Commit Graph

109 Commits

Author SHA1 Message Date
William Lallemand
61839b098d CI: github: use the GITHUB_TOKEN instead of a manually generated token
Github allows to use a auto generated GITHUB_TOKEN so we don't need to
handle the token in the secret configuration.

https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
2022-12-23 15:19:25 +01:00
Ilya Shipitsin
6fbc35f473 CI: github: enable github api authentication for OpenSSL tags read
github api throttles requests with no auth, thus we can enable
GITHUB_API_TOKEN env variable. if not set, current behaviour is kept
2022-12-22 17:36:32 +01:00
Ilya Shipitsin
f5994fc692 CI: github: split matrix for development and stable branches
ML ref: https://www.mail-archive.com/haproxy@formilux.org/msg42934.html

we agreed to use "latest" images for development branches and fixed
images for stable branches

Can be backported to 2.6.
2022-12-14 15:29:42 +01:00
Ilya Shipitsin
6dedeb70da CI: github: remove redundant ASAN loop
it was there because we only ran ASAN for clang, now no need to separate loop

Can be backported to 2.6.
2022-12-14 15:29:20 +01:00
William Lallemand
2cb1493748 CI: github: set ulimit -n to a greater value
Set ulimit -n to 65536 to limit less the maxconn computation.

Could be backported at least to 2.5.
2022-12-14 00:31:19 +01:00
Ilya Shipitsin
4a04cd35ae CI: github: split ssl lib selection based on git branch
when *SSL_VERSION="latest" behaviour was introduced, it seems to be fine
for development branches, but too intrusive for stable branches.

let us limit "latest" semantic only for development builds, if branch name
contains "haproxy-" it is supposed to be stable branch, no latest openssl
should be taken

[wla: must be backported as far as 2.6]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
2022-12-12 16:20:48 +01:00
William Lallemand
393e4e4dd1 CI: github: reintroduce openssl 1.1.1
OpenSSL 1.1.1 is not tested anymore since github updated "ubuntu-latest"
to 22.04, let's reintroduce this version.
2022-12-12 08:52:03 +01:00
Willy Tarreau
a051816c03 CI: emit the compiler's version in the build reports
Some occasional builds fail only on a specific platform and being able
to figure the exact compiler version used there is crucial. It's not
easy to guess from the rest of the output, so let's add it before the
platform-specific defines, which suit the same needs.
2022-11-14 11:14:02 +01:00
Ilya Shipitsin
6397c7c55f CI: enable QUIC for LibreSSL builds
since LibreSSL-3.6.x supports QUIC, let us enable it
2022-11-07 07:49:11 +01:00
Ilya Shipitsin
70b2c72687 CI: switch to the "latest" LibreSSL
LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
switch back to the latest LibreSSL available
2022-11-07 07:49:07 +01:00
Ilya Shipitsin
5526f922af CI: add monthly gcc cross compile jobs
Build only gcc cross compile jobs are added with monthly run to catch
rare errors, mostly 32bit <--> 64bit
2022-10-30 17:17:43 +01:00
William Lallemand
6435801d09 CI: github: dump the backtrace of coredumps in the alpine container
This patch allows to show the backtrace of a coredump produced in the
alpine/musl jobs.

It activates some option required by the containers to allow the
production of coredump, set a shared directory so the kernel could dump
the coredump within the container. Some debug packages were also added.
2022-10-21 09:21:33 +02:00
Tim Duesterhus
b87ecbb179 CI: Replace the deprecated ::set-output command by writing to $GITHUB_OUTPUT in workflow definition
See "CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in matrix.py" for the reasoning behind this commit.
2022-10-14 19:50:34 +02:00
Tim Duesterhus
8a03bf4052 CI: Replace the deprecated ::set-output command by writing to $GITHUB_OUTPUT in matrix.py
As announced in

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

the `::set-output` command is deprecated, because processes during the workflow
execution might output untrusted information that might include the
`::set-output` command, thus allowing these untrusted information to hijack the
build.

The replacement is writing to the file indicated by the `$GITHUB_OUTPUT`
environment variable.
2022-10-14 19:50:34 +02:00
Ilya Shipitsin
b65fd66666 CI: SSL: temporarily stick to LibreSSL=3.5.3
recently released 3.6.0 introduced some regression which must be
resolved first, let us use 3.5.3 notation instead of "latest"
2022-10-13 08:53:27 +02:00
Ilya Shipitsin
14711bdc9a CI: SSL: use proper version generating when "latest" semantic is used
both "OPENSSL_VERSION=latest" and "LIBRESSL_VERSION=latest" processing
introduced errors when build-ssl.sh script was invoked. that error
in turn led to skipping custom openssl build and haproxy was linked against
stock openssl, i.e. openssl-1.1.1
2022-10-13 08:53:11 +02:00
Ilya Shipitsin
4c785f0a1f CI: enable weekly "m32" builds on x86_64
this is build only workflow, catches potential "size_t" mismatches
--
v2 job name added, various markup changes
2022-08-06 17:10:16 +02:00
Ilya Shipitsin
cfba1f93af CI: re-enable gcc asan builds
for some unclear reasons asan builds were limited to clang only. let us
enable them for gcc as well
2022-07-04 17:28:58 +02:00
Ilya Shipitsin
7b893c2c6b CI: determine actual OpenSSL version dynamically
this change introduce "OPENSSL_VERSION=latest" semantic, which scans
https://api.github.com/repos/openssl/openssl/tags and detects latest release.
2022-05-20 23:26:48 +02:00
Ilya Shipitsin
94cd779a4f CI: determine actual LibreSSL version dynamically
this change introduce "LIBRESSL_VERSION=latest" semantic, which scans
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ and detects latest release.

LIBRESSL_VERSION=2.9.2 is removed from the matrix.
2022-05-14 17:30:15 +02:00
Ilya Shipitsin
0a802114e0 CI: dynamically determine actual version of h2spec
previously we used hardcoded h2spec version. let us switch to
the latest available
2022-05-08 11:01:58 +02:00
Ilya Shipitsin
c89dec3dc8 CI: github actions: update LibreSSL to 3.5.2
LibreSSL-3.5.2 was released on Apr 23nd 2022, let us switch to it
2022-04-30 14:12:51 +02:00
William Lallemand
c24ac4339c CI: github actions: disable -Wno-deprecated
The deprecrated code is now disabled by default, so we can build with
quictls and openssl 3.0 without this option.
2022-04-11 19:05:03 +02:00
Tim Duesterhus
538d8fe8b7 CI: Update to actions/cache@v3
No functional changes for our use case, but we should keep this current.
2022-04-11 07:13:24 +02:00
Tim Duesterhus
5f4ddb54b0 CI: Update to actions/checkout@v3
No functional change, but we should keep this current.
2022-04-11 07:13:24 +02:00
Ilya Shipitsin
6e7440b918 CI: github actions: update OpenSSL to 3.0.2 2022-03-31 17:00:22 +02:00
Ilya Shipitsin
2ec39ea653 CI: github actions: switch to LibreSSL-3.5.1 2022-03-18 13:48:42 +01:00
Willy Tarreau
d8ac3f5dbf CI: coverity: simplify debugging options
We used to rely on a call to "sed" to modify the DEBUG option in the
makefile when running under Coverity because it splits words around
spaces and does not allow to pass multi-word build options. As reported
by Tim in issue #1592, this broke with commit 8de7f2822 ("BUILD: makefile:
enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default") when the
default DEBUG options changed.

Let's change this to pass all DEBUG options one at a time instead and
get rid of this sed.
2022-03-04 14:33:55 +01:00
Willy Tarreau
a0a6911bde CI: github: enable pool debugging by default
This enables DEBUG_MEMORY_POOLS and DEBUG_POOL_INTEGRITY so that by
default the tests run under stricter checks, which are likely to
catch more bugs. Note that these ones are permanently used in prod
on haproxy.org.
2022-02-23 18:14:49 +01:00
Ilya Shipitsin
6fed59c7c1 CI: enable QUIC for Coverity scan 2022-02-12 08:06:34 +01:00
Tim Duesterhus
f42ddf73fc CI: Consistently use actions/checkout@v2
v2 is the current version of the checkout action and faster than v1.
2022-01-29 15:24:06 +01:00
Ilya Shipitsin
27df87cc63 CI: github actions: use cache for SSL libs
we have two kinds of SSL libs built - git based and version based.
this commit introduces caching for version based SSL libs.
2022-01-25 12:02:08 +01:00
Ilya Shipitsin
e9efc3a5be CI: refactor OpenTracing build script
re-use scripts/build-ot.sh in CI again. Bump opentracing-cpp to 1.6.0
2022-01-19 07:37:40 +01:00
Ilya Shipitsin
b9e3fb7315 CI: github actions: use cache for OpenTracing
this caches OpenTracing libs between builds, should save couple of minutes
for each build.
2022-01-13 13:37:34 +01:00
Ilya Shipitsin
65eab587a2 CI: github actions: clean default step conditions
step condition "if: ${{ !failure() }}" was added in 2ef4c7c843
during my experiments. As Tim Düsterhus mentioned, that condition is default and may be omitted.
2022-01-11 15:00:55 +01:00
Ilya Shipitsin
6569de2b88 CI: refactor spelling check
let us switch to codespell github actions instead of invocation from cmdline.
also, "ifset,thrid,strack,ba,chck,hel,unx,mor" added to whitelist, those are
variable names and special terms widely used in HAProxy
2022-01-07 14:42:33 +01:00
Ilya Shipitsin
874c907a2e CI: github actions: update OpenSSL to 3.0.1
OpenSSL-3.0.1 was released on 14 Dec 2021, let's switch to it
2022-01-03 14:42:12 +01:00
Ilya Shipitsin
2ef4c7c843 CI: Github Actions: do not show VTest failures if build failed
this is mostly cleanup, issue is minor. If build failed, VTest execution
tried to be performed as well as VTest result show. This change ignores
those steps if build failed.
2021-12-25 15:09:06 +01:00
Willy Tarreau
4673c5e2c8 CI: github actions: add the output of $CC -dM -E-
Sometimes figuring what differs between platforms is useful to fix
build issues, to decide what ifdef to add for example. Let's always
call $CC -dM -E- before starting make.
2021-11-26 17:58:42 +01:00
Ilya Shipitsin
d69d65a563 BUILD: SSL: add QUICTLS to build matrix
It also enables QUIC when QUICTLS is used.
2021-11-20 08:18:00 +01:00
Tim Duesterhus
662896e68e CI: Clean up formatting in GitHub Action definitions
This patch cleans up the formatting within the .yml definition files for GitHub
Actions to ensure a consistent look across all actions.
2021-10-18 07:17:04 +02:00
Tim Duesterhus
89c9d0a169 CI: Add permissions to GitHub Actions
This change locks down the permissions of the access token in GitHub Actions to
only allow reading the repository contents and nothing else.

see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
2021-10-18 07:17:04 +02:00
William Lallemand
bc2b96c2de CI: github: switch to OpenSSL 3.0.0
Switch the OpenSSL 3.0.0alpha17 version to the final 3.0.0 release.

Part of OpenSSL 3.0.0 portage. (ticket #1276)
2021-10-13 10:21:22 +02:00
Willy Tarreau
ed17ca7006 CI: Github Actions: re-enable Opentracing
Miroslav already fixed the build of OpenTracing so we can re-enable it
in the CI. For now variables are disabled but this will change soon.
2021-09-12 07:08:14 +02:00
Willy Tarreau
f14edc8212 CI: Github Actions: temporarily disable Opentracing
As discussed in the thread below, the recent variables changes
unfortunately broke Opentracing. Discussions are ongoing about
possible solutions but none of them can be done in a 3-liner so
we'd rather disable opentracing from the full-features build for
the time being.

Link: https://www.mail-archive.com/haproxy@formilux.org/msg41131.html
2021-09-09 14:45:05 +02:00
Willy Tarreau
30ee2965b6 CI: Github Actions: temporarily disable BoringSSL builds
A recent update to BoringSSL broke the build again, and given that
it's not used except for QUIC development, let's temporarily disable
it until the issue is analysed and fixed.
2021-09-02 17:32:43 +02:00
Marcin Deranek
310a260e4a MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size
Deprecate tune.ssl.capture-cipherlist-size in favor of
tune.ssl.capture-buffer-size which better describes the purpose of the
setting.
2021-08-26 19:52:04 +02:00
Willy Tarreau
cc0f501bfc CI: github-actions: remove obsolete options
2.5-dev1 removed http-use-htx but the h2spec config was not updated
accordingly, causing failures. In addition, let's also remove the
unneeded "nbthread 4" which is either too much or not enough (it's
automatic nowadays), and remove "option httplog" which causes a
warning since there's no defined log destination.
2021-08-25 05:10:29 +02:00
Ilya Shipitsin
af2720f69f CI: github actions: relax OpenSSL-3.0.0 version comparision
we better to check for 3.0.0 presense, than exact version
2021-08-16 12:48:49 +02:00
Tim Duesterhus
762b1fdb7a CI: Remove obsolete USE_SLZ=1 CI job
Using SLZ is a default, thus this build is equivalent to the "no features"
build.
2021-08-16 12:37:16 +02:00