Merge pull request #14896 from omoerbeek/rec-coverity-20241127 #10448
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 'Build and test everything' | |
on: | |
push: | |
pull_request: | |
workflow_call: | |
inputs: | |
branch-name: | |
description: 'Checkout to a specific branch' | |
required: true | |
default: '' | |
type: string | |
runner-docker-image-name: | |
description: 'Image name to be used for running all jobs' | |
required: false | |
default: '' | |
type: string | |
schedule: | |
- cron: '0 22 * * 3' | |
permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
contents: read | |
env: | |
COMPILER: clang | |
CLANG_VERSION: '13' | |
# github.workspace variable points to the Runner home folder. Container home folder defined below. | |
REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}' | |
BUILDER_VERSION: '0.0.0-git1' | |
COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }} | |
LLVM_PROFILE_FILE: "/tmp/code-%p.profraw" | |
OPTIMIZATIONS: yes | |
DECAF_SUPPORT: yes | |
jobs: | |
get-runner-container-image: | |
name: generate docker runner image name | |
runs-on: ubuntu-22.04 | |
outputs: | |
id: ${{ steps.get-runner-image.outputs.image-id }} | |
tag: ${{ steps.get-runner-image.outputs.tag }} | |
env: | |
DEFAULT_RUNNER_DOCKER_IMAGE: base-pdns-ci-image/debian-12-pdns-base | |
DEFAULT_IMAGE_TAG: master # update when backporting, e.g. auth-4.9.x | |
steps: | |
- id: get-runner-image | |
run: | | |
echo "image-id=ghcr.io/powerdns/${{ inputs.runner-docker-image-name || env.DEFAULT_RUNNER_DOCKER_IMAGE }}" >> "$GITHUB_OUTPUT" | |
echo "tag=${{ env.DEFAULT_IMAGE_TAG }}" >> "$GITHUB_OUTPUT" | |
build-auth: | |
name: build auth (${{ matrix.builder }}) | |
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
runs-on: ubuntu-22.04 | |
needs: get-runner-container-image | |
container: | |
image: "${{ matrix.container_image }}" | |
env: | |
FUZZING_TARGETS: yes | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
UNIT_TESTS: yes | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
strategy: | |
matrix: | |
container_image: ["${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"] | |
builder: [autotools, meson] | |
exclude: | |
- container_image: "ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:${{ needs.get-runner-container-image.outputs.tag }}" | |
builder: meson | |
fail-fast: false | |
defaults: | |
run: | |
working-directory: ./pdns-${{ env.BUILDER_VERSION }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- name: get timestamp for cache | |
id: get-stamp | |
run: | | |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" | |
shell: bash | |
working-directory: . | |
- run: mkdir -p ~/.ccache | |
working-directory: . | |
- name: let GitHub cache our ccache data | |
uses: actions/cache@v4 | |
with: | |
path: ~/.ccache | |
key: auth-ccache-${{ matrix.builder }}-${{ steps.get-stamp.outputs.stamp }} | |
restore-keys: auth-ccache-${{ matrix.builder }} | |
- name: set sanitizers | |
run: echo "SANITIZERS=${{ matrix.builder == 'meson' && 'address,undefined' || 'asan+ubsan' }}" >> "$GITHUB_ENV" | |
working-directory: . | |
- run: inv install-auth-build-deps | |
working-directory: . | |
- run: inv ci-autoconf ${{ matrix.builder == 'meson' && '--meson' || '' }} | |
working-directory: . | |
- run: inv ci-auth-configure ${{ matrix.builder == 'meson' && '--meson' || '' }} -b pdns-${{ env.BUILDER_VERSION }} | |
working-directory: . | |
- run: inv ci-auth-build ${{ matrix.builder == 'meson' && '--meson' || '' }} # This runs under pdns-$BUILDER_VERSION/pdns/ for make bear | |
- run: inv ci-auth-install-remotebackend-test-deps | |
- if: ${{ matrix.builder == 'meson' }} | |
run: inv install-auth-test-deps-only -b geoip | |
- run: inv ci-auth-run-unit-tests ${{ matrix.builder == 'meson' && '--meson' || '' }} | |
env: | |
PDNS_BUILD_PATH: ../pdns-${{ env.BUILDER_VERSION }} | |
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} | |
working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns | |
- name: Coveralls Parallel auth unit | |
if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: auth-unit-${{ env.SANITIZERS }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
- run: inv ci-auth-install ${{ matrix.builder == 'meson' && '--meson' || '' }} | |
- run: ccache -s | |
- if: ${{ matrix.builder != 'meson' }} | |
run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- if: ${{ matrix.builder != 'meson' }} | |
name: Store the binaries | |
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar | |
with: | |
name: pdns-auth-${{ env.normalized-branch-name }} | |
path: /opt/pdns-auth | |
retention-days: 1 | |
build-recursor: | |
name: build recursor | |
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
runs-on: ubuntu-22.04 | |
needs: get-runner-container-image | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
features: [least, full] | |
exclude: | |
- sanitizers: tsan | |
features: least | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
SANITIZERS: ${{ matrix.sanitizers }} | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
UNIT_TESTS: yes | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
defaults: | |
run: | |
working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- name: get timestamp for cache | |
id: get-stamp | |
run: | | |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" | |
shell: bash | |
working-directory: . | |
- run: mkdir -p ~/.ccache | |
working-directory: . | |
- name: let GitHub cache our ccache data | |
uses: actions/cache@v4 | |
with: | |
path: ~/.ccache | |
key: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} | |
restore-keys: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache- | |
- run: inv ci-install-rust ${{ env.REPO_HOME }} | |
working-directory: ./pdns/recursordist/ | |
- run: inv ci-autoconf | |
working-directory: ./pdns/recursordist/ | |
- run: inv ci-rec-configure ${{ matrix.features }} | |
working-directory: ./pdns/recursordist/ | |
- run: inv ci-make-distdir | |
working-directory: ./pdns/recursordist/ | |
- run: inv ci-rec-configure ${{ matrix.features }} | |
- run: inv ci-rec-make-bear | |
- run: inv ci-rec-run-unit-tests | |
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel rec unit | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: rec-unit-${{ matrix.features }}-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
- run: inv ci-make-install | |
- run: ccache -s | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Store the binaries | |
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar | |
with: | |
name: pdns-recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/pdns-recursor | |
retention-days: 1 | |
build-dnsdist: | |
name: build dnsdist | |
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
runs-on: ubuntu-22.04 | |
needs: get-runner-container-image | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
features: [least, full] | |
exclude: | |
- sanitizers: tsan | |
features: least | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
SANITIZERS: ${{ matrix.sanitizers }} | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
UNIT_TESTS: yes | |
FUZZING_TARGETS: yes | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
defaults: | |
run: | |
working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- name: get timestamp for cache | |
id: get-stamp | |
run: | | |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" | |
shell: bash | |
working-directory: . | |
- run: mkdir -p ~/.ccache | |
working-directory: . | |
- name: let GitHub cache our ccache data | |
uses: actions/cache@v4 | |
with: | |
path: ~/.ccache | |
key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} | |
restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache- | |
- run: inv ci-install-rust ${{ env.REPO_HOME }} | |
working-directory: ./pdns/dnsdistdist/ | |
- run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }} | |
working-directory: ./pdns/dnsdistdist/ | |
- run: inv ci-autoconf | |
working-directory: ./pdns/dnsdistdist/ | |
- run: inv ci-dnsdist-configure ${{ matrix.features }} | |
working-directory: ./pdns/dnsdistdist/ | |
- run: inv ci-make-distdir | |
working-directory: ./pdns/dnsdistdist/ | |
- run: inv ci-dnsdist-configure ${{ matrix.features }} | |
- run: inv ci-dnsdist-make-bear | |
- run: inv ci-dnsdist-run-unit-tests | |
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel dnsdist unit | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
- run: inv ci-make-install | |
- run: ccache -s | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Store the binaries | |
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar | |
with: | |
name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/dnsdist | |
retention-days: 1 | |
test-auth-api: | |
needs: | |
- build-auth | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
ASAN_OPTIONS: detect_leaks=0 | |
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" | |
AUTH_BACKEND_IP_ADDR: "172.17.0.1" | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
strategy: | |
matrix: | |
include: | |
- backend: gsqlite3 | |
image: coscale/docker-sleep | |
- backend: gmysql | |
image: mysql:5 | |
- backend: gpgsql | |
image: postgres:9 | |
- backend: lmdb | |
image: coscale/docker-sleep | |
fail-fast: false | |
services: | |
database: | |
image: ${{ matrix.image }} | |
env: | |
POSTGRES_USER: runner | |
POSTGRES_HOST_AUTH_METHOD: trust | |
MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
ports: | |
- 3306:3306 | |
- 5432:5432 | |
# FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. | |
options: >- | |
--restart always | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-auth-${{ env.normalized-branch-name }} | |
path: /opt/pdns-auth | |
- run: inv apt-fresh | |
- run: inv install-clang-runtime | |
- run: inv install-auth-test-deps -b ${{ matrix.backend }} | |
- run: inv test-api auth -b ${{ matrix.backend }} | |
- run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' }} | |
- name: Coveralls Parallel auth API ${{ matrix.backend }} | |
if: ${{ env.COVERAGE == 'yes' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: auth-api-${{ matrix.backend }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-auth-backend: | |
needs: | |
- build-auth | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
ASAN_OPTIONS: detect_leaks=0 | |
LDAPHOST: ldap://ldapserver/ | |
ODBCINI: /github/home/.odbc.ini | |
AUTH_BACKEND_IP_ADDR: "172.17.0.1" | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
strategy: | |
matrix: | |
include: | |
- backend: remote | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: gmysql | |
image: mysql:5 | |
env: | |
MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
ports: | |
- 3306:3306 | |
- backend: gmysql | |
image: mariadb:10 | |
env: | |
MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
ports: | |
- 3306:3306 | |
- backend: gpgsql | |
image: postgres:9 | |
env: | |
POSTGRES_USER: runner | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
- backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: lmdb | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: bind | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: geoip | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: lua2 | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: tinydns | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: authpy | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: godbc_sqlite3 | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
- backend: godbc_mssql | |
image: mcr.microsoft.com/mssql/server:2022-CU12-ubuntu-22.04 | |
env: | |
ACCEPT_EULA: Y | |
SA_PASSWORD: 'SAsa12%%-not-a-secret-password' | |
ports: | |
- 1433:1433 | |
- backend: ldap | |
image: powerdns/ldap-regress:1.2.4-1 | |
env: | |
LDAP_LOG_LEVEL: 0 | |
CONTAINER_LOG_LEVEL: 4 | |
ports: | |
- 389:389 | |
- backend: geoip_mmdb | |
image: coscale/docker-sleep | |
env: {} | |
ports: [] | |
fail-fast: false | |
services: | |
database: | |
image: ${{ matrix.image }} | |
env: ${{ matrix.env }} | |
ports: ${{ matrix.ports }} | |
# FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. | |
options: >- | |
--restart always | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-auth-${{ env.normalized-branch-name }} | |
path: /opt/pdns-auth | |
# FIXME: install recursor for backends that have ALIAS | |
- run: inv install-clang-runtime | |
- run: inv install-auth-test-deps -b ${{ matrix.backend }} | |
- run: inv test-auth-backend -b ${{ matrix.backend }} | |
- run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' }} | |
- name: Coveralls Parallel auth backend ${{ matrix.backend }} | |
if: ${{ env.COVERAGE == 'yes' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: auth-backend-${{ matrix.backend }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-ixfrdist: | |
needs: | |
- build-auth | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
ASAN_OPTIONS: detect_leaks=0 | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-auth-${{ env.normalized-branch-name }} | |
path: /opt/pdns-auth | |
- run: inv install-clang-runtime | |
- run: inv install-auth-test-deps | |
- run: inv test-ixfrdist | |
- run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' }} | |
- name: Coveralls Parallel ixfrdist | |
if: ${{ env.COVERAGE == 'yes' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: ixfrdist | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-recursor-api: | |
needs: | |
- build-recursor | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
dist_name: [debian] | |
pdns_repo_version: ['48'] | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
ASAN_OPTIONS: detect_leaks=0 | |
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/pdns-recursor | |
- run: inv apt-fresh | |
- run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }} | |
- run: inv install-clang-runtime | |
- run: inv install-rec-test-deps | |
- run: inv test-api recursor | |
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel recursor API | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: rec-api-full-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-recursor-regression: | |
needs: | |
- build-recursor | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
dist_name: [debian] | |
pdns_repo_version: ['48'] | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp' | |
ASAN_OPTIONS: "" | |
LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-lsan.supp" | |
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
steps: | |
# - uses: PowerDNS/pdns/set-ubuntu-mirror@meta | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/pdns-recursor | |
- run: inv apt-fresh | |
- run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }} | |
- run: inv install-clang-runtime | |
- run: inv install-rec-test-deps | |
- run: inv test-regression-recursor | |
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel recursor regression | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: rec-regression-full-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-recursor-bulk: | |
name: 'test rec *mini* bulk' | |
needs: | |
- build-recursor | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
threads: [1, 2, 3, 4, 8] | |
mthreads: [2048] | |
shards: [1, 2, 1024] | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp' | |
ASAN_OPTIONS: detect_leaks=0 | |
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/pdns-recursor | |
- run: inv install-clang-runtime | |
- run: inv install-rec-bulk-deps | |
- run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }} | |
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel recursor bulk | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: rec-regression-bulk-full-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
test-dnsdist-regression: | |
needs: | |
- build-dnsdist | |
- get-runner-container-image | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
sanitizers: [ubsan+asan, tsan] | |
container: | |
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" | |
env: | |
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
# Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498 | |
ASAN_OPTIONS: intercept_send=0 | |
LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-lsan.supp" | |
TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" | |
# IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions | |
SKIP_INCLUDEDIR_TESTS: yes | |
SANITIZERS: ${{ matrix.sanitizers }} | |
COVERAGE: yes | |
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
- name: Fetch the binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} | |
path: /opt/dnsdist | |
- run: inv install-clang-runtime | |
- run: inv install-dnsdist-test-deps $([ "$(. /etc/os-release && echo $VERSION_CODENAME)" = "bullseye" ] && echo "--skipXDP=True") | |
- run: inv test-dnsdist | |
- run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
- name: Coveralls Parallel dnsdist regression | |
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
flag-name: dnsdist-regression-full-${{ matrix.sanitizers }} | |
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
parallel: true | |
allow-empty: true | |
fail-on-error: false | |
swagger-syntax-check: | |
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
runs-on: ubuntu-22.04 | |
# FIXME: https://github.com/PowerDNS/pdns/pull/12880 | |
# container: | |
# image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master | |
# options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
steps: | |
- uses: PowerDNS/pdns/set-ubuntu-mirror@meta | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade | |
- run: inv install-swagger-tools | |
- run: inv swagger-syntax-check | |
collect: | |
needs: | |
- build-auth | |
- build-dnsdist | |
- build-recursor | |
- swagger-syntax-check | |
- test-auth-api | |
- test-auth-backend | |
- test-dnsdist-regression | |
- test-ixfrdist | |
- test-recursor-api | |
- test-recursor-regression | |
- test-recursor-bulk | |
if: success() || failure() | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Coveralls Parallel Finished | |
if: ${{ env.COVERAGE == 'yes' }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
parallel-finished: true | |
fail-on-error: false | |
- name: Install jq and jc | |
run: "sudo apt-get update && sudo apt-get install jq jc" | |
- name: Fail job if any of the previous jobs failed | |
run: "for i in `echo '${{ toJSON(needs) }}' | jq -r '.[].result'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;" | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 5 | |
submodules: recursive | |
ref: ${{ inputs.branch-name }} | |
- name: Get list of jobs in the workflow | |
run: "cat .github/workflows/build-and-test-all.yml | jc --yaml | jq -rS '.[].jobs | keys | .[]' | grep -vE 'collect|get-runner-container-image' | tee /tmp/workflow-jobs-list.yml" | |
- name: Get list of prerequisite jobs | |
run: "echo '${{ toJSON(needs) }}' | jq -rS 'keys | .[]' | tee /tmp/workflow-needs-list.yml" | |
- name: Fail if there is a job missing on the needs list | |
run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi" | |
# FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier |