diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/build.yml | 133 | ||||
-rw-r--r-- | .github/workflows/fuzz.yml | 7 | ||||
-rw-r--r-- | .github/workflows/stale.yaml | 20 |
3 files changed, 131 insertions, 29 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cfb224..7728f0b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,10 +8,10 @@ env: LIBBPF_VERSION: v1.3.0 OPENSSL1_VERSION: 1_1_1w+quic OPENSSL3_VERSION: 3.1.5+quic - BORINGSSL_VERSION: 8e6a26d128484b886e6dcbfa558b993d38950bb5 - AWSLC_VERSION: v1.21.0 + BORINGSSL_VERSION: fae0964b3d44e94ca2a2d21f86e61dabe683d130 + AWSLC_VERSION: v1.23.0 NGHTTP3_VERSION: v1.2.0 - NGTCP2_VERSION: v1.3.0 + NGTCP2_VERSION: v1.4.0 jobs: build-cache: @@ -22,7 +22,8 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - name: Restore libbpf cache id: cache-libbpf uses: actions/cache@v4 @@ -116,13 +117,13 @@ jobs: - name: Build libbpf if: steps.cache-libbpf.outputs.cache-hit != 'true' && runner.os == 'Linux' run: | - git clone -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf + git clone --recursive -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf cd libbpf make -C src install PREFIX=$PWD/build - name: Build quictls/openssl v1.1.1 if: steps.cache-openssl1.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1 + git clone --recursive --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1 cd openssl1 ./config --prefix=$PWD/build make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" @@ -130,7 +131,7 @@ jobs: - name: Build quictls/openssl v3.x if: steps.cache-openssl3.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3 + git clone --recursive --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3 cd openssl3 ./config enable-ktls --prefix=$PWD/build --libdir=$PWD/build/lib make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" @@ -151,16 +152,15 @@ jobs: - name: Build aws-lc if: steps.cache-awslc.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b "${AWSLC_VERSION}" https://github.com/aws/aws-lc + git clone --recursive --depth 1 -b "${AWSLC_VERSION}" https://github.com/aws/aws-lc cd aws-lc cmake -B build -DDISABLE_GO=ON make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" -C build - name: Build nghttp3 if: steps.cache-nghttp3.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3 + git clone --recursive --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3 cd nghttp3 - git submodule update --init --depth 1 autoreconf -i ./configure --prefix=$PWD/build --enable-lib-only make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check @@ -168,9 +168,8 @@ jobs: - name: Build ngtcp2 + quictls/openssl v1.1.1 + BoringSSL if: steps.cache-ngtcp2-openssl1.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1 + git clone --recursive --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1 cd ngtcp2-openssl1 - git submodule update --init --depth 1 autoreconf -i ./configure --prefix=$PWD/build --enable-lib-only \ PKG_CONFIG_PATH="../openssl1/build/lib/pkgconfig" \ @@ -182,9 +181,8 @@ jobs: - name: Build ngtcp2 + quictls/openssl v3.x + aws-lc if: steps.cache-ngtcp2-openssl3.outputs.cache-hit != 'true' run: | - git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3 + git clone --recursive --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3 cd ngtcp2-openssl3 - git submodule update --init --depth 1 autoreconf -i ./configure --prefix=$PWD/build --enable-lib-only \ PKG_CONFIG_PATH="../openssl3/build/lib/pkgconfig" \ @@ -231,7 +229,10 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive - name: Linux setup if: runner.os == 'Linux' run: | @@ -258,6 +259,12 @@ jobs: cmake-data echo 'CPPFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -g' >> $GITHUB_ENV echo 'LDFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined' >> $GITHUB_ENV + + # https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917 + # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with + # high-entropy ASLR in much newer kernels that GitHub runners are + # using leading to random crashes: https://reviews.llvm.org/D148280 + sudo sysctl vm.mmap_rnd_bits=28 - name: MacOS setup if: runner.os == 'macOS' run: | @@ -350,7 +357,7 @@ jobs: OPENSSL_CFLAGS="-I$PWD/include/" OPENSSL_LIBS="-L$PWD/build/ssl -lssl -L$PWD/build/crypto -lcrypto -pthread" - EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc" + EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc --disable-examples" echo 'OPENSSL_CFLAGS='"$OPENSSL_CFLAGS" >> $GITHUB_ENV echo 'OPENSSL_LIBS='"$OPENSSL_LIBS" >> $GITHUB_ENV @@ -404,9 +411,6 @@ jobs: echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV echo 'EXTRA_CMAKE_OPTS='"$EXTRA_CMAKE_OPTS" >> $GITHUB_ENV - - name: Setup git submodules - run: | - git submodule update --init --depth 1 - name: Configure autotools run: | autoreconf -i @@ -420,7 +424,7 @@ jobs: cd nghttp2-$VERSION echo 'NGHTTP2_CMAKE_DIR='"$PWD" >> $GITHUB_ENV - cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" . + cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON . - name: Configure cmake (MacOS) if: matrix.buildtool == 'cmake' && runner.os == 'macOS' run: | @@ -433,7 +437,7 @@ jobs: # This fixes infamous 'stdio.h not found' error. echo 'SDKROOT='"$(xcrun --sdk macosx --show-sdk-path)" >> $GITHUB_ENV - cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" . + cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON . - name: Build nghttp2 with autotools (Linux) if: matrix.buildtool == 'autotools' && runner.os == 'Linux' run: | @@ -473,7 +477,10 @@ jobs: HOST: ${{ matrix.host }} steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive - name: Linux setup run: | sudo dpkg --add-architecture i386 @@ -488,7 +495,6 @@ jobs: wine - name: Configure autotools run: | - git submodule update --init --depth 1 autoreconf -i && \ ./configure --enable-werror --enable-lib-only --host="$HOST" \ CFLAGS="-g -O2 -D_WIN32_WINNT=0x0600" LIBS="-pthread" @@ -516,15 +522,84 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive - uses: microsoft/setup-msbuild@v2 - name: Configure cmake - run: | - git submodule update --init --depth 1 - mkdir build - cd build - cmake -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows .. + run: cmake -B build -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON - name: Build nghttp2 run: | cmake --build build cmake --build build --target check + + release: + if: github.ref_type == 'tag' + + needs: + - build + - build-cross + - build-windows + + permissions: + contents: write + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: recursive + - name: Make artifacts + run: | + ver='${{ github.ref_name }}' + + prev_ver=$(git tag --sort v:refname | grep -v -F "${ver}" | \ + grep 'v[0-9]\+\.[0-9]\+\.0' | tail -n1) + + echo -n "$GPG_KEY" | gpg --batch --pinentry-mode loopback --import + ./makerelease.sh "${ver}" "${prev_ver}" + env: + GPG_KEY: ${{ secrets.GPG_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + - name: Make release + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs') + + let ver = '${{ github.ref_name }}' + + let {data: release} = await github.rest.repos.createRelease({ + owner: context.repo.owner, + repo: context.repo.repo, + tag_name: ver, + name: `nghttp2 ${ver}`, + draft: true, + generate_release_notes: true, + discussion_category_name: 'Announcements', + }) + + let v = ver.substring(1) + + let files = [ + 'checksums.txt', + `nghttp2-${v}.tar.bz2`, + `nghttp2-${v}.tar.bz2.asc`, + `nghttp2-${v}.tar.gz`, + `nghttp2-${v}.tar.gz.asc`, + `nghttp2-${v}.tar.xz`, + `nghttp2-${v}.tar.xz.asc`, + ] + + await Promise.all(files.map(elem => + github.rest.repos.uploadReleaseAsset({ + owner: context.repo.owner, + repo: context.repo.repo, + release_id: release.id, + name: elem, + data: fs.readFileSync(elem), + }) + )) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 720b25f..b4ced5b 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -5,6 +5,13 @@ jobs: Fuzzing: runs-on: ubuntu-latest steps: + - name: LLVM workaround + run: | + # https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917 + # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with + # high-entropy ASLR in much newer kernels that GitHub runners are + # using leading to random crashes: https://reviews.llvm.org/D148280 + sudo sysctl vm.mmap_rnd_bits=28 - name: Build Fuzzers uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master with: diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml new file mode 100644 index 0000000..2c7841b --- /dev/null +++ b/.github/workflows/stale.yaml @@ -0,0 +1,20 @@ +name: 'Close stale issues' + +on: + schedule: + - cron: '30 1 * * *' + +permissions: + issues: write + +jobs: + stale: + runs-on: ubuntu-22.04 + + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.' + days-before-stale: 30 + days-before-close: 7 + exempt-all-milestones: true |