diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/ci-status.md | 10 | ||||
| -rwxr-xr-x | .github/configs | 3 | ||||
| -rwxr-xr-x | .github/run_test.sh | 1 | ||||
| -rw-r--r-- | .github/workflows/c-cpp.yml | 16 | ||||
| -rw-r--r-- | .github/workflows/cifuzz.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/selfhosted.yml | 55 | ||||
| -rw-r--r-- | .github/workflows/upstream.yml | 18 |
7 files changed, 73 insertions, 34 deletions
diff --git a/.github/ci-status.md b/.github/ci-status.md index 8d4cea1..fbf7c5f 100644 --- a/.github/ci-status.md +++ b/.github/ci-status.md @@ -6,10 +6,6 @@ master : [](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [](https://scan.coverity.com/projects/openssh-portable) -9.4 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4) - -9.3 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) +9.7 : +[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) +[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/.github/configs b/.github/configs index 370fe29..6134cb6 100755 --- a/.github/configs +++ b/.github/configs @@ -208,6 +208,7 @@ case "$config" in # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS penalty-expire" SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) @@ -289,7 +290,7 @@ case "${TARGET_HOST}" in hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data - transfer" + transfer penalty penalty-expire" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/.github/run_test.sh b/.github/run_test.sh index d5fd487..17c1731 100755 --- a/.github/run_test.sh +++ b/.github/run_test.sh @@ -9,6 +9,7 @@ set -ex # If we want to test hostbased auth, set up the host for it. if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then sshconf=/usr/local/etc + $SUDO mkdir -p "${sshconf}" hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null $SUDO mkdir -p $sshconf diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index edb88f2..6090287 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -2,12 +2,13 @@ name: C/C++ CI on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] jobs: ci: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository != 'openssh/openssh-portable-selfhosted' strategy: fail-fast: false @@ -16,9 +17,9 @@ jobs: target: - ubuntu-20.04 - ubuntu-22.04 - - macos-11 - macos-12 - macos-13 + - macos-14 - windows-2019 - windows-2022 config: [default] @@ -62,8 +63,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -74,9 +75,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } @@ -97,9 +101,9 @@ jobs: - { target: ubuntu-22.04, config: selinux } - { target: ubuntu-22.04, config: kitchensink } - { target: ubuntu-22.04, config: without-openssl } - - { target: macos-11, config: pam } - { target: macos-12, config: pam } - { target: macos-13, config: pam } + - { target: macos-14, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 7ca8c47..ab8b1c6 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -1,9 +1,9 @@ name: CIFuzz on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] jobs: Fuzzing: diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index 4f1c587..1672973 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -2,17 +2,25 @@ name: C/C++ CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} timeout-minutes: 600 env: + DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} + EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }} + PERSISTENT: ${{ startsWith(matrix.host, 'persist') }} + REMOTE: ${{ startsWith(matrix.host, 'remote') }} + VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} + SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -74,34 +82,46 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + # ARM64 VMs + - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. - - { target: win10, config: default, host: win10 } - - { target: win10, config: cygwin-release, host: win10 } - # Physical hosts, with either native runners or remote via ssh. + - { target: win10, config: default, host: persist-win10 } + - { target: win10, config: cygwin-release, host: persist-win10 } + # Physical hosts with native runners. - { target: ARM, config: default, host: ARM } - { target: ARM64, config: default, host: ARM64 } - { target: ARM64, config: pam, host: ARM64 } - - { target: debian-riscv64, config: default, host: debian-riscv64 } - - { target: obsd-arm64, config: default, host: obsd-arm64 } - - { target: openwrt-mips, config: default, host: openwrt-mips } - - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + # Physical hosts with remote runners. + - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } + + - { target: openwrt-mips, config: default, host: remote-openwrt-mips } + - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } steps: + - name: unmount stale workspace + if: env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running + if: env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM + if: env.VM == 'true' run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + if: env.SSHFS == 'true' + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: configure run: vmrun ./.github/configure.sh ${{ matrix.config }} - - name: save config - uses: actions/upload-artifact@main - with: - name: ${{ matrix.target }}-${{ matrix.config }}-config - path: config.h +# - name: save config +# uses: actions/upload-artifact@main +# with: +# name: ${{ matrix.target }}-${{ matrix.config }}-config +# path: config.h - name: make clean run: vmrun make clean - name: make @@ -120,7 +140,10 @@ jobs: regress/*.log regress/log/* regress/valgrind-out/ + - name: unmount workspace + if: always() && env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM - if: always() + if: always() && env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index b280793..e25adb4 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -3,22 +3,29 @@ name: Upstream self-hosted on: push: branches: [ master ] - paths: [ '**.c', '**.h', '.github/**' ] + paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ] jobs: selfhosted: + name: "upstream ${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: 'libvirt' env: + DEBUG_ACTIONS: true + EPHEMERAL: true HOST: 'libvirt' TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} strategy: fail-fast: false matrix: target: [ obsdsnap, obsdsnap-i386 ] config: [ default, without-openssl, ubsan ] steps: + - name: unmount stale workspace + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running run: vmshutdown working-directory: ${{ runner.temp }} @@ -26,6 +33,9 @@ jobs: - name: startup VM run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean @@ -33,7 +43,7 @@ jobs: - name: make run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install - run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart" - name: make tests` run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: @@ -47,6 +57,10 @@ jobs: path: | /usr/obj/regress/usr.bin/ssh/obj/*.log /usr/obj/regress/usr.bin/ssh/obj/log/* + - name: unmount workspace + if: always() + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if: always() run: vmshutdown |