Skip to content

Fixes #1298: use entropy pool to generate PRNG seed #476

Fixes #1298: use entropy pool to generate PRNG seed

Fixes #1298: use entropy pool to generate PRNG seed #476

Workflow file for this run

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
name: Build
on:
push:
pull_request:
workflow_dispatch:
inputs:
protonRepository:
description: GitHub repository where to fetch Qpid Proton from
type: string
default: 'apache/qpid-proton'
required: false
protonBranch:
description: Branch in the protonRepository to check out (in addition to hardcoded branches)
type: string
default: main
required: false
# known limitation https://github.com/actions/runner/issues/480
env:
protonRepository: "${{ github.event.inputs.protonRepository || 'apache/qpid-proton' }}"
protonBranch: "${{ github.event.inputs.protonBranch || 'main' }}"
jobs:
compile:
name: "Compile (${{matrix.os}}, ${{matrix.runtimeCheck}}, proton ${{matrix.protonGitRef}})"
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04]
buildType: [Debug]
runtimeCheck: [asan]
protonGitRef:
- ${{ github.event.inputs.protonBranch || 'main' }}
- 0.39.0
env:
CC: 'gcc-12'
CXX: 'g++-12'
BuildType: ${{matrix.buildType}}
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build
RouterBuildDir: ${{github.workspace}}/skupper-router/build
InstallPrefix: ${{github.workspace}}/install
VERBOSE: 1
ProtonCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DBUILD_BINDINGS=python
-DBUILD_TOOLS=OFF
-DBUILD_EXAMPLES=OFF
-DBUILD_TESTING=OFF
-DENABLE_FUZZ_TESTING=OFF
-DRUNTIME_CHECK=${{matrix.runtimeCheck}}
-DBUILD_TLS=ON
RouterCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DCMAKE_C_FLAGS=-DQD_MEMORY_DEBUG
-DRUNTIME_CHECK=${{matrix.runtimeCheck}}
-DSANITIZE_PYTHON=OFF
-DBUILD_BENCHMARKS=ON
CCACHE_BASEDIR: ${{github.workspace}}
CCACHE_DIR: ${{github.workspace}}/.ccache
CCACHE_COMPRESS: 'true'
CCACHE_MAXSIZE: '400MB'
SKUPPER_SYSTEM_TEST_SKIP_POLICY: True
SKUPPER_SYSTEM_TEST_SKIP_DELIVERY_ABORT: True
steps:
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22
- name: Escape job identifier for artifact naming
run: |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.protonGitRef}}"
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g')
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV
- name: Show environment (Linux)
if: ${{ always() && runner.os == 'Linux' }}
run: env -0 | sort -z | tr '\0' '\n'
- uses: actions/checkout@v4
with:
repository: ${{ env.protonRepository }}
ref: ${{ matrix.protonGitRef }}
path: 'qpid-proton'
- uses: actions/checkout@v4
with:
path: 'skupper-router'
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
- name: Prepare ccache timestamp
id: ccache_cache_timestamp
shell: cmake -P {0}
run: |
string(TIMESTAMP current_date "%Y-%m-%d-%H;%M;%S" UTC)
file(APPEND "$ENV{GITHUB_OUTPUT}" "timestamp=${current_date}")
- uses: actions/cache@v3
env:
cache-name: cache-ccache
with:
path: .ccache
key: ${{ github.workflow }}-${{ matrix.os }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}-${{ steps.ccache_cache_timestamp.outputs.timestamp }}
restore-keys: |
${{ github.workflow }}-${{ matrix.os }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}
- name: Create Build and Install directories
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "${InstallPrefix}"
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
architecture: x64
- name: Install Python build dependencies
run: python -m pip install setuptools wheel cffi
- name: Install Linux build dependencies
run: |
sudo apt update; sudo apt install -y libdw-dev swig libpython3-dev libsasl2-dev libjsoncpp-dev libwebsockets-dev libnghttp2-dev ccache ninja-build pixz libbenchmark-dev nginx
- name: Zero ccache stats
run: ccache -z
- name: qpid-proton cmake configure
working-directory: ${{env.ProtonBuildDir}}
run: >
cmake "${{github.workspace}}/qpid-proton" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
"-GNinja" \
${ProtonCMakeExtraArgs}
- name: qpid-proton cmake build/install
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} -t install --parallel 6
- name: Display ccache stats
run: ccache -s
- name: skupper-router cmake configure
working-directory: ${{env.RouterBuildDir}}
run: >
cmake "${{github.workspace}}/skupper-router" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
"-DPYTHON_TEST_COMMAND='-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \
"-GNinja" \
${RouterCMakeExtraArgs}
- name: skupper-router cmake build/install
run: cmake --build "${RouterBuildDir}" --config ${BuildType} -t install --parallel 6
- name: Display ccache stats
run: ccache -s
# github actions/upload-artifact@v2 does not preserve executable permission on binaries
- name: Compress build
working-directory: ${{github.workspace}}
run: >
tar \
-I pixz \
-cf /tmp/archive.tar.xz \
--exclude '*.o' \
--exclude '*.pyc' \
--exclude '.git' \
skupper-router \
install \
qpid-proton/build/python
- name: Upload archive
uses: actions/upload-artifact@v3
with:
name: skupper_router_wrk_${{env.JOB_IDENTIFIER}}
path: /tmp/archive.tar.xz
test:
name: 'Test (${{matrix.os}}, ${{matrix.runtimeCheck}}, proton ${{matrix.protonGitRef}}, shard ${{matrix.shard}} of ${{matrix.shards}})'
runs-on: ${{ matrix.os }}
needs: [compile]
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04]
buildType: [Debug]
runtimeCheck: [asan]
protonGitRef:
- ${{ github.event.inputs.protonBranch || 'main' }}
- 0.39.0
shard: [1, 2]
shards: [2]
env:
CC: 'gcc-12'
CXX: 'g++-12'
BuildType: ${{matrix.buildType}}
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build
RouterBuildDir: ${{github.workspace}}/skupper-router/build
InstallPrefix: ${{github.workspace}}/install
RouterCTestExtraArgs: ""
LD_LIBRARY_PATH: ${{github.workspace}}/install/lib
QPID_SYSTEM_TEST_TIMEOUT: 300
QPID_SYSTEM_TEST_SKIP_FALLBACK_SWITCHOVER_TEST: True
# this enables colored output
FORCE_COLOR: 1
COLUMNS: 160
steps:
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22
- name: Escape job identifier for artifact naming
run: |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.protonGitRef}}"
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g')
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV
- name: Show environment (Linux)
if: ${{ always() && runner.os == 'Linux' }}
run: env -0 | sort -z | tr '\0' '\n'
- name: Download Build
uses: actions/download-artifact@v3
with:
name: skupper_router_wrk_${{env.JOB_IDENTIFIER}}
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
architecture: x64
- name: Install Linux runtime/test dependencies
run: |
sudo apt update; sudo apt install -y libdw1 libsasl2-2 libsasl2-modules sasl2-bin libjsoncpp25 libwebsockets16 libbenchmark1 pixz curl ncat gdb elfutils findutils file python3-dbg
- name: Unpack archive
run: tar -I pixz -xf archive.tar.xz
- name: Install Python runtime/test dependencies
run: python -m pip install -r ${{github.workspace}}/skupper-router/requirements-dev.txt
- name: install qpid-proton python wheel
run: python -m pip install $(find ${ProtonBuildDir}/python/ -name 'python_qpid_proton*.whl')
- name: CTest
working-directory: ${{env.RouterBuildDir}}
run: |
sudo sysctl -w kernel.core_pattern="coredump.%e.%p"
ulimit -c unlimited
ctest --timeout 1200 -V --output-junit=Testing/Test.xml --no-compress-output -I ${{matrix.shard}},,${{matrix.shards}} -j12 ${{env.RouterCTestExtraArgs}}
- name: Report coredump stacktraces (if any tests failed)
if: ${{ failure() }}
run: |
find -name 'coredump*' -exec ${{github.workspace}}/skupper-router/scripts/gha_analyze_coredump.sh {} \;
- name: Upload test results
uses: actions/upload-artifact@v3
if: ${{ ! cancelled() }}
with:
name: Test_Results_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: ${{env.RouterBuildDir}}/tests/junitxmls/*.xml
- name: Delete logs from passing tests
if: ${{ failure() }}
continue-on-error: true
run: python3 ${{github.workspace}}/skupper-router/scripts/gha_purge_successful_test_logs.py --build-dir=${{env.RouterBuildDir}} --no-dry-run
- name: Upload log files (if any tests failed)
uses: actions/upload-artifact@v3
if: failure()
with:
name: testLogs_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: |
${{env.RouterBuildDir}}/tests
- name: Upload core files (if any)
uses: actions/upload-artifact@v3
if: failure()
with:
name: cores_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: |
**/coredump*
compile_and_test:
name: "Compile and Test (${{matrix.container}}:${{matrix.containerTag}}, ${{matrix.runtimeCheck}}, ${{matrix.cc}}, proton ${{matrix.protonGitRef}}, shard ${{matrix.shard}} of ${{matrix.shards}})"
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04]
container: ['fedora']
containerTag: ['37']
cc: [gcc]
cxx: [g++]
buildType: [RelWithDebInfo]
runtimeCheck: [asan, tsan]
protonGitRef:
- ${{ github.event.inputs.protonBranch || 'main' }}
- 0.39.0
shard: [ 1, 2 ]
shards: [ 2 ]
include:
# CentOS 9
- os: ubuntu-22.04
container: 'centos'
containerTag: stream9
cc: gcc
cxx: g++
buildType: Coverage
covType: system
runtimeCheck: OFF
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 1
shards: 2
- os: ubuntu-22.04
container: 'centos'
containerTag: stream9
cc: gcc
cxx: g++
buildType: Coverage
covType: system
runtimeCheck: OFF
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 2
shards: 2
# CentOS 8
- os: ubuntu-22.04
container: 'centos'
containerTag: stream8
cc: gcc
cxx: g++
runtimeCheck: OFF
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 1
shards: 2
- os: ubuntu-22.04
container: 'centos'
containerTag: stream8
cc: gcc
cxx: g++
runtimeCheck: OFF
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 2
shards: 2
- os: ubuntu-22.04
container: 'centos'
containerTag: stream8
cc: gcc
cxx: g++
runtimeCheck: OFF
protonGitRef: 0.39.0
shard: 1
shards: 2
- os: ubuntu-22.04
container: 'centos'
containerTag: stream8
cc: gcc
cxx: g++
runtimeCheck: OFF
protonGitRef: 0.39.0
shard: 2
shards: 2
# unittest coverage
- os: ubuntu-22.04
container: 'fedora'
containerTag: 37
cc: gcc
cxx: g++
buildType: Coverage
covType: unit
runtimeCheck: OFF
protonGitRef: 0.39.0
routerCTestExtraArgs: "-R 'unittests|unit_tests|threaded_timer_test|adaptor_buffer_test|router_engine_test|management_test|router_policy_test|test_command'"
shard: 1
shards: 1
# clang
- os: ubuntu-22.04
container: 'fedora'
containerTag: 37
cc: clang
cxx: clang++
buildType: RelWithDebInfo
runtimeCheck: asan
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 1
shards: 2
- os: ubuntu-22.04
container: 'fedora'
containerTag: 37
cc: clang
cxx: clang++
buildType: RelWithDebInfo
runtimeCheck: asan
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }}
shard: 2
shards: 2
container:
image: 'quay.io/${{ matrix.container }}/${{ matrix.container }}:${{ matrix.containerTag }}'
volumes:
- ${{github.workspace}}:${{github.workspace}}
options: --privileged --ulimit core=-1 --security-opt apparmor:unconfined --security-opt seccomp=unconfined --sysctl net.ipv6.conf.all.disable_ipv6=0
env:
BuildType: ${{matrix.buildType}}
CC: ${{matrix.cc}}
CXX: ${{matrix.cxx}}
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build
RouterBuildDir: ${{github.workspace}}/skupper-router/build
InstallPrefix: ${{github.workspace}}/install
RouterCTestExtraArgs: ${{matrix.routerCTestExtraArgs}}
# this enables colored output
FORCE_COLOR: 1
COLUMNS: 160
# TODO(DISPATCH-2144) use -DPython_EXECUTABLE=/usr/bin/python3-debug when issue is fixed,
# as that allows for -DSANITIZE_3RD_PARTY=ON on Fedora
# TODO(https://github.com/google/sanitizers/issues/1385) some targeted asan suppressions don't work on Fedora
ProtonCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DBUILD_BINDINGS=python
-DPython_EXECUTABLE=/usr/bin/python3
-DBUILD_TOOLS=OFF
-DBUILD_EXAMPLES=OFF
-DBUILD_TESTING=OFF
-DENABLE_FUZZ_TESTING=OFF
-DRUNTIME_CHECK=${{matrix.runtimeCheck}}
-DBUILD_TLS=ON
RouterCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DPython_EXECUTABLE=/usr/bin/python3
-DRUNTIME_CHECK=${{matrix.runtimeCheck}}
CCACHE_BASEDIR: ${{github.workspace}}
CCACHE_DIR: ${{github.workspace}}/.ccache
CCACHE_COMPRESS: 'true'
CCACHE_MAXSIZE: '400MB'
QPID_SYSTEM_TEST_TIMEOUT: 300
QPID_SYSTEM_TEST_SKIP_FALLBACK_SWITCHOVER_TEST: True
SKUPPER_SYSTEM_TEST_SKIP_POLICY: True
SKUPPER_SYSTEM_TEST_SKIP_DELIVERY_ABORT: True
VERBOSE: 1
steps:
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22
- name: Escape job identifier for artifact naming
run: |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.container}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.cc}}_${{matrix.protonGitRef}}"
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g')
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV
- name: Show environment (Linux)
if: ${{ always() && runner.os == 'Linux' }}
run: env -0 | sort -z | tr '\0' '\n'
- uses: actions/checkout@v4
with:
repository: ${{ env.protonRepository }}
ref: ${{ matrix.protonGitRef }}
path: 'qpid-proton'
- uses: actions/checkout@v4
with:
path: 'skupper-router'
- name: Enable additional package repositories for CentOS 8
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream8' }}
run: |
dnf -y install epel-release 'dnf-command(config-manager)'
dnf config-manager --set-enabled powertools
- name: Enable additional package repositories for CentOS 9
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }}
run: |
dnf -y install epel-release 'dnf-command(config-manager)'
dnf config-manager --set-enabled crb
# also sets LD_LIBRARY_PATH to find libclang_rt.asan-x86_64.so for asan'd proton
- name: Install Linux compiler (clang)
if: ${{ matrix.cc == 'clang' }}
run: |
dnf install -y clang compiler-rt llvm
echo "LD_LIBRARY_PATH=$(dirname $(clang --print-file-name libclang_rt.asan-x86_64.so))" >> $GITHUB_ENV
- name: Install Linux compiler (gcc)
if: ${{ matrix.cc == 'gcc' }}
run: dnf install -y gcc gcc-c++
- name: Install Linux build dependencies
run: |
dnf install -y elfutils-devel cmake libuuid-devel openssl openssl-devel cyrus-sasl-devel cyrus-sasl-plain swig make libwebsockets-devel libnghttp2-devel ccache libasan libubsan libtsan libunwind-devel
- name: Install Linux build dependencies (Fedora)
if: ${{ matrix.container == 'fedora' }}
run: dnf install -y python3-devel python3-pip
- name: Install Linux build dependencies (CentOS 8)
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream8' }}
run: dnf install -y python39-devel python39-pip
# util-linux-core provides dmesg
- name: Install Linux build dependencies (CentOS 9)
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }}
run: dnf install -y util-linux-core python3-devel python3-pip
- name: Install Python build dependencies
run: python3 -m pip install setuptools wheel cffi
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
- name: Prepare ccache timestamp
id: ccache_cache_timestamp
shell: cmake -P {0}
run: |
string(TIMESTAMP current_date "%Y-%m-%d-%H;%M;%S" UTC)
file(APPEND "$ENV{GITHUB_OUTPUT}" "timestamp=${current_date}")
- uses: actions/cache@v3
env:
cache-name: cache-ccache
with:
path: .ccache
key: ${{ github.workflow }}-${{ matrix.container }}-${{ matrix.containerTag }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}-${{ steps.ccache_cache_timestamp.outputs.timestamp }}
restore-keys: |
${{ github.workflow }}-${{ matrix.container }}-${{ matrix.containerTag }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}
- name: Create Build and Install directories
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "{InstallPrefix}"
- name: Zero ccache stats
run: ccache -z
- name: qpid-proton cmake configure
working-directory: ${{env.ProtonBuildDir}}
run: >
cmake "${{github.workspace}}/qpid-proton" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
${ProtonCMakeExtraArgs}
- name: qpid-proton cmake build/install
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} --target install --parallel 6
- name: Display ccache stats
run: ccache -s
- name: enable asserts on asan build
if: matrix.runtimeCheck == 'asan' || matrix.runtimeCheck == 'OFF'
run: echo "RouterCMakeAsserts=ON" >> $GITHUB_ENV
- name: disable asserts on tsan build
if: matrix.runtimeCheck == 'tsan'
run: echo "RouterCMakeAsserts=OFF" >> $GITHUB_ENV
- name: disable Python leak checking on CentOS build
if: matrix.container == 'centos'
run: echo "RouterCMakeSanitizePython=OFF" >> $GITHUB_ENV
- name: skupper-router cmake configure
working-directory: ${{env.RouterBuildDir}}
run: |
if [[ ${BuildType} == "Coverage" ]]; then CoverageOpts="-m;coverage;run"; fi
cmake "${{github.workspace}}/skupper-router" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
"-DPYTHON_TEST_COMMAND='${CoverageOpts};-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \
${RouterCMakeExtraArgs} -DQD_ENABLE_ASSERTIONS=${RouterCMakeAsserts} -DSANITIZE_PYTHON=${RouterCMakeSanitizePython:-ON}
- name: skupper-router cmake build/install
run: cmake --build "${RouterBuildDir}" --config ${BuildType} --target install --parallel 6
- name: Display ccache stats
run: ccache -s
- name: Show environment (Linux)
if: ${{ always() && runner.os == 'Linux' }}
run: env -0 | sort -z | tr '\0' '\n'
- name: Upgrade pip
run: python3 -m pip install --upgrade pip
- name: Install Python runtime/test dependencies
run: python3 -m pip install -r ${{github.workspace}}/skupper-router/requirements-dev.txt
- name: Install Linux runtime/test dependencies
run: |
dnf install -y nmap-ncat gdb binutils elfutils elfutils-debuginfod-client findutils file nginx
command -v curl || dnf install -y curl
dnf debuginfo-install -y python3
- name: install qpid-proton python wheel
run: python3 -m pip install $(find ${ProtonBuildDir}/python/ -name 'python_qpid_proton*.whl')
- name: CTest
working-directory: ${{env.RouterBuildDir}}
run: |
echo "coredump.%e.%p" > /proc/sys/kernel/core_pattern
ulimit -c unlimited
threads=12
if [[ "${{ matrix.runtimeCheck }}" == "tsan" ]]; then
threads=6
fi
ctest --timeout 1200 -V --output-junit=Testing/Test.xml --output-on-failure --no-compress-output -I ${{matrix.shard}},,${{matrix.shards}} -j${threads} ${{env.RouterCTestExtraArgs}}
- name: Process C Coverage
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }}
working-directory: ${{env.RouterBuildDir}}
run: |
dnf install -y lcov
cmake --build . --target coverage
# https://github.com/codecov/codecov-action
- name: Upload C Coverage
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }}
uses: codecov/codecov-action@v3
with:
flags: ${{matrix.covType}}tests
verbose: true
gcov: true
name: skupper-router
root_dir: .
working-directory: ${{github.workspace}}/skupper-router
- name: Process Python coverage
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }}
run: |
coverage combine
coverage xml
working-directory: ${{env.RouterBuildDir}}/tests
- name: Upload Python Coverage
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }}
uses: codecov/codecov-action@v3
with:
flags: py${{matrix.covType}}tests
verbose: true
directory: ${{env.RouterBuildDir}}/tests
name: skupper-router
root_dir: .
working-directory: ${{github.workspace}}/skupper-router
- name: Report coredump stacktraces (if any tests failed)
if: ${{ failure() }}
run: |
find -name 'coredump*' -exec ${{github.workspace}}/skupper-router/scripts/gha_analyze_coredump.sh {} \;
- name: Dump dmesg (on failure)
if: ${{ failure() }}
run: dmesg
- name: Upload test results
uses: actions/upload-artifact@v3
if: ${{ ! cancelled() }}
with:
name: Test_Results_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: ${{env.RouterBuildDir}}/tests/junitxmls/*.xml
- name: Delete logs from passing tests
if: ${{ failure() }}
continue-on-error: true
run: python3 ${{github.workspace}}/skupper-router/scripts/gha_purge_successful_test_logs.py --build-dir=${{env.RouterBuildDir}} --no-dry-run
- name: Upload log files (if any tests failed)
uses: actions/upload-artifact@v3
if: failure()
with:
name: testLogs_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: |
${{env.RouterBuildDir}}/tests
- name: Upload core files (if any)
uses: actions/upload-artifact@v3
if: failure()
with:
name: cores_${{env.JOB_IDENTIFIER}}_${{matrix.shard}}
path: |
**/coredump*
python:
name: 'Python Checker (${{ matrix.os }})'
runs-on: '${{ matrix.os }}'
strategy:
matrix:
os: [ 'ubuntu-22.04' ]
env:
DispatchBuildDir: ${{github.workspace}}/build
InstallPrefix: ${{github.workspace}}/install
DispatchCMakeExtraArgs: >
-GNinja
# this enables colored output
FORCE_COLOR: 1
COLUMNS: 160
steps:
- uses: actions/checkout@v4
with:
repository: ${{ env.protonRepository }}
ref: ${{ env.protonBranch }}
path: 'qpid-proton'
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
architecture: x64
- name: Install Linux build dependencies
run: |
sudo apt update; sudo apt install -y flake8 mypy pylint python3-qpid-proton libpython3-dev ninja-build libwebsockets-dev libnghttp2-dev nginx
- name: Install qpid-proton
run: |
cmake -S qpid-proton -B qpid-proton -GNinja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_BINDINGS=OFF -DBUILD_TOOLS=OFF -DBUILD_TESTING=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TLS=ON
cmake --build qpid-proton
sudo cmake --install qpid-proton
- uses: actions/checkout@v4
- name: Create Build and Install directories
run: mkdir -p "${DispatchBuildDir}" "{InstallPrefix}"
- name: skupper-router cmake configure
working-directory: ${{env.DispatchBuildDir}}
run: >
cmake "${{github.workspace}}" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
${DispatchCMakeExtraArgs}
- name: CTest -R python-checker
working-directory: ${{env.DispatchBuildDir}}
run: ctest -VV -R python-checker
pgo:
name: Profile Guided Optimization
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os: [ubuntu-20.04]
container: ['fedora']
containerTag: ['37']
buildType: [RelWithDebInfo]
protonGitRef:
- ${{ github.event.inputs.protonBranch || 'main' }}
container:
image: 'quay.io/${{ matrix.container }}/${{ matrix.container }}:${{ matrix.containerTag }}'
volumes:
- ${{github.workspace}}:${{github.workspace}}
options: --privileged --ulimit core=-1 --security-opt apparmor:unconfined --security-opt seccomp=unconfined --sysctl net.ipv6.conf.all.disable_ipv6=0
env:
BuildType: ${{matrix.buildType}}
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build
RouterBuildDir: ${{github.workspace}}/skupper-router/build
InstallPrefix: ${{github.workspace}}/install
# this enables colored output
FORCE_COLOR: 1
COLUMNS: 160
ProtonCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DBUILD_BINDINGS=python
-DPython_EXECUTABLE=/usr/bin/python3
-DBUILD_TOOLS=OFF
-DBUILD_EXAMPLES=OFF
-DBUILD_TESTING=OFF
-DENABLE_FUZZ_TESTING=OFF
-DRUNTIME_CHECK=OFF
-DBUILD_TLS=ON
RouterCMakeExtraArgs: >
-DCMAKE_C_COMPILER_LAUNCHER=ccache
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache
-DPython_EXECUTABLE=/usr/bin/python3
-DRUNTIME_CHECK=OFF
-DENABLE_PROFILE_GUIDED_OPTIMIZATION=ON
CCACHE_BASEDIR: ${{github.workspace}}
CCACHE_DIR: ${{github.workspace}}/.ccache
CCACHE_COMPRESS: 'true'
CCACHE_MAXSIZE: '400MB'
QPID_SYSTEM_TEST_TIMEOUT: 400
VERBOSE: 1
steps:
- name: Show environment (Linux)
if: ${{ always() && runner.os == 'Linux' }}
run: env -0 | sort -z | tr '\0' '\n'
- uses: actions/checkout@v4
with:
repository: ${{ env.protonRepository }}
ref: ${{ matrix.protonGitRef }}
path: 'qpid-proton'
- uses: actions/checkout@v4
with:
path: 'skupper-router'
- name: Install Linux build dependencies
run: |
dnf install -y gcc gcc-c++ elfutils-devel cmake libuuid-devel openssl openssl-devel cyrus-sasl-devel cyrus-sasl-plain swig make libwebsockets-devel libnghttp2-devel ccache
- name: Install Linux build dependencies (Python)
run: dnf install -y python3-devel python3-pip
- name: Install Linux runtime/test dependencies
run: |
dnf install -y curl nmap-ncat gdb binutils elfutils elfutils-debuginfod-client findutils file nginx
dnf debuginfo-install -y python3
- name: Install Python build dependencies
run: python3 -m pip install setuptools wheel cffi
- name: Install Python runtime/test dependencies
run: python3 -m pip install -r ${{github.workspace}}/skupper-router/requirements-dev.txt
- name: Create Build and Install directories
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "${InstallPrefix}"
- name: qpid-proton cmake configure
working-directory: ${{env.ProtonBuildDir}}
run: >
cmake "${{github.workspace}}/qpid-proton" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
${ProtonCMakeExtraArgs}
- name: qpid-proton cmake build/install
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} --target install --parallel 6
- name: install qpid-proton python wheel
run: python3 -m pip install $(find ${ProtonBuildDir}/python/ -name 'python_qpid_proton*.whl')
- name: skupper-router cmake configure
working-directory: ${{env.RouterBuildDir}}
run: >
cmake "${{github.workspace}}/skupper-router" \
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \
"-DCMAKE_BUILD_TYPE=${BuildType}" \
"-DPYTHON_TEST_COMMAND='-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \
${RouterCMakeExtraArgs} -DSANITIZE_PYTHON=${RouterCMakeSanitizePython:-ON}
- name: skupper-router cmake build/install
run: cmake --build "${RouterBuildDir}" --config ${BuildType} --target install --parallel 6
container:
name: Container image
runs-on: ubuntu-latest
env:
ImageName: local/skupper-router:local
steps:
- uses: actions/checkout@v4
# https://podman.io/docs/installation#ubuntu
- name: Upgrade Podman
run: |
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key \
| gpg --dearmor \
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
sudo apt-get update -qq
sudo apt-get -qq -y install podman
- name: Build Containerfile
run: |
podman build -t ${{ env.ImageName }} -f ./Containerfile .
# When rustup is updated, it tries to replace its binary, which on Windows is somehow locked.
# This can result in a CI failure, see: https://github.com/rust-lang/rustup/issues/3029
- name: Install rust with rustup
run: |
rustup set auto-self-update disable
rustup toolchain install stable --profile minimal
- uses: Swatinem/rust-cache@v2
- name: Start podman service
run: |
systemctl --user enable --now podman.socket
echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
echo "DOCKER_HOST=unix:///run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV
- name: Compile and run .rs tests
run: |
cargo check
cargo test -- --test-threads=1 --nocapture
env:
QDROUTERD_IMAGE: ${{ env.ImageName }}
CARGO_INCREMENTAL: 0
RUST_LOG: info
RUST_BACKTRACE: 1
# Trivy and Grype are the scanners that GitLab integrates with (at the time of writing)
- name: Run Trivy security scan on the image
if: ${{ ! cancelled() }}
# https://aquasecurity.github.io/trivy/v0.43/getting-started/installation/#use-container-image
run: |
podman run --rm \
-v ${PODMAN_SOCK}:/var/run/docker.sock \
-v ${{github.workspace}}:${{github.workspace}} \
docker.io/aquasec/trivy:latest \
image \
--scanners vuln,secret --ignore-unfixed --exit-code=1 \
--secret-config=${{github.workspace}}/.github/trivy-secret.yaml \
${{ env.ImageName }}
- name: Run Grype security scan on the image
if: ${{ ! cancelled() }}
# https://github.com/anchore/grype#getting-started
run: |
podman run --rm --volume ${PODMAN_SOCK}:/var/run/docker.sock docker.io/anchore/grype:latest \
--only-fixed --fail-on low ${{ env.ImageName }}
rpm:
name: 'Build and test RPM (${{ matrix.container }}:${{ matrix.containerTag }})'
runs-on: '${{ matrix.os }}'
strategy:
matrix:
os: [ 'ubuntu-22.04' ]
container: [ 'centos' ]
containerTag: [ 'stream9' ]
container:
image: 'quay.io/${{ matrix.container }}/${{ matrix.container }}:${{ matrix.containerTag }}'
volumes:
- ${{github.workspace}}:${{github.workspace}}
env:
DNF: ${{github.workspace}}/build
steps:
- name: Enable additional package repositories for CentOS 8
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream8' }}
run: |
dnf -y install epel-release 'dnf-command(config-manager)'
dnf config-manager --set-enabled powertools
- name: Enable additional package repositories for CentOS 9
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }}
run: |
dnf -y install epel-release 'dnf-command(config-manager)'
dnf config-manager --set-enabled crb
- name: Install packit
run: |
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y epel-release
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y git packit
- uses: actions/checkout@v4
- name: Take ownership of the checkout directory (Git CVE-2022-24765)
run: chown --recursive --reference=/ .
- name: Install srpm build dependencies
run: |
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y 'dnf-command(builddep)'
dnf builddep --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y packaging/skupper-router.spec
- name: Build skupper-router src.rpm and the rpm packages
run: |
mkdir /tmp/skupper-rpms
packit srpm
rpmbuild --rebuild skupper-router*.src.rpm --nocheck --define '_rpmdir /tmp/skupper-rpms' --define 'debug_package %{nil}'
- name: Install built packages
run: |
dnf install -y /tmp/skupper-rpms/*/*.rpm
- name: Check skrouterd version
run: |
skrouterd --version
- name: Check that skrouterd works
run: |
skrouterd -c /dev/empty |& grep "Configuration file could not be opened"
- name: Check that skmanage works
run: |
skmanage --help
- name: Check that skstat works
run: |
skstat --help
- name: Check that manpages work
run: |
dnf install -y man
man skrouterd
man skrouterd.conf
man skstat
man skmanage
rat_check:
name: RAT Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Install JDK ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: 11
- name: RAT Check
run: mvn apache-rat:check
- name: Output
if: ${{ ! cancelled() }}
run: cat target/rat.txt || echo "Unable to print output"