE
431 - name: Coveralls Parallel ixfrdist
432 uses: coverallsapp/github-action@v2
435 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
440 needs: build-recursor
441 runs-on: ubuntu-20.04
444 sanitizers: [ubsan+asan, tsan]
446 dist_release_name: [bullseye]
447 pdns_repo_version: ['45']
449 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
451 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
452 ASAN_OPTIONS: detect_leaks=0
453 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
454 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
456 - uses: actions/checkout@v4
459 submodules: recursive
460 - name: Fetch the binaries
461 uses: actions/download-artifact@v3
463 name: pdns-recursor-${{ matrix.sanitizers }}
464 path: /opt/pdns-recursor
466 - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
467 - run: inv install-clang-runtime
468 - run: inv install-rec-test-deps
469 - run: inv test-api recursor
470 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
471 if: ${{ matrix.sanitizers != 'tsan' }}
472 - name: Coveralls Parallel recursor API
473 if: ${{ matrix.sanitizers != 'tsan' }}
474 uses: coverallsapp/github-action@v2
477 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
481 test-recursor-regression:
482 needs: build-recursor
483 runs-on: ubuntu-20.04
486 sanitizers: [ubsan+asan, tsan]
488 dist_release_name: [bullseye]
489 pdns_repo_version: ['48']
491 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
493 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
494 ASAN_OPTIONS: detect_leaks=0
495 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
496 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
498 # - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
499 - uses: actions/checkout@v4
502 submodules: recursive
503 - name: Fetch the binaries
504 uses: actions/download-artifact@v3
506 name: pdns-recursor-${{ matrix.sanitizers }}
507 path: /opt/pdns-recursor
509 - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
510 - run: inv install-clang-runtime
511 - run: inv install-rec-test-deps
512 - run: inv test-regression-recursor
513 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
514 if: ${{ matrix.sanitizers != 'tsan' }}
515 - name: Coveralls Parallel recursor regression
516 if: ${{ matrix.sanitizers != 'tsan' }}
517 uses: coverallsapp/github-action@v2
519 flag-name: rec-regression
520 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
525 name: 'test rec *mini* bulk'
526 needs: build-recursor
527 runs-on: ubuntu-20.04
530 sanitizers: [ubsan+asan, tsan]
531 threads: [1, 2, 3, 4, 8]
535 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
537 UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
538 ASAN_OPTIONS: detect_leaks=0
539 TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
540 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
542 - uses: actions/checkout@v4
545 submodules: recursive
546 - name: Fetch the binaries
547 uses: actions/download-artifact@v3
549 name: pdns-recursor-${{ matrix.sanitizers }}
550 path: /opt/pdns-recursor
551 - run: inv install-clang-runtime
552 - run: inv install-rec-bulk-deps
553 - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
554 - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
555 if: ${{ matrix.sanitizers != 'tsan' }}
556 - name: Coveralls Parallel recursor bulk
557 if: ${{ matrix.sanitizers != 'tsan' }}
558 uses: coverallsapp/github-action@v2
560 flag-name: rec-regression-bulk
561 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
565 test-dnsdist-regression:
567 runs-on: ubuntu-20.04
570 sanitizers: [ubsan+asan, tsan]
572 image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
574 UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
575 # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
576 ASAN_OPTIONS: detect_leaks=0:intercept_send=0
577 TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
578 # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
579 SKIP_INCLUDEDIR_TESTS: yes
580 SANITIZERS: ${{ matrix.sanitizers }}
582 options: --sysctl net.ipv6.conf.all.disable_ipv6=0
584 - uses: actions/checkout@v4
587 submodules: recursive
588 - name: Fetch the binaries
589 uses: actions/download-artifact@v3
591 name: dnsdist-full-${{ matrix.sanitizers }}
593 - run: inv install-clang-runtime
594 - run: inv install-dnsdist-test-deps
595 - run: inv test-dnsdist
596 - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
597 if: ${{ matrix.sanitizers != 'tsan' }}
598 - name: Coveralls Parallel dnsdist regression
599 if: ${{ matrix.sanitizers != 'tsan' }}
600 uses: coverallsapp/github-action@v2
602 flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
603 path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
607 swagger-syntax-check:
608 if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
609 runs-on: ubuntu-20.04
610 # FIXME: https://github.com/PowerDNS/pdns/pull/12880
612 # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
613 # options: --sysctl net.ipv6.conf.all.disable_ipv6=0
615 - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
616 - uses: actions/checkout@v4
619 submodules: recursive
620 - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
621 - run: inv install-swagger-tools
622 - run: inv swagger-syntax-check
629 - swagger-syntax-check
632 - test-dnsdist-regression
635 - test-recursor-regression
637 if: success() || failure()
638 runs-on: ubuntu-20.04
640 - name: Coveralls Parallel Finished
641 uses: coverallsapp/github-action@v2
643 parallel-finished: true
644 - name: Install jq and yq
645 run: "sudo snap install jq yq"
646 - name: Fail job if any of the previous jobs failed
647 run: "for i in `echo '${{ toJSON(needs) }}' | jq '.[].result' | tr -d '\"'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;"
648 - uses: actions/checkout@v4
651 submodules: recursive
652 - name: Get list of jobs in the workflow
653 run: "yq e '.jobs | keys' .github/workflows/build-and-test-all.yml | awk '{print $2}' | grep -v collect | sort | tee /tmp/workflow-jobs-list.yml"
654 - name: Get list of prerequisite jobs
655 run: "echo '${{ toJSON(needs) }}' | jq 'keys | .[]' | tr -d '\"' | sort | tee /tmp/workflow-needs-list.yml"
656 - name: Fail if there is a job missing on the needs list
657 run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi"
659 # FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier