diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 13194e85c7fd..991678e3df11 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -108,175 +108,6 @@ jobs: path: /opt/pdns-auth retention-days: 1 - build-recursor: - name: build recursor - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - ASAN_OPTIONS: detect_leaks=0 - SANITIZERS: ${{ matrix.sanitizers }} - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 - defaults: - run: - working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }} - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: recursor-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} - restore-keys: recursor-${{ matrix.sanitizers }}-ccache- - - run: inv ci-install-rust ${{ env.REPO_HOME }} - working-directory: ./pdns/recursordist/ - - run: inv ci-autoconf - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure - working-directory: ./pdns/recursordist/ - - run: inv ci-make-distdir - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure - - run: inv ci-rec-make-bear - - run: inv ci-rec-run-unit-tests - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel rec unit - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: rec-unit-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - run: inv ci-make-install - - run: ccache -s - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/pdns-recursor - retention-days: 1 - - build-dnsdist: - name: build dnsdist - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - features: [least, full] - exclude: - - sanitizers: tsan - features: least - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - ASAN_OPTIONS: detect_leaks=0 - SANITIZERS: ${{ matrix.sanitizers }} - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - FUZZING_TARGETS: yes - options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 - defaults: - run: - working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }} - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} - restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache- - - run: inv ci-install-rust ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-make-distdir - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - - run: inv ci-dnsdist-make-bear - - run: inv ci-dnsdist-run-unit-tests - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist unit - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - run: inv ci-make-install - - run: ccache -s - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - retention-days: 1 - test-auth-api: needs: build-auth runs-on: ubuntu-22.04 @@ -535,230 +366,6 @@ jobs: parallel: true allow-empty: true - test-recursor-api: - needs: build-recursor - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - dist_name: [debian] - dist_release_name: [bookworm] - pdns_repo_version: ['48'] - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" - options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/pdns-recursor - - run: inv apt-fresh - - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }} - - run: inv install-clang-runtime - - run: inv install-rec-test-deps - - run: inv test-api recursor - - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel recursor API - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: rec-api - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - test-recursor-regression: - needs: build-recursor - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - dist_name: [debian] - dist_release_name: [bookworm] - pdns_repo_version: ['48'] - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp' - ASAN_OPTIONS: detect_leaks=0 - TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" - options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - # - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/pdns-recursor - - run: inv apt-fresh - - run: inv add-auth-repo ${{ matrix.dist_name }} ${{ matrix.dist_release_name }} ${{ matrix.pdns_repo_version }} - - run: inv install-clang-runtime - - run: inv install-rec-test-deps - - run: inv test-regression-recursor - - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel recursor regression - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: rec-regression - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - test-recursor-bulk: - name: 'test rec *mini* bulk' - needs: build-recursor - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - threads: [1, 2, 3, 4, 8] - mthreads: [2048] - shards: [1, 2, 1024] - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp' - ASAN_OPTIONS: detect_leaks=0 - TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp" - options: --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-recursor-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/pdns-recursor - - run: inv install-clang-runtime - - run: inv install-rec-bulk-deps - - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }} - - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel recursor bulk - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: rec-regression-bulk - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - - test-dnsdist-regression: - needs: build-dnsdist - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - container: - image: ghcr.io/powerdns/base-pdns-ci-image/debian-12-pdns-base:master - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498 - ASAN_OPTIONS: detect_leaks=0:intercept_send=0 - TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" - # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions - SKIP_INCLUDEDIR_TESTS: yes - SANITIZERS: ${{ matrix.sanitizers }} - COVERAGE: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged - steps: - # workaround issue 9491 repo actions/runner-images - - name: get runner image version - id: runner-image-version - run: | - echo "image-version=$(echo $ImageVersion)" >> "$GITHUB_OUTPUT" - working-directory: . - - name: modify number of bits to use for aslr entropy - if: ${{ steps.runner-image-version.outputs.ImageVersion }} == '20240310.1.0' - run: | - sudo sysctl -a | grep vm.mmap.rnd - sudo sysctl -w vm.mmap_rnd_bits=28 - working-directory: . - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - - run: inv install-clang-runtime - - run: inv install-dnsdist-test-deps - - run: inv test-dnsdist - - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist regression - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-regression-full-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - swagger-syntax-check: if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} runs-on: ubuntu-22.04 @@ -780,16 +387,10 @@ jobs: collect: needs: - build-auth - - build-dnsdist - - build-recursor - swagger-syntax-check - test-auth-api - test-auth-backend - - test-dnsdist-regression - test-ixfrdist - - test-recursor-api - - test-recursor-regression - - test-recursor-bulk if: success() || failure() runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 759229824548..613c4b48ceed 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - product: ['authoritative', 'recursor', 'dnsdist'] + product: ['authoritative'] os: - centos-7 - el-8 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 168f1c23389d..57eb614d5180 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] language: ['cpp'] - product: ['auth', 'rec', 'dnsdist'] + product: ['auth'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection @@ -56,8 +56,6 @@ jobs: outputs: clang-tidy-annotations-auth: ${{ steps.clang-tidy-annotations-auth.outputs.failed }} - clang-tidy-annotations-dnsdist: ${{ steps.clang-tidy-annotations-dnsdist.outputs.failed }} - clang-tidy-annotations-rec: ${{ steps.clang-tidy-annotations-rec.outputs.failed }} steps: - uses: PowerDNS/pdns/set-ubuntu-mirror@meta @@ -144,107 +142,6 @@ jobs: echo "failed=$?" >> $GITHUB_OUTPUT fi - - name: Install dependencies for dnsdist - if: matrix.product == 'dnsdist' - run: | - inv install-dnsdist-build-deps --skipXDP - - name: Autoreconf dnsdist - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - run: | - inv ci-autoconf - - run: inv ci-install-rust ${{ env.REPO_HOME }} - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - - name: Configure dnsdist - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - run: | - inv ci-dnsdist-configure full - - name: Build dnsdist - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - run: | - inv ci-dnsdist-make-bear - - run: ln -s ../../.clang-tidy.full .clang-tidy - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - - name: Run clang-tidy for dnsdist - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - run: git diff --no-prefix -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py --product dnsdist | python3 ../../.github/scripts/clang-tidy-diff.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p0 -export-fixes clang-tidy-dnsdist.yml - - name: Print clang-tidy fixes YAML for dnsdist - if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - shell: bash - run: | - if [ -f clang-tidy-dnsdist.yml ]; then - cat clang-tidy-dnsdist.yml - fi - - name: Result annotations for dnsdist - if: matrix.product == 'dnsdist' - id: clang-tidy-annotations-dnsdist - working-directory: ./pdns/dnsdistdist/ - shell: bash - run: | - if [ -f clang-tidy-dnsdist.yml ]; then - set +e - python3 ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-dnsdist.yml - echo "failed=$?" >> $GITHUB_OUTPUT - fi - - - name: Install dependencies for rec - if: matrix.product == 'rec' - run: | - inv install-rec-build-deps - - run: inv ci-install-rust ${{ env.REPO_HOME }} - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - - name: Autoreconf rec - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - run: | - inv ci-autoconf - - name: Configure rec - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - run: | - inv ci-rec-configure - - name: Build rec - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - run: | - CONCURRENCY=4 inv ci-rec-make-bear - - run: ln -s ../../.clang-tidy.full .clang-tidy - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - - name: Run clang-tidy for rec - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - run: git diff --no-prefix -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py --product rec | python3 ../../.github/scripts/clang-tidy-diff.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p0 -export-fixes clang-tidy-rec.yml - - name: Print clang-tidy fixes YAML for rec - if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - shell: bash - run: | - if [ -f clang-tidy-rec.yml ]; then - cat clang-tidy-rec.yml - fi - - name: Result annotations for rec - if: matrix.product == 'rec' - id: clang-tidy-annotations-rec - working-directory: ./pdns/recursordist/ - shell: bash - run: | - if [ -f clang-tidy-rec.yml ]; then - set +e - python3 ../../.github/scripts/clang-tidy.py --fixes-file clang-tidy-rec.yml - echo "failed=$?" >> $GITHUB_OUTPUT - fi - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 @@ -258,14 +155,6 @@ jobs: echo "::error::Auth clang-tidy failed" exit 1 fi - if [ "x${{ needs.analyze.outputs.clang-tidy-annotations-dnsdist }}" != "x" -a "${{ needs.analyze.outputs.clang-tidy-annotations-dnsdist }}" != "0" ]; then - echo "::error::DNSdist clang-tidy failed" - exit 1 - fi - if [ "x${{needs.analyze.outputs.clang-tidy-annotations-rec }}" != "x" -a "${{needs.analyze.outputs.clang-tidy-annotations-rec }}" != "0" ]; then - echo "::error::Rec clang-tidy failed" - exit 1 - fi check-for-binaries: runs-on: ubuntu-22.04 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6493b8529ffd..8ee78336f307 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - product: ['auth', 'recursor', 'dnsdist'] + product: ['auth'] steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/misc-dailies.yml b/.github/workflows/misc-dailies.yml deleted file mode 100644 index ea31204d8ee2..000000000000 --- a/.github/workflows/misc-dailies.yml +++ /dev/null @@ -1,128 +0,0 @@ -name: "Various daily checks" - -on: - schedule: - - cron: '34 4 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -env: - CLANG_VERSION: '12' - -jobs: - el7-devtoolset: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - - steps: - - name: Check whether a newer devtoolset exists - run: | - if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++' - then - echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml" - exit 1 - else - echo "::notice ::No newer devtoolset exists (good)" - exit 0 - fi - - check-debian-autoremovals: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - - name: Check if Debian is about to toss us off a balcony - run: ./build-scripts/check-debian-autoremovals.py - - coverity-auth: - name: coverity scan of the auth - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_auth_token }} - FUZZING_TARGETS: no - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-auth-build-deps - - run: inv install-coverity-tools PowerDNS - - run: inv coverity-clang-configure - - run: inv ci-autoconf - - run: inv ci-auth-configure - - run: inv coverity-make - - run: inv coverity-tarball auth.tar.bz2 - - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2 - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-dnsdist-build-deps --skipXDP - - run: inv install-coverity-tools dnsdist - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure full - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-make - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-tarball dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - coverity-rec: - name: coverity scan of the rec - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_rec_token }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-rec-build-deps - - run: inv install-coverity-tools 'PowerDNS+Recursor' - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure - working-directory: ./pdns/recursordist/ - - run: inv coverity-make - working-directory: ./pdns/recursordist/ - - run: inv coverity-tarball recursor.tar.bz2 - working-directory: ./pdns/recursordist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2 - working-directory: ./pdns/recursordist/ diff --git a/.github/workflows/secpoll.yml b/.github/workflows/secpoll.yml deleted file mode 100644 index 57278d764973..000000000000 --- a/.github/workflows/secpoll.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: 'Verify secpoll zone syntax' - -on: - push: - pull_request: - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - build: - name: check secpoll zone - # on a ubuntu-20.04 VM - runs-on: ubuntu-20.04 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: sh docs/secpoll-check.sh docs/secpoll.zone - - run: echo 'deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-master main' | sudo tee /etc/apt/sources.list.d/pdns.list - - run: "echo -ne 'Package: pdns-*\nPin: origin repo.powerdns.com\nPin-Priority: 600\n' | sudo tee /etc/apt/preferences.d/pdns" - - run: sudo curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc - - run: sudo apt-get update - - run: sudo systemctl mask pdns - - run: sudo apt-get install -y pdns-server pdns-backend-sqlite3 - - run: "echo -ne 'launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3\n' | sudo tee /etc/powerdns/pdns.conf" - - run: sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql - - run: sudo pdnsutil load-zone secpoll.powerdns.com docs/secpoll.zone - - run: sudo pdnsutil check-zone secpoll.powerdns.com diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml deleted file mode 100644 index c250cd1046a1..000000000000 --- a/.github/workflows/spelling.yml +++ /dev/null @@ -1,19 +0,0 @@ -# spelling.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -name: Workflow should not run! -on: - push: - branches: '' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling2.yml b/.github/workflows/spelling2.yml deleted file mode 100644 index 055dd173040f..000000000000 --- a/.github/workflows/spelling2.yml +++ /dev/null @@ -1,16 +0,0 @@ -# spelling2.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Workflow should not run! -on: - push: - branches: '' - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling3.yml b/.github/workflows/spelling3.yml deleted file mode 100644 index 9df9009ca478..000000000000 --- a/.github/workflows/spelling3.yml +++ /dev/null @@ -1,72 +0,0 @@ -# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -# spelling2.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Spell checking - -on: - push: - branches: - - "**" - tags-ignore: - - "**" - pull_request: - branches: - - "**" - types: - - 'opened' - - 'reopened' - - 'synchronize' - -jobs: - spelling: - name: Spell checking - permissions: - # contents-read is needed to checkout in private repositories - contents: read - # actions-read is needed (possibly only for private repositories) - # to identify the workflow's filename until - # https://github.com/actions/runner/issues/853 is fixed - actions: read - # security-events-write is needed according to the documentation: - # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions - security-events: write - outputs: - followup: ${{ steps.spelling.outputs.followup }} - runs-on: ubuntu-latest - if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} - concurrency: - group: spelling-${{ github.event.pull_request.number || github.ref }} - # note: If you use only_check_changed_files, you do not want cancel-in-progress - cancel-in-progress: true - steps: - - name: check-spelling - id: spelling - uses: check-spelling/check-spelling@v0.0.22 - with: - config: .github/actions/spell-check - suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }} - checkout: true - spell_check_this: powerdns/pdns@master - post_comment: 0 - warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check - use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} - extra_dictionaries: - cspell:software-terms/dict/softwareTerms.txt - cspell:node/dict/node.txt - cspell:python/src/common/extra.txt - cspell:php/dict/php.txt - cspell:python/src/python/python-lib.txt - cspell:golang/dict/go.txt - cspell:fullstack/dict/fullstack.txt - cspell:k8s/dict/k8s.txt - cspell:aws/aws.txt - cspell:cpp/src/stdlib-cpp.txt - cspell:filetypes/filetypes.txt - cspell:python/src/python/python.txt - cspell:django/dict/django.txt - cspell:typescript/dict/typescript.txt - cspell:dotnet/dict/dotnet.txt - cspell:html/dict/html.txt - cspell:cpp/src/lang-keywords.txt - cspell:lua/dict/lua.txt - cspell:latex/dict/latex.txt - check_extra_dictionaries: ''