diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/ci-deb.yml | 22 | ||||
| -rw-r--r-- | .github/workflows/ci-rpm.yml | 90 | ||||
| -rw-r--r-- | .github/workflows/ci.yml | 14 | ||||
| -rw-r--r-- | .github/workflows/crossbuild.yml | 91 | ||||
| -rw-r--r-- | .github/workflows/docker.yml | 81 | ||||
| -rw-r--r-- | .github/workflows/dockerhub.yml | 111 |
6 files changed, 347 insertions, 62 deletions
diff --git a/.github/workflows/ci-deb.yml b/.github/workflows/ci-deb.yml index 965c926..131f907 100644 --- a/.github/workflows/ci-deb.yml +++ b/.github/workflows/ci-deb.yml @@ -16,11 +16,12 @@ jobs: strategy: matrix: env: - - { NAME: "ubuntu-18.04", OS: "ubuntu:bionic-20220801" } - { NAME: "ubuntu-20.04", OS: "ubuntu:20.04" } - { NAME: "ubuntu-22.04", OS: "ubuntu:22.04" } + - { NAME: "ubuntu-24.04", OS: "ubuntu:24.04" } - { NAME: "debian-10", OS: "debian:buster" } - { NAME: "debian-11", OS: "debian:bullseye" } + - { NAME: "debian-12", OS: "debian:bookworm" } - { NAME: "debian-sid", OS: "debian:sid" } fail-fast: false @@ -52,7 +53,7 @@ jobs: run: | apt-get install -y --no-install-recommends git-core ca-certificates - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: path: freeradius @@ -65,7 +66,7 @@ jobs: - name: Install build dependencies run: | - apt-get install -y --no-install-recommends build-essential devscripts quilt equivs procps + apt-get install -y --no-install-recommends build-essential devscripts quilt equivs procps fakeroot debian/rules debian/control mk-build-deps -irt"apt-get -y" debian/control working-directory: freeradius @@ -87,7 +88,7 @@ jobs: mv *.deb debs/ - name: Restore eapol_test build directory from cache - uses: actions/cache@v3 + uses: actions/cache@v4 id: hostapd-cache with: path: ${{ env.HOSTAPD_BUILD_DIR }} @@ -108,7 +109,7 @@ jobs: working-directory: freeradius - name: Store DEBs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: debs-${{ matrix.env.NAME }} path: debs @@ -138,11 +139,12 @@ jobs: strategy: matrix: env: - - { NAME: "ubuntu-18.04", OS: "ubuntu:bionic-20220801" } - { NAME: "ubuntu-20.04", OS: "ubuntu:20.04" } - { NAME: "ubuntu-22.04", OS: "ubuntu:22.04" } + - { NAME: "ubuntu-24.04", OS: "ubuntu:24.04" } - { NAME: "debian-10", OS: "debian:buster" } - { NAME: "debian-11", OS: "debian:bullseye" } + - { NAME: "debian-12", OS: "debian:bookworm" } - { NAME: "debian-sid", OS: "debian:sid" } fail-fast: false @@ -156,7 +158,7 @@ jobs: steps: - name: Load DEBs - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: debs-${{ matrix.env.NAME }} @@ -182,7 +184,7 @@ jobs: - name: Config test run: | - freeradius -XC + freeradius -XxC # # We now perform some post-install tests that depend on the availability @@ -194,7 +196,7 @@ jobs: mv eapol_test /usr/local/bin chmod +x /usr/local/bin/eapol_test - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: path: freeradius @@ -207,7 +209,7 @@ jobs: - name: Upload radius logs on failure if: ${{ failure() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: radius-logs-${{ matrix.env.NAME }}.tgz path: | diff --git a/.github/workflows/ci-rpm.yml b/.github/workflows/ci-rpm.yml index 94517f3..00c56f9 100644 --- a/.github/workflows/ci-rpm.yml +++ b/.github/workflows/ci-rpm.yml @@ -15,10 +15,9 @@ jobs: strategy: matrix: env: - - { NAME: "centos-7", OS: "centos:7" } - - { NAME: "centos-8", OS: "centos:8" } - - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } - - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } + - { NAME: "centos-7", OS: "centos:7", BADNODE: true } + - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false } + - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false } fail-fast: false runs-on: ubuntu-latest @@ -29,26 +28,17 @@ jobs: env: HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci HOSTAPD_GIT_TAG: hostapd_2_8 + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }} name: "RPM build" steps: - # - # Centos9 is EOL, so we need the below tricks to get it to work. - # - # Converting from CentOS Linux 8 to CentOS Stream 8 is the "official" process - # (see centos.org/centos-stream/#centos-stream-8): - # - - name: Some hacks for CentOS 8 (EOL) to work again. - if: ${{ matrix.env.NAME == 'centos-8' }} + - name: Fix up CentOS 7 repositories + if: ${{ matrix.env.NAME == 'centos-7' }} run: | - sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-* - sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* - yum upgrade -y - yum -y --disablerepo '*' --enablerepo extras swap centos-linux-repos centos-stream-repos - yum clean all && yum makecache - yum distro-sync -y --allowerasing + sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* + sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* # Required so that the checkout action uses git protocol rather than the GitHub REST API. # make rpm requires the FR directory to be a git repository. @@ -57,8 +47,14 @@ jobs: run: | yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/git-core-2.30.1-1.ep7.x86_64.rpm - - name: Install distro git for Rocky and CentOS 8. - if: ${{ startsWith(matrix.env.NAME, 'rocky-') || matrix.env.NAME == 'centos-8' }} + # Rocky 9 uses dnf by default. CentOS 7 doesn't have dnf. Install yum on Rocky 9 so all distros work + - name: Install yum + if: ${{ matrix.env.NAME == 'rocky-9'}} + run: | + dnf install -y yum + + - name: Install distro git for Rocky. + if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y git-core @@ -89,8 +85,8 @@ jobs: run: | yum install -y epel-release - - name: Enable PowerTools on Rocky 8 and CentOS 8. - if: ${{ matrix.env.NAME == 'rocky-8' || matrix.env.NAME == 'centos-8' }} + - name: Enable PowerTools on Rocky 8. + if: ${{ matrix.env.NAME == 'rocky-8' }} run: | yum install -y yum-utils yum config-manager --enable PowerTools || : @@ -142,8 +138,8 @@ jobs: openssl version # For pkill and ps - - name: Enable procps-ng on Centos and Rocky - if: ${{ startsWith(matrix.env.NAME, 'centos-8') || startsWith(matrix.env.NAME, 'rocky-') }} + - name: Enable procps-ng on Rocky + if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y procps-ng @@ -205,10 +201,9 @@ jobs: strategy: matrix: env: - - { NAME: "centos-7", OS: "centos:7" } - - { NAME: "centos-8", OS: "centos:8" } - - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } - - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } + - { NAME: "centos-7", OS: "centos:7", BADNODE: true } + - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false } + - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false } fail-fast: false runs-on: ubuntu-latest @@ -216,25 +211,23 @@ jobs: container: image: ${{ matrix.env.OS }} + env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }} + name: "RPM install test" steps: - # - # Centos9 is EOL, so we need the below tricks to get it to work. - # - # Converting from CentOS Linux 8 to CentOS Stream 8 is the "official" process - # (see centos.org/centos-stream/#centos-stream-8): - # - - name: Some hacks for CentOS 8 (EOL) to work again. - if: ${{ matrix.env.NAME == 'centos-8' }} + - name: Fix up CentOS 7 repositories + if: ${{ matrix.env.NAME == 'centos-7' }} run: | - sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-* - sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* - yum upgrade -y - yum -y --disablerepo '*' --enablerepo extras swap centos-linux-repos centos-stream-repos - yum clean all && yum makecache - yum distro-sync -y --allowerasing + sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* + sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* + + - name: Install yum + if: ${{ matrix.env.NAME == 'rocky-9'}} + run: | + dnf install -y yum - name: LTB repo for CentOS and Rocky 8 if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} @@ -252,8 +245,8 @@ jobs: run: | yum install -y epel-release - - name: Enable PowerTools on Centos 8 and Rocky 8 - if: ${{ matrix.env.NAME == 'centos-8' || matrix.env.NAME == 'rocky-8' }} + - name: Enable PowerTools on Rocky 8 + if: ${{ matrix.env.NAME == 'rocky-8' }} run: | yum install -y yum-utils yum config-manager --enable PowerTools || : @@ -280,9 +273,16 @@ jobs: run: | yum install -y *.rpm + - name: Ensure certificates are created + if: ${{ matrix.env.NAME == 'centos-7' }} + run: | + if [ ! -e /etc/raddb/certs/server.pem ]; then + /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' + fi + - name: Config check run: | - radiusd -XC + radiusd -XxC # # We now perform some post-install tests that depend on the availability diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index de5e7ed..caf9753 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,7 +89,7 @@ jobs: MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: yes ports: - 3306:3306 - options: --health-cmd="mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 10 + options: --health-cmd="mariadb-admin ping" --health-interval 10s --health-timeout 5s --health-retries 10 postgres: image: ${{ needs.pre-ci.outputs.docker_prefix }}postgres @@ -201,7 +201,7 @@ jobs: - name: 'Restore OpenSSL 3.0 from the cache' if: ${{ matrix.env.LIBS_ALT == 'yes' }} - uses: actions/cache@v3 + uses: actions/cache@v4 id: openssl-cache with: path: /opt/openssl/ @@ -233,7 +233,7 @@ jobs: [ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH printf "\nopenssl: " ; openssl version - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build eapol_test run: | @@ -290,7 +290,7 @@ jobs: if: ${{ matrix.env.CC == 'clang' }} - name: "Clang Static Analyzer: Store assets on failure" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: clang-scan.tgz path: build/plist/**/*.html @@ -460,14 +460,14 @@ jobs: runs-on: ubuntu-latest name: "Merge into upstream" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 lfs: false persist-credentials: false - # Note: This also opportunistically updates the developer's branch with commits from + # Note: This also opportunistically updates the developer's branch with commits from # the main repository. - # This update may fail if the developer has pushed additional commits since the + # This update may fail if the developer has pushed additional commits since the # workflow started. This is normal, and we ignore the failure. - name: "Merge into upstream dev branch and update local branch" run: | diff --git a/.github/workflows/crossbuild.yml b/.github/workflows/crossbuild.yml new file mode 100644 index 0000000..d3d9186 --- /dev/null +++ b/.github/workflows/crossbuild.yml @@ -0,0 +1,91 @@ +name: Check Crossbuild + +on: + push: + branches-ignore: + - coverity_scan + workflow_dispatch: + +env: + CI: 1 + GH_ACTIONS: 1 + DEBIAN_FRONTEND: noninteractive + APT_OPTS: "-y --no-install-recommends" + +jobs: + # + # Generate matrix based on crossbuild docker directories. + # + gen-matrix: + + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.gen-matrix.outputs.matrix }} + + steps: + + - uses: actions/checkout@v4 + with: + lfs: false + + - id: gen-matrix + name: Generate matrix based on crossbuild targets + run: | + cd scripts/crossbuild/docker + M=$(ls | perl -n -e '{chomp; push @L,"\"$_\""} END{print "{\"env\":[{\"OS\":",join("},{\"OS\":",@L),"}]}"}') + echo "Matrix: $M" + echo matrix=$M >> $GITHUB_OUTPUT + + # + # Run crossbuild target for each given OS. This will build the + # Docker image and run `make test` inside. + # + crossbuild: + needs: + - gen-matrix + + runs-on: ubuntu-20.04 + + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + + env: ${{ matrix.env }} + + name: "v3.2.x-${{ matrix.env.OS }}" + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: 0${{ ( matrix.env.OS != 'centos7' ) && '1' }} + + - name: Run crossbuild tests + run: | + make crossbuild.$OS + + - name: Show build log + if: ${{ success() || failure() }} + run: | + cat scripts/crossbuild/build/build.$OS + + - name: Show configure log + if: ${{ success() || failure() }} + run: | + cat scripts/crossbuild/build/configure.$OS + + - name: Show test log + if: ${{ success() || failure() }} + run: | + cat scripts/crossbuild/build/log.$OS + + # + # If the CI has failed and the branch is ci-debug then start a tmate + # session. SSH rendezvous point is emited continuously in the job output. + # + - name: "Debug: Start tmate" + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..67af2a2 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,81 @@ +name: Build Dockerfiles + +on: + push: + branches-ignore: + - coverity_scan + workflow_dispatch: + +env: + CI: 1 + GH_ACTIONS: 1 + DEBIAN_FRONTEND: noninteractive + APT_OPTS: "-y --no-install-recommends" + +jobs: + # + # Generate matrix based on docker directories. + # + gen-matrix: + + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.gen-matrix.outputs.matrix }} + + steps: + + - uses: actions/checkout@v4 + with: + lfs: false + + - id: gen-matrix + name: Generate matrix based on docker targets + run: | + cd scripts/docker/dists + M=$(ls | perl -n -e '{chomp; push @L,"\"$_\""} END{print "{\"env\":[{\"OS\":",join("},{\"OS\":",@L),"}]}"}') + echo "Matrix: $M" + echo matrix=$M >> $GITHUB_OUTPUT + + # + # Run docker target for each given OS. This will build the + # Docker image. + # + docker: + needs: + - gen-matrix + + runs-on: ubuntu-20.04 + + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + + env: ${{ matrix.env }} + + name: "v3.2.x-${{ matrix.env.OS }}" + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Regenerate Dockerfile + run: | + rm scripts/docker/dists/$OS/Dockerfile || true + make docker.$OS.regen + + - name: Build docker image + run: | + make docker.$OS.build + + # + # If the CI has failed and the branch is ci-debug then start a tmate + # session. SSH rendezvous point is emited continuously in the job output. + # + - name: "Debug: Start tmate" + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml new file mode 100644 index 0000000..738c9c0 --- /dev/null +++ b/.github/workflows/dockerhub.yml @@ -0,0 +1,111 @@ +name: Dockerhub Dev + +on: + push: + branches-ignore: + - coverity_scan + workflow_dispatch: + +env: + CI: 1 + GH_ACTIONS: 1 + DEBIAN_FRONTEND: noninteractive + APT_OPTS: "-y --no-install-recommends" + DOCKER_REPOSITORY: freeradius-dev + BRANCH: v3.2.x + +jobs: + # + # Run docker target for each given OS and ARCH. This will + # build the Docker images. + # + build_docker_images: + runs-on: ubuntu-22.04 + if: github.repository_owner == 'FreeRADIUS' + + strategy: + matrix: + env: + - { OS: "ubuntu", ARCH: "linux/amd64", NAME: "amd64" } + - { OS: "ubuntu", ARCH: "linux/arm/v7", NAME: "armv7" } + - { OS: "ubuntu", ARCH: "linux/arm64/v8", NAME: "arm64v8" } + - { OS: "alpine", ARCH: "linux/amd64", NAME: "amd64" } + - { OS: "alpine", ARCH: "linux/arm/v6", NAME: "armv6" } + - { OS: "alpine", ARCH: "linux/arm/v7", NAME: "armv7" } + - { OS: "alpine", ARCH: "linux/arm64/v8", NAME: "arm64v8" } + + fail-fast: false + + name: "${{ matrix.env.OS }}-${{ matrix.env.ARCH }}" + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Regenerate Dockerfiles + run: | + rm scripts/docker/dists/*/Dockerfile || true + make docker.regen + + - name: Install qemu + run: | + sudo apt-get update + sudo apt-get install ${APT_OPTS} qemu-user-static + + - name: Build docker image + run: | + make docker-${{ matrix.env.OS }} \ + DOCKER_TAG="$DOCKER_REPOSITORY" \ + DOCKER_BUILD_ARGS="--no-cache --platform ${{ matrix.env.ARCH }}" \ + DOCKER_VERSION="${{ matrix.env.NAME }}-$BRANCH" + + - name: Docker login + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Push arch image to Docker registry + shell: bash + run: | + make docker-push-${{ matrix.env.OS }} \ + DOCKER_TAG="$DOCKER_REPOSITORY" \ + DOCKER_VERSION="${{ matrix.env.NAME }}-$BRANCH" + + + manifest: + runs-on: ubuntu-22.04 + needs: build_docker_images + if: github.repository_owner == 'FreeRADIUS' + + strategy: + matrix: + env: + - { OS: "ubuntu", ARCHS: "amd64 armv7 arm64v8", SUFFIX: "" } + - { OS: "alpine", ARCHS: "amd64 armv6 armv7 arm64v8", SUFFIX: "-alpine" } + + fail-fast: false + + name: "manifest-${{ matrix.env.OS }}" + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Docker login + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Create manifests + shell: bash + run: | + make docker-ci-manifest \ + DOCKER_TAG="$DOCKER_REPOSITORY" \ + DOCKER_VERSION="$BRANCH${{ matrix.env.SUFFIX }}" \ + DOCKER_ARCHS="${{ matrix.env.ARCHS }}" |