summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/c-cpp.yml125
-rw-r--r--.github/workflows/cifuzz.yml32
-rw-r--r--.github/workflows/selfhosted.yml116
-rw-r--r--.github/workflows/upstream.yml52
4 files changed, 325 insertions, 0 deletions
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
new file mode 100644
index 0000000..e6ea495
--- /dev/null
+++ b/.github/workflows/c-cpp.yml
@@ -0,0 +1,125 @@
+name: C/C++ CI
+
+on:
+ push:
+ paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+ pull_request:
+ paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+
+jobs:
+ ci:
+ if: github.repository != 'openssh/openssh-portable-selfhosted'
+ strategy:
+ fail-fast: false
+ matrix:
+ # First we test all OSes in the default configuration.
+ target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022]
+ config: [default]
+ # Then we include any extra configs we want to test for specific VMs.
+ # Valgrind slows things down quite a bit, so start them first.
+ include:
+ - { target: windows-2019, config: cygwin-release }
+ - { target: windows-2022, config: cygwin-release }
+ - { target: ubuntu-20.04, config: valgrind-1 }
+ - { target: ubuntu-20.04, config: valgrind-2 }
+ - { target: ubuntu-20.04, config: valgrind-3 }
+ - { target: ubuntu-20.04, config: valgrind-4 }
+ - { target: ubuntu-20.04, config: valgrind-5 }
+ - { target: ubuntu-20.04, config: valgrind-unit }
+ - { target: ubuntu-20.04, config: c89 }
+ - { target: ubuntu-20.04, config: clang-6.0 }
+ - { target: ubuntu-20.04, config: clang-8 }
+ - { target: ubuntu-20.04, config: clang-9 }
+ - { target: ubuntu-20.04, config: clang-10 }
+ - { target: ubuntu-20.04, config: clang-11 }
+ - { target: ubuntu-20.04, config: clang-12-Werror }
+ - { target: ubuntu-20.04, config: clang-sanitize-address }
+ - { target: ubuntu-20.04, config: clang-sanitize-undefined }
+ - { target: ubuntu-20.04, config: gcc-sanitize-address }
+ - { target: ubuntu-20.04, config: gcc-sanitize-undefined }
+ - { target: ubuntu-20.04, config: gcc-7 }
+ - { target: ubuntu-20.04, config: gcc-8 }
+ - { target: ubuntu-20.04, config: gcc-10 }
+ - { target: ubuntu-20.04, config: gcc-11-Werror }
+ - { target: ubuntu-20.04, config: pam }
+ - { target: ubuntu-20.04, config: kitchensink }
+ - { target: ubuntu-20.04, config: hardenedmalloc }
+ - { target: ubuntu-20.04, config: tcmalloc }
+ - { target: ubuntu-20.04, config: musl }
+ - { target: ubuntu-latest, config: libressl-master }
+ - { target: ubuntu-latest, config: libressl-2.2.9 }
+ - { target: ubuntu-latest, config: libressl-2.8.3 }
+ - { target: ubuntu-latest, config: libressl-3.0.2 }
+ - { target: ubuntu-latest, config: libressl-3.2.6 }
+ - { target: ubuntu-latest, config: libressl-3.3.6 }
+ - { target: ubuntu-latest, config: libressl-3.4.3 }
+ - { target: ubuntu-latest, config: libressl-3.5.3 }
+ - { target: ubuntu-latest, config: libressl-3.6.1 }
+ - { target: ubuntu-latest, config: libressl-3.7.0 }
+ - { target: ubuntu-latest, config: openssl-master }
+ - { target: ubuntu-latest, config: openssl-noec }
+ - { target: ubuntu-latest, config: openssl-1.0.1 }
+ - { target: ubuntu-latest, config: openssl-1.0.1u }
+ - { target: ubuntu-latest, config: openssl-1.0.2u }
+ - { target: ubuntu-latest, config: openssl-1.1.0h }
+ - { target: ubuntu-latest, config: openssl-1.1.1 }
+ - { target: ubuntu-latest, config: openssl-1.1.1k }
+ - { target: ubuntu-latest, config: openssl-1.1.1n }
+ - { target: ubuntu-latest, config: openssl-1.1.1q }
+ - { target: ubuntu-latest, config: openssl-1.1.1s }
+ - { target: ubuntu-latest, config: openssl-3.0.0 }
+ - { target: ubuntu-latest, config: openssl-3.0.5 }
+ - { target: ubuntu-latest, config: openssl-3.0.7 }
+ - { target: ubuntu-latest, config: openssl-1.1.1_stable }
+ - { target: ubuntu-latest, config: openssl-3.0 } # stable branch
+ - { target: ubuntu-22.04, config: pam }
+ - { target: ubuntu-22.04, config: krb5 }
+ - { target: ubuntu-22.04, config: heimdal }
+ - { target: ubuntu-22.04, config: libedit }
+ - { target: ubuntu-22.04, config: sk }
+ - { target: ubuntu-22.04, config: selinux }
+ - { target: ubuntu-22.04, config: kitchensink }
+ - { target: ubuntu-22.04, config: without-openssl }
+ - { target: macos-11, config: pam }
+ - { target: macos-12, config: pam }
+ runs-on: ${{ matrix.target }}
+ steps:
+ - name: set cygwin git params
+ if: ${{ startsWith(matrix.target, 'windows') }}
+ run: git config --global core.autocrlf input
+ - name: install cygwin
+ if: ${{ startsWith(matrix.target, 'windows') }}
+ uses: cygwin/cygwin-install-action@master
+ - uses: actions/checkout@main
+ - name: setup CI system
+ run: sh ./.github/setup_ci.sh ${{ matrix.config }}
+ - name: autoreconf
+ run: sh -c autoreconf
+ - name: configure
+ run: sh ./.github/configure.sh ${{ matrix.config }}
+ - name: save config
+ uses: actions/upload-artifact@main
+ with:
+ name: ${{ matrix.target }}-${{ matrix.config }}-config
+ path: config.h
+ - name: make clean
+ run: make clean
+ - name: make
+ run: make -j2
+ - name: make tests
+ run: sh ./.github/run_test.sh ${{ matrix.config }}
+ env:
+ TEST_SSH_UNSAFE_PERMISSIONS: 1
+ TEST_SSH_HOSTBASED_AUTH: yes
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@main
+ with:
+ name: ${{ matrix.target }}-${{ matrix.config }}-logs
+ path: |
+ config.h
+ config.log
+ regress/*.log
+ regress/valgrind-out/
+ regress/asan.log.*
+ regress/msan.log.*
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 0000000..7ca8c47
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,32 @@
+name: CIFuzz
+on:
+ push:
+ paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+ pull_request:
+ paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+
+jobs:
+ Fuzzing:
+ if: github.repository != 'openssh/openssh-portable-selfhosted'
+ runs-on: ubuntu-latest
+ steps:
+ - name: Build Fuzzers
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'openssh'
+ dry-run: false
+ language: c++
+ - name: Run Fuzzers
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'openssh'
+ fuzz-seconds: 600
+ dry-run: false
+ language: c++
+ - name: Upload Crash
+ uses: actions/upload-artifact@main
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: artifacts
+ path: ./out/artifacts
diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml
new file mode 100644
index 0000000..50bc9ff
--- /dev/null
+++ b/.github/workflows/selfhosted.yml
@@ -0,0 +1,116 @@
+name: C/C++ CI self-hosted
+
+on:
+ push:
+ paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+
+jobs:
+ selfhosted:
+ if: github.repository == 'openssh/openssh-portable-selfhosted'
+ runs-on: ${{ matrix.host }}
+ timeout-minutes: 600
+ env:
+ HOST: ${{ matrix.host }}
+ TARGET_HOST: ${{ matrix.target }}
+ TARGET_CONFIG: ${{ matrix.config }}
+ strategy:
+ fail-fast: false
+ # We use a matrix in two parts: firstly all of the VMs are tested with the
+ # default config. "target" corresponds to a label associated with the
+ # worker. The default is an ephemeral VM running under libvirt.
+ matrix:
+ target:
+ - alpine
+ - debian-i386
+ - dfly30
+ - dfly48
+ - dfly58
+ - dfly60
+ - dfly62
+ - fbsd10
+ - fbsd12
+ - fbsd13
+ - minix3
+ - nbsd3
+ - nbsd4
+ - nbsd8
+ - nbsd9
+ - obsd51
+ - obsd67
+ - obsd69
+ - obsd70
+ - obsdsnap
+ - obsdsnap-i386
+ - openindiana
+ - sol10
+ - sol11
+ config:
+ - default
+ host:
+ - libvirt
+ include:
+ # Then we include extra libvirt test configs.
+ - { target: aix51, config: default, host: libvirt }
+ - { target: debian-i386, config: pam, host: libvirt }
+ - { target: dfly30, config: without-openssl, host: libvirt}
+ - { target: dfly48, config: pam ,host: libvirt }
+ - { target: dfly58, config: pam, host: libvirt }
+ - { target: dfly60, config: pam, host: libvirt }
+ - { target: dfly62, config: pam, host: libvirt }
+ - { target: fbsd10, config: pam, host: libvirt }
+ - { target: fbsd12, config: pam, host: libvirt }
+ - { target: fbsd13, config: pam, host: libvirt }
+ - { target: nbsd8, config: pam, host: libvirt }
+ - { target: nbsd9, config: pam, host: libvirt }
+ - { target: openindiana, config: pam, host: libvirt }
+ - { target: sol10, config: pam, host: libvirt }
+ - { target: sol11, config: pam-krb5, host: libvirt }
+ - { target: sol11, config: sol64, host: libvirt }
+ # VMs with persistent disks that have their own runner.
+ - { target: win10, config: default, host: win10 }
+ - { target: win10, config: cygwin-release, host: win10 }
+ # Physical hosts, with either native runners or remote via ssh.
+ - { target: ARM, config: default, host: ARM }
+ - { target: ARM64, config: default, host: ARM64 }
+ - { target: ARM64, config: pam, host: ARM64 }
+ - { target: debian-riscv64, config: default, host: debian-riscv64 }
+ - { target: openwrt-mips, config: default, host: openwrt-mips }
+ - { target: openwrt-mipsel, config: default, host: openwrt-mipsel }
+ steps:
+ - name: shutdown VM if running
+ run: vmshutdown
+ working-directory: ${{ runner.temp }}
+ - uses: actions/checkout@main
+ - name: autoreconf
+ run: autoreconf
+ - name: startup VM
+ run: vmstartup
+ working-directory: ${{ runner.temp }}
+ - name: configure
+ run: vmrun ./.github/configure.sh ${{ matrix.config }}
+ - name: save config
+ uses: actions/upload-artifact@main
+ with:
+ name: ${{ matrix.target }}-${{ matrix.config }}-config
+ path: config.h
+ - name: make clean
+ run: vmrun make clean
+ - name: make
+ run: vmrun make
+ - name: make tests
+ run: vmrun ./.github/run_test.sh ${{ matrix.config }}
+ timeout-minutes: 600
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@main
+ with:
+ name: ${{ matrix.target }}-${{ matrix.config }}-logs
+ path: |
+ config.h
+ config.log
+ regress/*.log
+ regress/valgrind-out/
+ - name: shutdown VM
+ if: always()
+ run: vmshutdown
+ working-directory: ${{ runner.temp }}
diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml
new file mode 100644
index 0000000..1e2c2ac
--- /dev/null
+++ b/.github/workflows/upstream.yml
@@ -0,0 +1,52 @@
+name: Upstream self-hosted
+
+on:
+ push:
+ branches: [ master ]
+ paths: [ '**.c', '**.h', '.github/**' ]
+
+jobs:
+ selfhosted:
+ if: github.repository == 'openssh/openssh-portable-selfhosted'
+ runs-on: 'libvirt'
+ env:
+ HOST: 'libvirt'
+ TARGET_HOST: ${{ matrix.target }}
+ TARGET_CONFIG: ${{ matrix.config }}
+ strategy:
+ fail-fast: false
+ matrix:
+ target: [ obsdsnap, obsdsnap-i386 ]
+ config: [ default, without-openssl, ubsan ]
+ steps:
+ - name: shutdown VM if running
+ run: vmshutdown
+ working-directory: ${{ runner.temp }}
+ - uses: actions/checkout@main
+ - name: startup VM
+ run: vmstartup
+ working-directory: ${{ runner.temp }}
+ - name: update source
+ run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
+ - name: make clean
+ run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj"
+ - name: make
+ run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
+ - name: make install
+ run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
+ - name: make tests`
+ run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
+ env:
+ SUDO: sudo
+ timeout-minutes: 300
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@main
+ with:
+ name: ${{ matrix.target }}-${{ matrix.config }}-logs
+ path: |
+ /usr/obj/regress/usr.bin/ssh/obj/*.log
+ - name: shutdown VM
+ if: always()
+ run: vmshutdown
+ working-directory: ${{ runner.temp }}