contents: read
jobs:
- build-auth:
- name: build auth
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- env:
- ASAN_OPTIONS: detect_leaks=0
- FUZZING_TARGETS: yes
- SANITIZERS: asan+ubsan
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: auth-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: auth-ccache-
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-auth-build-deps
- - run: inv ci-autoconf
- - run: inv ci-auth-configure
- - run: inv ci-auth-make
- - run: inv ci-auth-install-remotebackend-test-deps
- - run: inv ci-auth-run-unit-tests
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- retention-days: 1
-
- build-recursor:
- name: build recursor
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- defaults:
- run:
- working-directory: ./pdns/recursordist/
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- - name: let GitHub cache our ccache data
- uses: actions/cache@v3
- with:
- path: ~/.ccache
- key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
- - run: ../../build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv apt-fresh
- - run: inv install-clang
- - run: inv install-rec-build-deps
- - run: inv ci-autoconf
- - run: inv ci-rec-configure
- - run: inv ci-rec-make
- - run: inv ci-rec-run-unit-tests
- - run: inv ci-make-install
- - run: ccache -s
- - name: Store the binaries
- uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- retention-days: 1
-
build-dnsdist:
name: build dnsdist
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
path: /opt/dnsdist
retention-days: 1
- test-auth-api:
- needs: build-auth
- runs-on: ubuntu-20.04
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/dnsdistdist/dnsdist-tsan.supp"
- strategy:
- matrix:
- include:
- - backend: gsqlite3
- image: coscale/docker-sleep
- - backend: gmysql
- image: mysql:5
- - backend: gpgsql
- image: postgres:9
- - backend: lmdb
- image: coscale/docker-sleep
- fail-fast: false
- services:
- database:
- image: ${{ matrix.image }}
- env:
- POSTGRES_USER: runner
- POSTGRES_HOST_AUTH_METHOD: trust
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - 5432:5432
- # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
- options: >-
- --restart always
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- # - name: Setup upterm session
- # uses: lhotari/action-upterm@v1
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps -b ${{ matrix.backend }}
- - run: inv test-api auth -b ${{ matrix.backend }}
-
- test-auth-backend:
- needs: build-auth
- runs-on: ubuntu-20.04
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- LDAPHOST: ldap://ldapserver/
- strategy:
- matrix:
- include:
- - backend: remote
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: gmysql
- image: mysql:5
- env:
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - backend: gmysql
- image: mariadb:10
- env:
- MYSQL_ALLOW_EMPTY_PASSWORD: 1
- ports:
- - 3306:3306
- - backend: gpgsql
- image: postgres:9
- env:
- POSTGRES_USER: runner
- POSTGRES_HOST_AUTH_METHOD: trust
- ports:
- - 5432:5432
- - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: lmdb
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: bind
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: geoip
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: lua2
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: tinydns
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: authpy
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: godbc_sqlite3
- image: coscale/docker-sleep
- env: {}
- ports: []
- - backend: godbc_mssql
- image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
- env:
- ACCEPT_EULA: Y
- SA_PASSWORD: 'SAsa12%%'
- ports:
- - 1433:1433
- - backend: ldap
- image: powerdns/ldap-regress:1.2.4-1
- env:
- LDAP_LOG_LEVEL: 0
- CONTAINER_LOG_LEVEL: 4
- ports:
- - 389:389
- - backend: geoip_mmdb
- image: coscale/docker-sleep
- env: {}
- ports: []
- fail-fast: false
- services:
- database:
- image: ${{ matrix.image }}
- env: ${{ matrix.env }}
- ports: ${{ matrix.ports }}
- # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
- options: >-
- --restart always
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- # - name: Setup upterm session
- # uses: lhotari/action-upterm@v1
- # FIXME: install recursor for backends that have ALIAS
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps -b ${{ matrix.backend }}
- - run: inv test-auth-backend -b ${{ matrix.backend }}
-
- test-ixfrdist:
- needs: build-auth
- runs-on: ubuntu-20.04
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-auth
- path: /opt/pdns-auth
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-auth-test-deps
- - run: inv test-ixfrdist
-
- test-recursor-api:
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv add-auth-repo # FIXME: do we need this for rec API testing?
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-api recursor
-
- test-recursor-regression:
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv add-auth-repo
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-regression-recursor
-
- test-recursor-bulk:
- name: 'test rec *mini* bulk'
- needs: build-recursor
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- threads: [1, 2, 3, 4, 8]
- mthreads: [2048]
- shards: [1, 2, 1024]
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ github.workspace }}/pdns/recursordist/recursor-tsan.supp"
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - name: Fetch the binaries
- uses: actions/download-artifact@v3
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}
- path: /opt/pdns-recursor
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang-runtime
- - run: inv install-rec-bulk-deps
- - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
-
test-dnsdist-regression:
needs: build-dnsdist
runs-on: ubuntu-20.04
- run: inv install-dnsdist-test-deps
- run: inv test-dnsdist
- swagger-syntax-check:
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-20.04
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-swagger-tools
- - run: inv swagger-syntax-check
-
collect:
needs:
- - build-auth
- build-dnsdist
- - build-recursor
- - swagger-syntax-check
- - test-auth-api
- - test-auth-backend
- test-dnsdist-regression
- - test-ixfrdist
- - test-recursor-api
- - test-recursor-regression
- - test-recursor-bulk
if: success() || failure()
runs-on: ubuntu-20.04
steps:
+++ /dev/null
----
-name: Trigger specific package build
-
-on:
- workflow_dispatch:
- inputs:
- product:
- description: Product to build
- type: choice
- options:
- - authoritative
- - recursor
- - dnsdist
- os:
- description: OSes to build for, space separated
- type: string
- default: >
- el-7
- el-8
- el-9
- debian-buster
- debian-bullseye
- ubuntu-bionic
- ubuntu-focal
- ubuntu-jammy
- ref:
- description: git ref to checkout
- type: string
- default: master
- is_release:
- description: is this a release build?
- type: choice
- options:
- - 'NO'
- - 'YES'
-
-permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
- contents: read
-
-jobs:
- prepare:
- name: generate OS list
- runs-on: ubuntu-20.04
- outputs:
- oslist: ${{ steps.get-oslist.outputs.oslist }}
- steps:
- # instead of jo, we could use jq here, which avoids running apt, and thus would be faster.
- # but, as this whole workflow needs at least 30 minutes to run, I prefer spending a few seconds here
- # so that the command remains readable, because jo is simpler to use.
- - run: sudo apt-get update && sudo apt-get -y install jo
- - id: get-oslist
- run: echo "oslist=$(jo -a ${{ github.event.inputs.os }})" >> "$GITHUB_OUTPUT"
-
- build:
- needs: prepare
- name: build ${{ github.event.inputs.product }} (${{ github.event.inputs.ref }}) for ${{ matrix.os }}
- # on a ubuntu-20.04 VM
- runs-on: ubuntu-20.04
- strategy:
- matrix:
- os: ${{fromJson(needs.prepare.outputs.oslist)}}
- fail-fast: false
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 0 # for correct version numbers
- submodules: recursive
- ref: ${{ github.event.inputs.ref }}
- # this builds packages and runs our unit tests (make check)
- - run: IS_RELEASE=${{ github.event.inputs.is_release}} builder/build.sh -v -m ${{ github.event.inputs.product }} ${{ matrix.os }}
- - name: Get version number
- run: 'echo ::set-output name=version::$(readlink builder/tmp/latest)'
- id: getversion
- - name: Upload packages as GH artifacts
- uses: actions/upload-artifact@v3
- with:
- name: ${{ github.event.inputs.product }}-${{ matrix.os }}-${{ steps.getversion.outputs.version }}
- path: built_pkgs/
- retention-days: 7
- - name: Upload packages to downloads.powerdns.com
- env:
- SSHKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }}
- RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }}
- HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }}
- if:
- "${{ env.SSHKEY != '' }}"
- run: |
- mkdir -m 700 -p ~/.ssh
- echo "$SSHKEY" > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- echo "$HOSTKEY" > ~/.ssh/known_hosts
- rsync -4rlptD built_pkgs/* "$RSYNCTARGET"
runs-on: ubuntu-20.04
strategy:
matrix:
- product: ['authoritative', 'recursor', 'dnsdist']
+ product: ['dnsdist']
os:
- centos-7
- ubuntu-bionic
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['cpp']
- product: ['auth', 'rec', 'dnsdist']
+ product: ['dnsdist']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
ragel \
unixodbc-dev
- - name: Build auth
- if: matrix.product == 'auth'
- run: |
- autoreconf -vfi
- ./configure --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' --enable-tools --enable-ixfrdist --enable-dns-over-tls --enable-experimental-pkcs11 --with-libsodium --enable-lua-records CFLAGS='-O0' CXXFLAGS='-O0'
- make -j8 -C ext
- make -j8 -C modules
- make -j8 -C pdns
-
- name: Build dnsdist
if: matrix.product == 'dnsdist'
run: |
make -j8 -C ext/yahttp
make -j4 dnsdist
- - name: Build recursor
- if: matrix.product == 'rec'
- run: |
- cd pdns/recursordist
- autoreconf -vfi
- ./configure --enable-unit-tests --enable-nod --enable-dnstap CFLAGS='-O0' CXXFLAGS='-O0'
- make -j8 -C ext
- make htmlfiles.h
- make -j4 pdns_recursor rec_control
-
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
runs-on: ubuntu-20.04
strategy:
matrix:
- product: ['auth', 'recursor', 'dnsdist']
+ product: ['dnsdist']
steps:
- uses: actions/checkout@v3
with:
+++ /dev/null
----
-name: 'Documentation'
-
-on:
- push:
- branches: [master]
- pull_request:
- branches: [master]
-
-permissions:
- contents: read
-
-jobs:
- build-upload-docs:
- name: Build and upload docs
- runs-on: ubuntu-20.04
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade # this runs apt update
- - run: inv install-doc-deps
- - run: inv install-doc-deps-pdf
-
- - id: get-version
- run: echo "pdns_version=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
- - id: setup-ssh
- run: |-
- inv ci-docs-add-ssh --ssh-key="$SSH_KEY" --host-key="$HOST_KEY"
- echo "have_ssh_key=yes" >> $GITHUB_OUTPUT
- env:
- SSH_KEY: ${{secrets.WEB1_DOCS_SECRET}}
- HOST_KEY: ${{vars.WEB1_HOSTKEY}}
- if: ${{github.ref_name == 'master' && env.SSH_KEY != ''}}
-
- # Auth
- - run: inv ci-docs-build
- - run: mv html auth-html-docs
- working-directory: ./docs/_build
- - run: tar cf auth-html-docs.tar auth-html-docs
- working-directory: ./docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: authoritative-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./docs/_build/auth-html-docs.tar
- - run: bzip2 auth-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./docs/_build
- - run: inv ci-docs-build-pdf
- - uses: actions/upload-artifact@v3
- with:
- name: PowerDNS-Authoritative-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./docs/_build/latex/PowerDNS-Authoritative.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Authoritative.pdf" --username="docs_powerdns_com" --product="auth" --directory="/${AUTH_DOCS_DIR}/"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- AUTH_DOCS_DIR: ${{vars.AUTH_DOCS_DIR}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
-
- # Rec
- - run: inv ci-docs-build
- working-directory: ./pdns/recursordist
- - run: mv html rec-html-docs
- working-directory: ./pdns/recursordist/docs/_build
- - run: tar cf rec-html-docs.tar rec-html-docs
- working-directory: ./pdns/recursordist/docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: recursor-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./pdns/recursordist/docs/_build/rec-html-docs.tar
- - run: bzip2 rec-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./pdns/recursordist/docs/_build
- - run: inv ci-docs-build-pdf
- working-directory: ./pdns/recursordist
- - uses: actions/upload-artifact@v3
- with:
- name: PowerDNS-Recursor-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Recursor.pdf" --username="docs_powerdns_com" --product="rec" --directory="/${REC_DOCS_DIR}/"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- REC_DOCS_DIR: ${{vars.REC_DOCS_DIR}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
- working-directory: ./pdns/recursordist
-
- # DNSdist
- - run: inv ci-docs-build
- working-directory: ./pdns/dnsdistdist
- - run: mv html dnsdist-html-docs
- working-directory: ./pdns/dnsdistdist/docs/_build
- - run: tar cf dnsdist-html-docs.tar dnsdist-html-docs
- working-directory: ./pdns/dnsdistdist/docs/_build
- - uses: actions/upload-artifact@v3
- with:
- name: dnsdist-html-docs-${{steps.get-version.outputs.pdns_version}}
- path: ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs.tar
- - run: bzip2 dnsdist-html-docs.tar
- if: ${{github.ref_name == 'master'}}
- working-directory: ./pdns/dnsdistdist/docs/_build
- - run: inv ci-docs-build-pdf
- working-directory: ./pdns/dnsdistdist
- - uses: actions/upload-artifact@v3
- with:
- name: dnsdist-${{steps.get-version.outputs.pdns_version}}.pdf
- path: ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf
- - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="dnsdist.pdf" --username="dnsdist_org" --product="dnsdist"
- env:
- DOCS_HOST: ${{vars.DOCS_HOST}}
- if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}}
- working-directory: ./pdns/dnsdistdist
+++ /dev/null
-name: "Various daily checks"
-
-on:
- schedule:
- - cron: '34 4 * * *'
-
-permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
- contents: read
-
-jobs:
- el7-devtoolset:
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
-
- steps:
- - name: Check whether a newer devtoolset exists
- run: |
- if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++'
- then
- echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml"
- exit 1
- else
- echo "::notice ::No newer devtoolset exists (good)"
- exit 0
- fi
-
- check-debian-autoremovals:
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
-
- - name: Check if Debian is about to toss us off a balcony
- run: ./build-scripts/check-debian-autoremovals.py
-
- coverity-auth:
- name: coverity scan of the auth
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_auth_token }}
- FUZZING_TARGETS: no
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-auth-build-deps
- - run: inv install-coverity-tools PowerDNS
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- - run: inv ci-auth-configure
- - run: inv coverity-make
- - run: inv coverity-tarball auth.tar.bz2
- - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
-
- coverity-dnsdist:
- name: coverity scan of dnsdist
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-dnsdist-build-deps
- - run: inv install-coverity-tools dnsdist
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure full
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-make
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-tarball dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
-
- coverity-rec:
- name: coverity scan of the rec
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-20.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_rec_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- - run: inv install-clang
- - run: inv install-rec-build-deps
- - run: inv install-coverity-tools 'PowerDNS+Recursor'
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/recursordist/
- - run: inv ci-rec-configure
- working-directory: ./pdns/recursordist/
- - run: inv coverity-make
- working-directory: ./pdns/recursordist/
- - run: inv coverity-tarball recursor.tar.bz2
- working-directory: ./pdns/recursordist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
- working-directory: ./pdns/recursordist/
+++ /dev/null
----
-name: 'Verify secpoll zone syntax'
-
-on:
- push:
- pull_request:
-
-permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
- contents: read
-
-jobs:
- build:
- name: check secpoll zone
- # on a ubuntu-20.04 VM
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 5
- submodules: recursive
- - run: sh docs/secpoll-check.sh docs/secpoll.zone
- - run: echo 'deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-master main' | sudo tee /etc/apt/sources.list.d/pdns.list
- - run: "echo -ne 'Package: pdns-*\nPin: origin repo.powerdns.com\nPin-Priority: 600\n' | sudo tee /etc/apt/preferences.d/pdns"
- - run: sudo curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc
- - run: sudo apt-get update
- - run: sudo systemctl mask pdns
- - run: sudo apt-get install -y pdns-server pdns-backend-sqlite3
- - run: "echo -ne 'launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3\n' | sudo tee /etc/powerdns/pdns.conf"
- - run: sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql
- - run: sudo pdnsutil load-zone secpoll.powerdns.com docs/secpoll.zone
- - run: sudo pdnsutil check-zone secpoll.powerdns.com
+++ /dev/null
-# spelling.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p
-name: Workflow should not run!
-on:
- push:
- branches: ''
-
-permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
- contents: read
-
-jobs:
- placeholder:
- name: Should be disabled
- runs-on: ubuntu-latest
- if: false
- steps:
- - name: Task
- run: |
- echo 'Running this task would be bad'
- exit 1
+++ /dev/null
-# spelling2.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq
-name: Workflow should not run!
-on:
- push:
- branches: ''
-
-jobs:
- placeholder:
- name: Should be disabled
- runs-on: ubuntu-latest
- if: false
- steps:
- - name: Task
- run: |
- echo 'Running this task would be bad'
- exit 1
+++ /dev/null
-# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p
-# spelling2.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq
-name: Spell checking
-
-on:
- push:
- branches:
- - "**"
- tags-ignore:
- - "**"
- pull_request:
- branches:
- - "**"
- tags-ignore:
- - "**"
- types:
- - 'opened'
- - 'reopened'
- - 'synchronize'
-
-jobs:
- spelling:
- name: Spell checking
- permissions:
- # contents-read is needed to checkout in private repositories
- contents: read
- # actions-read is needed (possibly only for private repositories)
- # to identify the workflow's filename until
- # https://github.com/actions/runner/issues/853 is fixed
- actions: read
- # security-events-write is needed according to the documentation:
- # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions
- security-events: write
- outputs:
- followup: ${{ steps.spelling.outputs.followup }}
- runs-on: ubuntu-latest
- if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'"
- concurrency:
- group: spelling-${{ github.event.pull_request.number || github.ref }}
- # note: If you use only_check_changed_files, you do not want cancel-in-progress
- cancel-in-progress: true
- steps:
- - name: check-spelling
- id: spelling
- uses: check-spelling/check-spelling@v0.0.21
- with:
- config: .github/actions/spell-check
- checkout: true
- spell_check_this: check-spelling/spell-check-this@prerelease
- post_comment: 0
- use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }}
- extra_dictionaries:
- cspell:software-terms/src/software-terms.txt
- cspell:python/src/python/python-lib.txt
- cspell:node/node.txt
- cspell:python/src/common/extra.txt
- cspell:fullstack/fullstack.txt
- cspell:html/html.txt
- cspell:aws/aws.txt
- cspell:npm/npm.txt
- cspell:cpp/src/stdlib-cpp.txt
- cspell:python/src/python/python.txt
- cspell:django/django.txt
- check_extra_dictionaries: ''
projects / thirdparty / pdns.git / commitdiff
