diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:30:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:30:55 +0000 |
commit | 17e81f2cd1843f01838245eae7b5ed5edf83d6be (patch) | |
tree | a0f685dff11ce5a2dc546a7b46a48bae5d1c0140 /.github/workflows | |
parent | Initial commit. (diff) | |
download | ngtcp2-17e81f2cd1843f01838245eae7b5ed5edf83d6be.tar.xz ngtcp2-17e81f2cd1843f01838245eae7b5ed5edf83d6be.zip |
Adding upstream version 0.12.1+dfsg.upstream/0.12.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/build.yml | 299 | ||||
-rw-r--r-- | .github/workflows/cflite_batch.yaml | 30 | ||||
-rw-r--r-- | .github/workflows/cflite_cron.yaml | 19 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 47 | ||||
-rw-r--r-- | .github/workflows/interop.yml | 28 |
5 files changed, 423 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..0c2abfc --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,299 @@ +name: build + +on: [push, pull_request] + +jobs: + build: + strategy: + matrix: + os: [ubuntu-22.04, macos-11] + compiler: [gcc, clang] + buildtool: [autotools, distcheck, cmake] + openssl: [openssl1, openssl3] + sockaddr: [native-sockaddr, generic-sockaddr] + exclude: + - os: macos-11 + buildtool: distcheck + - compiler: gcc + buildtool: distcheck + - openssl: openssl3 + buildtool: distcheck + - compiler: gcc + sockaddr: generic-sockaddr + - openssl: openssl3 + sockaddr: generic-sockaddr + - buildtool: distcheck + sockaddr: generic-sockaddr + - buildtool: cmake + sockaddr: generic-sockaddr + - os: macos-11 + compiler: gcc + - os: macos-11 + openssl: openssl3 + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v3 + - name: Startup + run: | + echo 'NGTCP2_SOURCE_DIR='"$PWD" >> $GITHUB_ENV + - name: Linux setup + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install \ + g++-12 \ + clang-14 \ + autoconf \ + automake \ + autotools-dev \ + libtool \ + pkg-config \ + libcunit1-dev \ + libssl-dev \ + libev-dev \ + libgnutls28-dev \ + cmake \ + cmake-data \ + python3-pytest + + echo 'NPROC='"$(nproc)" >> $GITHUB_ENV + - name: MacOS setup + if: runner.os == 'macOS' + run: | + brew install libev gnutls cunit autoconf automake pkg-config libtool + + echo 'NPROC='"$(sysctl -n hw.ncpu)" >> $GITHUB_ENV + - name: Setup clang (Linux) + if: runner.os == 'Linux' && matrix.compiler == 'clang' + run: | + echo 'CC=clang-14' >> $GITHUB_ENV + echo 'CXX=clang++-14' >> $GITHUB_ENV + - name: Setup clang (MacOS) + if: runner.os == 'macOS' && matrix.compiler == 'clang' + run: | + echo 'CC=clang' >> $GITHUB_ENV + echo 'CXX=clang++' >> $GITHUB_ENV + - name: Setup gcc + if: runner.os == 'Linux' && matrix.compiler == 'gcc' + run: | + echo 'CC=gcc-12' >> $GITHUB_ENV + echo 'CXX=g++-12' >> $GITHUB_ENV + - name: Build OpenSSL v1.1.1 + if: matrix.openssl == 'openssl1' + run: | + ./ci/build_openssl1.sh + - name: Build OpenSSL v3.0.x + if: matrix.openssl == 'openssl3' + run: | + ./ci/build_openssl3.sh + - name: Build BoringSSL + run: | + ./ci/build_boringssl.sh + - name: Build Picotls + run: | + ./ci/build_picotls.sh + - name: Build wolfSSL + run: | + ./ci/build_wolfssl.sh + - name: Build nghttp3 + run: | + ./ci/build_nghttp3.sh + - name: Setup environment variables + run: | + PKG_CONFIG_PATH="$PWD/openssl/build/lib/pkgconfig:$PWD/openssl/build/lib64/pkgconfig:$PWD/wolfssl/build/lib/pkgconfig:$PWD/nghttp3/build/lib/pkgconfig" + LDFLAGS="$EXTRA_LDFLAGS -Wl,-rpath,$PWD/openssl/build/lib -Wl,-rpath,$PWD/openssl/build/lib64" + BORINGSSL_CFLAGS="-I$PWD/boringssl/include/" + BORINGSSL_LIBS="-L$PWD/boringssl/build/ssl -lssl -L$PWD/boringssl/build/crypto -lcrypto" + PICOTLS_CFLAGS="-I$PWD/picotls/include/" + PICOTLS_LIBS="-L$PWD/picotls/build -lpicotls-openssl -lpicotls-core" + + echo 'PKG_CONFIG_PATH='"$PKG_CONFIG_PATH" >> $GITHUB_ENV + echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV + echo 'BORINGSSL_CFLAGS='"$BORINGSSL_CFLAGS" >> $GITHUB_ENV + echo 'BORINGSSL_LIBS='"$BORINGSSL_LIBS" >> $GITHUB_ENV + echo 'PICOTLS_CFLAGS='"$PICOTLS_CFLAGS" >> $GITHUB_ENV + echo 'PICOTLS_LIBS='"$PICOTLS_LIBS" >> $GITHUB_ENV + - name: Enable ASAN + if: runner.os == 'Linux' + run: | + asanflags="-fsanitize=address,undefined -fno-sanitize-recover=undefined" + + LDFLAGS="$LDFLAGS $asanflags" + CFLAGS="$CFLAGS $asanflags -g3" + CXXFLAGS="$CXXFLAGS $asanflags -g3" + + echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV + echo 'CFLAGS='"$CFLAGS" >> $GITHUB_ENV + echo 'CXXFLAGS='"$CXXFLAGS" >> $GITHUB_ENV + - name: BoringSSL pthread requirement + if: runner.os == 'Linux' + run: | + BORINGSSL_LIBS="$BORINGSSL_LIBS -pthread" + + echo 'BORINGSSL_LIBS='"$BORINGSSL_LIBS" >> $GITHUB_ENV + - name: Enable generic sockaddr + if: matrix.sockaddr == 'generic-sockaddr' + run: | + CFLAGS="$CFLAGS -DNGTCP2_USE_GENERIC_SOCKADDR" + EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --enable-lib-only" + + echo 'CFLAGS='"$CFLAGS" >> $GITHUB_ENV + echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV + - name: Configure autotools + if: matrix.buildtool == 'autotools' + run: | + autoreconf -i && \ + ./configure --enable-werror \ + --with-openssl --with-gnutls --with-boringssl --with-wolfssl \ + --with-picotls \ + $EXTRA_AUTOTOOLS_OPTS + - name: Configure autotools for distcheck + if: matrix.buildtool == 'distcheck' + run: | + autoreconf -i && ./configure + - name: Configure cmake + if: matrix.buildtool == 'cmake' + run: | + autoreconf -i && ./configure + make dist + + VERSION=$(grep PACKAGE_VERSION config.h | cut -d' ' -f3 | tr -d '"') + tar xf ngtcp2-$VERSION.tar.gz + cd ngtcp2-$VERSION + mkdir build + cd build + + echo 'NGTCP2_BUILD_DIR='"$PWD" >> $GITHUB_ENV + + cmake $CMAKE_OPTS \ + -DENABLE_GNUTLS=ON \ + -DENABLE_BORINGSSL=ON \ + -DBORINGSSL_LIBRARIES="$BORINGSSL_LIBS" \ + -DBORINGSSL_INCLUDE_DIR="$NGTCP2_SOURCE_DIR/boringssl/include/" \ + -DENABLE_PICOTLS=ON \ + -DPICOTLS_LIBRARIES="$PICOTLS_LIBS" \ + -DPICOTLS_INCLUDE_DIR="$NGTCP2_SOURCE_DIR/picotls/include/" \ + -DENABLE_WOLFSSL=ON .. + - name: Build ngtcp2 + if: matrix.buildtool != 'distcheck' + run: | + [ -n "$NGTCP2_BUILD_DIR" ] && cd "$NGTCP2_BUILD_DIR" + make -j"$NPROC" + make -j"$NPROC" check + - name: Build ngtcp2 with distcheck + if: matrix.buildtool == 'distcheck' + run: | + make -j"$NPROC" distcheck \ + DISTCHECK_CONFIGURE_FLAGS="--enable-werror --with-openssl --with-gnutls --with-boringssl $EXTRA_AUTOTOOLS_OPTS" + - name: examples/tests + if: matrix.buildtool == 'autotools' && matrix.sockaddr == 'native-sockaddr' && runner.os == 'Linux' + run: | + cd examples/tests + # Do not run resumption and earlydata between gtlsserver and + # wsslclient until ubuntu gets GnuTLS v3.7.5. + # + # There is an issue around the ticket age validation between + # gtlsserver and bsslclient that causes early data test + # failure; see https://gitlab.com/gnutls/gnutls/-/issues/1403 + pytest-3 -v -k 'not (gnutls-wolfssl and (resume or earlydata)) and not (gnutls-boringssl and earlydata)' + - name: Integration test + if: matrix.buildtool != 'distcheck' && matrix.sockaddr == 'native-sockaddr' + run: | + [ -n "$NGTCP2_BUILD_DIR" ] && cd "$NGTCP2_BUILD_DIR" + "$NGTCP2_SOURCE_DIR"/ci/gen-certificate.sh + + CLIENTS="client gtlsclient bsslclient wsslclient ptlsclient" + SERVERS="server gtlsserver bsslserver wsslserver ptlsserver" + + for client in $CLIENTS; do + for server in $SERVERS; do + echo "# $client - $server" + ./examples/$server localhost 4433 cert/server.key cert/server.crt > sv.log 2>&1 & + SVPID="$!" + ./examples/$client localhost 4433 https://localhost/ --exit-on-first-stream-close + kill -INT "$SVPID" + sleep 5 + if wait "$SVPID"; then + cat sv.log + else + cat sv.log + exit 1 + fi + done + done + + build-cross: + strategy: + matrix: + host: [x86_64-w64-mingw32, i686-w64-mingw32] + include: + - host: x86_64-w64-mingw32 + oscc: mingw64 + - host: i686-w64-mingw32 + oscc: mingw + + runs-on: ubuntu-22.04 + + env: + HOST: ${{ matrix.host }} + OSCC: ${{ matrix.oscc }} + + steps: + - uses: actions/checkout@v3 + - name: Linux setup + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update + sudo apt-get install \ + gcc-mingw-w64 \ + autoconf \ + automake \ + autotools-dev \ + libtool \ + pkg-config \ + wine + - name: Build OpenSSL v1.1.1 + run: | + ./ci/build_openssl1_cross.sh + - name: Build CUnit + run: | + curl -LO https://jaist.dl.sourceforge.net/project/cunit/CUnit/2.1-3/CUnit-2.1-3.tar.bz2 + tar xf CUnit-2.1-3.tar.bz2 + cd CUnit-2.1-3 + ./bootstrap + ./configure --disable-shared --host="$HOST" --prefix="$PWD/build" + make -j$(nproc) install + - name: Setup environment variables + run: | + PKG_CONFIG_PATH="$PWD/openssl/build/lib/pkgconfig:$PWD/CUnit-2.1-3/build/lib/pkgconfig" + + echo 'PKG_CONFIG_PATH='"$PKG_CONFIG_PATH" >> $GITHUB_ENV + - name: Configure autotools + run: | + autoreconf -i && \ + ./configure --enable-werror --with-openssl --with-cunit --host="$HOST" + - name: Build ngtcp2 + run: | + make -j$(nproc) + make -j$(nproc) check TESTS="" + - name: Run tests + if: matrix.host == 'x86_64-w64-mingw32' + run: | + cd tests + wine main.exe + + build-windows: + runs-on: windows-latest + + steps: + - uses: actions/checkout@v3 + - name: Configure cmake + run: | + mkdir build + cd build + cmake .. + - name: Build ngtcp2 + run: | + cmake --build build diff --git a/.github/workflows/cflite_batch.yaml b/.github/workflows/cflite_batch.yaml new file mode 100644 index 0000000..3bda75d --- /dev/null +++ b/.github/workflows/cflite_batch.yaml @@ -0,0 +1,30 @@ +name: ClusterFuzzLite batch fuzzing +on: + schedule: + - cron: '0 0/6 * * *' +permissions: read-all +jobs: + BatchFuzzing: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer: + - address + - undefined + - memory + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: c++ + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 3600 + mode: 'batch' + sanitizer: ${{ matrix.sanitizer }} diff --git a/.github/workflows/cflite_cron.yaml b/.github/workflows/cflite_cron.yaml new file mode 100644 index 0000000..d46a4da --- /dev/null +++ b/.github/workflows/cflite_cron.yaml @@ -0,0 +1,19 @@ +name: ClusterFuzzLite cron tasks +on: + schedule: + - cron: '0 0 * * *' +permissions: read-all +jobs: + Pruning: + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + - name: Run Fuzzers + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 600 + mode: 'prune' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..bb3510a --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,47 @@ +name: "Code scanning - action" + +on: + push: + pull_request: + schedule: + - cron: '0 6 * * *' + +jobs: + CodeQL-Build: + + # CodeQL runs on ubuntu-latest and windows-latest + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + # Override language selection by uncommenting this and choosing your languages + # with: + # languages: go, javascript, csharp, python, cpp, java + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # âšī¸ Command-line programs to run using the OS shell. + # đ https://git.io/JvXDl + + # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/interop.yml b/.github/workflows/interop.yml new file mode 100644 index 0000000..1a41bf6 --- /dev/null +++ b/.github/workflows/interop.yml @@ -0,0 +1,28 @@ +name: interop + +on: + push: + branches: + - main + +jobs: + build: + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and publish interop docker image + uses: docker/build-push-action@v3 + with: + context: interop + push: true + tags: ghcr.io/ngtcp2/ngtcp2-interop:latest |