From: Otto Moerbeek Date: Mon, 24 Jun 2024 11:16:07 +0000 (+0200) Subject: rec: specialize rel/rec-5.1.x branch to rec only workflows X-Git-Tag: rec-5.1.0-rc1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14375%2Fhead;p=thirdparty%2Fpdns.git rec: specialize rel/rec-5.1.x branch to rec only workflows --- diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index ad12ae87d9..89a7420770 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -49,89 +49,6 @@ jobs: echo "image-id=ghcr.io/powerdns/${{ inputs.runner-docker-image-name || env.DEFAULT_RUNNER_DOCKER_IMAGE }}" >> "$GITHUB_OUTPUT" echo "tag=${{ env.DEFAULT_IMAGE_TAG }}" >> "$GITHUB_OUTPUT" - build-auth: - name: build auth - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - needs: get-runner-container-image - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - FUZZING_TARGETS: yes - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - include: - - builder: autotools - sanitizers: asan+ubsan - - builder: meson - sanitizers: address,undefined - build_option: '--meson' - fail-fast: false - defaults: - run: - working-directory: ./pdns-${{ env.BUILDER_VERSION }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: auth-ccache-${{ matrix.builder }}-${{ steps.get-stamp.outputs.stamp }} - restore-keys: auth-ccache-${{ matrix.builder }} - - name: set sanitizers - run: echo "SANITIZERS=${{ matrix.sanitizers }}" >> "$GITHUB_ENV" - working-directory: . - - run: inv install-auth-build-deps - working-directory: . - - run: inv ci-autoconf ${{ matrix.build_option }} - working-directory: . - - run: inv ci-auth-configure ${{ matrix.build_option }} -b pdns-${{ env.BUILDER_VERSION }} - working-directory: . - - run: inv ci-auth-build ${{ matrix.build_option }} # This runs under pdns-$BUILDER_VERSION/pdns/ for make bear - - run: inv ci-auth-install-remotebackend-test-deps - - if: ${{ matrix.builder == 'meson' }} - run: inv install-auth-test-deps-only -b geoip - - run: inv ci-auth-run-unit-tests ${{ matrix.build_option }} - env: - PDNS_BUILD_PATH: ../pdns-${{ env.BUILDER_VERSION }} - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} - working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns - - name: Coveralls Parallel auth unit - if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-unit-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - run: inv ci-auth-install ${{ matrix.build_option }} - - run: ccache -s - - if: ${{ matrix.builder != 'meson' }} - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - if: ${{ matrix.builder != 'meson' }} - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - retention-days: 1 - build-recursor: name: build recursor if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} @@ -205,310 +122,6 @@ jobs: path: /opt/pdns-recursor retention-days: 1 - build-dnsdist: - name: build dnsdist - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - needs: get-runner-container-image - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - features: [least, full] - exclude: - - sanitizers: tsan - features: least - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - SANITIZERS: ${{ matrix.sanitizers }} - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - FUZZING_TARGETS: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - defaults: - run: - working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} - restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache- - - run: inv ci-install-rust ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-make-distdir - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - - run: inv ci-dnsdist-make-bear - - run: inv ci-dnsdist-run-unit-tests - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist unit - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - run: inv ci-make-install - - run: ccache -s - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - retention-days: 1 - - test-auth-api: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" - AUTH_BACKEND_IP_ADDR: "172.17.0.1" - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - include: - - backend: gsqlite3 - image: coscale/docker-sleep - - backend: gmysql - image: mysql:5 - - backend: gpgsql - image: postgres:9 - - backend: lmdb - image: coscale/docker-sleep - fail-fast: false - services: - database: - image: ${{ matrix.image }} - env: - POSTGRES_USER: runner - POSTGRES_HOST_AUTH_METHOD: trust - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - 5432:5432 - # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. - options: >- - --restart always - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - - run: inv apt-fresh - - run: inv install-clang-runtime - - run: inv install-auth-test-deps -b ${{ matrix.backend }} - - run: inv test-api auth -b ${{ matrix.backend }} - - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel auth API ${{ matrix.backend }} - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-api-${{ matrix.backend }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - test-auth-backend: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - LDAPHOST: ldap://ldapserver/ - ODBCINI: /github/home/.odbc.ini - AUTH_BACKEND_IP_ADDR: "172.17.0.1" - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - include: - - backend: remote - image: coscale/docker-sleep - env: {} - ports: [] - - backend: gmysql - image: mysql:5 - env: - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - backend: gmysql - image: mariadb:10 - env: - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - backend: gpgsql - image: postgres:9 - env: - POSTGRES_USER: runner - POSTGRES_HOST_AUTH_METHOD: trust - ports: - - 5432:5432 - - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms - image: coscale/docker-sleep - env: {} - ports: [] - - backend: lmdb - image: coscale/docker-sleep - env: {} - ports: [] - - backend: bind - image: coscale/docker-sleep - env: {} - ports: [] - - backend: geoip - image: coscale/docker-sleep - env: {} - ports: [] - - backend: lua2 - image: coscale/docker-sleep - env: {} - ports: [] - - backend: tinydns - image: coscale/docker-sleep - env: {} - ports: [] - - backend: authpy - image: coscale/docker-sleep - env: {} - ports: [] - - backend: godbc_sqlite3 - image: coscale/docker-sleep - env: {} - ports: [] - - backend: godbc_mssql - image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu - env: - ACCEPT_EULA: Y - SA_PASSWORD: 'SAsa12%%-not-a-secret-password' - ports: - - 1433:1433 - - backend: ldap - image: powerdns/ldap-regress:1.2.4-1 - env: - LDAP_LOG_LEVEL: 0 - CONTAINER_LOG_LEVEL: 4 - ports: - - 389:389 - - backend: geoip_mmdb - image: coscale/docker-sleep - env: {} - ports: [] - fail-fast: false - services: - database: - image: ${{ matrix.image }} - env: ${{ matrix.env }} - ports: ${{ matrix.ports }} - # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. - options: >- - --restart always - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - # FIXME: install recursor for backends that have ALIAS - - run: inv install-clang-runtime - - run: inv install-auth-test-deps -b ${{ matrix.backend }} - - run: inv test-auth-backend -b ${{ matrix.backend }} - - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel auth backend ${{ matrix.backend }} - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-backend-${{ matrix.backend }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - test-ixfrdist: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - - run: inv install-clang-runtime - - run: inv install-auth-test-deps - - run: inv test-ixfrdist - - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel ixfrdist - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: ixfrdist - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - test-recursor-api: needs: - build-recursor @@ -646,81 +259,9 @@ jobs: parallel: true allow-empty: true - test-dnsdist-regression: - needs: - - build-dnsdist - - get-runner-container-image - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498 - ASAN_OPTIONS: intercept_send=0 - LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-lsan.supp" - TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" - # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions - SKIP_INCLUDEDIR_TESTS: yes - SANITIZERS: ${{ matrix.sanitizers }} - COVERAGE: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - - run: inv install-clang-runtime - - run: inv install-dnsdist-test-deps $([ "$(. /etc/os-release && echo $VERSION_CODENAME)" = "bullseye" ] && echo "--skipXDP=True") - - run: inv test-dnsdist - - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist regression - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-regression-full-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - swagger-syntax-check: - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - # FIXME: https://github.com/PowerDNS/pdns/pull/12880 - # container: - # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master - # options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade - - run: inv install-swagger-tools - - run: inv swagger-syntax-check - collect: needs: - - build-auth - - build-dnsdist - build-recursor - - swagger-syntax-check - - test-auth-api - - test-auth-backend - - test-dnsdist-regression - - test-ixfrdist - test-recursor-api - test-recursor-regression - test-recursor-bulk diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index b17c8ed31f..6853d1d250 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -22,7 +22,7 @@ jobs: runs-on: ${{ matrix.runner-os }} strategy: matrix: - product: ['authoritative', 'recursor', 'dnsdist'] + product: ['recursor'] os: - centos-7 - el-8 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 35e2b0af24..3750af0f84 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] language: ['cpp'] - product: ['auth', 'rec', 'dnsdist'] + product: ['rec'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 133107b83e..5d7059165f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -10,23 +10,6 @@ permissions: # least privileges, see https://docs.github.com/en/actions/using-wo actions: read jobs: - call-build-image-auth: - uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master - if: ${{ vars.SCHEDULED_DOCKER }} - with: - product: auth - ref: ${{ github.ref_name }} - image-name: pdns-auth-master - image-tags: |- - latest - image-description: 'EXPERIMENTAL pdns auth image' - platforms: linux/amd64,linux/arm64/v8 - push: true - secrets: - DOCKERHUB_ORGANIZATION_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - call-build-image-recursor: uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master if: ${{ vars.SCHEDULED_DOCKER }} @@ -43,20 +26,3 @@ jobs: DOCKERHUB_ORGANIZATION_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }} DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - - call-build-image-dnsdist: - uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master - if: ${{ vars.SCHEDULED_DOCKER }} - with: - product: dnsdist - ref: ${{ github.ref_name }} - image-name: dnsdist-master - image-tags: |- - latest - image-description: 'EXPERIMENTAL dnsdist image' - platforms: linux/amd64,linux/arm64/v8 - push: true - secrets: - DOCKERHUB_ORGANIZATION_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml deleted file mode 100644 index f380b68efd..0000000000 --- a/.github/workflows/documentation.yml +++ /dev/null @@ -1,159 +0,0 @@ ---- -name: 'Documentation' - -on: - push: - branches: [master] - pull_request: - branches: [master] - -permissions: - contents: read - -jobs: - build-upload-docs: - name: Build and upload docs - runs-on: ubuntu-22.04 - env: - SERVICE_IP_ADDR: 127.0.0.1 - services: - database: - image: epicwink/proxpi - ports: - - 5000:5000 - options: >- - --restart always - outputs: - pip-list-auth: ${{ steps.pip-logs-auth.outputs.list-auth }} - pip-list-rec: ${{ steps.pip-logs-rec.outputs.list-rec }} - pip-list-dnsdist: ${{ steps.pip-logs-dnsdist.outputs.list-dnsdist }} - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - # Configure pip index-url set to proxpi - - run: pip config set global.index-url http://${{ env.SERVICE_IP_ADDR }}:5000/index/ - - run: pip config set global.trusted-host ${{ env.SERVICE_IP_ADDR }} - - id: proxpi-docker - run: echo "id=$(docker ps | grep "epicwink/proxpi" | awk '{print $1}')" >> "$GITHUB_OUTPUT" - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade # this runs apt update - - run: inv install-doc-deps - - run: inv install-doc-deps-pdf - - - id: get-version - run: | - echo "pdns_version=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - id: setup-ssh - run: |- - inv ci-docs-add-ssh --ssh-key="$SSH_KEY" --host-key="$HOST_KEY" - echo "have_ssh_key=yes" >> $GITHUB_OUTPUT - env: - SSH_KEY: ${{secrets.WEB1_DOCS_SECRET}} - HOST_KEY: ${{vars.WEB1_HOSTKEY}} - if: ${{github.ref_name == 'master' && env.SSH_KEY != ''}} - - # Auth - - run: inv ci-docs-build - - - run: mv html auth-html-docs - working-directory: ./docs/_build - - run: tar cf auth-html-docs.tar auth-html-docs - working-directory: ./docs/_build - - uses: actions/upload-artifact@v4 - with: - name: authoritative-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./docs/_build/auth-html-docs.tar - - run: bzip2 auth-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./docs/_build - - run: inv ci-docs-build-pdf - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Authoritative-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./docs/_build/latex/PowerDNS-Authoritative.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Authoritative.pdf" --username="docs_powerdns_com" --product="auth" --directory="/${AUTH_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - AUTH_DOCS_DIR: ${{vars.AUTH_DOCS_DIR}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-auth.log - - id: pip-logs-auth - run: echo "list-auth=$(cat /tmp/proxpi-auth.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - run: sudo sh -c "truncate -s 0 /var/lib/docker/containers/${{ steps.proxpi-docker.outputs.id }}*/${{ steps.proxpi-docker.outputs.id }}*-json.log" - - # Rec - - run: inv ci-docs-rec-generate - working-directory: ./pdns/recursordist/settings - - run: inv ci-docs-build - working-directory: ./pdns/recursordist - - run: mv html rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - run: tar cf rec-html-docs.tar rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: recursor-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/recursordist/docs/_build/rec-html-docs.tar - - run: bzip2 rec-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./pdns/recursordist/docs/_build - - run: inv ci-docs-build-pdf - working-directory: ./pdns/recursordist - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Recursor-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Recursor.pdf" --username="docs_powerdns_com" --product="rec" --directory="/${REC_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - REC_DOCS_DIR: ${{vars.REC_DOCS_DIR}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - working-directory: ./pdns/recursordist - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-rec.log - - id: pip-logs-rec - run: echo "list-rec=$(cat /tmp/proxpi-rec.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - run: sudo sh -c "truncate -s 0 /var/lib/docker/containers/${{ steps.proxpi-docker.outputs.id }}*/${{ steps.proxpi-docker.outputs.id }}*-json.log" - - # DNSdist - - run: inv ci-docs-build - working-directory: ./pdns/dnsdistdist - - run: mv html dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - run: tar cf dnsdist-html-docs.tar dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs.tar - - run: bzip2 dnsdist-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./pdns/dnsdistdist/docs/_build - - run: inv ci-docs-build-pdf - working-directory: ./pdns/dnsdistdist - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="dnsdist.pdf" --username="dnsdist_org" --product="dnsdist" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - working-directory: ./pdns/dnsdistdist - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-dnsdist.log - - id: pip-logs-dnsdist - run: echo "list-dnsdist=$(cat /tmp/proxpi-dnsdist.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - validate-pip-hashes: - name: Validate list of packages and hashes - runs-on: ubuntu-22.04 - needs: build-upload-docs - steps: - - uses: actions/checkout@v4 - - run: for i in `echo "${{ needs.build-upload-docs.outputs.pip-list-auth }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - - run: for i in `echo "${{ needs.build-upload-docs.outputs.pip-list-rec }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - working-directory: ./pdns/recursordist - - run: for i in `echo "${{ needs.build-upload-docs.outputs.pip-list-dnsdist }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - working-directory: ./pdns/dnsdistdist diff --git a/.github/workflows/misc-dailies.yml b/.github/workflows/misc-dailies.yml deleted file mode 100644 index 5840075d82..0000000000 --- a/.github/workflows/misc-dailies.yml +++ /dev/null @@ -1,138 +0,0 @@ -name: "Various daily checks" - -on: - schedule: - - cron: '34 4 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -env: - CLANG_VERSION: '12' - -jobs: - el7-devtoolset: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - - steps: - - name: Check whether a newer devtoolset exists - run: | - if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++' - then - echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml" - exit 1 - else - echo "::notice ::No newer devtoolset exists (good)" - exit 0 - fi - - check-debian-autoremovals: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - - name: Check if Debian is about to toss us off a balcony - run: ./build-scripts/check-debian-autoremovals.py - - coverity-auth: - name: coverity scan of the auth - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_auth_token }} - FUZZING_TARGETS: no - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-auth-build-deps - - run: inv install-coverity-tools PowerDNS - - run: inv coverity-clang-configure - - run: inv ci-autoconf - - run: inv ci-auth-configure - - run: inv coverity-make - - run: inv coverity-tarball auth.tar.bz2 - - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2 - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }} - SANITIZERS: - UNIT_TESTS: no - REPO_HOME: ${{ github.workspace }} - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-dnsdist-build-deps --skipXDP - - run: inv install-coverity-tools dnsdist - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure full - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-make - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-tarball dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - coverity-rec: - name: coverity scan of the rec - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_rec_token }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-rec-build-deps - - run: inv install-coverity-tools 'PowerDNS+Recursor' - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure full - working-directory: ./pdns/recursordist/ - - run: inv coverity-make - working-directory: ./pdns/recursordist/ - - run: inv coverity-tarball recursor.tar.bz2 - working-directory: ./pdns/recursordist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2 - working-directory: ./pdns/recursordist/ diff --git a/.github/workflows/secpoll.yml b/.github/workflows/secpoll.yml deleted file mode 100644 index 57278d7649..0000000000 --- a/.github/workflows/secpoll.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: 'Verify secpoll zone syntax' - -on: - push: - pull_request: - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - build: - name: check secpoll zone - # on a ubuntu-20.04 VM - runs-on: ubuntu-20.04 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: sh docs/secpoll-check.sh docs/secpoll.zone - - run: echo 'deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-master main' | sudo tee /etc/apt/sources.list.d/pdns.list - - run: "echo -ne 'Package: pdns-*\nPin: origin repo.powerdns.com\nPin-Priority: 600\n' | sudo tee /etc/apt/preferences.d/pdns" - - run: sudo curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc - - run: sudo apt-get update - - run: sudo systemctl mask pdns - - run: sudo apt-get install -y pdns-server pdns-backend-sqlite3 - - run: "echo -ne 'launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3\n' | sudo tee /etc/powerdns/pdns.conf" - - run: sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql - - run: sudo pdnsutil load-zone secpoll.powerdns.com docs/secpoll.zone - - run: sudo pdnsutil check-zone secpoll.powerdns.com diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml deleted file mode 100644 index c250cd1046..0000000000 --- a/.github/workflows/spelling.yml +++ /dev/null @@ -1,19 +0,0 @@ -# spelling.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -name: Workflow should not run! -on: - push: - branches: '' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling2.yml b/.github/workflows/spelling2.yml deleted file mode 100644 index 055dd17304..0000000000 --- a/.github/workflows/spelling2.yml +++ /dev/null @@ -1,16 +0,0 @@ -# spelling2.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Workflow should not run! -on: - push: - branches: '' - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling3.yml b/.github/workflows/spelling3.yml deleted file mode 100644 index 9df9009ca4..0000000000 --- a/.github/workflows/spelling3.yml +++ /dev/null @@ -1,72 +0,0 @@ -# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -# spelling2.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Spell checking - -on: - push: - branches: - - "**" - tags-ignore: - - "**" - pull_request: - branches: - - "**" - types: - - 'opened' - - 'reopened' - - 'synchronize' - -jobs: - spelling: - name: Spell checking - permissions: - # contents-read is needed to checkout in private repositories - contents: read - # actions-read is needed (possibly only for private repositories) - # to identify the workflow's filename until - # https://github.com/actions/runner/issues/853 is fixed - actions: read - # security-events-write is needed according to the documentation: - # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions - security-events: write - outputs: - followup: ${{ steps.spelling.outputs.followup }} - runs-on: ubuntu-latest - if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} - concurrency: - group: spelling-${{ github.event.pull_request.number || github.ref }} - # note: If you use only_check_changed_files, you do not want cancel-in-progress - cancel-in-progress: true - steps: - - name: check-spelling - id: spelling - uses: check-spelling/check-spelling@v0.0.22 - with: - config: .github/actions/spell-check - suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }} - checkout: true - spell_check_this: powerdns/pdns@master - post_comment: 0 - warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check - use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} - extra_dictionaries: - cspell:software-terms/dict/softwareTerms.txt - cspell:node/dict/node.txt - cspell:python/src/common/extra.txt - cspell:php/dict/php.txt - cspell:python/src/python/python-lib.txt - cspell:golang/dict/go.txt - cspell:fullstack/dict/fullstack.txt - cspell:k8s/dict/k8s.txt - cspell:aws/aws.txt - cspell:cpp/src/stdlib-cpp.txt - cspell:filetypes/filetypes.txt - cspell:python/src/python/python.txt - cspell:django/dict/django.txt - cspell:typescript/dict/typescript.txt - cspell:dotnet/dict/dotnet.txt - cspell:html/dict/html.txt - cspell:cpp/src/lang-keywords.txt - cspell:lua/dict/lua.txt - cspell:latex/dict/latex.txt - check_extra_dictionaries: ''