DECAF_SUPPORT: yes
jobs:
- build-auth:
- name: build auth
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- ASAN_OPTIONS: detect_leaks=0
- FUZZING_TARGETS: yes
- SANITIZERS: asan+ubsan
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- defaults:
- run:
- working-directory: ./pdns-${{ env.BUILDER_VERSION }}
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- working-directory: .
- - run: mkdir -p ~/.ccache
- working-directory: .
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: auth-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: auth-ccache-
- - run: inv ci-autoconf
- working-directory: .
- - run: inv ci-auth-configure
- working-directory: .
- - run: inv ci-make-distdir
- working-directory: .
- - run: inv ci-auth-configure
- - run: inv ci-auth-make-bear # This runs under pdns-$BUILDER_VERSION/pdns/
- - run: inv ci-auth-install-remotebackend-test-deps
- - run: inv ci-auth-run-unit-tests
- - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' }}
- working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns
- - name: Coveralls Parallel auth unit
- if: ${{ env.COVERAGE == 'yes' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: auth-unit-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- retention-days: 1
-
build-recursor:
name: build recursor
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
path: /opt/pdns-recursor
retention-days: 1
- build-dnsdist:
- name: build dnsdist
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- features: [least, full]
- exclude:
- - sanitizers: tsan
- features: least
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- FUZZING_TARGETS: yes
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- defaults:
- run:
- working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- working-directory: .
- - run: mkdir -p ~/.ccache
- working-directory: .
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- - run: inv ci-install-rust ${{ env.REPO_HOME }}
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-autoconf
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure ${{ matrix.features }}
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-make-distdir
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure ${{ matrix.features }}
- - run: inv ci-dnsdist-make-bear
- - run: inv ci-dnsdist-run-unit-tests
- - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel dnsdist unit
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}
- path: /opt/dnsdist
- retention-days: 1
-
- test-auth-api:
- needs: build-auth
- runs-on: ubuntu-20.04
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
- AUTH_BACKEND_IP_ADDR: "172.17.0.1"
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- strategy:
- matrix:
- include:
- - backend: gsqlite3
- image: coscale/docker-sleep
- - backend: gmysql
- image: mysql:5
- - backend: gpgsql
- image: postgres:9
- - backend: lmdb
- image: coscale/docker-sleep
- fail-fast: false
- services:
- database:
- image: ${{ matrix.image }}
- env:
- POSTGRES_USER: runner
- POSTGRES_HOST_AUTH_METHOD: trust
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - 5432:5432
- # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
- options: >-
- --restart always
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- - run: inv apt-fresh
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps -b ${{ matrix.backend }}
- - run: inv test-api auth -b ${{ matrix.backend }}
- - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' }}
- - name: Coveralls Parallel auth API ${{ matrix.backend }}
- if: ${{ env.COVERAGE == 'yes' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: auth-api-${{ matrix.backend }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- test-auth-backend:
- needs: build-auth
- runs-on: ubuntu-20.04
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- LDAPHOST: ldap://ldapserver/
- ODBCINI: /github/home/.odbc.ini
- AUTH_BACKEND_IP_ADDR: "172.17.0.1"
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- strategy:
- matrix:
- include:
- - backend: remote
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: gmysql
- image: mysql:5
- env:
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - backend: gmysql
- image: mariadb:10
- env:
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - backend: gpgsql
- image: postgres:9
- env:
- POSTGRES_USER: runner
- POSTGRES_HOST_AUTH_METHOD: trust
- ports:
- - 5432:5432
- - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: lmdb
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: bind
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: geoip
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: lua2
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: tinydns
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: authpy
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: godbc_sqlite3
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: godbc_mssql
- image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
- env:
- ACCEPT_EULA: Y
- SA_PASSWORD: 'SAsa12%%'
- ports:
- - 1433:1433
- - backend: ldap
- image: powerdns/ldap-regress:1.2.4-1
- env:
- LDAP_LOG_LEVEL: 0
- CONTAINER_LOG_LEVEL: 4
- ports:
- - 389:389
- - backend: geoip_mmdb
- image: coscale/docker-sleep
- env: {}
- ports: []
- fail-fast: false
- services:
- database:
- image: ${{ matrix.image }}
- env: ${{ matrix.env }}
- ports: ${{ matrix.ports }}
- # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
- options: >-
- --restart always
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- # FIXME: install recursor for backends that have ALIAS
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps -b ${{ matrix.backend }}
- - run: inv test-auth-backend -b ${{ matrix.backend }}
- - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' }}
- - name: Coveralls Parallel auth backend ${{ matrix.backend }}
- if: ${{ env.COVERAGE == 'yes' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: auth-backend-${{ matrix.backend }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- test-ixfrdist:
- needs: build-auth
- runs-on: ubuntu-20.04
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps
- - run: inv test-ixfrdist
- - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' }}
- - name: Coveralls Parallel ixfrdist
- if: ${{ env.COVERAGE == 'yes' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: ixfrdist
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
test-recursor-api:
needs: build-recursor
runs-on: ubuntu-20.04
parallel: true
allow-empty: true
- test-dnsdist-regression:
- needs: build-dnsdist
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
- ASAN_OPTIONS: detect_leaks=0:intercept_send=0
- TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
- # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
- SKIP_INCLUDEDIR_TESTS: yes
- SANITIZERS: ${{ matrix.sanitizers }}
- COVERAGE: yes
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: dnsdist-full-${{ matrix.sanitizers }}
- path: /opt/dnsdist
- - run: inv install-clang-runtime
- - run: inv install-dnsdist-test-deps
- - run: inv test-dnsdist
- - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel dnsdist regression
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- swagger-syntax-check:
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- # FIXME: https://github.com/PowerDNS/pdns/pull/12880
- # container:
- # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
- # options: --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-swagger-tools
- - run: inv swagger-syntax-check
-
collect:
needs:
- - build-auth
- - build-dnsdist
- build-recursor
- - swagger-syntax-check
- - test-auth-api
- - test-auth-backend
- - test-dnsdist-regression
- - test-ixfrdist
- test-recursor-api
- test-recursor-regression
- test-recursor-bulk
+++ /dev/null
-# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p
-# spelling2.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq
-name: Spell checking
-
-on:
- push:
- branches:
- - "**"
- tags-ignore:
- - "**"
- pull_request:
- branches:
- - "**"
- types:
- - 'opened'
- - 'reopened'
- - 'synchronize'
-
-jobs:
- spelling:
- name: Spell checking
- permissions:
- # contents-read is needed to checkout in private repositories
- contents: read
- # actions-read is needed (possibly only for private repositories)
- # to identify the workflow's filename until
- # https://github.com/actions/runner/issues/853 is fixed
- actions: read
- # security-events-write is needed according to the documentation:
- # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions
- security-events: write
- outputs:
- followup: ${{ steps.spelling.outputs.followup }}
- runs-on: ubuntu-latest
- if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }}
- concurrency:
- group: spelling-${{ github.event.pull_request.number || github.ref }}
- # note: If you use only_check_changed_files, you do not want cancel-in-progress
- cancel-in-progress: true
- steps:
- - name: check-spelling
- id: spelling
- uses: check-spelling/check-spelling@v0.0.22
- with:
- config: .github/actions/spell-check
- suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }}
- checkout: true
- spell_check_this: powerdns/pdns@master
- post_comment: 0
- warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check
- use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }}
- extra_dictionaries:
- cspell:software-terms/dict/softwareTerms.txt
- cspell:node/dict/node.txt
- cspell:python/src/common/extra.txt
- cspell:php/dict/php.txt
- cspell:python/src/python/python-lib.txt
- cspell:golang/dict/go.txt
- cspell:fullstack/dict/fullstack.txt
- cspell:k8s/dict/k8s.txt
- cspell:aws/aws.txt
- cspell:cpp/src/stdlib-cpp.txt
- cspell:filetypes/filetypes.txt
- cspell:python/src/python/python.txt
- cspell:django/dict/django.txt
- cspell:typescript/dict/typescript.txt
- cspell:dotnet/dict/dotnet.txt
- cspell:html/dict/html.txt
- cspell:cpp/src/lang-keywords.txt
- cspell:lua/dict/lua.txt
- cspell:latex/dict/latex.txt
- check_extra_dictionaries: ''