when *SSL_VERSION="latest" behaviour was introduced, it seems to be fine
for development branches, but too intrusive for stable branches.
let us limit "latest" semantic only for development builds, if branch name
contains "haproxy-" it is supposed to be stable branch, no latest openssl
should be taken
[wla: must be backported as far as 2.6]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
Some occasional builds fail only on a specific platform and being able
to figure the exact compiler version used there is crucial. It's not
easy to guess from the rest of the output, so let's add it before the
platform-specific defines, which suit the same needs.
This patch allows to show the backtrace of a coredump produced in the
alpine/musl jobs.
It activates some option required by the containers to allow the
production of coredump, set a shared directory so the kernel could dump
the coredump within the container. Some debug packages were also added.
As announced in
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
the `::set-output` command is deprecated, because processes during the workflow
execution might output untrusted information that might include the
`::set-output` command, thus allowing these untrusted information to hijack the
build.
The replacement is writing to the file indicated by the `$GITHUB_OUTPUT`
environment variable.
both "OPENSSL_VERSION=latest" and "LIBRESSL_VERSION=latest" processing
introduced errors when build-ssl.sh script was invoked. that error
in turn led to skipping custom openssl build and haproxy was linked against
stock openssl, i.e. openssl-1.1.1
this change introduce "LIBRESSL_VERSION=latest" semantic, which scans
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ and detects latest release.
LIBRESSL_VERSION=2.9.2 is removed from the matrix.
We used to rely on a call to "sed" to modify the DEBUG option in the
makefile when running under Coverity because it splits words around
spaces and does not allow to pass multi-word build options. As reported
by Tim in issue #1592, this broke with commit 8de7f2822 ("BUILD: makefile:
enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default") when the
default DEBUG options changed.
Let's change this to pass all DEBUG options one at a time instead and
get rid of this sed.
This enables DEBUG_MEMORY_POOLS and DEBUG_POOL_INTEGRITY so that by
default the tests run under stricter checks, which are likely to
catch more bugs. Note that these ones are permanently used in prod
on haproxy.org.
step condition "if: ${{ !failure() }}" was added in 2ef4c7c843
during my experiments. As Tim Düsterhus mentioned, that condition is default and may be omitted.
let us switch to codespell github actions instead of invocation from cmdline.
also, "ifset,thrid,strack,ba,chck,hel,unx,mor" added to whitelist, those are
variable names and special terms widely used in HAProxy
this is mostly cleanup, issue is minor. If build failed, VTest execution
tried to be performed as well as VTest result show. This change ignores
those steps if build failed.
Sometimes figuring what differs between platforms is useful to fix
build issues, to decide what ifdef to add for example. Let's always
call $CC -dM -E- before starting make.
As discussed in the thread below, the recent variables changes
unfortunately broke Opentracing. Discussions are ongoing about
possible solutions but none of them can be done in a 3-liner so
we'd rather disable opentracing from the full-features build for
the time being.
Link: https://www.mail-archive.com/haproxy@formilux.org/msg41131.html
A recent update to BoringSSL broke the build again, and given that
it's not used except for QUIC development, let's temporarily disable
it until the issue is analysed and fixed.
2.5-dev1 removed http-use-htx but the h2spec config was not updated
accordingly, causing failures. In addition, let's also remove the
unneeded "nbthread 4" which is either too much or not enough (it's
automatic nowadays), and remove "option httplog" which causes a
warning since there's no defined log destination.
GitHub's issue forms are the next evolution of issue templates and allow for
showing an actual form with separate inputs when creating an issue. They ensure
that all the required fields are filled in and automatically format code parts
(e.g. haproxy -vv or the configuration) as actual code blocks, possibly with
syntax highlighting.
Co-authored-by: Maximilian Mader <max@bastelstu.be>
Using 'sudo' required quite a few workarounds in various places. Setting an
explicit 'ulimit -n' removes the requirement for 'sudo', resulting in a cleaner
workflow configuration.
