remove unneeded jobs for rel/auth-4.9.x branch #8202
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'Build and test everything' | |
| on: | |
| push: | |
| pull_request: | |
| workflow_call: | |
| inputs: | |
| branch-name: | |
| description: 'Checkout to a specific branch' | |
| required: true | |
| default: '' | |
| type: string | |
| schedule: | |
| - cron: '0 22 * * 3' | |
| permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| contents: read | |
| env: | |
| COMPILER: clang | |
| CLANG_VERSION: '13' | |
| # github.workspace variable points to the Runner home folder. Container home folder defined below. | |
| REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}' | |
| BUILDER_VERSION: '0.0.0-git1' | |
| COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }} | |
| LLVM_PROFILE_FILE: "/tmp/code-%p.profraw" | |
| OPTIMIZATIONS: yes | |
| DECAF_SUPPORT: yes | |
| jobs: | |
| build-auth: | |
| name: build auth | |
| if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master | |
| env: | |
| ASAN_OPTIONS: detect_leaks=0 | |
| FUZZING_TARGETS: yes | |
| SANITIZERS: asan+ubsan | |
| UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
| UNIT_TESTS: yes | |
| options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
| defaults: | |
| run: | |
| working-directory: ./pdns-${{ env.BUILDER_VERSION }} | |
| steps: | |
| # workaround issue 9491 repo actions/runner-images | |
| - name: get runner image version | |
| id: runner-image-version | |
| run: | | |
| echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" | |
| working-directory: . | |
| - name: modify number of bits to use for aslr entropy | |
| if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' | |
| run: | | |
| sudo sysctl -a | grep vm.mmap.rnd | |
| sudo sysctl -w vm.mmap_rnd_bits=28 | |
| working-directory: . | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - name: get timestamp for cache | |
| id: get-stamp | |
| run: | | |
| echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| working-directory: . | |
| - run: mkdir -p ~/.ccache | |
| working-directory: . | |
| - name: let GitHub cache our ccache data | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.ccache | |
| key: auth-ccache-${{ steps.get-stamp.outputs.stamp }} | |
| restore-keys: auth-ccache- | |
| - run: inv ci-autoconf | |
| working-directory: . | |
| - run: inv ci-auth-configure | |
| working-directory: . | |
| - run: inv ci-make-distdir | |
| working-directory: . | |
| - run: inv ci-auth-configure | |
| - run: inv ci-auth-make-bear # This runs under pdns-$BUILDER_VERSION/pdns/ | |
| - run: inv ci-auth-install-remotebackend-test-deps | |
| - run: inv ci-auth-run-unit-tests | |
| - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns | |
| - name: Coveralls Parallel auth unit | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| uses: coverallsapp/github-action@v2 | |
| with: | |
| flag-name: auth-unit-${{ matrix.sanitizers }} | |
| path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
| parallel: true | |
| allow-empty: true | |
| - run: inv ci-make-install | |
| - run: ccache -s | |
| - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
| - name: Store the binaries | |
| uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar | |
| with: | |
| name: pdns-auth-${{ env.normalized-branch-name }} | |
| path: /opt/pdns-auth | |
| retention-days: 1 | |
| test-auth-api: | |
| needs: build-auth | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master | |
| env: | |
| UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
| ASAN_OPTIONS: detect_leaks=0 | |
| TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" | |
| AUTH_BACKEND_IP_ADDR: "172.17.0.1" | |
| options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
| strategy: | |
| matrix: | |
| include: | |
| - backend: gsqlite3 | |
| image: coscale/docker-sleep | |
| - backend: gmysql | |
| image: mysql:5 | |
| - backend: gpgsql | |
| image: postgres:9 | |
| - backend: lmdb | |
| image: coscale/docker-sleep | |
| fail-fast: false | |
| services: | |
| database: | |
| image: ${{ matrix.image }} | |
| env: | |
| POSTGRES_USER: runner | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
| ports: | |
| - 3306:3306 | |
| - 5432:5432 | |
| # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. | |
| options: >- | |
| --restart always | |
| steps: | |
| # workaround issue 9491 repo actions/runner-images | |
| - name: get runner image version | |
| id: runner-image-version | |
| run: | | |
| echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" | |
| working-directory: . | |
| - name: modify number of bits to use for aslr entropy | |
| if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' | |
| run: | | |
| sudo sysctl -a | grep vm.mmap.rnd | |
| sudo sysctl -w vm.mmap_rnd_bits=28 | |
| working-directory: . | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
| - name: Fetch the binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pdns-auth-${{ env.normalized-branch-name }} | |
| path: /opt/pdns-auth | |
| - run: inv apt-fresh | |
| - run: inv install-clang-runtime | |
| - run: inv install-auth-test-deps -b ${{ matrix.backend }} | |
| - run: inv test-api auth -b ${{ matrix.backend }} | |
| - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| - name: Coveralls Parallel auth API ${{ matrix.backend }} | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| uses: coverallsapp/github-action@v2 | |
| with: | |
| flag-name: auth-api-${{ matrix.backend }} | |
| path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
| parallel: true | |
| allow-empty: true | |
| test-auth-backend: | |
| needs: build-auth | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master | |
| env: | |
| UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
| ASAN_OPTIONS: detect_leaks=0 | |
| LDAPHOST: ldap://ldapserver/ | |
| ODBCINI: /github/home/.odbc.ini | |
| AUTH_BACKEND_IP_ADDR: "172.17.0.1" | |
| options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
| strategy: | |
| matrix: | |
| include: | |
| - backend: remote | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: gmysql | |
| image: mysql:5 | |
| env: | |
| MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
| ports: | |
| - 3306:3306 | |
| - backend: gmysql | |
| image: mariadb:10 | |
| env: | |
| MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
| ports: | |
| - 3306:3306 | |
| - backend: gpgsql | |
| image: postgres:9 | |
| env: | |
| POSTGRES_USER: runner | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| ports: | |
| - 5432:5432 | |
| - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: lmdb | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: bind | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: geoip | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: lua2 | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: tinydns | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: authpy | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: godbc_sqlite3 | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| - backend: godbc_mssql | |
| image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu | |
| env: | |
| ACCEPT_EULA: Y | |
| SA_PASSWORD: 'SAsa12%%-not-a-secret-password' | |
| ports: | |
| - 1433:1433 | |
| - backend: ldap | |
| image: powerdns/ldap-regress:1.2.4-1 | |
| env: | |
| LDAP_LOG_LEVEL: 0 | |
| CONTAINER_LOG_LEVEL: 4 | |
| ports: | |
| - 389:389 | |
| - backend: geoip_mmdb | |
| image: coscale/docker-sleep | |
| env: {} | |
| ports: [] | |
| fail-fast: false | |
| services: | |
| database: | |
| image: ${{ matrix.image }} | |
| env: ${{ matrix.env }} | |
| ports: ${{ matrix.ports }} | |
| # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. | |
| options: >- | |
| --restart always | |
| steps: | |
| # workaround issue 9491 repo actions/runner-images | |
| - name: get runner image version | |
| id: runner-image-version | |
| run: | | |
| echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" | |
| working-directory: . | |
| - name: modify number of bits to use for aslr entropy | |
| if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' | |
| run: | | |
| sudo sysctl -a | grep vm.mmap.rnd | |
| sudo sysctl -w vm.mmap_rnd_bits=28 | |
| working-directory: . | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
| - name: Fetch the binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pdns-auth-${{ env.normalized-branch-name }} | |
| path: /opt/pdns-auth | |
| # FIXME: install recursor for backends that have ALIAS | |
| - run: inv install-clang-runtime | |
| - run: inv install-auth-test-deps -b ${{ matrix.backend }} | |
| - run: inv test-auth-backend -b ${{ matrix.backend }} | |
| - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| - name: Coveralls Parallel auth backend ${{ matrix.backend }} | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| uses: coverallsapp/github-action@v2 | |
| with: | |
| flag-name: auth-backend-${{ matrix.backend }} | |
| path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
| parallel: true | |
| allow-empty: true | |
| test-ixfrdist: | |
| needs: build-auth | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master | |
| env: | |
| UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" | |
| ASAN_OPTIONS: detect_leaks=0 | |
| options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
| steps: | |
| # workaround issue 9491 repo actions/runner-images | |
| - name: get runner image version | |
| id: runner-image-version | |
| run: | | |
| echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" | |
| working-directory: . | |
| - name: modify number of bits to use for aslr entropy | |
| if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' | |
| run: | | |
| sudo sysctl -a | grep vm.mmap.rnd | |
| sudo sysctl -w vm.mmap_rnd_bits=28 | |
| working-directory: . | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" | |
| - name: Fetch the binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pdns-auth-${{ env.normalized-branch-name }} | |
| path: /opt/pdns-auth | |
| - run: inv install-clang-runtime | |
| - run: inv install-auth-test-deps | |
| - run: inv test-ixfrdist | |
| - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| - name: Coveralls Parallel ixfrdist | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| uses: coverallsapp/github-action@v2 | |
| with: | |
| flag-name: ixfrdist | |
| path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov | |
| parallel: true | |
| allow-empty: true | |
| swagger-syntax-check: | |
| if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} | |
| runs-on: ubuntu-22.04 | |
| # FIXME: https://github.com/PowerDNS/pdns/pull/12880 | |
| # container: | |
| # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master | |
| # options: --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
| steps: | |
| - uses: PowerDNS/pdns/set-ubuntu-mirror@meta | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade | |
| - run: inv install-swagger-tools | |
| - run: inv swagger-syntax-check | |
| collect: | |
| needs: | |
| - build-auth | |
| - swagger-syntax-check | |
| - test-auth-api | |
| - test-auth-backend | |
| - test-ixfrdist | |
| if: success() || failure() | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Coveralls Parallel Finished | |
| if: ${{ env.COVERAGE == 'yes' }} | |
| uses: coverallsapp/github-action@v2 | |
| with: | |
| parallel-finished: true | |
| - name: Install jq and yq | |
| run: "sudo snap install jq yq" | |
| - name: Fail job if any of the previous jobs failed | |
| run: "for i in `echo '${{ toJSON(needs) }}' | jq '.[].result' | tr -d '\"'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;" | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| submodules: recursive | |
| ref: ${{ inputs.branch-name }} | |
| - name: Get list of jobs in the workflow | |
| run: "yq e '.jobs | keys' .github/workflows/build-and-test-all.yml | awk '{print $2}' | grep -v collect | sort | tee /tmp/workflow-jobs-list.yml" | |
| - name: Get list of prerequisite jobs | |
| run: "echo '${{ toJSON(needs) }}' | jq 'keys | .[]' | tr -d '\"' | sort | tee /tmp/workflow-needs-list.yml" | |
| - name: Fail if there is a job missing on the needs list | |
| run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi" | |
| # FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier |