summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/build.yml133
-rw-r--r--.github/workflows/fuzz.yml7
-rw-r--r--.github/workflows/stale.yaml20
3 files changed, 131 insertions, 29 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7cfb224..7728f0b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,10 +8,10 @@ env:
LIBBPF_VERSION: v1.3.0
OPENSSL1_VERSION: 1_1_1w+quic
OPENSSL3_VERSION: 3.1.5+quic
- BORINGSSL_VERSION: 8e6a26d128484b886e6dcbfa558b993d38950bb5
- AWSLC_VERSION: v1.21.0
+ BORINGSSL_VERSION: fae0964b3d44e94ca2a2d21f86e61dabe683d130
+ AWSLC_VERSION: v1.23.0
NGHTTP3_VERSION: v1.2.0
- NGTCP2_VERSION: v1.3.0
+ NGTCP2_VERSION: v1.4.0
jobs:
build-cache:
@@ -22,7 +22,8 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- - uses: actions/checkout@v4
+ - name: Checkout
+ uses: actions/checkout@v4
- name: Restore libbpf cache
id: cache-libbpf
uses: actions/cache@v4
@@ -116,13 +117,13 @@ jobs:
- name: Build libbpf
if: steps.cache-libbpf.outputs.cache-hit != 'true' && runner.os == 'Linux'
run: |
- git clone -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf
+ git clone --recursive -b ${{ env.LIBBPF_VERSION }} https://github.com/libbpf/libbpf
cd libbpf
make -C src install PREFIX=$PWD/build
- name: Build quictls/openssl v1.1.1
if: steps.cache-openssl1.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1
+ git clone --recursive --depth 1 -b OpenSSL_${{ env.OPENSSL1_VERSION }} https://github.com/quictls/openssl openssl1
cd openssl1
./config --prefix=$PWD/build
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
@@ -130,7 +131,7 @@ jobs:
- name: Build quictls/openssl v3.x
if: steps.cache-openssl3.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3
+ git clone --recursive --depth 1 -b openssl-${{ env.OPENSSL3_VERSION }} https://github.com/quictls/openssl openssl3
cd openssl3
./config enable-ktls --prefix=$PWD/build --libdir=$PWD/build/lib
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)"
@@ -151,16 +152,15 @@ jobs:
- name: Build aws-lc
if: steps.cache-awslc.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b "${AWSLC_VERSION}" https://github.com/aws/aws-lc
+ git clone --recursive --depth 1 -b "${AWSLC_VERSION}" https://github.com/aws/aws-lc
cd aws-lc
cmake -B build -DDISABLE_GO=ON
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" -C build
- name: Build nghttp3
if: steps.cache-nghttp3.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3
+ git clone --recursive --depth 1 -b ${{ env.NGHTTP3_VERSION}} https://github.com/ngtcp2/nghttp3
cd nghttp3
- git submodule update --init --depth 1
autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only
make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" check
@@ -168,9 +168,8 @@ jobs:
- name: Build ngtcp2 + quictls/openssl v1.1.1 + BoringSSL
if: steps.cache-ngtcp2-openssl1.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1
+ git clone --recursive --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl1
cd ngtcp2-openssl1
- git submodule update --init --depth 1
autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only \
PKG_CONFIG_PATH="../openssl1/build/lib/pkgconfig" \
@@ -182,9 +181,8 @@ jobs:
- name: Build ngtcp2 + quictls/openssl v3.x + aws-lc
if: steps.cache-ngtcp2-openssl3.outputs.cache-hit != 'true'
run: |
- git clone --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3
+ git clone --recursive --depth 1 -b ${{ env.NGTCP2_VERSION }} https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl3
cd ngtcp2-openssl3
- git submodule update --init --depth 1
autoreconf -i
./configure --prefix=$PWD/build --enable-lib-only \
PKG_CONFIG_PATH="../openssl3/build/lib/pkgconfig" \
@@ -231,7 +229,10 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- - uses: actions/checkout@v4
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ submodules: recursive
- name: Linux setup
if: runner.os == 'Linux'
run: |
@@ -258,6 +259,12 @@ jobs:
cmake-data
echo 'CPPFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -g' >> $GITHUB_ENV
echo 'LDFLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined' >> $GITHUB_ENV
+
+ # https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917
+ # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+ # high-entropy ASLR in much newer kernels that GitHub runners are
+ # using leading to random crashes: https://reviews.llvm.org/D148280
+ sudo sysctl vm.mmap_rnd_bits=28
- name: MacOS setup
if: runner.os == 'macOS'
run: |
@@ -350,7 +357,7 @@ jobs:
OPENSSL_CFLAGS="-I$PWD/include/"
OPENSSL_LIBS="-L$PWD/build/ssl -lssl -L$PWD/build/crypto -lcrypto -pthread"
- EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc"
+ EXTRA_AUTOTOOLS_OPTS="$EXTRA_AUTOTOOLS_OPTS --without-neverbleed --without-jemalloc --disable-examples"
echo 'OPENSSL_CFLAGS='"$OPENSSL_CFLAGS" >> $GITHUB_ENV
echo 'OPENSSL_LIBS='"$OPENSSL_LIBS" >> $GITHUB_ENV
@@ -404,9 +411,6 @@ jobs:
echo 'LDFLAGS='"$LDFLAGS" >> $GITHUB_ENV
echo 'EXTRA_AUTOTOOLS_OPTS='"$EXTRA_AUTOTOOLS_OPTS" >> $GITHUB_ENV
echo 'EXTRA_CMAKE_OPTS='"$EXTRA_CMAKE_OPTS" >> $GITHUB_ENV
- - name: Setup git submodules
- run: |
- git submodule update --init --depth 1
- name: Configure autotools
run: |
autoreconf -i
@@ -420,7 +424,7 @@ jobs:
cd nghttp2-$VERSION
echo 'NGHTTP2_CMAKE_DIR='"$PWD" >> $GITHUB_ENV
- cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" .
+ cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON .
- name: Configure cmake (MacOS)
if: matrix.buildtool == 'cmake' && runner.os == 'macOS'
run: |
@@ -433,7 +437,7 @@ jobs:
# This fixes infamous 'stdio.h not found' error.
echo 'SDKROOT='"$(xcrun --sdk macosx --show-sdk-path)" >> $GITHUB_ENV
- cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" .
+ cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON .
- name: Build nghttp2 with autotools (Linux)
if: matrix.buildtool == 'autotools' && runner.os == 'Linux'
run: |
@@ -473,7 +477,10 @@ jobs:
HOST: ${{ matrix.host }}
steps:
- - uses: actions/checkout@v4
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ submodules: recursive
- name: Linux setup
run: |
sudo dpkg --add-architecture i386
@@ -488,7 +495,6 @@ jobs:
wine
- name: Configure autotools
run: |
- git submodule update --init --depth 1
autoreconf -i && \
./configure --enable-werror --enable-lib-only --host="$HOST" \
CFLAGS="-g -O2 -D_WIN32_WINNT=0x0600" LIBS="-pthread"
@@ -516,15 +522,84 @@ jobs:
runs-on: windows-latest
steps:
- - uses: actions/checkout@v4
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ submodules: recursive
- uses: microsoft/setup-msbuild@v2
- name: Configure cmake
- run: |
- git submodule update --init --depth 1
- mkdir build
- cd build
- cmake -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows ..
+ run: cmake -B build -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_GENERATOR_PLATFORM=${{ matrix.platform }} -DVCPKG_TARGET_TRIPLET=${{ matrix.arch}}-windows -DBUILD_STATIC_LIBS=ON -DBUILD_TESTING=ON
- name: Build nghttp2
run: |
cmake --build build
cmake --build build --target check
+
+ release:
+ if: github.ref_type == 'tag'
+
+ needs:
+ - build
+ - build-cross
+ - build-windows
+
+ permissions:
+ contents: write
+
+ runs-on: ubuntu-22.04
+
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Make artifacts
+ run: |
+ ver='${{ github.ref_name }}'
+
+ prev_ver=$(git tag --sort v:refname | grep -v -F "${ver}" | \
+ grep 'v[0-9]\+\.[0-9]\+\.0' | tail -n1)
+
+ echo -n "$GPG_KEY" | gpg --batch --pinentry-mode loopback --import
+ ./makerelease.sh "${ver}" "${prev_ver}"
+ env:
+ GPG_KEY: ${{ secrets.GPG_KEY }}
+ GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+ - name: Make release
+ uses: actions/github-script@v7
+ with:
+ script: |
+ const fs = require('fs')
+
+ let ver = '${{ github.ref_name }}'
+
+ let {data: release} = await github.rest.repos.createRelease({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ tag_name: ver,
+ name: `nghttp2 ${ver}`,
+ draft: true,
+ generate_release_notes: true,
+ discussion_category_name: 'Announcements',
+ })
+
+ let v = ver.substring(1)
+
+ let files = [
+ 'checksums.txt',
+ `nghttp2-${v}.tar.bz2`,
+ `nghttp2-${v}.tar.bz2.asc`,
+ `nghttp2-${v}.tar.gz`,
+ `nghttp2-${v}.tar.gz.asc`,
+ `nghttp2-${v}.tar.xz`,
+ `nghttp2-${v}.tar.xz.asc`,
+ ]
+
+ await Promise.all(files.map(elem =>
+ github.rest.repos.uploadReleaseAsset({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ release_id: release.id,
+ name: elem,
+ data: fs.readFileSync(elem),
+ })
+ ))
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 720b25f..b4ced5b 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -5,6 +5,13 @@ jobs:
Fuzzing:
runs-on: ubuntu-latest
steps:
+ - name: LLVM workaround
+ run: |
+ # https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917
+ # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+ # high-entropy ASLR in much newer kernels that GitHub runners are
+ # using leading to random crashes: https://reviews.llvm.org/D148280
+ sudo sysctl vm.mmap_rnd_bits=28
- name: Build Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
new file mode 100644
index 0000000..2c7841b
--- /dev/null
+++ b/.github/workflows/stale.yaml
@@ -0,0 +1,20 @@
+name: 'Close stale issues'
+
+on:
+ schedule:
+ - cron: '30 1 * * *'
+
+permissions:
+ issues: write
+
+jobs:
+ stale:
+ runs-on: ubuntu-22.04
+
+ steps:
+ - uses: actions/stale@v9
+ with:
+ stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
+ days-before-stale: 30
+ days-before-close: 7
+ exempt-all-milestones: true