diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/c-cpp.yml | 125 | ||||
-rw-r--r-- | .github/workflows/cifuzz.yml | 32 | ||||
-rw-r--r-- | .github/workflows/selfhosted.yml | 116 | ||||
-rw-r--r-- | .github/workflows/upstream.yml | 52 |
4 files changed, 325 insertions, 0 deletions
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml new file mode 100644 index 0000000..e6ea495 --- /dev/null +++ b/.github/workflows/c-cpp.yml @@ -0,0 +1,125 @@ +name: C/C++ CI + +on: + push: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + pull_request: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + +jobs: + ci: + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] + config: [default] + # Then we include any extra configs we want to test for specific VMs. + # Valgrind slows things down quite a bit, so start them first. + include: + - { target: windows-2019, config: cygwin-release } + - { target: windows-2022, config: cygwin-release } + - { target: ubuntu-20.04, config: valgrind-1 } + - { target: ubuntu-20.04, config: valgrind-2 } + - { target: ubuntu-20.04, config: valgrind-3 } + - { target: ubuntu-20.04, config: valgrind-4 } + - { target: ubuntu-20.04, config: valgrind-5 } + - { target: ubuntu-20.04, config: valgrind-unit } + - { target: ubuntu-20.04, config: c89 } + - { target: ubuntu-20.04, config: clang-6.0 } + - { target: ubuntu-20.04, config: clang-8 } + - { target: ubuntu-20.04, config: clang-9 } + - { target: ubuntu-20.04, config: clang-10 } + - { target: ubuntu-20.04, config: clang-11 } + - { target: ubuntu-20.04, config: clang-12-Werror } + - { target: ubuntu-20.04, config: clang-sanitize-address } + - { target: ubuntu-20.04, config: clang-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-sanitize-address } + - { target: ubuntu-20.04, config: gcc-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-7 } + - { target: ubuntu-20.04, config: gcc-8 } + - { target: ubuntu-20.04, config: gcc-10 } + - { target: ubuntu-20.04, config: gcc-11-Werror } + - { target: ubuntu-20.04, config: pam } + - { target: ubuntu-20.04, config: kitchensink } + - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-20.04, config: tcmalloc } + - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: libressl-master } + - { target: ubuntu-latest, config: libressl-2.2.9 } + - { target: ubuntu-latest, config: libressl-2.8.3 } + - { target: ubuntu-latest, config: libressl-3.0.2 } + - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.3.6 } + - { target: ubuntu-latest, config: libressl-3.4.3 } + - { target: ubuntu-latest, config: libressl-3.5.3 } + - { target: ubuntu-latest, config: libressl-3.6.1 } + - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: openssl-master } + - { target: ubuntu-latest, config: openssl-noec } + - { target: ubuntu-latest, config: openssl-1.0.1 } + - { target: ubuntu-latest, config: openssl-1.0.1u } + - { target: ubuntu-latest, config: openssl-1.0.2u } + - { target: ubuntu-latest, config: openssl-1.1.0h } + - { target: ubuntu-latest, config: openssl-1.1.1 } + - { target: ubuntu-latest, config: openssl-1.1.1k } + - { target: ubuntu-latest, config: openssl-1.1.1n } + - { target: ubuntu-latest, config: openssl-1.1.1q } + - { target: ubuntu-latest, config: openssl-1.1.1s } + - { target: ubuntu-latest, config: openssl-3.0.0 } + - { target: ubuntu-latest, config: openssl-3.0.5 } + - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-1.1.1_stable } + - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-22.04, config: pam } + - { target: ubuntu-22.04, config: krb5 } + - { target: ubuntu-22.04, config: heimdal } + - { target: ubuntu-22.04, config: libedit } + - { target: ubuntu-22.04, config: sk } + - { target: ubuntu-22.04, config: selinux } + - { target: ubuntu-22.04, config: kitchensink } + - { target: ubuntu-22.04, config: without-openssl } + - { target: macos-11, config: pam } + - { target: macos-12, config: pam } + runs-on: ${{ matrix.target }} + steps: + - name: set cygwin git params + if: ${{ startsWith(matrix.target, 'windows') }} + run: git config --global core.autocrlf input + - name: install cygwin + if: ${{ startsWith(matrix.target, 'windows') }} + uses: cygwin/cygwin-install-action@master + - uses: actions/checkout@main + - name: setup CI system + run: sh ./.github/setup_ci.sh ${{ matrix.config }} + - name: autoreconf + run: sh -c autoreconf + - name: configure + run: sh ./.github/configure.sh ${{ matrix.config }} + - name: save config + uses: actions/upload-artifact@main + with: + name: ${{ matrix.target }}-${{ matrix.config }}-config + path: config.h + - name: make clean + run: make clean + - name: make + run: make -j2 + - name: make tests + run: sh ./.github/run_test.sh ${{ matrix.config }} + env: + TEST_SSH_UNSAFE_PERMISSIONS: 1 + TEST_SSH_HOSTBASED_AUTH: yes + - name: save logs + if: failure() + uses: actions/upload-artifact@main + with: + name: ${{ matrix.target }}-${{ matrix.config }}-logs + path: | + config.h + config.log + regress/*.log + regress/valgrind-out/ + regress/asan.log.* + regress/msan.log.* diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 0000000..7ca8c47 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,32 @@ +name: CIFuzz +on: + push: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + pull_request: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + +jobs: + Fuzzing: + if: github.repository != 'openssh/openssh-portable-selfhosted' + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + fuzz-seconds: 600 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@main + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml new file mode 100644 index 0000000..50bc9ff --- /dev/null +++ b/.github/workflows/selfhosted.yml @@ -0,0 +1,116 @@ +name: C/C++ CI self-hosted + +on: + push: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + +jobs: + selfhosted: + if: github.repository == 'openssh/openssh-portable-selfhosted' + runs-on: ${{ matrix.host }} + timeout-minutes: 600 + env: + HOST: ${{ matrix.host }} + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} + strategy: + fail-fast: false + # We use a matrix in two parts: firstly all of the VMs are tested with the + # default config. "target" corresponds to a label associated with the + # worker. The default is an ephemeral VM running under libvirt. + matrix: + target: + - alpine + - debian-i386 + - dfly30 + - dfly48 + - dfly58 + - dfly60 + - dfly62 + - fbsd10 + - fbsd12 + - fbsd13 + - minix3 + - nbsd3 + - nbsd4 + - nbsd8 + - nbsd9 + - obsd51 + - obsd67 + - obsd69 + - obsd70 + - obsdsnap + - obsdsnap-i386 + - openindiana + - sol10 + - sol11 + config: + - default + host: + - libvirt + include: + # Then we include extra libvirt test configs. + - { target: aix51, config: default, host: libvirt } + - { target: debian-i386, config: pam, host: libvirt } + - { target: dfly30, config: without-openssl, host: libvirt} + - { target: dfly48, config: pam ,host: libvirt } + - { target: dfly58, config: pam, host: libvirt } + - { target: dfly60, config: pam, host: libvirt } + - { target: dfly62, config: pam, host: libvirt } + - { target: fbsd10, config: pam, host: libvirt } + - { target: fbsd12, config: pam, host: libvirt } + - { target: fbsd13, config: pam, host: libvirt } + - { target: nbsd8, config: pam, host: libvirt } + - { target: nbsd9, config: pam, host: libvirt } + - { target: openindiana, config: pam, host: libvirt } + - { target: sol10, config: pam, host: libvirt } + - { target: sol11, config: pam-krb5, host: libvirt } + - { target: sol11, config: sol64, host: libvirt } + # VMs with persistent disks that have their own runner. + - { target: win10, config: default, host: win10 } + - { target: win10, config: cygwin-release, host: win10 } + # Physical hosts, with either native runners or remote via ssh. + - { target: ARM, config: default, host: ARM } + - { target: ARM64, config: default, host: ARM64 } + - { target: ARM64, config: pam, host: ARM64 } + - { target: debian-riscv64, config: default, host: debian-riscv64 } + - { target: openwrt-mips, config: default, host: openwrt-mips } + - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + steps: + - name: shutdown VM if running + run: vmshutdown + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main + - name: autoreconf + run: autoreconf + - name: startup VM + run: vmstartup + working-directory: ${{ runner.temp }} + - name: configure + run: vmrun ./.github/configure.sh ${{ matrix.config }} + - name: save config + uses: actions/upload-artifact@main + with: + name: ${{ matrix.target }}-${{ matrix.config }}-config + path: config.h + - name: make clean + run: vmrun make clean + - name: make + run: vmrun make + - name: make tests + run: vmrun ./.github/run_test.sh ${{ matrix.config }} + timeout-minutes: 600 + - name: save logs + if: failure() + uses: actions/upload-artifact@main + with: + name: ${{ matrix.target }}-${{ matrix.config }}-logs + path: | + config.h + config.log + regress/*.log + regress/valgrind-out/ + - name: shutdown VM + if: always() + run: vmshutdown + working-directory: ${{ runner.temp }} diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml new file mode 100644 index 0000000..1e2c2ac --- /dev/null +++ b/.github/workflows/upstream.yml @@ -0,0 +1,52 @@ +name: Upstream self-hosted + +on: + push: + branches: [ master ] + paths: [ '**.c', '**.h', '.github/**' ] + +jobs: + selfhosted: + if: github.repository == 'openssh/openssh-portable-selfhosted' + runs-on: 'libvirt' + env: + HOST: 'libvirt' + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} + strategy: + fail-fast: false + matrix: + target: [ obsdsnap, obsdsnap-i386 ] + config: [ default, without-openssl, ubsan ] + steps: + - name: shutdown VM if running + run: vmshutdown + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main + - name: startup VM + run: vmstartup + working-directory: ${{ runner.temp }} + - name: update source + run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" + - name: make clean + run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj" + - name: make + run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + - name: make install + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + - name: make tests` + run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + env: + SUDO: sudo + timeout-minutes: 300 + - name: save logs + if: failure() + uses: actions/upload-artifact@main + with: + name: ${{ matrix.target }}-${{ matrix.config }}-logs + path: | + /usr/obj/regress/usr.bin/ssh/obj/*.log + - name: shutdown VM + if: always() + run: vmshutdown + working-directory: ${{ runner.temp }} |