From: Matthew Newton Date: Thu, 13 Oct 2022 09:58:42 +0000 (+0100) Subject: CI: fix YAML whitespace X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=987ae73bf6bea37ef9465153ba4b1e0637462046;p=thirdparty%2Ffreeradius-server.git CI: fix YAML whitespace --- diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e2279a7e7d..baf402b9634 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,368 +69,368 @@ jobs: steps: - # Checkout, but defer pulling LFS objects until we've restored the cache - - uses: actions/checkout@v2 - with: - lfs: false - - - name: Create LFS file list as cache key - run: git lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id - - - name: Restore LFS cache - uses: actions/cache@v2 - id: lfs-cache - with: - path: .git/lfs - key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1 - - # Now the LFS pull will be local if we hit the cache, or remote otherwise - - name: Git LFS pull - run: git lfs pull - - - name: Restore eapol_test build directory from cache - uses: actions/cache@v2 - id: hostapd-cache - with: - path: ${{ env.HOSTAPD_BUILD_DIR }} - key: hostapd-${{ runner.os }}-${{ env.HOSTAPD_GIT_TAG }}-v4 - if: ${{ matrix.env.TEST_TYPE != 'fuzzing' }} - - - name: Package manager performance improvements - if: ${{ runner.os != 'macOS' }} - run: | - sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup' - echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections - sudo dpkg-reconfigure man-db - sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf - - # - # NetworkRADIUS repo is needed for up-to-date versions - # of libkqueue. Although libkqueue is available via - # debian, it's too old and the EVFILT_PROC filter is - # disabled. - # - # We don't need this on macOS as it has a native kqueue - # implementation. - # - - name: NetworkRADIUS signing key - if: ${{ runner.os != 'macOS' }} - run: sudo /bin/sh -c "curl -sS https://packages.networkradius.com/pgp/packages%40networkradius.com | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=yes apt-key add -" - - - name: Set up NetworkRADIUS extras repository - if: ${{ runner.os != 'macOS' }} - run: | - DIST=$(lsb_release -is | tr '[:upper:]' '[:lower:]') - RELEASE=$(lsb_release -cs) - sudo /bin/sh -c "echo \"deb http://packages.networkradius.com/extras/${DIST}/${RELEASE} ${RELEASE} main\" \ - > /etc/apt/sources.list.d/networkradius-extras.list" - - - name: Install build dependencies based on Debian packages plus extra CI packages - if: ${{ runner.os != 'macOS' }} - run: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt - debian/rules debian/control - sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control - sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control - - - uses: actions/setup-ruby@v1 - if: ${{ matrix.env.TEST_TYPE == 'fixtures' }} - - - name: Install cassandra driver (not yet available on 20.04) - if: ${{ matrix.env.OS == 'ubuntu-18.04' }} - run: sudo ./scripts/ci/cassandra-install.sh - - - name: Install dependencies (macOS) - if: ${{ runner.os == 'macOS' }} - run: | - brew install \ - cassandra-cpp-driver \ - gperftools \ - hiredis \ - json-c \ - libidn \ - libmemcached \ - llvm@14 \ - luajit \ - mariadb \ - make \ - mruby \ - openssl@1.1 \ - openssl \ - talloc - ln -s `brew --prefix`/opt/make/bin/gmake /usr/local/bin/make - echo "#! /bin/sh" >> /usr/local/bin/nproc - echo "sysctl -n hw.physicalcpu" >> /usr/local/bin/nproc - chmod +x /usr/local/bin/nproc - env: - HOMEBREW_NO_AUTO_UPDATE: 1 - HOMEBREW_NO_INSTALL_CLEANUP: 1 - HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS: 3650 - - - name: Install tacacs_plus - run: | - pip3 install tacacs_plus - - - name: Install LLVM 12 - if: ${{ matrix.env.CC == 'clang' && runner.os != 'macOS' }} - run: | - sudo apt-get install -y --no-install-recommends clang-12 llvm-12 gdb lldb - sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-12 60 && sudo update-alternatives --set clang /usr/bin/clang-12 - sudo update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer /usr/bin/llvm-symbolizer-12 60 && sudo update-alternatives --set llvm-symbolizer /usr/bin/llvm-symbolizer-12 - - - name: Set compiler to GCC 11 - if: ${{ matrix.env.CC == 'gcc' }} - run: | - sudo apt-get install -y --no-install-recommends gcc-11 gdb lldb - sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 60 && sudo update-alternatives --set gcc /usr/bin/gcc-11 - - # - # Ensure the homebrew version of clang is run rather than the Apple compiler. - # - - name: Set path for clang - if: ${{ runner.os == 'macOS' }} - run: | - echo "PATH=`brew --prefix`/opt/llvm@14/bin/:$PATH" >> $GITHUB_ENV - - # - # Build using some alternative libraries - # - # PCRE 2 -> PCRE 1 - # MIT Kerberos -> HEIMDAL Kerberos - # OpenSSL 1.0 -> OpenSSL 3.0 - # - - name: 'Fetch OpenSSL 3.0 SHA' - id: opensslshasum - if: ${{ matrix.env.LIBS_ALT == 'yes' }} - run: | - wget -qO- http://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz.sha256 | sed -ne 's/^\s\+/::set-output name=shasum::/p' - - - name: 'Restore OpenSSL 3.0 from the cache' - if: ${{ matrix.env.LIBS_ALT == 'yes' }} - uses: actions/cache@v2 - id: openssl-cache - with: - path: /opt/openssl/ - key: openssl3-${{ steps.opensslshasum.outputs.shasum }} - - - name: 'Build OpenSSL 3.0 (if cache stale)' - if: ${{ matrix.env.LIBS_ALT == 'yes' && steps.openssl-cache.outputs.cache-hit != 'true' }} - run: | - cd ~ - wget https://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz - tar xzf openssl-$ALT_OPENSSL.tar.gz - cd openssl-$ALT_OPENSSL - ./Configure --prefix=/opt/openssl --openssldir=. --debug - make -j `nproc` - make install_sw - - - name: Use alternative libraries - if: ${{ matrix.env.LIBS_ALT == 'yes' }} - run: | - echo /opt/openssl/lib64 | sudo tee /etc/ld.so.conf.d/openssl3.conf >/dev/null - sudo ldconfig - sudo apt-get install -y --no-install-recommends libpcre3-dev # "PCRE 1" - sudo apt-get purge -y libpcre2-dev # Remove default PCRE 2, leaving only PCRE 1 - sudo apt-get install -y --no-install-recommends heimdal-dev - - - - name: Show versions - run: | - $CC --version - make --version - krb5-config --all || : - pcre-config --libs-posix --version 2>/dev/null || : - pcre2-config --libs-posix --version 2>/dev/null || : - [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH - openssl version - - - name: Configure - run: | - if $CC -v 2>&1 | grep clang > /dev/null; then - echo "Enabling sanitizers" - enable_sanitizers="--enable-address-sanitizer --enable-undefined-behaviour-sanitizer" - if [ "`uname`" != "Darwin" ]; then - enable_sanitizers="$enable_sanitizers --enable-leak-sanitizer" - fi - if [ "$TEST_TYPE" = "fuzzing" ]; then - enable_sanitizers="$enable_sanitizers --enable-fuzzer" - fi - else - enable_sanitizers="" - fi - build_paths="" - if [ "`uname`" = "Darwin" ]; then - build_paths="--with-libfreeradius-ldap-lib-dir=`brew --prefix`/opt/openldap/lib --with-libfreeradius-ldap-include-dir=`brew --prefix`/opt/openldap/include --with-openssl-lib-dir=`brew --prefix`/opt/openssl/lib --with-openssl-include-dir=`brew --prefix`/opt/openssl/include --with-unixodbc-lib-dir=`brew --prefix`/opt/unixodbc/lib --with-unixodbc-include-dir=`brew --prefix`/opt/unixodbc/include" - elif [ -d /opt/openssl ]; then - export PATH=/opt/openssl/bin:$PATH - build_paths="--with-openssl-lib-dir=/opt/openssl/lib64 --with-openssl-include-dir=/opt/openssl/include" - fi - CFLAGS="${BUILD_CFLAGS}" ./configure -C \ - --enable-werror \ - $enable_sanitizers \ - $build_paths \ - --prefix=$HOME/freeradius \ - --with-threads=$LIBS_OPTIONAL \ - --with-udpfromto=$LIBS_OPTIONAL \ - --with-openssl=$LIBS_OPTIONAL \ - --with-pcre=$LIBS_OPTIONAL - echo "config.log" - cat config.log - echo "Contents of src/include/autoconf.h" - cat "./src/include/autoconf.h" - - - name: Make - run: | - [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH - make -j `nproc` - if: ${{ matrix.env.TEST_TYPE != 'fuzzing' }} - - # Disabled on MacOS and when fuzzing to reduce the runtime - - name: Clang Static Analyzer - if: ${{ matrix.env.CC == 'clang' && runner.os != 'macOS' && matrix.env.TEST_TYPE != 'fuzzing' }} - run: | - make -j `nproc` scan && [ "$(find build/plist/ -name *.html)" = '' ]; - - - name: "Clang Static Analyzer: Store assets on failure" - uses: actions/upload-artifact@v2 - with: - name: clang-scan.tgz - path: build/plist/**/*.html - retention-days: 30 - if: ${{ matrix.env.CC == 'clang' && failure() }} - - - name: Install and setup fixtures then run full CI tests - if: ${{ matrix.env.TEST_TYPE == 'fixtures' }} - run: | - [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH - - # Temporarily replace ucf (for config merge) with cp since it's - # terribly slow! - sudo mv /usr/bin/ucf /usr/bin/ucf.disabled - sudo sh -c 'echo "#!/bin/sh" > /usr/bin/ucf' - sudo sh -c 'echo "shift && cp -v \$@" >> /usr/bin/ucf' - sudo chmod +x /usr/bin/ucf - wget -O - https://openresty.org/package/pubkey.gpg | sudo apt-key add - - echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list - sudo apt-get update - sudo apt-get install -y --no-install-recommends \ - 389-ds \ - apparmor-utils \ - dovecot-imapd \ - exim4 \ - openresty \ - redis-server redis-tools \ - slapd ldap-utils - sudo mv -f /usr/bin/ucf.disabled /usr/bin/ucf - sudo systemctl stop dovecot exim4 slapd openresty - sudo aa-complain /usr/sbin/slapd - - echo "samba-common samba-common/workgroup string WORKGROUP" | sudo debconf-set-selections - echo "samba-common samba-common/dhcp boolean false" | sudo debconf-set-selections - echo "samba-common samba-common/do_debconf boolean true" | sudo debconf-set-selections - sudo apt-get install -y samba winbind krb5-user - - export PG_VER=14 - sudo sh -c "echo host all all 127.0.0.1/32 trust > /etc/postgresql/$PG_VER/main/pg_hba.conf" - sudo sh -c "echo local all all trust >> /etc/postgresql/$PG_VER/main/pg_hba.conf" - - sudo systemctl start mysql postgresql redis-server - - mysql -h 127.0.0.1 -uroot -proot -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '';"; - - for i in \ - postgresql-setup.sh \ - imap-setup.sh \ - exim-setup.sh \ - mysql-setup.sh \ - openresty-setup.sh \ - ldap-setup.sh \ - ldap2-setup.sh \ - 389ds-setup.sh \ - samba-setup.sh \ - redis-setup.sh; do - - script="./scripts/ci/$i" - echo "Calling $i" - $script - done - - make ci-test - - env: - SQL_MYSQL_TEST_SERVER: 127.0.0.1 - SQL_POSTGRESQL_TEST_SERVER: 127.0.0.1 - LDAP_TEST_SERVER: 127.0.0.1 - LDAP_TEST_SERVER_PORT: 3890 - LDAP_TEST_SERVER_SSL_PORT: 6360 - RFC4533_TEST_SERVER: ldap://127.0.0.1:3890/ - PERSISTENT_SEARCH_TEST_SERVER: ldap://127.0.0.1:3892/ - ACTIVE_DIRECTORY_TEST_SERVER: 127.0.0.1 - REST_TEST_SERVER: 127.0.0.1 - REST_TEST_SERVER_PORT: 8080 - REST_TEST_SERVER_SSL_PORT: 8443 -# SMTP_TEST_SERVER: 127.0.0.1 -# SMTP_TEST_SERVER_PORT: 2525 - REDIS_TEST_SERVER: 127.0.0.1 - REDIS_IPPOOL_TEST_SERVER: 127.0.0.1 - CACHE_REDIS_TEST_SERVER: 127.0.0.1 -# IMAP_TEST_SERVER: 127.0.0.1 -# IMAP_TEST_SERVER_PORT: 1430 -# IMAP_TEST_SERVER_SSL_PORT: 1431 - - # No detect_leaks support for ASAN on MacOS - - name: Run basic tests (MacOS) - if: ${{ matrix.env.TEST_TYPE == 'macos' }} - run: | - make test - env: - ASAN_OPTIONS: symbolize=1 detect_stack_use_after_return=1 - - # Fuzz in parallel, aiming to keep to overall runtime of this job in line - # with other jobs in the CI workflow - - name: Run fuzzer tests - if: ${{ matrix.env.TEST_TYPE == 'fuzzing' }} - run: | - # For fuzzing we won't be needing eapol_test - mkdir -p build/tests/eapol_test - : > build/tests/eapol_test/eapol_test.mk - make -j `nproc` test.fuzzer FUZZER_TIMEOUT=720 - find build/fuzzer -type f ! -path 'build/fuzzer/*.log' | grep . && exit 1 || : - - - name: "Clang libFuzzer: Store assets on failure" - uses: actions/upload-artifact@v2 - with: - name: clang-fuzzer - path: build/fuzzer - retention-days: 30 - if: ${{ matrix.env.TEST_TYPE == 'fuzzing' && failure() }} - - # - # If the CI has failed and the branch is ci-debug then we start a tmate - # session to provide interactive shell access to the session. - # - # The SSH rendezvous point will be emited continuously in the job output, - # which will look something like: - # - # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io - # - # For example: - # - # git push origin ci-debug --force - # - # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions - # - # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io - # - # Access requires that you have the private key corresponding to the - # public key of the GitHub user that initiated the job. - # - - name: "Debug: Start tmate" - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true - if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} + # Checkout, but defer pulling LFS objects until we've restored the cache + - uses: actions/checkout@v2 + with: + lfs: false + + - name: Create LFS file list as cache key + run: git lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id + + - name: Restore LFS cache + uses: actions/cache@v2 + id: lfs-cache + with: + path: .git/lfs + key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1 + + # Now the LFS pull will be local if we hit the cache, or remote otherwise + - name: Git LFS pull + run: git lfs pull + + - name: Restore eapol_test build directory from cache + uses: actions/cache@v2 + id: hostapd-cache + with: + path: ${{ env.HOSTAPD_BUILD_DIR }} + key: hostapd-${{ runner.os }}-${{ env.HOSTAPD_GIT_TAG }}-v4 + if: ${{ matrix.env.TEST_TYPE != 'fuzzing' }} + + - name: Package manager performance improvements + if: ${{ runner.os != 'macOS' }} + run: | + sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup' + echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections + sudo dpkg-reconfigure man-db + sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf + + # + # NetworkRADIUS repo is needed for up-to-date versions + # of libkqueue. Although libkqueue is available via + # debian, it's too old and the EVFILT_PROC filter is + # disabled. + # + # We don't need this on macOS as it has a native kqueue + # implementation. + # + - name: NetworkRADIUS signing key + if: ${{ runner.os != 'macOS' }} + run: sudo /bin/sh -c "curl -sS https://packages.networkradius.com/pgp/packages%40networkradius.com | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=yes apt-key add -" + + - name: Set up NetworkRADIUS extras repository + if: ${{ runner.os != 'macOS' }} + run: | + DIST=$(lsb_release -is | tr '[:upper:]' '[:lower:]') + RELEASE=$(lsb_release -cs) + sudo /bin/sh -c "echo \"deb http://packages.networkradius.com/extras/${DIST}/${RELEASE} ${RELEASE} main\" \ + > /etc/apt/sources.list.d/networkradius-extras.list" + + - name: Install build dependencies based on Debian packages plus extra CI packages + if: ${{ runner.os != 'macOS' }} + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt + debian/rules debian/control + sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control + sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control + + - uses: actions/setup-ruby@v1 + if: ${{ matrix.env.TEST_TYPE == 'fixtures' }} + + - name: Install cassandra driver (not yet available on 20.04) + if: ${{ matrix.env.OS == 'ubuntu-18.04' }} + run: sudo ./scripts/ci/cassandra-install.sh + + - name: Install dependencies (macOS) + if: ${{ runner.os == 'macOS' }} + run: | + brew install \ + cassandra-cpp-driver \ + gperftools \ + hiredis \ + json-c \ + libidn \ + libmemcached \ + llvm@14 \ + luajit \ + mariadb \ + make \ + mruby \ + openssl@1.1 \ + openssl \ + talloc + ln -s `brew --prefix`/opt/make/bin/gmake /usr/local/bin/make + echo "#! /bin/sh" >> /usr/local/bin/nproc + echo "sysctl -n hw.physicalcpu" >> /usr/local/bin/nproc + chmod +x /usr/local/bin/nproc + env: + HOMEBREW_NO_AUTO_UPDATE: 1 + HOMEBREW_NO_INSTALL_CLEANUP: 1 + HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS: 3650 + + - name: Install tacacs_plus + run: | + pip3 install tacacs_plus + + - name: Install LLVM 12 + if: ${{ matrix.env.CC == 'clang' && runner.os != 'macOS' }} + run: | + sudo apt-get install -y --no-install-recommends clang-12 llvm-12 gdb lldb + sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-12 60 && sudo update-alternatives --set clang /usr/bin/clang-12 + sudo update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer /usr/bin/llvm-symbolizer-12 60 && sudo update-alternatives --set llvm-symbolizer /usr/bin/llvm-symbolizer-12 + + - name: Set compiler to GCC 11 + if: ${{ matrix.env.CC == 'gcc' }} + run: | + sudo apt-get install -y --no-install-recommends gcc-11 gdb lldb + sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 60 && sudo update-alternatives --set gcc /usr/bin/gcc-11 + + # + # Ensure the homebrew version of clang is run rather than the Apple compiler. + # + - name: Set path for clang + if: ${{ runner.os == 'macOS' }} + run: | + echo "PATH=`brew --prefix`/opt/llvm@14/bin/:$PATH" >> $GITHUB_ENV + + # + # Build using some alternative libraries + # + # PCRE 2 -> PCRE 1 + # MIT Kerberos -> HEIMDAL Kerberos + # OpenSSL 1.0 -> OpenSSL 3.0 + # + - name: 'Fetch OpenSSL 3.0 SHA' + id: opensslshasum + if: ${{ matrix.env.LIBS_ALT == 'yes' }} + run: | + wget -qO- http://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz.sha256 | sed -ne 's/^\s\+/::set-output name=shasum::/p' + + - name: 'Restore OpenSSL 3.0 from the cache' + if: ${{ matrix.env.LIBS_ALT == 'yes' }} + uses: actions/cache@v2 + id: openssl-cache + with: + path: /opt/openssl/ + key: openssl3-${{ steps.opensslshasum.outputs.shasum }} + + - name: 'Build OpenSSL 3.0 (if cache stale)' + if: ${{ matrix.env.LIBS_ALT == 'yes' && steps.openssl-cache.outputs.cache-hit != 'true' }} + run: | + cd ~ + wget https://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz + tar xzf openssl-$ALT_OPENSSL.tar.gz + cd openssl-$ALT_OPENSSL + ./Configure --prefix=/opt/openssl --openssldir=. --debug + make -j `nproc` + make install_sw + + - name: Use alternative libraries + if: ${{ matrix.env.LIBS_ALT == 'yes' }} + run: | + echo /opt/openssl/lib64 | sudo tee /etc/ld.so.conf.d/openssl3.conf >/dev/null + sudo ldconfig + sudo apt-get install -y --no-install-recommends libpcre3-dev # "PCRE 1" + sudo apt-get purge -y libpcre2-dev # Remove default PCRE 2, leaving only PCRE 1 + sudo apt-get install -y --no-install-recommends heimdal-dev + + + - name: Show versions + run: | + $CC --version + make --version + krb5-config --all || : + pcre-config --libs-posix --version 2>/dev/null || : + pcre2-config --libs-posix --version 2>/dev/null || : + [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH + openssl version + + - name: Configure + run: | + if $CC -v 2>&1 | grep clang > /dev/null; then + echo "Enabling sanitizers" + enable_sanitizers="--enable-address-sanitizer --enable-undefined-behaviour-sanitizer" + if [ "`uname`" != "Darwin" ]; then + enable_sanitizers="$enable_sanitizers --enable-leak-sanitizer" + fi + if [ "$TEST_TYPE" = "fuzzing" ]; then + enable_sanitizers="$enable_sanitizers --enable-fuzzer" + fi + else + enable_sanitizers="" + fi + build_paths="" + if [ "`uname`" = "Darwin" ]; then + build_paths="--with-libfreeradius-ldap-lib-dir=`brew --prefix`/opt/openldap/lib --with-libfreeradius-ldap-include-dir=`brew --prefix`/opt/openldap/include --with-openssl-lib-dir=`brew --prefix`/opt/openssl/lib --with-openssl-include-dir=`brew --prefix`/opt/openssl/include --with-unixodbc-lib-dir=`brew --prefix`/opt/unixodbc/lib --with-unixodbc-include-dir=`brew --prefix`/opt/unixodbc/include" + elif [ -d /opt/openssl ]; then + export PATH=/opt/openssl/bin:$PATH + build_paths="--with-openssl-lib-dir=/opt/openssl/lib64 --with-openssl-include-dir=/opt/openssl/include" + fi + CFLAGS="${BUILD_CFLAGS}" ./configure -C \ + --enable-werror \ + $enable_sanitizers \ + $build_paths \ + --prefix=$HOME/freeradius \ + --with-threads=$LIBS_OPTIONAL \ + --with-udpfromto=$LIBS_OPTIONAL \ + --with-openssl=$LIBS_OPTIONAL \ + --with-pcre=$LIBS_OPTIONAL + echo "config.log" + cat config.log + echo "Contents of src/include/autoconf.h" + cat "./src/include/autoconf.h" + + - name: Make + run: | + [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH + make -j `nproc` + if: ${{ matrix.env.TEST_TYPE != 'fuzzing' }} + + # Disabled on MacOS and when fuzzing to reduce the runtime + - name: Clang Static Analyzer + if: ${{ matrix.env.CC == 'clang' && runner.os != 'macOS' && matrix.env.TEST_TYPE != 'fuzzing' }} + run: | + make -j `nproc` scan && [ "$(find build/plist/ -name *.html)" = '' ]; + + - name: "Clang Static Analyzer: Store assets on failure" + uses: actions/upload-artifact@v2 + with: + name: clang-scan.tgz + path: build/plist/**/*.html + retention-days: 30 + if: ${{ matrix.env.CC == 'clang' && failure() }} + + - name: Install and setup fixtures then run full CI tests + if: ${{ matrix.env.TEST_TYPE == 'fixtures' }} + run: | + [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH + + # Temporarily replace ucf (for config merge) with cp since it's + # terribly slow! + sudo mv /usr/bin/ucf /usr/bin/ucf.disabled + sudo sh -c 'echo "#!/bin/sh" > /usr/bin/ucf' + sudo sh -c 'echo "shift && cp -v \$@" >> /usr/bin/ucf' + sudo chmod +x /usr/bin/ucf + wget -O - https://openresty.org/package/pubkey.gpg | sudo apt-key add - + echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list + sudo apt-get update + sudo apt-get install -y --no-install-recommends \ + 389-ds \ + apparmor-utils \ + dovecot-imapd \ + exim4 \ + openresty \ + redis-server redis-tools \ + slapd ldap-utils + sudo mv -f /usr/bin/ucf.disabled /usr/bin/ucf + sudo systemctl stop dovecot exim4 slapd openresty + sudo aa-complain /usr/sbin/slapd + + echo "samba-common samba-common/workgroup string WORKGROUP" | sudo debconf-set-selections + echo "samba-common samba-common/dhcp boolean false" | sudo debconf-set-selections + echo "samba-common samba-common/do_debconf boolean true" | sudo debconf-set-selections + sudo apt-get install -y samba winbind krb5-user + + export PG_VER=14 + sudo sh -c "echo host all all 127.0.0.1/32 trust > /etc/postgresql/$PG_VER/main/pg_hba.conf" + sudo sh -c "echo local all all trust >> /etc/postgresql/$PG_VER/main/pg_hba.conf" + + sudo systemctl start mysql postgresql redis-server + + mysql -h 127.0.0.1 -uroot -proot -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '';"; + + for i in \ + postgresql-setup.sh \ + imap-setup.sh \ + exim-setup.sh \ + mysql-setup.sh \ + openresty-setup.sh \ + ldap-setup.sh \ + ldap2-setup.sh \ + 389ds-setup.sh \ + samba-setup.sh \ + redis-setup.sh; do + + script="./scripts/ci/$i" + echo "Calling $i" + $script + done + + make ci-test + + env: + SQL_MYSQL_TEST_SERVER: 127.0.0.1 + SQL_POSTGRESQL_TEST_SERVER: 127.0.0.1 + LDAP_TEST_SERVER: 127.0.0.1 + LDAP_TEST_SERVER_PORT: 3890 + LDAP_TEST_SERVER_SSL_PORT: 6360 + RFC4533_TEST_SERVER: ldap://127.0.0.1:3890/ + PERSISTENT_SEARCH_TEST_SERVER: ldap://127.0.0.1:3892/ + ACTIVE_DIRECTORY_TEST_SERVER: 127.0.0.1 + REST_TEST_SERVER: 127.0.0.1 + REST_TEST_SERVER_PORT: 8080 + REST_TEST_SERVER_SSL_PORT: 8443 +# SMTP_TEST_SERVER: 127.0.0.1 +# SMTP_TEST_SERVER_PORT: 2525 + REDIS_TEST_SERVER: 127.0.0.1 + REDIS_IPPOOL_TEST_SERVER: 127.0.0.1 + CACHE_REDIS_TEST_SERVER: 127.0.0.1 +# IMAP_TEST_SERVER: 127.0.0.1 +# IMAP_TEST_SERVER_PORT: 1430 +# IMAP_TEST_SERVER_SSL_PORT: 1431 + + # No detect_leaks support for ASAN on MacOS + - name: Run basic tests (MacOS) + if: ${{ matrix.env.TEST_TYPE == 'macos' }} + run: | + make test + env: + ASAN_OPTIONS: symbolize=1 detect_stack_use_after_return=1 + + # Fuzz in parallel, aiming to keep to overall runtime of this job in line + # with other jobs in the CI workflow + - name: Run fuzzer tests + if: ${{ matrix.env.TEST_TYPE == 'fuzzing' }} + run: | + # For fuzzing we won't be needing eapol_test + mkdir -p build/tests/eapol_test + : > build/tests/eapol_test/eapol_test.mk + make -j `nproc` test.fuzzer FUZZER_TIMEOUT=720 + find build/fuzzer -type f ! -path 'build/fuzzer/*.log' | grep . && exit 1 || : + + - name: "Clang libFuzzer: Store assets on failure" + uses: actions/upload-artifact@v2 + with: + name: clang-fuzzer + path: build/fuzzer + retention-days: 30 + if: ${{ matrix.env.TEST_TYPE == 'fuzzing' && failure() }} + + # + # If the CI has failed and the branch is ci-debug then we start a tmate + # session to provide interactive shell access to the session. + # + # The SSH rendezvous point will be emited continuously in the job output, + # which will look something like: + # + # SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io + # + # For example: + # + # git push origin ci-debug --force + # + # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions + # + # ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io + # + # Access requires that you have the private key corresponding to the + # public key of the GitHub user that initiated the job. + # + - name: "Debug: Start tmate" + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} ########################################################################################## # FREERADIUS CORE DEVELOPERS ONLY @@ -514,31 +514,31 @@ jobs: runs-on: ubuntu-latest name: "Merge into upstream" steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - lfs: false - persist-credentials: false - # Note: This also opportunistically updates the developer's branch with commits from - # the main repository. - # This update may fail if the developer has pushed additional commits since the - # workflow started. This is normal, and we ignore the failure. - # - # We fixup the origin URL as the default remote fails on push with: - # fatal: could not read Username for 'https://github.com': No such device or address - - name: "Merge into upstream dev branch and update local branch" - run: | - BRANCH=${GITHUB_REF#refs/heads/} - git config --local user.name "github-actions[bot]" - git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" - git remote add upstream https://$USERNAME:$REPO_KEY@github.com/FreeRADIUS/freeradius-server.git - git remote set-url origin https://$USERNAME:$REPO_KEY@github.com/$REPO_NAME - git fetch --no-recurse-submodules upstream +refs/heads/*:refs/remotes/upstream/* +refs/tags/*:refs/tags/upstream/* - git checkout --progress --force -B upstream-branch "refs/remotes/upstream/$BRANCH" - git merge "$BRANCH" --ff-only - git push upstream "upstream-branch:$BRANCH" - git push origin "upstream-branch:$BRANCH" || true - env: - USERNAME: ${{ github.repository_owner }} - REPO_NAME: ${{ github.repository }} - REPO_KEY: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + lfs: false + persist-credentials: false + # Note: This also opportunistically updates the developer's branch with commits from + # the main repository. + # This update may fail if the developer has pushed additional commits since the + # workflow started. This is normal, and we ignore the failure. + # + # We fixup the origin URL as the default remote fails on push with: + # fatal: could not read Username for 'https://github.com': No such device or address + - name: "Merge into upstream dev branch and update local branch" + run: | + BRANCH=${GITHUB_REF#refs/heads/} + git config --local user.name "github-actions[bot]" + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git remote add upstream https://$USERNAME:$REPO_KEY@github.com/FreeRADIUS/freeradius-server.git + git remote set-url origin https://$USERNAME:$REPO_KEY@github.com/$REPO_NAME + git fetch --no-recurse-submodules upstream +refs/heads/*:refs/remotes/upstream/* +refs/tags/*:refs/tags/upstream/* + git checkout --progress --force -B upstream-branch "refs/remotes/upstream/$BRANCH" + git merge "$BRANCH" --ff-only + git push upstream "upstream-branch:$BRANCH" + git push origin "upstream-branch:$BRANCH" || true + env: + USERNAME: ${{ github.repository_owner }} + REPO_NAME: ${{ github.repository }} + REPO_KEY: ${{ secrets.PERSONAL_ACCESS_TOKEN }}