summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--.github/workflows/codespell.yml19
-rw-r--r--.github/workflows/compliance.yml57
-rw-r--r--.github/workflows/contrib.yml25
-rw-r--r--.github/workflows/coverity.yml43
-rw-r--r--.github/workflows/cross-zoo.yml110
-rw-r--r--.github/workflows/musl.yml58
-rw-r--r--.github/workflows/openssl-nodeprecated.yml33
-rw-r--r--.github/workflows/vtest.yml155
-rw-r--r--.github/workflows/windows.yml67
9 files changed, 567 insertions, 0 deletions
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
new file mode 100644
index 0000000..2243d8b
--- /dev/null
+++ b/.github/workflows/codespell.yml
@@ -0,0 +1,19 @@
+name: Spelling Check
+
+on:
+ schedule:
+ - cron: "0 0 * * 2"
+
+permissions:
+ contents: read
+
+jobs:
+ codespell:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: codespell-project/codespell-problem-matcher@v1
+ - uses: codespell-project/actions-codespell@master
+ with:
+ skip: CHANGELOG,Makefile,*.fig,*.pem
+ ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor
diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
new file mode 100644
index 0000000..509eaf8
--- /dev/null
+++ b/.github/workflows/compliance.yml
@@ -0,0 +1,57 @@
+
+name: Spec Compliance
+
+on:
+ schedule:
+ - cron: "0 0 * * 3"
+
+permissions:
+ contents: read
+
+jobs:
+ h2spec:
+ name: h2spec
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix:
+ include:
+ - TARGET: linux-glibc
+ CC: gcc
+ os: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Install h2spec
+ id: install-h2spec
+ run: |
+ H2SPEC_VERSION=`curl --silent "https://api.github.com/repos/summerwind/h2spec/releases/latest" | jq -r -j '.tag_name'`
+ curl -fsSL https://github.com/summerwind/h2spec/releases/download/${H2SPEC_VERSION}/h2spec_linux_amd64.tar.gz -o h2spec.tar.gz
+ tar xvf h2spec.tar.gz
+ sudo install -m755 h2spec /usr/local/bin/h2spec
+ echo "version=${H2SPEC_VERSION}" >> $GITHUB_OUTPUT
+ - name: Compile HAProxy with ${{ matrix.CC }}
+ run: |
+ make -j$(nproc) all \
+ ERR=1 \
+ TARGET=${{ matrix.TARGET }} \
+ CC=${{ matrix.CC }} \
+ DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \
+ USE_OPENSSL=1
+ sudo make install
+ - name: Show HAProxy version
+ id: show-version
+ run: |
+ echo "::group::Show dynamic libraries."
+ if command -v ldd > /dev/null; then
+ # Linux
+ ldd $(which haproxy)
+ else
+ # macOS
+ otool -L $(which haproxy)
+ fi
+ echo "::endgroup::"
+ haproxy -vv
+ echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT
+ - name: Launch HAProxy ${{ steps.show-version.outputs.version }}
+ run: haproxy -f .github/h2spec.config -D
+ - name: Run h2spec ${{ steps.install-h2spec.outputs.version }}
+ run: h2spec -Svtk -h 127.0.0.1 -p 8443
diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml
new file mode 100644
index 0000000..99a1576
--- /dev/null
+++ b/.github/workflows/contrib.yml
@@ -0,0 +1,25 @@
+name: Contrib
+
+on:
+ push:
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Compile admin/halog/halog
+ run: |
+ make admin/halog/halog
+ - name: Compile dev/flags/flags
+ run: |
+ make dev/flags/flags
+ - name: Compile dev/poll/poll
+ run: |
+ make dev/poll/poll
+ - name: Compile dev/hpack
+ run: |
+ make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..e208c8c
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,43 @@
+
+#
+# scan results: https://scan.coverity.com/projects/haproxy
+#
+
+name: Coverity
+
+on:
+ schedule:
+ - cron: "0 0 * * *"
+
+permissions:
+ contents: read
+
+jobs:
+ scan:
+ runs-on: ubuntu-latest
+ if: ${{ github.repository_owner == 'haproxy' }}
+ env:
+ COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+ COVERITY_SCAN_BRANCH_PATTERN: '*'
+ COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com'
+ # We cannot pass the DEBUG at once here because Coverity splits
+ # parameters at whitespaces, without taking quoting into account.
+ COVERITY_SCAN_BUILD_COMMAND: "make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_QUIC=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern ADDLIB=\"-Wl,-rpath,$HOME/opt/lib/\" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG+=-DDEBUG_STRICT=1 DEBUG+=-DDEBUG_USE_ABORT=1"
+ steps:
+ - uses: actions/checkout@v3
+ - name: Install apt dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y \
+ liblua5.3-dev \
+ libsystemd-dev
+ - name: Install QUICTLS
+ run: |
+ QUICTLS=yes scripts/build-ssl.sh
+ - name: Build WURFL
+ run: make -C addons/wurfl/dummy
+ - name: Run Coverity Scan
+ env:
+ COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ run: |
+ curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
diff --git a/.github/workflows/cross-zoo.yml b/.github/workflows/cross-zoo.yml
new file mode 100644
index 0000000..e2a5816
--- /dev/null
+++ b/.github/workflows/cross-zoo.yml
@@ -0,0 +1,110 @@
+#
+# this is naamed "zoo" after OpenSSL "cross zoo pipeline"
+#
+name: Cross Compile
+
+on:
+ schedule:
+ - cron: "0 0 21 * *"
+
+permissions:
+ contents: read
+
+jobs:
+ cross-compilation:
+ strategy:
+ matrix:
+ platform: [
+ {
+ arch: aarch64-linux-gnu,
+ libs: libc6-dev-arm64-cross,
+ target: linux-aarch64
+ }, {
+ arch: alpha-linux-gnu,
+ libs: libc6.1-dev-alpha-cross,
+ target: linux-alpha-gcc
+ }, {
+ arch: arm-linux-gnueabi,
+ libs: libc6-dev-armel-cross,
+ target: linux-armv4
+ }, {
+ arch: arm-linux-gnueabihf,
+ libs: libc6-dev-armhf-cross,
+ target: linux-armv4
+ }, {
+ arch: hppa-linux-gnu,
+ libs: libc6-dev-hppa-cross,
+ target: -static linux-generic32
+ }, {
+ arch: m68k-linux-gnu,
+ libs: libc6-dev-m68k-cross,
+ target: -static -m68040 linux-latomic
+ }, {
+ arch: mips-linux-gnu,
+ libs: libc6-dev-mips-cross,
+ target: -static linux-mips32
+ }, {
+ arch: mips64-linux-gnuabi64,
+ libs: libc6-dev-mips64-cross,
+ target: -static linux64-mips64
+ }, {
+ arch: mipsel-linux-gnu,
+ libs: libc6-dev-mipsel-cross,
+ target: linux-mips32
+ }, {
+ arch: powerpc64le-linux-gnu,
+ libs: libc6-dev-ppc64el-cross,
+ target: linux-ppc64le
+ }, {
+ arch: riscv64-linux-gnu,
+ libs: libc6-dev-riscv64-cross,
+ target: linux64-riscv64
+ }, {
+ arch: s390x-linux-gnu,
+ libs: libc6-dev-s390x-cross,
+ target: linux64-s390x
+ }, {
+ arch: sh4-linux-gnu,
+ libs: libc6-dev-sh4-cross,
+ target: no-async linux-latomic
+ }, {
+ arch: hppa-linux-gnu,
+ libs: libc6-dev-hppa-cross,
+ target: linux-generic32,
+ }, {
+ arch: m68k-linux-gnu,
+ libs: libc6-dev-m68k-cross,
+ target: -mcfv4e linux-latomic
+ }, {
+ arch: mips-linux-gnu,
+ libs: libc6-dev-mips-cross,
+ target: linux-mips32
+ }, {
+ arch: mips64-linux-gnuabi64,
+ libs: libc6-dev-mips64-cross,
+ target: linux64-mips64
+ }, {
+ arch: sparc64-linux-gnu,
+ libs: libc6-dev-sparc64-cross,
+ target: linux64-sparcv9
+ }
+ ]
+ runs-on: ubuntu-latest
+ steps:
+ - name: install packages
+ run: |
+ sudo apt-get update
+ sudo apt-get -yq --force-yes install \
+ gcc-${{ matrix.platform.arch }} \
+ ${{ matrix.platform.libs }}
+ - uses: actions/checkout@v2
+
+
+ - name: install quictls
+ run: |
+ QUICTLS_EXTRA_ARGS="--cross-compile-prefix=${{ matrix.platform.arch }}- ${{ matrix.platform.target }}" QUICTLS=yes scripts/build-ssl.sh
+
+ - name: Build
+ run: |
+ make ERR=1 CC=${{ matrix.platform.arch }}-gcc TARGET=linux-glibc USE_LIBCRYPT= USE_OPENSSL=1 USE_QUIC=1 USE_PROMEX=1 SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include ADDLIB="-Wl,-rpath,${HOME}/opt/lib"
+
diff --git a/.github/workflows/musl.yml b/.github/workflows/musl.yml
new file mode 100644
index 0000000..8eb8310
--- /dev/null
+++ b/.github/workflows/musl.yml
@@ -0,0 +1,58 @@
+name: alpine/musl
+
+on:
+ push:
+
+permissions:
+ contents: read
+
+jobs:
+ musl:
+ name: gcc
+ runs-on: ubuntu-latest
+ container:
+ image: alpine:latest
+ options: --privileged --ulimit core=-1 --security-opt seccomp=unconfined
+ volumes:
+ - /tmp/core:/tmp/core
+ steps:
+ - name: Setup coredumps
+ run: |
+ ulimit -c unlimited
+ echo '/tmp/core/core.%h.%e.%t' > /proc/sys/kernel/core_pattern
+ - uses: actions/checkout@v3
+ - name: Install dependencies
+ run: apk add gcc gdb make tar git python3 libc-dev linux-headers pcre-dev pcre2-dev openssl-dev lua5.3-dev grep socat curl musl-dbg lua5.3-dbg
+ - name: Install VTest
+ run: scripts/build-vtest.sh
+ - name: Build
+ run: make -j$(nproc) TARGET=linux-musl DEBUG_CFLAGS='-ggdb3' CC=cc V=1 USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3 USE_OPENSSL=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PROMEX=1
+ - name: Show version
+ run: ./haproxy -vv
+ - name: Show linked libraries
+ run: ldd haproxy
+ - name: Install problem matcher for VTest
+ # This allows one to more easily see which tests fail.
+ run: echo "::add-matcher::.github/vtest.json"
+ - name: Run VTest
+ id: vtest
+ run: make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel
+ - name: Show coredumps
+ if: ${{ failure() && steps.vtest.outcome == 'failure' }}
+ run: |
+ ls /tmp/core/
+ for file in /tmp/core/core.*; do
+ printf "::group::"
+ gdb -ex 'thread apply all bt full' ./haproxy $file
+ echo "::endgroup::"
+ done
+ - name: Show results
+ if: ${{ failure() }}
+ run: |
+ for folder in /tmp/haregtests-*/vtc.*; do
+ printf "::group::"
+ cat $folder/INFO
+ cat $folder/LOG
+ echo "::endgroup::"
+ done
+ shopt -s nullglob
diff --git a/.github/workflows/openssl-nodeprecated.yml b/.github/workflows/openssl-nodeprecated.yml
new file mode 100644
index 0000000..e7f7ffa
--- /dev/null
+++ b/.github/workflows/openssl-nodeprecated.yml
@@ -0,0 +1,33 @@
+#
+# special purpose CI: test against OpenSSL built in "no-deprecated" mode
+# let us run those builds weekly
+#
+# for example, OpenWRT uses such OpenSSL builds (those builds are smaller)
+#
+#
+# some details might be found at NL: https://www.mail-archive.com/haproxy@formilux.org/msg35759.html
+# GH: https://github.com/haproxy/haproxy/issues/367
+
+name: openssl no-deprecated
+
+on:
+ schedule:
+ - cron: "0 0 * * 4"
+
+permissions:
+ contents: read
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Install VTest
+ run: |
+ scripts/build-vtest.sh
+ - name: Compile HAProxy
+ run: |
+ make DEFINE="-DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" -j3 CC=gcc ERR=1 TARGET=linux-glibc USE_OPENSSL=1
+ - name: Run VTest
+ run: |
+ make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel
diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml
new file mode 100644
index 0000000..8c13d13
--- /dev/null
+++ b/.github/workflows/vtest.yml
@@ -0,0 +1,155 @@
+# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com>
+# Copyright 2020 Tim Duesterhus <tim@bastelstu.be>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version
+# 2 of the License, or (at your option) any later version.
+
+name: VTest
+
+on:
+ push:
+
+permissions:
+ contents: read
+
+jobs:
+ # The generate-matrix job generates the build matrix using JSON output
+ # generated by .github/matrix.py.
+ generate-matrix:
+ name: Generate Build Matrix
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.set-matrix.outputs.matrix }}
+ steps:
+ - uses: actions/checkout@v3
+ - name: Generate Build Matrix
+ id: set-matrix
+ run: python3 .github/matrix.py "${{ github.ref_name }}"
+
+ # The Test job actually runs the tests.
+ Test:
+ name: ${{ matrix.name }}
+ needs: generate-matrix
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+ fail-fast: false
+ env:
+ # Configure a short TMPDIR to prevent failures due to long unix socket
+ # paths.
+ TMPDIR: /tmp
+ # Force ASAN output into asan.log to make the output more readable.
+ ASAN_OPTIONS: log_path=asan.log
+ OT_CPP_VERSION: 1.6.0
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 100
+#
+# Github Action cache key cannot contain comma, so we calculate it based on job name
+#
+ - name: Generate cache key
+ id: generate-cache-key
+ run: |
+ echo "key=$(echo ${{ matrix.name }} | sha256sum | awk '{print $1}')" >> $GITHUB_OUTPUT
+
+ - name: Cache SSL libs
+ if: ${{ matrix.ssl && matrix.ssl != 'stock' && matrix.ssl != 'BORINGSSL=yes' && matrix.ssl != 'QUICTLS=yes' }}
+ id: cache_ssl
+ uses: actions/cache@v3
+ with:
+ path: '~/opt/'
+ key: ssl-${{ steps.generate-cache-key.outputs.key }}
+
+ - name: Cache OpenTracing
+ if: ${{ contains(matrix.FLAGS, 'USE_OT=1') }}
+ id: cache_ot
+ uses: actions/cache@v3
+ with:
+ path: '~/opt-ot/'
+ key: ot-${{ matrix.CC }}-${{ env.OT_CPP_VERSION }}-${{ contains(matrix.name, 'ASAN') }}
+ - name: Install apt dependencies
+ if: ${{ startsWith(matrix.os, 'ubuntu-') }}
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y \
+ liblua5.3-dev \
+ libpcre2-dev \
+ libsystemd-dev \
+ ninja-build \
+ socat
+ - name: Install brew dependencies
+ if: ${{ startsWith(matrix.os, 'macos-') }}
+ run: |
+ brew install socat
+ brew install lua
+ - name: Install VTest
+ run: |
+ scripts/build-vtest.sh
+ - name: Install SSL ${{ matrix.ssl }}
+ if: ${{ matrix.ssl && matrix.ssl != 'stock' && steps.cache_ssl.outputs.cache-hit != 'true' }}
+ run: env ${{ matrix.ssl }} scripts/build-ssl.sh
+ - name: Install OpenTracing libs
+ if: ${{ contains(matrix.FLAGS, 'USE_OT=1') && steps.cache_ot.outputs.cache-hit != 'true' }}
+ run: |
+ OT_PREFIX=${HOME}/opt-ot scripts/build-ot.sh
+ - name: Build WURFL
+ if: ${{ contains(matrix.FLAGS, 'USE_WURFL=1') }}
+ run: make -C addons/wurfl/dummy
+ - name: Compile HAProxy with ${{ matrix.CC }}
+ run: |
+ echo "::group::Show compiler's version"
+ echo | ${{ matrix.CC }} -v
+ echo "::endgroup::"
+ echo "::group::Show platform specific defines"
+ echo | ${{ matrix.CC }} -dM -xc -E -
+ echo "::endgroup::"
+ make -j$(nproc) all \
+ ERR=1 \
+ TARGET=${{ matrix.TARGET }} \
+ CC=${{ matrix.CC }} \
+ DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \
+ ${{ join(matrix.FLAGS, ' ') }} \
+ ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/"
+ sudo make install
+ - name: Show HAProxy version
+ id: show-version
+ run: |
+ echo "::group::Show dynamic libraries."
+ if command -v ldd > /dev/null; then
+ # Linux
+ ldd $(which haproxy)
+ else
+ # macOS
+ otool -L $(which haproxy)
+ fi
+ echo "::endgroup::"
+ haproxy -vv
+ echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT
+ - name: Install problem matcher for VTest
+ # This allows one to more easily see which tests fail.
+ run: echo "::add-matcher::.github/vtest.json"
+ - name: Run VTest for HAProxy ${{ steps.show-version.outputs.version }}
+ id: vtest
+ run: |
+ # This is required for macOS which does not actually allow to increase
+ # the '-n' soft limit to the hard limit, thus failing to run.
+ ulimit -n 65536
+ make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel
+ - name: Show VTest results
+ if: ${{ failure() && steps.vtest.outcome == 'failure' }}
+ run: |
+ for folder in ${TMPDIR}/haregtests-*/vtc.*; do
+ printf "::group::"
+ cat $folder/INFO
+ cat $folder/LOG
+ echo "::endgroup::"
+ done
+ shopt -s nullglob
+ for asan in asan.log*; do
+ echo "::group::$asan"
+ cat $asan
+ echo "::endgroup::"
+ done
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
new file mode 100644
index 0000000..3030908
--- /dev/null
+++ b/.github/workflows/windows.yml
@@ -0,0 +1,67 @@
+# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com>
+# Copyright 2020 Tim Duesterhus <tim@bastelstu.be>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version
+# 2 of the License, or (at your option) any later version.
+
+name: Windows
+
+on:
+ push:
+
+permissions:
+ contents: read
+
+jobs:
+ msys2:
+ name: ${{ matrix.name }}
+ runs-on: ${{ matrix.os }}
+ defaults:
+ run:
+ shell: msys2 {0}
+ strategy:
+ matrix:
+ include:
+ - name: "Windows, gcc, all features"
+ TARGET: cygwin
+ CC: gcc
+ os: windows-latest
+ FLAGS:
+ - USE_OPENSSL=1
+ - USE_PCRE=1
+ - USE_PCRE_JIT=1
+ - USE_THREAD=1
+ - USE_ZLIB=1
+ steps:
+ - uses: actions/checkout@v3
+ - uses: msys2/setup-msys2@v2
+ with:
+ install: >-
+ coreutils
+ curl
+ diffutils
+ gawk
+ gcc
+ make
+ tar
+ openssl-devel
+ pcre-devel
+ zlib-devel
+ - name: Compile HAProxy with ${{ matrix.CC }}
+ run: |
+ echo "::group::Show platform specific defines"
+ echo | ${{ matrix.CC }} -dM -xc -E -
+ echo "::endgroup::"
+ make -j$(nproc) all \
+ ERR=1 \
+ TARGET=${{ matrix.TARGET }} \
+ CC=${{ matrix.CC }} \
+ DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \
+ ${{ join(matrix.FLAGS, ' ') }}
+ - name: Show HAProxy version
+ id: show-version
+ run: |
+ ./haproxy -vv
+ echo "version=$(./haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT