path: /opt/pdns-auth
retention-days: 1
- build-recursor:
- name: build recursor
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- defaults:
- run:
- working-directory: ./pdns/recursordist/
- outputs:
- clang-tidy-recursor-failed: ${{ steps.clang-tidy-annotations.outputs.failed }}
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
- - run: ../../build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv apt-fresh
- - run: inv install-clang
- - run: inv install-clang-tidy-tools
- - run: inv install-rec-build-deps
- - run: inv ci-autoconf
- - run: inv ci-rec-configure
- - run: inv ci-rec-make-bear
- - run: ln -s ../../.clang-tidy.full .clang-tidy
- - name: Run clang-tidy
- run: git diff -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py | python3 /usr/bin/clang-tidy-diff-12.py -clang-tidy-binary /usr/bin/clang-tidy-12 -extra-arg=-ferror-limit=0 -p3 -export-fixes clang-tidy-rec.yml
- - name: Print clang-tidy fixes YAML
- shell: bash
- run: |
- if [ -f clang-tidy-rec.yml ]; then
- cat clang-tidy-rec.yml
- fi
- - name: Result annotations
- id: clang-tidy-annotations
- shell: bash
- run: |
- if [ -f clang-tidy-rec.yml ]; then
- set +e
- python ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-rec.yml
- echo "failed=$?" >> $GITHUB_OUTPUT
- fi
- - run: inv ci-rec-run-unit-tests
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- retention-days: 1
-
- build-dnsdist:
- name: build dnsdist
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- features: [least, full]
- exclude:
- - sanitizers: tsan
- features: least
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- defaults:
- run:
- working-directory: ./pdns/dnsdistdist/
- outputs:
- clang-tidy-dnsdist-failed: ${{ steps.clang-tidy-annotations.outputs.failed }}
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- - run: ../../build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv apt-fresh
- - run: inv install-clang
- - run: inv install-clang-tidy-tools
- - run: inv install-dnsdist-build-deps
- - run: inv ci-autoconf
- - run: inv ci-dnsdist-configure ${{ matrix.features }}
- - run: inv ci-dnsdist-make-bear
- - run: ln -s ../../.clang-tidy.full .clang-tidy
- - name: Run clang-tidy
- run: git diff -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py | python3 /usr/bin/clang-tidy-diff-12.py -clang-tidy-binary /usr/bin/clang-tidy-12 -extra-arg=-ferror-limit=0 -p3 -export-fixes clang-tidy-dnsdist.yml
- - name: Print clang-tidy fixes YAML
- shell: bash
- run: |
- if [ -f clang-tidy-dnsdist.yml ]; then
- cat clang-tidy-dnsdist.yml
- fi
- - name: Result annotations
- id: clang-tidy-annotations
- shell: bash
- run: |
- if [ -f clang-tidy-dnsdist.yml ]; then
- set +e
- python ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-dnsdist.yml
- echo "failed=$?" >> $GITHUB_OUTPUT
- fi
- - run: inv ci-dnsdist-run-unit-tests
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}
- path: /opt/dnsdist
- retention-days: 1
-
test-auth-api:
needs: build-auth
runs-on: ubuntu-20.04
- run: inv install-auth-test-deps
- run: inv test-ixfrdist
- test-recursor-api:
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv add-auth-repo # FIXME: do we need this for rec API testing?
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-api recursor
-
- test-recursor-regression:
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv add-auth-repo
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-regression-recursor
-
- test-recursor-bulk:
- name: 'test rec *mini* bulk'
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- threads: [1, 2, 3, 4, 8]
- mthreads: [2048]
- shards: [1, 2, 1024]
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-rec-bulk-deps
- - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
-
- test-dnsdist-regression:
- needs: build-dnsdist
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
- ASAN_OPTIONS: detect_leaks=0:intercept_send=0
- TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ github.workspace }}/pdns/dnsdistdist/dnsdist-tsan.supp"
- # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
- SKIP_INCLUDEDIR_TESTS: yes
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: dnsdist-full-${{ matrix.sanitizers }}
- path: /opt/dnsdist
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-dnsdist-test-deps
- - run: inv test-dnsdist
-
swagger-syntax-check:
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-20.04
- run: inv swagger-syntax-check
check-clang-tidy:
- needs: [build-auth, build-dnsdist, build-recursor]
+ needs: [build-auth]
runs-on: ubuntu-20.04
name: Check whether clang-tidy succeeded
steps:
- run: |
- if [ ${{ needs.build-auth.outputs.clang-tidy-auth-failed }} != 0 -o ${{ needs.build-dnsdist.outputs.clang-tidy-dnsdist-failed }} != 0 -o ${{ needs.build-recursor.outputs.clang-tidy-recursor-failed }} != 0 ]; then
+ if [ ${{ needs.build-auth.outputs.clang-tidy-auth-failed }} != 0 ]; then
exit 1
fi
collect:
needs:
- build-auth
- - build-dnsdist
- - build-recursor
- swagger-syntax-check
- test-auth-api
- test-auth-backend
- - test-dnsdist-regression
- test-ixfrdist
- - test-recursor-api
- - test-recursor-regression
- - test-recursor-bulk
- check-clang-tidy
if: success() || failure()
runs-on: ubuntu-20.04
+++ /dev/null
----
-name: 'Documentation'
-
-on:
- push:
- branches: [master]
- pull_request:
- branches: [master]
-
-permissions:
- contents: read
-
-jobs:
- build-upload-docs:
- name: Build and upload docs
- runs-on: ubuntu-20.04
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade # this runs apt update
- - run: inv install-doc-deps
- - run: inv install-doc-deps-pdf
-
- - id: get-version
- run: echo "pdns_version=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
- - id: setup-ssh
- run: |-
- inv ci-docs-add-ssh --ssh-key="$SSH_KEY" --host-key="$HOST_KEY"
- echo "have_ssh_key=yes" >> $GITHUB_OUTPUT
- env:
- SSH_KEY: ${{secrets.WEB1_DOCS_SECRET}}
- HOST_KEY: ${{vars.WEB1_HOSTKEY}}
- if: ${{github.ref_name == 'master' && env.SSH_KEY != ''}}
-
- # Auth
- - run: inv ci-docs-build
- - run: mv html auth-html-docs
- working-directory: ./docs/_build
- - run: tar cf auth-html-docs.tar auth-html-docs
- working-directory: ./docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: authoritative-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./docs/_build/auth-html-docs.tar
- - run: bzip2 auth-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./docs/_build
- - run: inv ci-docs-build-pdf
- - uses: actions/upload-artifact@v3
- with:
- name: PowerDNS-Authoritative-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./docs/_build/latex/PowerDNS-Authoritative.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Authoritative.pdf" --username="docs_powerdns_com" --product="auth" --directory="/${AUTH_DOCS_DIR}/"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- AUTH_DOCS_DIR: ${{vars.AUTH_DOCS_DIR}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
-
- # Rec
- - run: inv ci-docs-build
- working-directory: ./pdns/recursordist
- - run: mv html rec-html-docs
- working-directory: ./pdns/recursordist/docs/_build
- - run: tar cf rec-html-docs.tar rec-html-docs
- working-directory: ./pdns/recursordist/docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: recursor-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./pdns/recursordist/docs/_build/rec-html-docs.tar
- - run: bzip2 rec-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./pdns/recursordist/docs/_build
- - run: inv ci-docs-build-pdf
- working-directory: ./pdns/recursordist
- - uses: actions/upload-artifact@v3
- with:
- name: PowerDNS-Recursor-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Recursor.pdf" --username="docs_powerdns_com" --product="rec" --directory="/${REC_DOCS_DIR}/"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- REC_DOCS_DIR: ${{vars.REC_DOCS_DIR}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
- working-directory: ./pdns/recursordist
-
- # DNSdist
- - run: inv ci-docs-build
- working-directory: ./pdns/dnsdistdist
- - run: mv html dnsdist-html-docs
- working-directory: ./pdns/dnsdistdist/docs/_build
- - run: tar cf dnsdist-html-docs.tar dnsdist-html-docs
- working-directory: ./pdns/dnsdistdist/docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: dnsdist-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs.tar
- - run: bzip2 dnsdist-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./pdns/dnsdistdist/docs/_build
- - run: inv ci-docs-build-pdf
- working-directory: ./pdns/dnsdistdist
- - uses: actions/upload-artifact@v3
- with:
- name: dnsdist-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="dnsdist.pdf" --username="dnsdist_org" --product="dnsdist"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
- working-directory: ./pdns/dnsdistdist
- name: Check if Debian is about to toss us off a balcony
run: ./build-scripts/check-debian-autoremovals.py
-
- coverity-auth:
- name: coverity scan of the auth
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_auth_token }}
- FUZZING_TARGETS: no
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-auth-build-deps
- - run: inv install-coverity-tools PowerDNS
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- - run: inv ci-auth-configure
- - run: inv coverity-make
- - run: inv coverity-tarball auth.tar.bz2
- - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
-
- coverity-dnsdist:
- name: coverity scan of dnsdist
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-dnsdist-build-deps
- - run: inv install-coverity-tools dnsdist
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure full
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-make
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-tarball dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
-
- coverity-rec:
- name: coverity scan of the rec
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_rec_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-rec-build-deps
- - run: inv install-coverity-tools 'PowerDNS+Recursor'
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/recursordist/
- - run: inv ci-rec-configure
- working-directory: ./pdns/recursordist/
- - run: inv coverity-make
- working-directory: ./pdns/recursordist/
- - run: inv coverity-tarball recursor.tar.bz2
- working-directory: ./pdns/recursordist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
- working-directory: ./pdns/recursordist/
projects / thirdparty / pdns.git / commitdiff
