diff options
Diffstat (limited to '.github/workflows/centos-and-fedora.yml')
| -rw-r--r-- | .github/workflows/centos-and-fedora.yml | 375 |
1 files changed, 375 insertions, 0 deletions
diff --git a/.github/workflows/centos-and-fedora.yml b/.github/workflows/centos-and-fedora.yml new file mode 100644 index 0000000..ad4e6c1 --- /dev/null +++ b/.github/workflows/centos-and-fedora.yml @@ -0,0 +1,375 @@ +name: centos-and-fedora + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/centos-and-fedora.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad + +# +# Dependencies that are created during packaging +# +# OS botan botan repository json-c json-c repository +# ---------------------------------------------------------------------------- +# CentOS 7 2.16.0 ribose json-c12 (0.12.1) ribose +# CentOS 8 2.16.0 ribose 0.13.1 el8 +# CentOS 9 2.19.3 el9 0.14 el9 +# Fedora 35 2.18.2 fc35 0.15 fc35 +# Fedora 36 2.19.1 fc36 0.15 fc36 +# +jobs: + tests: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + container: ${{ matrix.image.container }} + timeout-minutes: 70 + strategy: + fail-fast: false + matrix: + env: + - { CC: gcc, CXX: g++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } +# normal --> Release build; sanitize --> Debug build so theoretically test conditions are different +# - { CC: clang, CXX: clang++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } + - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, USE_STATIC_DEPENDENCIES: yes } + +# Should you add a new OS/version please consider adding its default version of botan2 and json-c to this test matrix + image: + - { name: 'CentOS 7', container: 'centos:7', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: en_US.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: Botan, botan_ver: 2.19.3, locale: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: Botan, botan_ver: 2.18.2, locale: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 2.19.1, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: Off, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: OpenSSL, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: beta, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: 2.3.1, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: On, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: Off, locale: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + + + include: + # Coverage report for Botan backend + - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: On, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + # Coverage report for OpenSSL 1.1.1 backend + - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + # Coverage report for OpenSSL 3.0 backend + - image: { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + + env: ${{ matrix.env }} + name: ${{ matrix.image.name }} ${{ matrix.image.backend }} [test mode ${{ matrix.env.BUILD_MODE }}; CC ${{ matrix.env.CC }}; GnuPG ${{ matrix.image.gpg_ver }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}] + steps: + - name: Install prerequisites for prerequisites + if: matrix.image.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo + + - name: Setup environment + run: | + set -o errexit -o pipefail -o noclobber -o nounset + echo LANG=${{ matrix.image.locale }} >> $GITHUB_ENV + echo LC_ALL=${{ matrix.image.locale }} >> $GITHUB_ENV + echo LC_LANG=${{ matrix.image.locale }} >> $GITHUB_ENV + echo GPG_VERSION=${{ matrix.image.gpg_ver }} >> $GITHUB_ENV + echo ENABLE_SM2=${{ matrix.image.sm2 }} >> $GITHUB_ENV + echo ENABLE_IDEA=${{ matrix.image.idea }} >> $GITHUB_ENV + backend=${{ matrix.image.backend }} + backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')" + echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV + echo BOTAN_VERSION=${{ matrix.image.botan_ver }} >> $GITHUB_ENV + useradd rnpuser + echo -e "rnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + echo -e "rnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf + + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Setup noncacheable dependencies + run: | + . ci/gha/setup-env.inc.sh + exec su rnpuser -c ci/install_noncacheable_dependencies.sh + + - name: Cache + id: cache + uses: actions/cache@v3 + with: + path: ${{ env.CACHE_DIR }} + key: ${{ matrix.image.container }}-${{ matrix.image.backend }}-${{ matrix.env.BUILD_MODE }}-${{ matrix.env.CC }}-${{ matrix.image.gpg_ver }}-${{ matrix.image.sm2 }}-${{ matrix.image.idea }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/centos-and-fedora.yml') }} + + - name: Adjust folder ownership + run: | + set -o errexit -o pipefail -o noclobber -o nounset + chown -R rnpuser:rnpuser $PWD + + - name: Setup cacheable dependencies + if: steps.cache.outputs.cache-hit != 'true' + run: exec su rnpuser -c ci/install_cacheable_dependencies.sh + + - name: Build and Test + run: exec su rnpuser -c ci/run.sh + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Run additional ci tests + run: ci/tests/ci-tests.sh + + package-source: + runs-on: ubuntu-latest + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', LC_ALL: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } + name: Package ${{ matrix.env.name }} SRPM + env: ${{ matrix.env }} + + steps: + - name: Install prerequisites for prerequisites + if: matrix.env.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo rpm-build + + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Setup noncacheable dependencies + run: | + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + + - name: Configure + run: cmake -B build -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF + + - name: Package SRPM + run: cpack -B build/SRPM -G RPM --config build/CPackSourceConfig.cmake + + - name: Upload SRPM + uses: actions/upload-artifact@v3 + with: + name: 'SRPM ${{ matrix.env.name }}' + path: 'build/SRPM/*.src.rpm' + retention-days: 5 + + - name: Stash packaging tests + uses: actions/upload-artifact@v3 + with: + name: tests + path: 'ci/tests/**' + retention-days: 1 + + package: + runs-on: ubuntu-latest + needs: package-source + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } +# CXXFLAGS environment setting resolves dual ABI issues caused by BOTAN libraries with the version of GCC installed at 'tgagor/centos:stream8' +# https://gcc.gnu.org/onlinedocs/gcc-5.2.0/libstdc++/manual/manual/using_dual_abi.html + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', CXXFLAGS: -D_GLIBCXX_USE_CXX11_ABI=0, LC_ALL: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } + name: Package ${{ matrix.env.name }} RPM + env: ${{ matrix.env }} + steps: + - name: Install prerequisites for prerequisites + if: matrix.env.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo tar cpio rpm-build + + - name: Download SRPM + uses: actions/download-artifact@v3 + with: + name: 'SRPM ${{ matrix.env.name }}' + path: ~/rpmbuild/SRPMS + + - name: Extract SRPM + run: | + rpm -i -v ~/rpmbuild/SRPMS/*.src.rpm + tar xzf ~/rpmbuild/SOURCES/*.tar.gz --strip 1 -C ~/rpmbuild/SOURCES + + - name: Setup noncacheable dependencies + run: | + cd ~/rpmbuild/SOURCES/ + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + + - name: Permanently enable rh-ruby30 + if: matrix.env.container == 'centos:7' + run: bash -c "echo \"$(cut -f 2- -d ' ' /opt/rh/rh-ruby30/enable)\"">> $GITHUB_ENV + + - name: Build rnp + run: | + cmake ~/rpmbuild/SOURCES -B ~/rpmbuild/SOURCES/BUILD -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF \ + -DCMAKE_INSTALL_PREFIX=/usr + cmake --build ~/rpmbuild/SOURCES/BUILD --config Release + + - name: Package rpm + run: cpack -G RPM -B ~/rpmbuild/SOURCES/RPMS --config ~/rpmbuild/SOURCES/BUILD/CPackConfig.cmake + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: 'RPM ${{ matrix.env.name}}' + path: '~/rpmbuild/SOURCES/RPMS/*.rpm' + retention-days: 5 + +# The main purpose of this step is to test the RPMS in a pristine environment (as for the end user). +# ci-scripts are deliberately not used, as they recreate the development environment, +# and this is something we proudly reject here + + rpm-tests: + runs-on: ubuntu-latest + needs: package + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7' } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8' } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9' } + - { name: 'Fedora 35', container: 'fedora:35' } + - { name: 'Fedora 36', container: 'fedora:36' } + name: RPM test on ${{ matrix.env.name }} + + steps: + - name: Install prerequisites + run: yum -y install sudo wget binutils + +# CentOS 7/8 packages depend on botan.so.16 that gets installed from ribose repo +# Fedora 35/36 packages depend on botan.so.19 that comes Fedora package, that is available by default +# CentOS 9 depend on botan.so.19 and needs EPEL9 repo that needs to be installed +# ribose repo is also a source of json-c (v12 aka json-c12) for CentOS 7 + + - name: Install ribose-packages + if: matrix.env.container == 'centos:7' || matrix.env.container == 'tgagor/centos:stream8' + run: | + sudo rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages-next.pub + sudo wget https://github.com/riboseinc/yum/raw/master/ribose.repo -O /etc/yum.repos.d/ribose.repo + + - name: Install epel-release + if: matrix.env.container == 'quay.io/centos/centos:stream9' + run: | + sudo dnf -y install 'dnf-command(config-manager)' + sudo dnf config-manager --set-enabled crb + sudo dnf -y install epel-release + + - name: Install xargs + if: matrix.env.container == 'fedora:35' + run: sudo yum -y install findutils + + - name: Download rnp rpms + uses: actions/download-artifact@v3 + with: + name: 'RPM ${{ matrix.env.name}}' + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Unstash tests + uses: actions/download-artifact@v3 + with: + name: tests + path: ci/tests + + - name: Run rpm tests +# RPM tests +# - no source checkout or upload [we get only test scripts from the previous step using GHA artifacts] +# - no environment set up with rnp scripts +# - no dependencies setup, we test that yum can install whatever is required + run: | + chmod +x ci/tests/rpm-tests.sh + ci/tests/rpm-tests.sh + + - name: Run symbol visibility tests + run: | + chmod +x ci/tests/ci-tests.sh + sudo yum -y localinstall librnp0-0*.*.rpm librnp0-devel-0*.*.rpm rnp0-0*.*.rpm + ci/tests/ci-tests.sh + sudo yum -y erase $(rpm -qa | grep rnp) + + - name: Setup minimalistic build environment + run: | + sudo yum -y install make gcc gcc-c++ zlib-devel bzip2-devel botan2-devel + mkdir cmake + wget https://github.com/Kitware/CMake/releases/download/v3.12.0/cmake-3.12.0-Linux-x86_64.sh -O cmake/cmake.sh + sudo sh cmake/cmake.sh --skip-license --prefix=/usr/local + +# Ribose repo provides json-c12-devel for CentOS7; +# el8, el9, fr35, fr36 provide json-c-devel (version 12+) + - name: Setup json-c12 + if: matrix.env.container == 'centos:7' + run: sudo yum -y install json-c12-devel + + - name: Setup json-c + if: matrix.env.container != 'centos:7' + run: sudo yum -y install json-c-devel + + - name: Run packaging tests + run: | + chmod +x ci/tests/pk-tests.sh + ci/tests/pk-tests.sh |