Commit Graph

107 Commits

Author SHA1 Message Date
Ilia Shipitsin 6703653098 BUILD: ssl: switch LibreSSL to Fastly CDN
OpenBSD ftp is down, let us switch to CDN
2023-04-26 18:41:03 +02:00
Willy Tarreau 9d5e11682c SCRIPTS: run-regtests: add a version check
It happens from time to time while switching between branches and/or
updating after someone else's changes that regtests are run by accident
on the wrong binary, typically the one the tests were run on during
development and not with the latest adaptations. And obviously it's
when this happens that we break the CI. There are various causes to
this but they all come down to humans context-switching a lot, and
there's no real fix for this that doesn't add even more burden hence
increases the overhead. However we can help the human detect such
mistakes very easily.

This change here will compare the version of the haproxy binary to
the version of the tree, and will emit a warning in the regtest output
if they do not match, regardless of the outcome of the test. This is
sufficient in case of failures because these are quickly glanced over,
and is sufficient as well in case of accidental success because the
warning is the last message. E.g:

  ########################## Starting vtest ##########################
  Testing with haproxy version: 2.7-dev10-cfcdbc-38
  Warning: version does not match the current tree (2.7-dev10-111c78-39)
  0 tests failed, 0 tests skipped, 182 tests passed

This should not affect builds made out of a git tree because the version
is retrieved using "make version", or exactly the same way as it's passd
to the haproxy binary. We just need to know what "make" command to run,
so $MAKE is used primarily, falling back to "make" then to "gmake". In
case all of these fail, we just ignore the version check. This should be
sufficient to catch human mistakes without affecting the CI.
2022-11-30 18:44:33 +01:00
Willy Tarreau e3a02d5e08 SCRIPTS: announce-release: add a link to the data plane API
Since Marko announced at HAProxyConf 2022 that the data plane API is
mostly complete and will now follow the same release cycle as haproxy
starting with 2.7, it's probably the right moment to encourage users
to start trying it so that we can hope to migrate all the painful
discovery stuff there in a not too distant future.

Let's just point to the latest release for now. We'll see in the future
if we need to adapt the link depending on the branch.
2022-11-28 07:31:54 +01:00
Ilya Shipitsin 4a689dad03 CLEANUP: assorted typo fixes in the code and comments
This is 32nd iteration of typo fixes
2022-10-30 17:17:56 +01:00
Ilya Shipitsin 47ddc89879 BUILD: scripts: disable tests build on QuicTLS build
during CI builds QuicTLS is not cached, let us speed it up by
disabling tests build. Doing so saves ~40s out of 3m40.
2022-10-17 05:51:18 +02:00
Willy Tarreau 68b3e135e3 SCRIPTS: announce-release: update some URLs to https
Some components like Discourse were already redirecting to https. Other
ones like docs and git are covered by the certificate, and finally
switching the advertised scheme for www should increase the ratio of
H2 and H3 in the stats (resp 8.9 and 1.9%) and possibly help spot new
issues.
2022-09-17 12:17:07 +02:00
Ilya Shipitsin 3f59ac5ce2 BUILD: SSL: allow to pass additional configure args to QUICTLS
this allows to pass QUICTLS_EXTRA_ARGS to QUICTLS builds. if no
 additional arg is passed, behaviour is kept unchanged

--
v2 indentation fixed
2022-08-06 17:10:04 +02:00
Willy Tarreau 8e9f915f8f SCRIPTS: make publish-release try to launch make-releases-json
Now when publishing a release, if make-releases-json is usable at the same
place, it will be called to regenerate the json index of available versions.
2022-05-30 15:44:10 +02:00
Willy Tarreau f1c6ccfc6a SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs
This will be used to rebuild a releases.json file in each download
directory. It only relies on existing files and sorts them by version,
appends known signatures (md5/sha256) and marks the most recent one as
the latest release.

This aims at addressing github issue #1537.
2022-05-30 15:44:10 +02:00
Willy Tarreau 02df95e938 SCRIPTS: announce-release: add URL of dev packages
This is the shortened URL of the nightly builds maintained by William,
let's have them in announce messages.
2022-04-30 14:16:15 +02:00
Willy Tarreau 076b6cec0f SCRIPTS: announce-release: add shortened links to pending issues
The list of URLs now also adds pending bugs, reviewed bugs, and code
reports. The redirect is performed on haproxy.org since github URLs
are far too large here.
2022-04-16 12:06:07 +02:00
Willy Tarreau f0089d86ce SCRIPTS: announce-release: update the doc's URL
Now that the doc is accessible on docs.haproxy.org via github pages,
let's update the URL.
2022-04-16 07:57:15 +02:00
Ilya Shipitsin e9efc3a5be CI: refactor OpenTracing build script
re-use scripts/build-ot.sh in CI again. Bump opentracing-cpp to 1.6.0
2022-01-19 07:37:40 +01:00
Ilya Shipitsin 2091c7ca70 BUILD: SSL: add quictls build to scripts/build-ssl.sh
script/build-ssl.sh is used mostly in CI, let us introduce QUIC
OpenSSL fork support
2021-11-20 08:17:22 +01:00
Willy Tarreau b7a28e7bc8 SCRIPT: run-regtests: avoid calling awk to compute the version
For each test, the version number is evaluated using a call to awk,
which can be slow to start depending on the versions and OS. This is
only needed for a printf() call to keep only leading digits of each
component, multiply them by 1000 and pad them to 3 digits, something
that's clearly doable in plain shell in a portable way. This is what
this patch does, and it saves yet another 400 ms here on the full
test sequence.
2021-11-18 17:54:49 +01:00
Willy Tarreau 0b3eb81c6b SCRIPT: run-regtests: avoid several calls to grep to test for features
grep is used in the arguments loops to check for features such as OPENSSL
or LUA or services like prometheus-exporter. Let's just look for the words
inside the list, which requires to prepend a delimitor at the beginning of
the list and add one at the end.
2021-11-18 17:54:49 +01:00
Willy Tarreau 969e7afa0d SCRIPTS: run-regtests: reduce the number of processes needed to check options
run-tegtests is starting to take a lot of time to spot which tests are
eligible, because for each test file a lot of "sed" sub-processes are
launched. This commit eliminates calls to sed by using the shell's
internal processing and parsing the VTC file only once. Instead of
extracting each option one by one from the file, all entries that look
like a valid option are passed to a single case/esac statement and their
value is extracted. Splitting into lists is simply done by adjusting the
IFS depending on the list's delimiter, which, contrary to the // pattern
modifier, is supported on every shell.

This was tested on both bash and dash, and the tests' execution time
dropped by 31% from 8.7 seconds to 6.0 seconds.
2021-11-18 17:54:49 +01:00
Willy Tarreau 0d026edaef SCRIPTS: git-show-backports: re-enable file-based filtering
The early version of the script used to support passing non-branch
arguments but as it evolved we lost that option. Let's use "--" as a
delimiter after the branch(es) to pass optional file names to filter
on. This is convenient to list missing patches on a specific set of
files.
2021-11-03 08:41:01 +01:00
Ilya Shipitsin cd61e8383d BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2
starting with
74b7f339aa,
libs are installed to "lib64", to get back required behaviour, let us
set libdir explicitly
2021-08-25 05:16:00 +02:00
Willy Tarreau cbc0c232bf CI: ssl: keep the old method for ancient OpenSSL versions
I forgot about OpenSSL 1.0.2, which neither supports the build_sw target
to build only the software, nor reliably supports parallel builds. Given
that we're building 1.0.2 and 3.0.0, let's stay on the safe side and
keep 1.x sequential.
2021-06-17 15:40:53 +02:00
Willy Tarreau f4b9801f05 CI: ssl: do not needlessly build the OpenSSL docs
1/4 of the OpenSSL build time is spent building the docs, let's just
build the software and not the doc, by replacing the "all" target
with "build_sw". With this my build time drops from 1'28 to 1'09.

Nothing was done for the other libs, as it's unknown whether they
provide specific build targets.
2021-06-17 15:16:57 +02:00
Willy Tarreau c6f1498405 CI: ssl: enable parallel builds for OpenSSL on Linux
Running the "make all" phase on my machine with -j$(nproc) shrinks the
build time from 4'52 to 1'28. It will not be that big of a change in
the CI since it looks like two CPUs are exposed, but it should still
remain a net win. Let's enable it. The install phase obviously remains
sequential however.
2021-06-17 15:05:24 +02:00
Tim Duesterhus 8727614dc4 REGTESTS: Remove support for REQUIRE_BINARIES
This is no longer used since the migration to the native `feature cmd`
functionality.
2021-06-17 14:59:55 +02:00
Willy Tarreau 5ac9a393ef SCRIPTS: opentracing: enable parallel builds in build-ot.sh
The script didn't make use of parallel builds, which roughly cut the
build time in half with 4 cores. This can help a bit with the CI.
2021-06-10 07:35:15 +02:00
Tim Duesterhus a9334df5a9 CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests
The legacy HTTP subsystem has been removed. HTX is always enabled.
2021-06-04 15:41:21 +02:00
Ilya Shipitsin 75c95aa649 CI: github actions: add OpenTracing builds
let us add OpenTracing module to "all features" builds
2021-05-18 18:37:37 +02:00
Ilya Shipitsin 0b03895620 CI: introduce scripts/build-vtest.sh for installing VTest
we install VTest for all CI systems, let us unify instalation
2021-05-18 10:48:30 +02:00
Willy Tarreau 5f3448f6de REGTESTS: run-regtests: match both "HAProxy" and "HA-Proxy" in the version
The script checks the HAProxy version and was looking for "HA-Proxy" which
is hard-coded in haproxy.c, let's relax the test to also accept "HAProxy".
2021-05-09 06:12:41 +02:00
William Lallemand c1ddcafdf9 BUILD: Makefile: move REGTESTST_TYPE default setting
In patch 3bad3d5 ("BUILD: Makefile: exclude broken tests by default"),
the default setting of the REGTESTST_TYPE variable was set in the
Makefile instead of the run-regtests.sh script.

Doing it in the Makefile was breaking the use of this environment
varible with make ( REGTESTS_TYPES=slow,default make reg-tests )

This patch move the default setting from the Makefile to
run-regtests.sh. It also change the documentation in `make
reg-tests-help` about the default value.

This patch should be backported where 3bad3d5 is backported.
2021-02-05 11:41:16 +01:00
William Dauchy 4488434c97 BUG/MINOR: reg-tests: fix service dependency script
I badly tested my previous patch forgetting to remove the "+" testing
present in options, and not in services; the list of services do not
have any "+" at the beginning of each service

this patch is fixing commit aabde71332 ("MINOR:
reg-tests: add a way to add service dependency")

Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-11 14:16:06 +01:00
William Dauchy aabde71332 MINOR: reg-tests: add a way to add service dependency
I was looking at writing a simple first test for prometheus but I
realised there is no proper way to exclude it if haproxy was not built
with prometheus plugin.

Today we have `REQUIRE_OPTIONS` in reg-tests which is based on `Feature
list` from `haproxy -vv`. Those options are coming from the Makefile
itself.

A plugin is build this way:
  EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o"

It does register service actions through `service_keywords_register`.
Those are listed through `list_services` in `haproxy -vv`.
To facilitate parsing, I slightly changed the output to a single line
and integrate it in regtests shell script so that we can now specify a
dependency while writing a reg-test for prometheus, e.g:

  #REQUIRE_SERVICE=prometheus-exporter
  #REQUIRE_SERVICES=prometheus-exporter,foo

There might be other ways to handle this, but that's the cleanest I
found; I understand people might be concerned by this output change in
`haproxy -vv` which goes from:

  Available services :
          foo
          bar

to:

  Available services : foo bar

Signed-off-by: William Dauchy <wdauchy@gmail.com>
2021-01-10 07:42:33 +01:00
Thayne McCombs 478e5ddc8d SCRIPTS: announce-release: fix typo in help message
s/relase/release in -p help message.
2021-01-08 14:58:22 +01:00
Willy Tarreau 96d5368202 SCRIPTS: make announce release support preparing announces before tag exists
It takes so much time to write an announce message that sometimes it's
annoying not being able to start the work while a fix is being finished.
With the new "-p" argument, announce-release will allow to prepare the
announce message for the current HEAD and with no tag yet. It will
restart from the last tag and automatically increment the version using
the same algorithm as create-release so that everything is accurate. It
should then be easier at the last moment to just include the final entry
by hand when the last fix finally arrives. For convenience, this argument
also allows to create an announce from another branch than master.
2021-01-06 15:49:44 +01:00
Willy Tarreau 0c612936b2 SCRIPTS: improve announce-release to support different tag and versions
By having three variables it will be easier to preset the version and
the tag separately. One contains the announced version, another one the
associated tag and the last one the final commit ID (used as the ending
point before the release). This initially allows to check for the HEAD
matching the tag only when the version was not forced, hence re-announce
already tagged versions after some extra commits were added for example.
2021-01-06 15:45:15 +01:00
Willy Tarreau a4009cd610 REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
Enabling memory poisonning is often pretty effective for detecting
uninitialized structure fields. Let's enable it by default and let
the user change the arguments at will (e.g. forcing some memory limits
or disabling a poller). This will work with the latest vtest version
to date (02a9bc1).
2020-12-16 21:43:50 +01:00
Ilya Shipitsin 6b736b4476 CI: travis-ci: replace not defined SSL_LIB, SSL_INC for BotringSSL builds
after 73b520b958 variables SSL_LIB, SSL_INC
are not set, but still used by BoringSSL builds. That leads to error
(I wish we could stop on such errors) and using stock openssl instead
of boringssl
2020-10-11 21:12:33 +02:00
Ilya Shipitsin 7faeea9750 REGTESTS: use "command" instead of "which" for better POSIX compatibility
for example, "which" is not installed by default in Fedora docker image.
2020-09-26 10:12:48 +02:00
Willy Tarreau 1f927d1bc2 SCRIPTS: git-show-backports: emit the shell command to backport a commit
It's cumbersome to copy-paste a commit ID into another window after having
typed "git cherry-pick -sx", so let's have the suggested output format of
git-show prepare this line just before the subject line, it remains at a
stable position on the terminal when searching for "/^commit". One just
has to copy-paste the line into another terminal will result in the commit
being properly picked.
2020-07-31 16:57:35 +02:00
Willy Tarreau f456f6f2a3 SCRIPTS: git-show-backports: make -m most only show the left branch
We've never used the output of the rightmost branch with this tool,
and it systematically causes two identical outputs making the job
harder during backport sessions. Let's simply remove the right part
when it's identical to the left one. This also adds a few line feeds
to make the output more readable.
2020-07-31 16:57:09 +02:00
Willy Tarreau be789dfc5d SCRIPTS: announce-release: add the link to the wiki in the announce messages
Let's add the link to the wiki to the announce messages, plenty of
users don't even know it exists.
2020-07-30 17:41:42 +02:00
Ilya Shipitsin aaa34ea622 CI: travis-ci: switch BoringSSL builds to ninja
using ninja instead of make speed up build by 40 sec
2020-06-26 11:26:26 +02:00
Willy Tarreau d678805783 REORG: include: move version.h to haproxy/
Few files were affected. The release scripts was updated.
2020-06-11 10:18:56 +02:00
Willy Tarreau 6fab3e6d91 SCRIPTS: publish-release: pass -n to gzip to remove timestamp
It just appeared that the tar.gz we put online are not reproducible
because a timestamp is put by default into the archive. Passing "-n"
to gzip is sufficient to remove this timestamp, so let's do it, and
also make the gzip command configurable for more flexibility. Now
issuing the commands multiple times finally results in the same
archives being produced.

This should be backported to supported stable branches.
2020-05-30 06:59:07 +02:00
Ilya Shipitsin 856aabcda5 CLEANUP: assorted typo fixes in the code and comments
This is 8th iteration of typo fixes
2020-04-17 09:37:36 +02:00
Ilya Shipitsin 6e18f92d4f CI: adopt openssl download script to download all versions
with recent change, OpenSSL download URL was changed in
incompatiable way. i.e. only the most recent openssl version
might be downloaded using previous script.

older versions are available under different URLs. as we need
several openssl versions, let us adopt script accordingly.

bug was caught after travis-ci cache was purged for some reason.
2020-04-07 22:02:41 +02:00
Willy Tarreau 1392d029e6 SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
Commit 0f5ce6014a ("SCRIPTS: announce-release: place the send command
in the mail's header") broke the announce-release script: by not having
to edit the message at all anymore, mutt does nothing when sending, but
it still does if the message is edited (which was the case before). With
some testing, it appears that mutt -H does work when there's no change,
so let's use this instead. This should be backported till 1.7.
2020-02-15 15:24:28 +01:00
Willy Tarreau 332ded5f3a SCRIPTS: make announce-release executable again
I managed to mess up with the file's permission while using a temporary
one during last release, and to backport the non-exec version everywhere.
This can be backported as far as 1.7 now.
2020-02-12 18:21:11 +01:00
Ilya Shipitsin 47e09dd034 BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME}
it is also useful for local builds, when ${TRAVIS_OS_NAME} is not set
2020-02-12 15:42:44 +01:00
Willy Tarreau f9beea52da SCRIPTS: backport: fix the master branch detection
The condition was inverted. When the branch was the master, it was
harmless because it caused an extra "checkout master", but when it
was not the master, the commit could be applied to the wrong branch
and it could even possibly not match the name to stop on.
2020-02-07 08:26:49 +01:00
Willy Tarreau 3823408b60 SCRIPTS: announce-release: allow the user to force to overwrite old files
When starting the script multiple times, one had to remove the previous
files by hand. Now with -f it's not needed anymore, they get removed.
2020-02-07 08:11:45 +01:00