-
Notifications
You must be signed in to change notification settings - Fork 905
204 lines (197 loc) · 8.51 KB
/
build-and-test-all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
---
name: 'Build and test everything'
on:
push:
pull_request:
workflow_call:
inputs:
branch-name:
description: 'Checkout to a specific branch'
required: true
default: ''
type: string
schedule:
- cron: '0 22 * * 3'
permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
contents: read
env:
COMPILER: clang
CLANG_VERSION: '13'
# github.workspace variable points to the Runner home folder. Container home folder defined below.
REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}'
BUILDER_VERSION: '0.0.0-git1'
COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }}
LLVM_PROFILE_FILE: "/tmp/code-%p.profraw"
OPTIMIZATIONS: yes
DECAF_SUPPORT: yes
jobs:
build-dnsdist:
name: build dnsdist
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
features: [least, full]
exclude:
- sanitizers: tsan
features: least
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
ASAN_OPTIONS: detect_leaks=0
SANITIZERS: ${{ matrix.sanitizers }}
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
FUZZING_TARGETS: yes
options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0
defaults:
run:
working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
steps:
# workaround issue 9491 repo actions/runner-images
- name: get runner image version
id: runner-image-version
run: |
echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
working-directory: .
- name: modify number of bits to use for aslr entropy
if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
run: |
sudo sysctl -a | grep vm.mmap.rnd
sudo sysctl -w vm.mmap_rnd_bits=28
working-directory: .
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-make-distdir
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
- run: inv ci-dnsdist-make-bear
- run: inv ci-dnsdist-run-unit-tests
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist unit
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
- run: inv ci-make-install
- run: ccache -s
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
retention-days: 1
test-dnsdist-regression:
needs: build-dnsdist
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
# Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
ASAN_OPTIONS: detect_leaks=0:intercept_send=0
TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
# IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
SKIP_INCLUDEDIR_TESTS: yes
SANITIZERS: ${{ matrix.sanitizers }}
COVERAGE: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged
steps:
# workaround issue 9491 repo actions/runner-images
- name: get runner image version
id: runner-image-version
run: |
echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT"
working-directory: .
- name: modify number of bits to use for aslr entropy
if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0'
run: |
sudo sysctl -a | grep vm.mmap.rnd
sudo sysctl -w vm.mmap_rnd_bits=28
working-directory: .
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
- run: inv install-clang-runtime
- run: inv install-dnsdist-test-deps
- run: inv test-dnsdist
- run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist regression
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
collect:
needs:
- build-dnsdist
- test-dnsdist-regression
if: success() || failure()
runs-on: ubuntu-22.04
steps:
- name: Coveralls Parallel Finished
if: ${{ env.COVERAGE == 'yes' }}
uses: coverallsapp/github-action@v2
with:
parallel-finished: true
- name: Install jq and jc
run: "sudo apt-get update && sudo apt-get install jq jc"
- name: Fail job if any of the previous jobs failed
run: "for i in `echo '${{ toJSON(needs) }}' | jq -r '.[].result'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;"
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: Get list of jobs in the workflow
run: "cat .github/workflows/build-and-test-all.yml | jc --yaml | jq -rS '.[].jobs | keys | .[]' | grep -v collect | tee /tmp/workflow-jobs-list.yml"
- name: Get list of prerequisite jobs
run: "echo '${{ toJSON(needs) }}' | jq -rS 'keys | .[]' | tee /tmp/workflow-needs-list.yml"
- name: Fail if there is a job missing on the needs list
run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi"
# FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier