--- /dev/null
+name: CI macOS
+
+on:
+ push:
+ branches-ignore:
+ - coverity_scan
+ - run-fuzzer**
+ - debug-fuzzer-**
+ pull_request:
+
+env:
+ ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1
+ LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50
+ UBSAN_OPTIONS: print_stacktrace=1
+ KQUEUE_DEBUG: yes
+ M_PERTURB: "0x42"
+ PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0"
+ ANALYZE_C_DUMP: 1
+ FR_GLOBAL_POOL: 4M
+ TEST_CERTS: yes
+ NO_PERFORMANCE_TESTS: yes
+ DO_BUILD: yes
+ HOSTAPD_BUILD_DIR: eapol_test.ci
+ HOSTAPD_GIT_TAG: hostap_2_9
+ ALT_OPENSSL: "3.0.2"
+ DEBIAN_FRONTEND: noninteractive
+ CI: 1
+ GH_ACTIONS: 1
+
+jobs:
+ pre-ci:
+ runs-on: ubuntu-latest
+ # Map a step output to a job output
+ outputs:
+ should_skip: ${{ steps.skip_check.outputs.should_skip }}
+ steps:
+ - id: skip_check
+ uses: fkirc/skip-duplicate-actions@master
+
+ ci:
+ timeout-minutes: 90
+ needs: pre-ci
+ if: ${{ needs.pre-ci.outputs.should_skip != 'true' }}
+
+ runs-on: ${{ matrix.env.OS }}
+
+ strategy:
+ fail-fast: false
+ matrix:
+ env:
+ - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: macos, OS: macos-11, NAME: macos-clang }
+
+ env: ${{ matrix.env }}
+
+ # If branch protection is in place with status checks enabled, ensure
+ # names are updated if new matrix entries are added or the name format
+ # changes.
+ name: "master-${{ matrix.env.NAME }}"
+
+ steps:
+
+ # Checkout, but defer pulling LFS objects until we've restored the cache
+ - uses: actions/checkout@v2
+ with:
+ lfs: false
+
+ - name: Create LFS file list as cache key
+ run: git lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
+
+ - name: Restore LFS cache
+ uses: actions/cache@v2
+ id: lfs-cache
+ with:
+ path: .git/lfs
+ key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1
+
+ # Now the LFS pull will be local if we hit the cache, or remote otherwise
+ - name: Git LFS pull
+ run: git lfs pull
+
+ - name: Restore eapol_test build directory from cache
+ uses: actions/cache@v2
+ id: hostapd-cache
+ with:
+ path: ${{ env.HOSTAPD_BUILD_DIR }}
+ key: hostapd-${{ runner.os }}-${{ env.HOSTAPD_GIT_TAG }}-v4
+
+ - name: Install dependencies (macOS)
+ run: |
+ brew install \
+ cassandra-cpp-driver \
+ gperftools \
+ hiredis \
+ json-c \
+ libidn \
+ libmemcached \
+ llvm@14 \
+ luajit \
+ mariadb \
+ make \
+ mruby \
+ openssl@1.1 \
+ openssl \
+ talloc
+ ln -s `brew --prefix`/opt/make/bin/gmake /usr/local/bin/make
+ echo "#! /bin/sh" >> /usr/local/bin/nproc
+ echo "sysctl -n hw.physicalcpu" >> /usr/local/bin/nproc
+ chmod +x /usr/local/bin/nproc
+ env:
+ HOMEBREW_NO_AUTO_UPDATE: 1
+ HOMEBREW_NO_INSTALL_CLEANUP: 1
+ HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS: 3650
+
+ - name: Install tacacs_plus
+ run: |
+ pip3 install tacacs_plus
+
+ #
+ # Ensure the homebrew version of clang is run rather than the Apple compiler.
+ #
+ - name: Set path for clang
+ run: |
+ echo "PATH=`brew --prefix`/opt/llvm@14/bin/:$PATH" >> $GITHUB_ENV
+
+ #
+ # Build using some alternative libraries
+ #
+ # PCRE 2 -> PCRE 1
+ # MIT Kerberos -> HEIMDAL Kerberos
+ # OpenSSL 1.0 -> OpenSSL 3.0
+ #
+ - name: 'Fetch OpenSSL 3.0 SHA'
+ id: opensslshasum
+ if: ${{ matrix.env.LIBS_ALT == 'yes' }}
+ run: |
+ wget -qO- http://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz.sha256 | sed -ne 's/^\s\+/::set-output name=shasum::/p'
+
+ - name: 'Restore OpenSSL 3.0 from the cache'
+ if: ${{ matrix.env.LIBS_ALT == 'yes' }}
+ uses: actions/cache@v2
+ id: openssl-cache
+ with:
+ path: /opt/openssl/
+ key: openssl3-${{ steps.opensslshasum.outputs.shasum }}
+
+ - name: 'Build OpenSSL 3.0 (if cache stale)'
+ if: ${{ matrix.env.LIBS_ALT == 'yes' && steps.openssl-cache.outputs.cache-hit != 'true' }}
+ run: |
+ cd ~
+ wget https://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz
+ tar xzf openssl-$ALT_OPENSSL.tar.gz
+ cd openssl-$ALT_OPENSSL
+ ./Configure --prefix=/opt/openssl --openssldir=. --debug
+ make -j `nproc`
+ make install_sw
+
+ - name: Use alternative libraries
+ if: ${{ matrix.env.LIBS_ALT == 'yes' }}
+ run: |
+ echo /opt/openssl/lib64 | sudo tee /etc/ld.so.conf.d/openssl3.conf >/dev/null
+ sudo ldconfig
+ sudo apt-get install -y --no-install-recommends libpcre3-dev # "PCRE 1"
+ sudo apt-get purge -y libpcre2-dev # Remove default PCRE 2, leaving only PCRE 1
+ sudo apt-get install -y --no-install-recommends heimdal-dev
+
+
+ - name: Show versions
+ run: |
+ $CC --version
+ make --version
+ krb5-config --all || :
+ pcre-config --libs-posix --version 2>/dev/null || :
+ pcre2-config --libs-posix --version 2>/dev/null || :
+ [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH
+ openssl version
+
+ - name: Configure
+ run: |
+ if $CC -v 2>&1 | grep clang > /dev/null; then
+ echo "Enabling sanitizers"
+ enable_sanitizers="--enable-address-sanitizer --enable-undefined-behaviour-sanitizer"
+ if [ "`uname`" != "Darwin" ]; then
+ enable_sanitizers="$enable_sanitizers --enable-leak-sanitizer"
+ fi
+ else
+ enable_sanitizers=""
+ fi
+ build_paths=""
+ if [ "`uname`" = "Darwin" ]; then
+ build_paths="--with-libfreeradius-ldap-lib-dir=`brew --prefix`/opt/openldap/lib --with-libfreeradius-ldap-include-dir=`brew --prefix`/opt/openldap/include --with-openssl-lib-dir=`brew --prefix`/opt/openssl/lib --with-openssl-include-dir=`brew --prefix`/opt/openssl/include --with-unixodbc-lib-dir=`brew --prefix`/opt/unixodbc/lib --with-unixodbc-include-dir=`brew --prefix`/opt/unixodbc/include"
+ elif [ -d /opt/openssl ]; then
+ export PATH=/opt/openssl/bin:$PATH
+ build_paths="--with-openssl-lib-dir=/opt/openssl/lib64 --with-openssl-include-dir=/opt/openssl/include"
+ fi
+ CFLAGS="${BUILD_CFLAGS}" ./configure -C \
+ --enable-developer \
+ --enable-werror \
+ $enable_sanitizers \
+ $build_paths \
+ --prefix=$HOME/freeradius \
+ --with-threads=$LIBS_OPTIONAL \
+ --with-udpfromto=$LIBS_OPTIONAL \
+ --with-openssl=$LIBS_OPTIONAL \
+ --with-pcre=$LIBS_OPTIONAL
+ echo "config.log"
+ cat config.log
+ echo "Contents of src/include/autoconf.h"
+ cat "./src/include/autoconf.h"
+
+ - name: Make
+ run: |
+ [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH
+ make -j `nproc`
+
+ - name: "Clang Static Analyzer: Store assets on failure"
+ uses: actions/upload-artifact@v2
+ with:
+ name: clang-scan.tgz
+ path: build/plist/**/*.html
+ retention-days: 30
+ if: ${{ matrix.env.CC == 'clang' && failure() }}
+
+ # No detect_leaks support for ASAN on macOS
+ - name: Run basic tests (macOS)
+ run: |
+ make test
+ env:
+ ASAN_OPTIONS: symbolize=1 detect_stack_use_after_return=1
+
+ #
+ # If the CI has failed and the branch is ci-debug then we start a tmate
+ # session to provide interactive shell access to the session.
+ #
+ # The SSH rendezvous point will be emited continuously in the job output,
+ # which will look something like:
+ #
+ # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
+ #
+ # For example:
+ #
+ # git push origin ci-debug --force
+ #
+ # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions
+ #
+ # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
+ #
+ # Access requires that you have the private key corresponding to the
+ # public key of the GitHub user that initiated the job.
+ #
+ - name: "Debug: Start tmate"
+ uses: mxschmitt/action-tmate@v3
+ with:
+ limit-access-to-actor: true
+ if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
projects / thirdparty / freeradius-server.git / commitdiff
