From: Ilya Shipitsin Date: Mon, 26 May 2025 21:47:13 +0000 (+0200) Subject: CI: combine AWS-LC and AWS-LC-FIPS by template X-Git-Tag: v3.2.0~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94ded5523fab947bf76fe0960611d3232bb5c4fa;p=thirdparty%2Fhaproxy.git CI: combine AWS-LC and AWS-LC-FIPS by template let's reduce code duplication by involving workflow templates --- diff --git a/.github/workflows/aws-lc-fips.yml b/.github/workflows/aws-lc-fips.yml index f8fda0105..cb758c6a3 100644 --- a/.github/workflows/aws-lc-fips.yml +++ b/.github/workflows/aws-lc-fips.yml @@ -5,97 +5,8 @@ on: - cron: "0 0 * * 4" workflow_dispatch: -permissions: - contents: read - jobs: test: - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }} - steps: - - uses: actions/checkout@v4 - - name: Install VTest - run: | - scripts/build-vtest.sh - - name: Determine latest AWS-LC release - id: get_aws_lc_release - run: | - result=$(cd .github && python3 -c "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))") - echo $result - echo "result=$result" >> $GITHUB_OUTPUT - - name: Cache AWS-LC - id: cache_aws_lc - uses: actions/cache@v4 - with: - path: '~/opt/' - key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc - - name: Install apt dependencies - run: | - sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none - sudo apt-get --no-install-recommends -y install socat gdb jose - - name: Install AWS-LC - if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }} - run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh - - name: Compile HAProxy - run: | - make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \ - USE_OPENSSL_AWSLC=1 USE_QUIC=1 \ - SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \ - DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \ - ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" - sudo make install - - name: Show HAProxy version - id: show-version - run: | - ldd $(which haproxy) - haproxy -vv - echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT - - name: Install problem matcher for VTest - run: echo "::add-matcher::.github/vtest.json" - - name: Run VTest for HAProxy - id: vtest - run: | - # This is required for macOS which does not actually allow to increase - # the '-n' soft limit to the hard limit, thus failing to run. - ulimit -n 65536 - # allow to catch coredumps - ulimit -c unlimited - make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel - - name: Run Unit tests - id: unittests - run: | - make unit-tests - - name: Show VTest results - if: ${{ failure() && steps.vtest.outcome == 'failure' }} - run: | - for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do - printf "::group::" - cat $folder/INFO - cat $folder/LOG - echo "::endgroup::" - done - exit 1 - - name: Show coredumps - if: ${{ failure() && steps.vtest.outcome == 'failure' }} - run: | - failed=false - shopt -s nullglob - for file in /tmp/core.*; do - failed=true - printf "::group::" - gdb -ex 'thread apply all bt full' ./haproxy $file - echo "::endgroup::" - done - if [ "$failed" = true ]; then - exit 1; - fi - - name: Show Unit-Tests results - if: ${{ failure() && steps.unittests.outcome == 'failure' }} - run: | - for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do - printf "::group::" - cat $result - echo "::endgroup::" - done - exit 1 - + uses: ./.github/workflows/aws-lc-template.yml + with: + command: "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))" diff --git a/.github/workflows/aws-lc-template.yml b/.github/workflows/aws-lc-template.yml new file mode 100644 index 000000000..b016d477e --- /dev/null +++ b/.github/workflows/aws-lc-template.yml @@ -0,0 +1,103 @@ +name: AWS-LC template + +on: + workflow_call: + inputs: + command: + required: true + type: string + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }} + steps: + - uses: actions/checkout@v4 + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Determine latest AWS-LC release + id: get_aws_lc_release + run: | + result=$(cd .github && python3 -c "${{ inputs.command }}") + echo $result + echo "result=$result" >> $GITHUB_OUTPUT + - name: Cache AWS-LC + id: cache_aws_lc + uses: actions/cache@v4 + with: + path: '~/opt/' + key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc + - name: Install apt dependencies + run: | + sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none + sudo apt-get --no-install-recommends -y install socat gdb jose + - name: Install AWS-LC + if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }} + run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh + - name: Compile HAProxy + run: | + make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \ + USE_OPENSSL_AWSLC=1 USE_QUIC=1 \ + SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \ + DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \ + ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" + sudo make install + - name: Show HAProxy version + id: show-version + run: | + ldd $(which haproxy) + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Install problem matcher for VTest + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest for HAProxy + id: vtest + run: | + # This is required for macOS which does not actually allow to increase + # the '-n' soft limit to the hard limit, thus failing to run. + ulimit -n 65536 + # allow to catch coredumps + ulimit -c unlimited + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Run Unit tests + id: unittests + run: | + make unit-tests + - name: Show VTest results + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + exit 1 + - name: Show coredumps + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + failed=false + shopt -s nullglob + for file in /tmp/core.*; do + failed=true + printf "::group::" + gdb -ex 'thread apply all bt full' ./haproxy $file + echo "::endgroup::" + done + if [ "$failed" = true ]; then + exit 1; + fi + - name: Show Unit-Tests results + if: ${{ failure() && steps.unittests.outcome == 'failure' }} + run: | + for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do + printf "::group::" + cat $result + echo "::endgroup::" + done + exit 1 + diff --git a/.github/workflows/aws-lc.yml b/.github/workflows/aws-lc.yml index 39e779fde..1e4125712 100644 --- a/.github/workflows/aws-lc.yml +++ b/.github/workflows/aws-lc.yml @@ -5,97 +5,8 @@ on: - cron: "0 0 * * 4" workflow_dispatch: -permissions: - contents: read - jobs: test: - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }} - steps: - - uses: actions/checkout@v4 - - name: Install VTest - run: | - scripts/build-vtest.sh - - name: Determine latest AWS-LC release - id: get_aws_lc_release - run: | - result=$(cd .github && python3 -c "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))") - echo $result - echo "result=$result" >> $GITHUB_OUTPUT - - name: Cache AWS-LC - id: cache_aws_lc - uses: actions/cache@v4 - with: - path: '~/opt/' - key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc - - name: Install apt dependencies - run: | - sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none - sudo apt-get --no-install-recommends -y install socat gdb jose - - name: Install AWS-LC - if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }} - run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh - - name: Compile HAProxy - run: | - make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \ - USE_OPENSSL_AWSLC=1 USE_QUIC=1 \ - SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \ - DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \ - ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" - sudo make install - - name: Show HAProxy version - id: show-version - run: | - ldd $(which haproxy) - haproxy -vv - echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT - - name: Install problem matcher for VTest - run: echo "::add-matcher::.github/vtest.json" - - name: Run VTest for HAProxy - id: vtest - run: | - # This is required for macOS which does not actually allow to increase - # the '-n' soft limit to the hard limit, thus failing to run. - ulimit -n 65536 - # allow to catch coredumps - ulimit -c unlimited - make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel - - name: Run Unit tests - id: unittests - run: | - make unit-tests - - name: Show VTest results - if: ${{ failure() && steps.vtest.outcome == 'failure' }} - run: | - for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do - printf "::group::" - cat $folder/INFO - cat $folder/LOG - echo "::endgroup::" - done - exit 1 - - name: Show coredumps - if: ${{ failure() && steps.vtest.outcome == 'failure' }} - run: | - failed=false - shopt -s nullglob - for file in /tmp/core.*; do - failed=true - printf "::group::" - gdb -ex 'thread apply all bt full' ./haproxy $file - echo "::endgroup::" - done - if [ "$failed" = true ]; then - exit 1; - fi - - name: Show Unit-Tests results - if: ${{ failure() && steps.unittests.outcome == 'failure' }} - run: | - for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do - printf "::group::" - cat $result - echo "::endgroup::" - done - exit 1 - + uses: ./.github/workflows/aws-lc-template.yml + with: + command: "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))"