diff options
Diffstat (limited to '.github/workflows/ci-rpm.yml')
| -rw-r--r-- | .github/workflows/ci-rpm.yml | 332 |
1 files changed, 332 insertions, 0 deletions
diff --git a/.github/workflows/ci-rpm.yml b/.github/workflows/ci-rpm.yml new file mode 100644 index 0000000..94517f3 --- /dev/null +++ b/.github/workflows/ci-rpm.yml @@ -0,0 +1,332 @@ +name: CI RPM + +on: + push: + branches-ignore: + - coverity_scan + pull_request: + +env: + CC: gcc + +jobs: + rpm-build: + + strategy: + matrix: + env: + - { NAME: "centos-7", OS: "centos:7" } + - { NAME: "centos-8", OS: "centos:8" } + - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } + - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } + fail-fast: false + + runs-on: ubuntu-latest + + container: + image: ${{ matrix.env.OS }} + + env: + HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci + HOSTAPD_GIT_TAG: hostapd_2_8 + + name: "RPM build" + + steps: + + # + # Centos9 is EOL, so we need the below tricks to get it to work. + # + # Converting from CentOS Linux 8 to CentOS Stream 8 is the "official" process + # (see centos.org/centos-stream/#centos-stream-8): + # + - name: Some hacks for CentOS 8 (EOL) to work again. + if: ${{ matrix.env.NAME == 'centos-8' }} + run: | + sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-* + sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* + yum upgrade -y + yum -y --disablerepo '*' --enablerepo extras swap centos-linux-repos centos-stream-repos + yum clean all && yum makecache + yum distro-sync -y --allowerasing + + # Required so that the checkout action uses git protocol rather than the GitHub REST API. + # make rpm requires the FR directory to be a git repository. + - name: Install recent git for CentOS 7 + if: ${{ matrix.env.NAME == 'centos-7' }} + run: | + yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/git-core-2.30.1-1.ep7.x86_64.rpm + + - name: Install distro git for Rocky and CentOS 8. + if: ${{ startsWith(matrix.env.NAME, 'rocky-') || matrix.env.NAME == 'centos-8' }} + run: | + yum install -y git-core + + - uses: actions/checkout@v3 + with: + path: freeradius + + - name: Prepare filesystem + run: | + pwd + ls -la + mkdir rpms + ls -la + + - name: LTB repo for CentOS and Rocky Linux 8 + if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} + run: | + echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo + echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo + echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo + echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo + echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo + echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo + rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project + + - name: Enable EPEL for CentOS and Rocky Linux + if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} + run: | + yum install -y epel-release + + - name: Enable PowerTools on Rocky 8 and CentOS 8. + if: ${{ matrix.env.NAME == 'rocky-8' || matrix.env.NAME == 'centos-8' }} + run: | + yum install -y yum-utils + yum config-manager --enable PowerTools || : + yum config-manager --enable powertools || : + + - name: Enable Code Ready Builer on Rocky 9. + if: ${{ matrix.env.NAME == 'rocky-9' }} + run: | + yum install -y yum-utils + yum config-manager --enable crb + + - name: Install common tools + run: | + yum install -y \ + bzip2 \ + gcc \ + make \ + perl \ + rpm-build \ + yum-utils + + # + # We just patch the SPEC file for Fedora since we want to use the standard + # make rpm target which wants to build with LDAP. + # + - name: Disable rlm_ldap on Fedora (no LTB packages) + if: ${{ startsWith(matrix.env.NAME, 'fedora-') }} + run: | + sed -ie 's/%bcond_without ldap/%global _without_ldap: 1/' freeradius/redhat/freeradius.spec + + - name: Install build dependencies + run: | + yum-builddep -y freeradius/redhat/freeradius.spec + + # + # It has been observed that sometimes not all the dependencies are + # installed on the first go. Give it a second chance. + # + - name: Second run of install build dependencies + run: | + yum-builddep -y redhat/freeradius.spec + working-directory: freeradius + + - name: Show versions + run: | + $CC --version + make --version + krb5-config --all || : + openssl version + + # For pkill and ps + - name: Enable procps-ng on Centos and Rocky + if: ${{ startsWith(matrix.env.NAME, 'centos-8') || startsWith(matrix.env.NAME, 'rocky-') }} + run: | + yum install -y procps-ng + + - name: Build RPMs + run: | + [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : + ./configure + make rpm + working-directory: freeradius + + - name: Collect RPMs + run: | + mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms/ + + - name: Restore eapol_test build directory from cache + uses: actions/cache@v3 + id: hostapd-cache + with: + path: ${{ env.HOSTAPD_BUILD_DIR }} + key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 + + - name: Build eapol_test + run: | + yum install -y libnl3-devel which + [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : + scripts/ci/eapol_test-build.sh + mv scripts/ci/eapol_test/eapol_test ../rpms/ + working-directory: freeradius + + - name: Store RPMs + uses: actions/upload-artifact@v3 + with: + name: rpms-${{ matrix.env.NAME }} + path: rpms + + # + # If the CI has failed and the branch is ci-debug then start a tmate + # session. SSH rendezvous point is emited continuously in the job output. + # + - name: "Debug: Package dependancies for tmate" + run: | + yum install -y xz + ln -s /bin/true /bin/apt-get + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} + + - name: "Debug: Start tmate" + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + sudo: false + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} + + + rpm-test: + + needs: + - rpm-build + + strategy: + matrix: + env: + - { NAME: "centos-7", OS: "centos:7" } + - { NAME: "centos-8", OS: "centos:8" } + - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } + - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } + fail-fast: false + + runs-on: ubuntu-latest + + container: + image: ${{ matrix.env.OS }} + + name: "RPM install test" + + steps: + + # + # Centos9 is EOL, so we need the below tricks to get it to work. + # + # Converting from CentOS Linux 8 to CentOS Stream 8 is the "official" process + # (see centos.org/centos-stream/#centos-stream-8): + # + - name: Some hacks for CentOS 8 (EOL) to work again. + if: ${{ matrix.env.NAME == 'centos-8' }} + run: | + sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-* + sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* + yum upgrade -y + yum -y --disablerepo '*' --enablerepo extras swap centos-linux-repos centos-stream-repos + yum clean all && yum makecache + yum distro-sync -y --allowerasing + + - name: LTB repo for CentOS and Rocky 8 + if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} + run: | + echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo + echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo + echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo + echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo + echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo + echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo + rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project + + - name: Enable EPEL for CentOS and Rocky Linux + if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} + run: | + yum install -y epel-release + + - name: Enable PowerTools on Centos 8 and Rocky 8 + if: ${{ matrix.env.NAME == 'centos-8' || matrix.env.NAME == 'rocky-8' }} + run: | + yum install -y yum-utils + yum config-manager --enable PowerTools || : + yum config-manager --enable powertools || : + + - name: Enable Code Ready Builer on Rocky 9. + if: ${{ matrix.env.NAME == 'rocky-9' }} + run: | + yum install -y yum-utils + yum config-manager --enable crb + + # For pkill + - name: Enable procps-ng on Centos and Rocky + if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} + run: | + yum install -y procps-ng + + - name: Load RPMs + uses: actions/download-artifact@v3 + with: + name: rpms-${{ matrix.env.NAME }} + + - name: Install RPMs + run: | + yum install -y *.rpm + + - name: Config check + run: | + radiusd -XC + + # + # We now perform some post-install tests that depend on the availability + # of the source tree + # + - name: Install pre-built eapol_test + run: | + yum install -y libnl3 make gdb which + mv eapol_test /usr/local/bin + chmod +x /usr/local/bin/eapol_test + + - uses: actions/checkout@v3 + with: + path: freeradius + + - name: Run the post-install test target + run: | + echo "top_builddir := $(pwd)" > Make.inc + make -C src/tests/ OPENSSL_LIBS=1 EAPOL_TEST_BIN="$(which eapol_test)" $(pwd)/build/tests/eapol_test/eapol_test.mk + make -f scripts/ci/package-test.mk package-test + working-directory: freeradius + + - name: Upload radius logs on failure + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: radius-logs-${{ matrix.env.NAME }}.tgz + path: | + /var/log/radius + freeradius/build/tests/eapol_test + + # + # See above comments for tmate + # + - name: "Debug: Package dependancies for tmate" + run: | + yum install -y xz + ln -s /bin/true /bin/apt-get + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} + + - name: "Debug: Start tmate" + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + sudo: false + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} + |