path: /opt/pdns-auth
retention-days: 1
- build-recursor:
- name: build recursor
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
- defaults:
- run:
- working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- working-directory: .
- - run: mkdir -p ~/.ccache
- working-directory: .
- - name: let GitHub cache our ccache data
- uses: actions/cache@v4
- with:
- path: ~/.ccache
- key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
- - run: inv ci-install-rust ${{ env.REPO_HOME }}
- working-directory: ./pdns/recursordist/
- - run: inv ci-autoconf
- working-directory: ./pdns/recursordist/
- - run: inv ci-rec-configure
- working-directory: ./pdns/recursordist/
- - run: inv ci-make-distdir
- working-directory: ./pdns/recursordist/
- - run: inv ci-rec-configure
- - run: inv ci-rec-make-bear
- - run: inv ci-rec-run-unit-tests
- - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel rec unit
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: rec-unit-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
- - run: inv ci-make-install
- - run: ccache -s
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Store the binaries
- uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/pdns-recursor
- retention-days: 1
-
- build-dnsdist:
- name: build dnsdist
- if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- features: [least, full]
- exclude:
- - sanitizers: tsan
- features: least
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- ASAN_OPTIONS: detect_leaks=0
- SANITIZERS: ${{ matrix.sanitizers }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- UNIT_TESTS: yes
- FUZZING_TARGETS: yes
- options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
- defaults:
- run:
- working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - name: get timestamp for cache
- id: get-stamp
- run: |
- echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
- shell: bash
- working-directory: .
- - run: mkdir -p ~/.ccache
- working-directory: .
- - name: let GitHub cache our ccache data
- uses: actions/cache@v4
- with:
- path: ~/.ccache
- key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
- restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- - run: inv ci-install-rust ${{ env.REPO_HOME }}
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-autoconf
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure ${{ matrix.features }}
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-make-distdir
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure ${{ matrix.features }}
- - run: inv ci-dnsdist-make-bear
- - run: inv ci-dnsdist-run-unit-tests
- - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel dnsdist unit
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
- - run: inv ci-make-install
- - run: ccache -s
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Store the binaries
- uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
- with:
- name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/dnsdist
- retention-days: 1
-
test-auth-api:
needs: build-auth
runs-on: ubuntu-22.04
parallel: true
allow-empty: true
- test-recursor-api:
- needs: build-recursor
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- dist_name: [debian]
- dist_release_name: [bookworm]
- pdns_repo_version: ['48']
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
- options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Fetch the binaries
- uses: actions/download-artifact@v4
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/pdns-recursor
- - run: inv apt-fresh
- - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-api recursor
- - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel recursor API
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: rec-api
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- test-recursor-regression:
- needs: build-recursor
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- dist_name: [debian]
- dist_release_name: [bookworm]
- pdns_repo_version: ['48']
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
- options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- # - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Fetch the binaries
- uses: actions/download-artifact@v4
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/pdns-recursor
- - run: inv apt-fresh
- - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
- - run: inv install-clang-runtime
- - run: inv install-rec-test-deps
- - run: inv test-regression-recursor
- - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel recursor regression
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: rec-regression
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- test-recursor-bulk:
- name: 'test rec *mini* bulk'
- needs: build-recursor
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- threads: [1, 2, 3, 4, 8]
- mthreads: [2048]
- shards: [1, 2, 1024]
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
- ASAN_OPTIONS: detect_leaks=0
- TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
- options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Fetch the binaries
- uses: actions/download-artifact@v4
- with:
- name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/pdns-recursor
- - run: inv install-clang-runtime
- - run: inv install-rec-bulk-deps
- - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
- - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel recursor bulk
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: rec-regression-bulk
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
- test-dnsdist-regression:
- needs: build-dnsdist
- runs-on: ubuntu-22.04
- strategy:
- matrix:
- sanitizers: [ubsan+asan, tsan]
- container:
- image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
- env:
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
- # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
- ASAN_OPTIONS: detect_leaks=0:intercept_send=0
- TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
- # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
- SKIP_INCLUDEDIR_TESTS: yes
- SANITIZERS: ${{ matrix.sanitizers }}
- COVERAGE: yes
- options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged
- steps:
- # workaround issue 9491 repo actions/runner-images
- - name: get runner image version
- id: runner-image-version
- run: |
- echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
- working-directory: .
- - name: modify number of bits to use for aslr entropy
- if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
- run: |
- sudo sysctl -a | grep vm.mmap.rnd
- sudo sysctl -w vm.mmap_rnd_bits=28
- working-directory: .
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- ref: ${{ inputs.branch-name }}
- - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- - name: Fetch the binaries
- uses: actions/download-artifact@v4
- with:
- name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
- path: /opt/dnsdist
- - run: inv install-clang-runtime
- - run: inv install-dnsdist-test-deps
- - run: inv test-dnsdist
- - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- - name: Coveralls Parallel dnsdist regression
- if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- uses: coverallsapp/github-action@v2
- with:
- flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
- path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
- parallel: true
- allow-empty: true
-
swagger-syntax-check:
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
collect:
needs:
- build-auth
- - build-dnsdist
- - build-recursor
- swagger-syntax-check
- test-auth-api
- test-auth-backend
- - test-dnsdist-regression
- test-ixfrdist
- - test-recursor-api
- - test-recursor-regression
- - test-recursor-bulk
if: success() || failure()
runs-on: ubuntu-22.04
steps:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['cpp']
- product: ['auth', 'rec', 'dnsdist']
+ product: ['auth']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
outputs:
clang-tidy-annotations-auth: ${{ steps.clang-tidy-annotations-auth.outputs.failed }}
- clang-tidy-annotations-dnsdist: ${{ steps.clang-tidy-annotations-dnsdist.outputs.failed }}
- clang-tidy-annotations-rec: ${{ steps.clang-tidy-annotations-rec.outputs.failed }}
steps:
- uses: PowerDNS/pdns/set-ubuntu-mirror@meta
echo "failed=$?" >> $GITHUB_OUTPUT
fi
- - name: Install dependencies for dnsdist
- if: matrix.product == 'dnsdist'
- run: |
- inv install-dnsdist-build-deps --skipXDP
- - name: Autoreconf dnsdist
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- run: |
- inv ci-autoconf
- - run: inv ci-install-rust ${{ env.REPO_HOME }}
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- - name: Configure dnsdist
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- run: |
- inv ci-dnsdist-configure full
- - name: Build dnsdist
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- run: |
- inv ci-dnsdist-make-bear
- - run: ln -s ../../.clang-tidy.full .clang-tidy
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- - name: Run clang-tidy for dnsdist
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- run: git diff --no-prefix -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py --product dnsdist | python3 ../../.github/scripts/clang-tidy-diff.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p0 -export-fixes clang-tidy-dnsdist.yml
- - name: Print clang-tidy fixes YAML for dnsdist
- if: matrix.product == 'dnsdist'
- working-directory: ./pdns/dnsdistdist/
- shell: bash
- run: |
- if [ -f clang-tidy-dnsdist.yml ]; then
- cat clang-tidy-dnsdist.yml
- fi
- - name: Result annotations for dnsdist
- if: matrix.product == 'dnsdist'
- id: clang-tidy-annotations-dnsdist
- working-directory: ./pdns/dnsdistdist/
- shell: bash
- run: |
- if [ -f clang-tidy-dnsdist.yml ]; then
- set +e
- python3 ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-dnsdist.yml
- echo "failed=$?" >> $GITHUB_OUTPUT
- fi
-
- - name: Install dependencies for rec
- if: matrix.product == 'rec'
- run: |
- inv install-rec-build-deps
- - run: inv ci-install-rust ${{ env.REPO_HOME }}
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- - name: Autoreconf rec
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- run: |
- inv ci-autoconf
- - name: Configure rec
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- run: |
- inv ci-rec-configure
- - name: Build rec
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- run: |
- CONCURRENCY=4 inv ci-rec-make-bear
- - run: ln -s ../../.clang-tidy.full .clang-tidy
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- - name: Run clang-tidy for rec
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- run: git diff --no-prefix -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py --product rec | python3 ../../.github/scripts/clang-tidy-diff.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p0 -export-fixes clang-tidy-rec.yml
- - name: Print clang-tidy fixes YAML for rec
- if: matrix.product == 'rec'
- working-directory: ./pdns/recursordist/
- shell: bash
- run: |
- if [ -f clang-tidy-rec.yml ]; then
- cat clang-tidy-rec.yml
- fi
- - name: Result annotations for rec
- if: matrix.product == 'rec'
- id: clang-tidy-annotations-rec
- working-directory: ./pdns/recursordist/
- shell: bash
- run: |
- if [ -f clang-tidy-rec.yml ]; then
- set +e
- python3 ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-rec.yml
- echo "failed=$?" >> $GITHUB_OUTPUT
- fi
-
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
echo "::error::Auth clang-tidy failed"
exit 1
fi
- if [ "x${{ needs.analyze.outputs.clang-tidy-annotations-dnsdist }}" != "x" -a "${{ needs.analyze.outputs.clang-tidy-annotations-dnsdist }}" != "0" ]; then
- echo "::error::DNSdist clang-tidy failed"
- exit 1
- fi
- if [ "x${{needs.analyze.outputs.clang-tidy-annotations-rec }}" != "x" -a "${{needs.analyze.outputs.clang-tidy-annotations-rec }}" != "0" ]; then
- echo "::error::Rec clang-tidy failed"
- exit 1
- fi
check-for-binaries:
runs-on: ubuntu-22.04
+++ /dev/null
-name: "Various daily checks"
-
-on:
- schedule:
- - cron: '34 4 * * *'
-
-permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
- contents: read
-
-env:
- CLANG_VERSION: '12'
-
-jobs:
- el7-devtoolset:
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
-
- steps:
- - name: Check whether a newer devtoolset exists
- run: |
- if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++'
- then
- echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml"
- exit 1
- else
- echo "::notice ::No newer devtoolset exists (good)"
- exit 0
- fi
-
- check-debian-autoremovals:
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
-
- - name: Check if Debian is about to toss us off a balcony
- run: ./build-scripts/check-debian-autoremovals.py
-
- coverity-auth:
- name: coverity scan of the auth
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_auth_token }}
- FUZZING_TARGETS: no
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
- - run: inv install-clang
- - run: inv install-auth-build-deps
- - run: inv install-coverity-tools PowerDNS
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- - run: inv ci-auth-configure
- - run: inv coverity-make
- - run: inv coverity-tarball auth.tar.bz2
- - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
-
- coverity-dnsdist:
- name: coverity scan of dnsdist
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
- - run: inv install-clang
- - run: inv install-dnsdist-build-deps --skipXDP
- - run: inv install-coverity-tools dnsdist
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
- working-directory: ./pdns/dnsdistdist/
- - run: inv ci-dnsdist-configure full
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-make
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-tarball dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
- working-directory: ./pdns/dnsdistdist/
-
- coverity-rec:
- name: coverity scan of the rec
- if: ${{ vars.SCHEDULED_MISC_DAILIES }}
- runs-on: ubuntu-22.04
- env:
- COVERITY_TOKEN: ${{ secrets.coverity_rec_token }}
- SANITIZERS:
- UNIT_TESTS: no
- steps:
- - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- - uses: actions/checkout@v4
- with:
- fetch-depth: 5
- submodules: recursive
- - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
- - run: inv install-clang
- - run: inv install-rec-build-deps
- - run: inv install-coverity-tools 'PowerDNS+Recursor'
- - run: inv coverity-clang-configure
- - run: inv ci-autoconf
- working-directory: ./pdns/recursordist/
- - run: inv ci-rec-configure
- working-directory: ./pdns/recursordist/
- - run: inv coverity-make
- working-directory: ./pdns/recursordist/
- - run: inv coverity-tarball recursor.tar.bz2
- working-directory: ./pdns/recursordist/
- - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
- working-directory: ./pdns/recursordist/
projects / thirdparty / pdns.git / commitdiff
