name: CI RPM on: push: branches-ignore: - coverity_scan pull_request: env: CC: gcc jobs: rpm-build: strategy: matrix: env: - { NAME: "centos-7", OS: "centos:7", BADNODE: true } - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false } - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false } fail-fast: false runs-on: ubuntu-latest container: image: ${{ matrix.env.OS }} env: HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci HOSTAPD_GIT_TAG: hostapd_2_8 ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }} name: "RPM build" steps: - name: Fix up CentOS 7 repositories if: ${{ matrix.env.NAME == 'centos-7' }} run: | sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* # Required so that the checkout action uses git protocol rather than the GitHub REST API. # make rpm requires the FR directory to be a git repository. - name: Install recent git for CentOS 7 if: ${{ matrix.env.NAME == 'centos-7' }} run: | yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/git-core-2.30.1-1.ep7.x86_64.rpm # Rocky 9 uses dnf by default. CentOS 7 doesn't have dnf. Install yum on Rocky 9 so all distros work - name: Install yum if: ${{ matrix.env.NAME == 'rocky-9'}} run: | dnf install -y yum - name: Install distro git for Rocky. if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y git-core - uses: actions/checkout@v3 with: path: freeradius - name: Prepare filesystem run: | pwd ls -la mkdir rpms ls -la - name: LTB repo for CentOS and Rocky Linux 8 if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} run: | echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project - name: Enable EPEL for CentOS and Rocky Linux if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y epel-release - name: Enable PowerTools on Rocky 8. if: ${{ matrix.env.NAME == 'rocky-8' }} run: | yum install -y yum-utils yum config-manager --enable PowerTools || : yum config-manager --enable powertools || : - name: Enable Code Ready Builer on Rocky 9. if: ${{ matrix.env.NAME == 'rocky-9' }} run: | yum install -y yum-utils yum config-manager --enable crb - name: Install common tools run: | yum install -y \ bzip2 \ gcc \ make \ perl \ rpm-build \ yum-utils # # We just patch the SPEC file for Fedora since we want to use the standard # make rpm target which wants to build with LDAP. # - name: Disable rlm_ldap on Fedora (no LTB packages) if: ${{ startsWith(matrix.env.NAME, 'fedora-') }} run: | sed -ie 's/%bcond_without ldap/%global _without_ldap: 1/' freeradius/redhat/freeradius.spec - name: Install build dependencies run: | yum-builddep -y freeradius/redhat/freeradius.spec # # It has been observed that sometimes not all the dependencies are # installed on the first go. Give it a second chance. # - name: Second run of install build dependencies run: | yum-builddep -y redhat/freeradius.spec working-directory: freeradius - name: Show versions run: | $CC --version make --version krb5-config --all || : openssl version # For pkill and ps - name: Enable procps-ng on Rocky if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y procps-ng - name: Build RPMs run: | [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : ./configure make rpm working-directory: freeradius - name: Collect RPMs run: | mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms/ - name: Restore eapol_test build directory from cache uses: actions/cache@v3 id: hostapd-cache with: path: ${{ env.HOSTAPD_BUILD_DIR }} key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 - name: Build eapol_test run: | yum install -y libnl3-devel which [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : scripts/ci/eapol_test-build.sh mv scripts/ci/eapol_test/eapol_test ../rpms/ working-directory: freeradius - name: Store RPMs uses: actions/upload-artifact@v3 with: name: rpms-${{ matrix.env.NAME }} path: rpms # # If the CI has failed and the branch is ci-debug then start a tmate # session. SSH rendezvous point is emited continuously in the job output. # - name: "Debug: Package dependancies for tmate" run: | yum install -y xz ln -s /bin/true /bin/apt-get if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} - name: "Debug: Start tmate" uses: mxschmitt/action-tmate@v3 with: limit-access-to-actor: true sudo: false if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} rpm-test: needs: - rpm-build strategy: matrix: env: - { NAME: "centos-7", OS: "centos:7", BADNODE: true } - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false } - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false } fail-fast: false runs-on: ubuntu-latest container: image: ${{ matrix.env.OS }} env: ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }} name: "RPM install test" steps: - name: Fix up CentOS 7 repositories if: ${{ matrix.env.NAME == 'centos-7' }} run: | sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-* sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* - name: Install yum if: ${{ matrix.env.NAME == 'rocky-9'}} run: | dnf install -y yum - name: LTB repo for CentOS and Rocky 8 if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} run: | echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project - name: Enable EPEL for CentOS and Rocky Linux if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y epel-release - name: Enable PowerTools on Rocky 8 if: ${{ matrix.env.NAME == 'rocky-8' }} run: | yum install -y yum-utils yum config-manager --enable PowerTools || : yum config-manager --enable powertools || : - name: Enable Code Ready Builer on Rocky 9. if: ${{ matrix.env.NAME == 'rocky-9' }} run: | yum install -y yum-utils yum config-manager --enable crb # For pkill - name: Enable procps-ng on Centos and Rocky if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} run: | yum install -y procps-ng - name: Load RPMs uses: actions/download-artifact@v3 with: name: rpms-${{ matrix.env.NAME }} - name: Install RPMs run: | yum install -y *.rpm - name: Ensure certificates are created if: ${{ matrix.env.NAME == 'centos-7' }} run: | if [ ! -e /etc/raddb/certs/server.pem ]; then /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' fi - name: Config check run: | radiusd -XxC # # We now perform some post-install tests that depend on the availability # of the source tree # - name: Install pre-built eapol_test run: | yum install -y libnl3 make gdb which mv eapol_test /usr/local/bin chmod +x /usr/local/bin/eapol_test - uses: actions/checkout@v3 with: path: freeradius - name: Run the post-install test target run: | echo "top_builddir := $(pwd)" > Make.inc make -C src/tests/ OPENSSL_LIBS=1 EAPOL_TEST_BIN="$(which eapol_test)" $(pwd)/build/tests/eapol_test/eapol_test.mk make -f scripts/ci/package-test.mk package-test working-directory: freeradius - name: Upload radius logs on failure if: ${{ failure() }} uses: actions/upload-artifact@v3 with: name: radius-logs-${{ matrix.env.NAME }}.tgz path: | /var/log/radius freeradius/build/tests/eapol_test # # See above comments for tmate # - name: "Debug: Package dependancies for tmate" run: | yum install -y xz ln -s /bin/true /bin/apt-get if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} - name: "Debug: Start tmate" uses: mxschmitt/action-tmate@v3 with: limit-access-to-actor: true sudo: false if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}