Skip to content

Commit

Permalink
auth-4.9.x: specialise workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@Habbie
Habbie committed Mar 11, 2024
1 parent 0491d8e commit 0c22018
Show file tree
Hide file tree
Showing 9 changed files with 3 additions and 597 deletions.
327 changes: 0 additions & 327 deletions .github/workflows/build-and-test-all.yml
View file
Expand Up @@ -96,151 +96,6 @@ jobs:
path: /opt/pdns-auth
retention-days: 1

build-recursor:
name: build recursor
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
ASAN_OPTIONS: detect_leaks=0
SANITIZERS: ${{ matrix.sanitizers }}
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
defaults:
run:
working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
restore-keys: recursor-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/recursordist/
- run: inv ci-autoconf
working-directory: ./pdns/recursordist/
- run: inv ci-rec-configure
working-directory: ./pdns/recursordist/
- run: inv ci-make-distdir
working-directory: ./pdns/recursordist/
- run: inv ci-rec-configure
- run: inv ci-rec-make-bear
- run: inv ci-rec-run-unit-tests
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel rec unit
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-unit-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
- run: inv ci-make-install
- run: ccache -s
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
retention-days: 1

build-dnsdist:
name: build dnsdist
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
features: [least, full]
exclude:
- sanitizers: tsan
features: least
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
ASAN_OPTIONS: detect_leaks=0
SANITIZERS: ${{ matrix.sanitizers }}
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
FUZZING_TARGETS: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
defaults:
run:
working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-build-and-install-quiche
working-directory: ./pdns/dnsdistdist/
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-make-distdir
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
- run: inv ci-dnsdist-make-bear
- run: inv ci-dnsdist-run-unit-tests
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist unit
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
- run: inv ci-make-install
- run: ccache -s
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
retention-days: 1

test-auth-api:
needs: build-auth
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -463,182 +318,6 @@ jobs:
parallel: true
allow-empty: true

test-recursor-api:
needs: build-recursor
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
dist_name: [debian]
dist_release_name: [bookworm]
pdns_repo_version: ['48']
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv apt-fresh
- run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
- run: inv install-clang-runtime
- run: inv install-rec-test-deps
- run: inv test-api recursor
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor API
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-api
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true

test-recursor-regression:
needs: build-recursor
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
dist_name: [debian]
dist_release_name: [bookworm]
pdns_repo_version: ['48']
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
# - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv apt-fresh
- run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }}
- run: inv install-clang-runtime
- run: inv install-rec-test-deps
- run: inv test-regression-recursor
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor regression
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-regression
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true

test-recursor-bulk:
name: 'test rec *mini* bulk'
needs: build-recursor
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
threads: [1, 2, 3, 4, 8]
mthreads: [2048]
shards: [1, 2, 1024]
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv install-clang-runtime
- run: inv install-rec-bulk-deps
- run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor bulk
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-regression-bulk
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true

test-dnsdist-regression:
needs: build-dnsdist
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
container:
image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
# Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
ASAN_OPTIONS: detect_leaks=0:intercept_send=0
TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
# IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
SKIP_INCLUDEDIR_TESTS: yes
SANITIZERS: ${{ matrix.sanitizers }}
COVERAGE: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
- run: inv install-clang-runtime
- run: inv install-dnsdist-test-deps
- run: inv test-dnsdist
- run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist regression
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true

swagger-syntax-check:
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
Expand All @@ -660,16 +339,10 @@ jobs:
collect:
needs:
- build-auth
- build-dnsdist
- build-recursor
- swagger-syntax-check
- test-auth-api
- test-auth-backend
- test-dnsdist-regression
- test-ixfrdist
- test-recursor-api
- test-recursor-regression
- test-recursor-bulk
if: success() || failure()
runs-on: ubuntu-22.04
steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/builder.yml
View file
Expand Up @@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-20.04
strategy:
matrix:
product: ['authoritative', 'recursor', 'dnsdist']
product: ['authoritative']
os:
- centos-7
- el-8
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Expand Up @@ -39,7 +39,7 @@ jobs:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['cpp']
product: ['auth', 'rec', 'dnsdist']
product: ['auth']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker.yml
View file
Expand Up @@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-20.04
strategy:
matrix:
product: ['auth', 'recursor', 'dnsdist']
product: ['auth']
steps:
- uses: actions/checkout@v4
with:
Expand Down

0 comments on commit 0c22018

Please sign in to comment.