diff options
Diffstat (limited to '')
| -rw-r--r-- | .github/workflows/codespell.yml | 19 | ||||
| -rw-r--r-- | .github/workflows/compliance.yml | 57 | ||||
| -rw-r--r-- | .github/workflows/contrib.yml | 25 | ||||
| -rw-r--r-- | .github/workflows/coverity.yml | 43 | ||||
| -rw-r--r-- | .github/workflows/cross-zoo.yml | 110 | ||||
| -rw-r--r-- | .github/workflows/musl.yml | 58 | ||||
| -rw-r--r-- | .github/workflows/openssl-nodeprecated.yml | 33 | ||||
| -rw-r--r-- | .github/workflows/vtest.yml | 155 | ||||
| -rw-r--r-- | .github/workflows/windows.yml | 67 |
9 files changed, 567 insertions, 0 deletions
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 0000000..2243d8b --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,19 @@ +name: Spelling Check + +on: + schedule: + - cron: "0 0 * * 2" + +permissions: + contents: read + +jobs: + codespell: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: codespell-project/codespell-problem-matcher@v1 + - uses: codespell-project/actions-codespell@master + with: + skip: CHANGELOG,Makefile,*.fig,*.pem + ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml new file mode 100644 index 0000000..509eaf8 --- /dev/null +++ b/.github/workflows/compliance.yml @@ -0,0 +1,57 @@ + +name: Spec Compliance + +on: + schedule: + - cron: "0 0 * * 3" + +permissions: + contents: read + +jobs: + h2spec: + name: h2spec + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - TARGET: linux-glibc + CC: gcc + os: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install h2spec + id: install-h2spec + run: | + H2SPEC_VERSION=`curl --silent "https://api.github.com/repos/summerwind/h2spec/releases/latest" | jq -r -j '.tag_name'` + curl -fsSL https://github.com/summerwind/h2spec/releases/download/${H2SPEC_VERSION}/h2spec_linux_amd64.tar.gz -o h2spec.tar.gz + tar xvf h2spec.tar.gz + sudo install -m755 h2spec /usr/local/bin/h2spec + echo "version=${H2SPEC_VERSION}" >> $GITHUB_OUTPUT + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + USE_OPENSSL=1 + sudo make install + - name: Show HAProxy version + id: show-version + run: | + echo "::group::Show dynamic libraries." + if command -v ldd > /dev/null; then + # Linux + ldd $(which haproxy) + else + # macOS + otool -L $(which haproxy) + fi + echo "::endgroup::" + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Launch HAProxy ${{ steps.show-version.outputs.version }} + run: haproxy -f .github/h2spec.config -D + - name: Run h2spec ${{ steps.install-h2spec.outputs.version }} + run: h2spec -Svtk -h 127.0.0.1 -p 8443 diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml new file mode 100644 index 0000000..99a1576 --- /dev/null +++ b/.github/workflows/contrib.yml @@ -0,0 +1,25 @@ +name: Contrib + +on: + push: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Compile admin/halog/halog + run: | + make admin/halog/halog + - name: Compile dev/flags/flags + run: | + make dev/flags/flags + - name: Compile dev/poll/poll + run: | + make dev/poll/poll + - name: Compile dev/hpack + run: | + make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000..e208c8c --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,43 @@ + +# +# scan results: https://scan.coverity.com/projects/haproxy +# + +name: Coverity + +on: + schedule: + - cron: "0 0 * * *" + +permissions: + contents: read + +jobs: + scan: + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'haproxy' }} + env: + COVERITY_SCAN_PROJECT_NAME: 'Haproxy' + COVERITY_SCAN_BRANCH_PATTERN: '*' + COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com' + # We cannot pass the DEBUG at once here because Coverity splits + # parameters at whitespaces, without taking quoting into account. + COVERITY_SCAN_BUILD_COMMAND: "make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_QUIC=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern ADDLIB=\"-Wl,-rpath,$HOME/opt/lib/\" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG+=-DDEBUG_STRICT=1 DEBUG+=-DDEBUG_USE_ABORT=1" + steps: + - uses: actions/checkout@v3 + - name: Install apt dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + liblua5.3-dev \ + libsystemd-dev + - name: Install QUICTLS + run: | + QUICTLS=yes scripts/build-ssl.sh + - name: Build WURFL + run: make -C addons/wurfl/dummy + - name: Run Coverity Scan + env: + COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + run: | + curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true diff --git a/.github/workflows/cross-zoo.yml b/.github/workflows/cross-zoo.yml new file mode 100644 index 0000000..e2a5816 --- /dev/null +++ b/.github/workflows/cross-zoo.yml @@ -0,0 +1,110 @@ +# +# this is naamed "zoo" after OpenSSL "cross zoo pipeline" +# +name: Cross Compile + +on: + schedule: + - cron: "0 0 21 * *" + +permissions: + contents: read + +jobs: + cross-compilation: + strategy: + matrix: + platform: [ + { + arch: aarch64-linux-gnu, + libs: libc6-dev-arm64-cross, + target: linux-aarch64 + }, { + arch: alpha-linux-gnu, + libs: libc6.1-dev-alpha-cross, + target: linux-alpha-gcc + }, { + arch: arm-linux-gnueabi, + libs: libc6-dev-armel-cross, + target: linux-armv4 + }, { + arch: arm-linux-gnueabihf, + libs: libc6-dev-armhf-cross, + target: linux-armv4 + }, { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: -static linux-generic32 + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -static -m68040 linux-latomic + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: -static linux-mips32 + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: -static linux64-mips64 + }, { + arch: mipsel-linux-gnu, + libs: libc6-dev-mipsel-cross, + target: linux-mips32 + }, { + arch: powerpc64le-linux-gnu, + libs: libc6-dev-ppc64el-cross, + target: linux-ppc64le + }, { + arch: riscv64-linux-gnu, + libs: libc6-dev-riscv64-cross, + target: linux64-riscv64 + }, { + arch: s390x-linux-gnu, + libs: libc6-dev-s390x-cross, + target: linux64-s390x + }, { + arch: sh4-linux-gnu, + libs: libc6-dev-sh4-cross, + target: no-async linux-latomic + }, { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: linux-generic32, + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -mcfv4e linux-latomic + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: linux-mips32 + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: linux64-mips64 + }, { + arch: sparc64-linux-gnu, + libs: libc6-dev-sparc64-cross, + target: linux64-sparcv9 + } + ] + runs-on: ubuntu-latest + steps: + - name: install packages + run: | + sudo apt-get update + sudo apt-get -yq --force-yes install \ + gcc-${{ matrix.platform.arch }} \ + ${{ matrix.platform.libs }} + - uses: actions/checkout@v2 + + + - name: install quictls + run: | + QUICTLS_EXTRA_ARGS="--cross-compile-prefix=${{ matrix.platform.arch }}- ${{ matrix.platform.target }}" QUICTLS=yes scripts/build-ssl.sh + + - name: Build + run: | + make ERR=1 CC=${{ matrix.platform.arch }}-gcc TARGET=linux-glibc USE_LIBCRYPT= USE_OPENSSL=1 USE_QUIC=1 USE_PROMEX=1 SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include ADDLIB="-Wl,-rpath,${HOME}/opt/lib" + diff --git a/.github/workflows/musl.yml b/.github/workflows/musl.yml new file mode 100644 index 0000000..8eb8310 --- /dev/null +++ b/.github/workflows/musl.yml @@ -0,0 +1,58 @@ +name: alpine/musl + +on: + push: + +permissions: + contents: read + +jobs: + musl: + name: gcc + runs-on: ubuntu-latest + container: + image: alpine:latest + options: --privileged --ulimit core=-1 --security-opt seccomp=unconfined + volumes: + - /tmp/core:/tmp/core + steps: + - name: Setup coredumps + run: | + ulimit -c unlimited + echo '/tmp/core/core.%h.%e.%t' > /proc/sys/kernel/core_pattern + - uses: actions/checkout@v3 + - name: Install dependencies + run: apk add gcc gdb make tar git python3 libc-dev linux-headers pcre-dev pcre2-dev openssl-dev lua5.3-dev grep socat curl musl-dbg lua5.3-dbg + - name: Install VTest + run: scripts/build-vtest.sh + - name: Build + run: make -j$(nproc) TARGET=linux-musl DEBUG_CFLAGS='-ggdb3' CC=cc V=1 USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3 USE_OPENSSL=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PROMEX=1 + - name: Show version + run: ./haproxy -vv + - name: Show linked libraries + run: ldd haproxy + - name: Install problem matcher for VTest + # This allows one to more easily see which tests fail. + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest + id: vtest + run: make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Show coredumps + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + ls /tmp/core/ + for file in /tmp/core/core.*; do + printf "::group::" + gdb -ex 'thread apply all bt full' ./haproxy $file + echo "::endgroup::" + done + - name: Show results + if: ${{ failure() }} + run: | + for folder in /tmp/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + shopt -s nullglob diff --git a/.github/workflows/openssl-nodeprecated.yml b/.github/workflows/openssl-nodeprecated.yml new file mode 100644 index 0000000..e7f7ffa --- /dev/null +++ b/.github/workflows/openssl-nodeprecated.yml @@ -0,0 +1,33 @@ +# +# special purpose CI: test against OpenSSL built in "no-deprecated" mode +# let us run those builds weekly +# +# for example, OpenWRT uses such OpenSSL builds (those builds are smaller) +# +# +# some details might be found at NL: https://www.mail-archive.com/haproxy@formilux.org/msg35759.html +# GH: https://github.com/haproxy/haproxy/issues/367 + +name: openssl no-deprecated + +on: + schedule: + - cron: "0 0 * * 4" + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Compile HAProxy + run: | + make DEFINE="-DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" -j3 CC=gcc ERR=1 TARGET=linux-glibc USE_OPENSSL=1 + - name: Run VTest + run: | + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml new file mode 100644 index 0000000..8c13d13 --- /dev/null +++ b/.github/workflows/vtest.yml @@ -0,0 +1,155 @@ +# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com> +# Copyright 2020 Tim Duesterhus <tim@bastelstu.be> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. + +name: VTest + +on: + push: + +permissions: + contents: read + +jobs: + # The generate-matrix job generates the build matrix using JSON output + # generated by .github/matrix.py. + generate-matrix: + name: Generate Build Matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - name: Generate Build Matrix + id: set-matrix + run: python3 .github/matrix.py "${{ github.ref_name }}" + + # The Test job actually runs the tests. + Test: + name: ${{ matrix.name }} + needs: generate-matrix + runs-on: ${{ matrix.os }} + strategy: + matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} + fail-fast: false + env: + # Configure a short TMPDIR to prevent failures due to long unix socket + # paths. + TMPDIR: /tmp + # Force ASAN output into asan.log to make the output more readable. + ASAN_OPTIONS: log_path=asan.log + OT_CPP_VERSION: 1.6.0 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 100 +# +# Github Action cache key cannot contain comma, so we calculate it based on job name +# + - name: Generate cache key + id: generate-cache-key + run: | + echo "key=$(echo ${{ matrix.name }} | sha256sum | awk '{print $1}')" >> $GITHUB_OUTPUT + + - name: Cache SSL libs + if: ${{ matrix.ssl && matrix.ssl != 'stock' && matrix.ssl != 'BORINGSSL=yes' && matrix.ssl != 'QUICTLS=yes' }} + id: cache_ssl + uses: actions/cache@v3 + with: + path: '~/opt/' + key: ssl-${{ steps.generate-cache-key.outputs.key }} + + - name: Cache OpenTracing + if: ${{ contains(matrix.FLAGS, 'USE_OT=1') }} + id: cache_ot + uses: actions/cache@v3 + with: + path: '~/opt-ot/' + key: ot-${{ matrix.CC }}-${{ env.OT_CPP_VERSION }}-${{ contains(matrix.name, 'ASAN') }} + - name: Install apt dependencies + if: ${{ startsWith(matrix.os, 'ubuntu-') }} + run: | + sudo apt-get update + sudo apt-get install -y \ + liblua5.3-dev \ + libpcre2-dev \ + libsystemd-dev \ + ninja-build \ + socat + - name: Install brew dependencies + if: ${{ startsWith(matrix.os, 'macos-') }} + run: | + brew install socat + brew install lua + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Install SSL ${{ matrix.ssl }} + if: ${{ matrix.ssl && matrix.ssl != 'stock' && steps.cache_ssl.outputs.cache-hit != 'true' }} + run: env ${{ matrix.ssl }} scripts/build-ssl.sh + - name: Install OpenTracing libs + if: ${{ contains(matrix.FLAGS, 'USE_OT=1') && steps.cache_ot.outputs.cache-hit != 'true' }} + run: | + OT_PREFIX=${HOME}/opt-ot scripts/build-ot.sh + - name: Build WURFL + if: ${{ contains(matrix.FLAGS, 'USE_WURFL=1') }} + run: make -C addons/wurfl/dummy + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + echo "::group::Show compiler's version" + echo | ${{ matrix.CC }} -v + echo "::endgroup::" + echo "::group::Show platform specific defines" + echo | ${{ matrix.CC }} -dM -xc -E - + echo "::endgroup::" + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + ${{ join(matrix.FLAGS, ' ') }} \ + ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" + sudo make install + - name: Show HAProxy version + id: show-version + run: | + echo "::group::Show dynamic libraries." + if command -v ldd > /dev/null; then + # Linux + ldd $(which haproxy) + else + # macOS + otool -L $(which haproxy) + fi + echo "::endgroup::" + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Install problem matcher for VTest + # This allows one to more easily see which tests fail. + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest for HAProxy ${{ steps.show-version.outputs.version }} + id: vtest + run: | + # This is required for macOS which does not actually allow to increase + # the '-n' soft limit to the hard limit, thus failing to run. + ulimit -n 65536 + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Show VTest results + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + for folder in ${TMPDIR}/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + shopt -s nullglob + for asan in asan.log*; do + echo "::group::$asan" + cat $asan + echo "::endgroup::" + done diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 0000000..3030908 --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,67 @@ +# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com> +# Copyright 2020 Tim Duesterhus <tim@bastelstu.be> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. + +name: Windows + +on: + push: + +permissions: + contents: read + +jobs: + msys2: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + defaults: + run: + shell: msys2 {0} + strategy: + matrix: + include: + - name: "Windows, gcc, all features" + TARGET: cygwin + CC: gcc + os: windows-latest + FLAGS: + - USE_OPENSSL=1 + - USE_PCRE=1 + - USE_PCRE_JIT=1 + - USE_THREAD=1 + - USE_ZLIB=1 + steps: + - uses: actions/checkout@v3 + - uses: msys2/setup-msys2@v2 + with: + install: >- + coreutils + curl + diffutils + gawk + gcc + make + tar + openssl-devel + pcre-devel + zlib-devel + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + echo "::group::Show platform specific defines" + echo | ${{ matrix.CC }} -dM -xc -E - + echo "::endgroup::" + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + ${{ join(matrix.FLAGS, ' ') }} + - name: Show HAProxy version + id: show-version + run: | + ./haproxy -vv + echo "version=$(./haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT |