Fixes #1698: prevent use-after-free of qd_link_t on session close #710
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Licensed to the Apache Software Foundation (ASF) under one | |
# or more contributor license agreements. See the NOTICE file | |
# distributed with this work for additional information | |
# regarding copyright ownership. The ASF licenses this file | |
# to you under the Apache License, Version 2.0 (the | |
# "License"); you may not use this file except in compliance | |
# with the License. You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, | |
# software distributed under the License is distributed on an | |
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
# KIND, either express or implied. See the License for the | |
# specific language governing permissions and limitations | |
# under the License. | |
# | |
name: Build | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
protonRepository: | |
description: GitHub repository where to fetch Qpid Proton from | |
type: string | |
default: 'apache/qpid-proton' | |
required: false | |
protonBranch: | |
description: Branch in the protonRepository to check out (in addition to hardcoded branches) | |
type: string | |
default: main | |
required: false | |
# known limitation https://github.com/actions/runner/issues/480 | |
env: | |
protonRepository: "${{ github.event.inputs.protonRepository || 'apache/qpid-proton' }}" | |
protonBranch: "${{ github.event.inputs.protonBranch || 'main' }}" | |
jobs: | |
###################### | |
### Ubuntu Compile ### | |
###################### | |
compile: | |
name: "Compile (${{matrix.os}}, ${{matrix.buildType}}, ${{matrix.runtimeCheck}}, proton ${{matrix.protonGitRef}})" | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-24.04] | |
buildType: [Debug, RelWithDebInfo] | |
runtimeCheck: [asan, tsan] | |
protonGitRef: | |
- ${{ github.event.inputs.protonBranch || 'main' }} | |
- 0.40.0 | |
exclude: | |
- buildType: Debug | |
runtimeCheck: tsan | |
- buildType: RelWithDebInfo | |
runtimeCheck: asan | |
env: | |
CC: 'gcc-12' | |
CXX: 'g++-12' | |
BuildType: ${{matrix.buildType}} | |
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build | |
RouterBuildDir: ${{github.workspace}}/skupper-router/build | |
InstallPrefix: ${{github.workspace}}/install | |
VERBOSE: 1 | |
ProtonCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DBUILD_BINDINGS=python | |
-DBUILD_TOOLS=OFF | |
-DBUILD_EXAMPLES=OFF | |
-DBUILD_TESTING=OFF | |
-DENABLE_FUZZ_TESTING=OFF | |
-DRUNTIME_CHECK=${{matrix.runtimeCheck}} | |
-DBUILD_TLS=ON | |
RouterCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DCMAKE_C_FLAGS=-DQD_MEMORY_DEBUG | |
-DRUNTIME_CHECK=${{matrix.runtimeCheck}} | |
-DSANITIZE_PYTHON=OFF | |
-DBUILD_BENCHMARKS=ON | |
CCACHE_BASEDIR: ${{github.workspace}} | |
CCACHE_DIR: ${{github.workspace}}/.ccache | |
CCACHE_COMPRESS: 'true' | |
CCACHE_MAXSIZE: '400MB' | |
SKUPPER_SYSTEM_TEST_SKIP_POLICY: True | |
SKUPPER_SYSTEM_TEST_SKIP_DELIVERY_ABORT: True | |
steps: | |
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22 | |
- name: Escape job identifier for artifact naming | |
run: | | |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.protonGitRef}}" | |
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g') | |
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV | |
- name: Show environment (Linux) | |
if: ${{ always() && runner.os == 'Linux' }} | |
run: env -0 | sort -z | tr '\0' '\n' | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.protonRepository }} | |
ref: ${{ matrix.protonGitRef }} | |
path: 'qpid-proton' | |
- uses: actions/checkout@v4 | |
with: | |
path: 'skupper-router' | |
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/ | |
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files | |
- name: Prepare ccache timestamp | |
id: ccache_cache_timestamp | |
shell: cmake -P {0} | |
run: | | |
string(TIMESTAMP current_date "%Y-%m-%d-%H;%M;%S" UTC) | |
file(APPEND "$ENV{GITHUB_OUTPUT}" "timestamp=${current_date}") | |
- uses: actions/cache@v4 | |
env: | |
cache-name: cache-ccache | |
with: | |
path: .ccache | |
key: ${{ github.workflow }}-${{ matrix.os }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}-${{ steps.ccache_cache_timestamp.outputs.timestamp }} | |
restore-keys: | | |
${{ github.workflow }}-${{ matrix.os }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }} | |
- name: Create Build and Install directories | |
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "${InstallPrefix}" | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
architecture: x64 | |
check-latest: true | |
- name: Install Linux build dependencies | |
run: | | |
sudo apt update; sudo apt install -y libdw-dev swig libpython3-dev libsasl2-dev libjsoncpp-dev libwebsockets-dev libnghttp2-dev ccache ninja-build pixz libbenchmark-dev nginx libunwind-dev | |
- name: Zero ccache stats | |
run: ccache -z | |
- name: Install python packages for proton from ci_requirements.txt | |
run: python3 -m pip install --upgrade -r ${{github.workspace}}/qpid-proton/python/ci_requirements.txt | |
- name: qpid-proton cmake configure | |
working-directory: ${{env.ProtonBuildDir}} | |
run: > | |
cmake "${{github.workspace}}/qpid-proton" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
"-GNinja" \ | |
${ProtonCMakeExtraArgs} | |
- name: qpid-proton cmake build/install | |
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} -t install --parallel 6 | |
- name: Display ccache stats | |
run: ccache -s | |
- name: skupper-router cmake configure | |
working-directory: ${{env.RouterBuildDir}} | |
run: > | |
cmake "${{github.workspace}}/skupper-router" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
"-DPYTHON_TEST_COMMAND='-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \ | |
"-DPYTHON_TEST_COMMAND='-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \ | |
"-GNinja" \ | |
${RouterCMakeExtraArgs} | |
- name: skupper-router cmake build/install | |
run: cmake --build "${RouterBuildDir}" --config ${BuildType} -t install --parallel 6 | |
- name: Display ccache stats | |
run: ccache -s | |
# github actions/upload-artifact@v2 does not preserve executable permission on binaries | |
- name: Compress build | |
working-directory: ${{github.workspace}} | |
run: > | |
tar \ | |
-I pixz \ | |
-cf /tmp/archive.tar.xz \ | |
--exclude '*.o' \ | |
--exclude '*.pyc' \ | |
--exclude '.git' \ | |
skupper-router \ | |
install \ | |
qpid-proton/build/python | |
- name: Upload archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: skupper_router_wrk_${{env.JOB_IDENTIFIER}} | |
path: /tmp/archive.tar.xz | |
################### | |
### Ubuntu Test ### | |
################### | |
test: | |
name: 'Test (${{matrix.os}}, ${{matrix.buildType}}, ${{matrix.runtimeCheck}}, proton ${{matrix.protonGitRef}}, shard ${{matrix.shard}} of ${{matrix.shards}})' | |
runs-on: ${{ matrix.os }} | |
needs: [compile] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-24.04] | |
buildType: [Debug, RelWithDebInfo] | |
runtimeCheck: [asan, tsan] | |
protonGitRef: | |
- ${{ github.event.inputs.protonBranch || 'main' }} | |
- 0.40.0 | |
shard: [1, 2] | |
shards: [2] | |
exclude: | |
- buildType: Debug | |
runtimeCheck: tsan | |
- buildType: RelWithDebInfo | |
runtimeCheck: asan | |
env: | |
CC: 'gcc-12' | |
CXX: 'g++-12' | |
BuildType: ${{matrix.buildType}} | |
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build | |
RouterBuildDir: ${{github.workspace}}/skupper-router/build | |
InstallPrefix: ${{github.workspace}}/install | |
RouterCTestExtraArgs: "" | |
LD_LIBRARY_PATH: ${{github.workspace}}/install/lib | |
QPID_SYSTEM_TEST_TIMEOUT: 300 | |
QPID_SYSTEM_TEST_SKIP_FALLBACK_SWITCHOVER_TEST: True | |
# this enables colored output | |
FORCE_COLOR: 1 | |
COLUMNS: 160 | |
steps: | |
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22 | |
- name: Escape job identifier for artifact naming | |
run: | | |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.protonGitRef}}" | |
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g') | |
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV | |
- name: Show environment (Linux) | |
if: ${{ always() && runner.os == 'Linux' }} | |
run: env -0 | sort -z | tr '\0' '\n' | |
- name: Download Build | |
uses: actions/download-artifact@v4 | |
with: | |
name: skupper_router_wrk_${{env.JOB_IDENTIFIER}} | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
architecture: x64 | |
check-latest: true | |
- name: Install Linux runtime/test dependencies | |
run: | | |
sudo apt update; sudo apt install -y libdw1 libsasl2-2 libsasl2-modules sasl2-bin libjsoncpp25 libwebsockets19t64 libbenchmark1.8.3 pixz curl ncat gdb elfutils findutils file python3-dbg | |
- name: Unpack archive | |
run: tar -I pixz -xf archive.tar.xz | |
- name: Install Python runtime/test dependencies | |
run: python -m pip install -r ${{github.workspace}}/skupper-router/requirements-dev.txt | |
- name: install qpid-proton python wheel | |
run: python -m pip install $(find ${ProtonBuildDir}/python/dist -name 'python_qpid_proton*.whl') | |
- name: CTest | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
sudo sysctl -w kernel.core_pattern="coredump.%e.%p" | |
ulimit -c unlimited | |
sudo sysctl -w vm.mmap_rnd_bits=28 | |
ctest --timeout 1200 -V --output-junit Testing/Test.xml --no-compress-output -I ${{matrix.shard}},,${{matrix.shards}} -j12 ${{env.RouterCTestExtraArgs}} | |
- name: Report coredump stacktraces (if any tests failed) | |
if: ${{ failure() }} | |
run: | | |
find -name 'coredump*' -exec ${{github.workspace}}/skupper-router/scripts/gha_analyze_coredump.sh {} \; | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
if: ${{ ! cancelled() }} | |
with: | |
name: Test_Results_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: ${{env.RouterBuildDir}}/tests/junitxmls/*.xml | |
- name: Delete logs from passing tests | |
if: ${{ failure() }} | |
continue-on-error: true | |
run: python3 ${{github.workspace}}/skupper-router/scripts/gha_purge_successful_test_logs.py --build-dir=${{env.RouterBuildDir}} --no-dry-run | |
- name: Upload log files (if any tests failed) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: testLogs_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
${{env.RouterBuildDir}}/tests | |
- name: Upload core files (if any) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cores_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
**/coredump* | |
#################### | |
### Raspberry PI ### | |
#################### | |
compile_and_test_pi5: | |
name: "Compile and Test on Pi 5 (aarch64 on Pi 5 proton main)" | |
runs-on: self-hosted-arm64 | |
env: | |
CC: 'gcc-12' | |
CXX: 'g++-12' | |
BuildType: RelWithDebInfo | |
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build | |
RouterBuildDir: ${{github.workspace}}/skupper-router/build | |
InstallPrefix: ${{github.workspace}}/install | |
VERBOSE: 1 | |
protonRepository: "${{ github.event.inputs.protonRepository || 'apache/qpid-proton' }}" | |
protonBranch: "${{ github.event.inputs.protonBranch || 'main' }}" | |
ProtonCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DBUILD_BINDINGS=python | |
-DPython_EXECUTABLE=/usr/bin/python3 | |
-DBUILD_TOOLS=OFF | |
-DBUILD_EXAMPLES=OFF | |
-DBUILD_TESTING=OFF | |
-DENABLE_FUZZ_TESTING=OFF | |
-DRUNTIME_CHECK=OFF | |
-DBUILD_TLS=ON | |
RouterCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DPython_EXECUTABLE=/usr/bin/python3 | |
-DRUNTIME_CHECK=OFF | |
-DENABLE_PROFILE_GUIDED_OPTIMIZATION=OFF | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.protonRepository }} | |
ref: main | |
path: 'qpid-proton' | |
- uses: actions/checkout@v4 | |
with: | |
path: 'skupper-router' | |
- name: Install Linux build dependencies | |
run: | | |
sudo apt update; sudo apt install -y flake8 mypy pylint python3-qpid-proton libpython3-dev ninja-build ccache libwebsockets-dev libnghttp2-dev nginx python3-build python3-cffi python3-pip python3-setuptools python3-wheel tox | |
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/ | |
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files | |
- name: Prepare ccache timestamp | |
id: ccache_cache_timestamp | |
shell: cmake -P {0} | |
run: | | |
string(TIMESTAMP current_date "%Y-%m-%d-%H;%M;%S" UTC) | |
file(APPEND "$ENV{GITHUB_OUTPUT}" "timestamp=${current_date}") | |
- uses: actions/cache@v4 | |
env: | |
cache-name: cache-ccache | |
with: | |
path: .ccache | |
key: ${{ github.workflow }}-main-${{ env.cache-name }}-${{ steps.ccache_cache_timestamp.outputs.timestamp }} | |
restore-keys: | | |
${{ github.workflow }}-main-${{ env.cache-name }} | |
- name: Create Build and Install directories | |
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "{InstallPrefix}" | |
- name: Zero ccache stats | |
run: ccache -z | |
- name: qpid-proton cmake configure | |
working-directory: ${{env.ProtonBuildDir}} | |
run: > | |
cmake "${{github.workspace}}/qpid-proton" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
${ProtonCMakeExtraArgs} | |
- name: qpid-proton cmake build/install | |
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} --target install --parallel 2 | |
- name: Display ccache stats | |
run: ccache -s | |
- name: skupper-router cmake configure | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
cmake "${{github.workspace}}/skupper-router" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
"-DPYTHON_TEST_COMMAND='-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \ | |
${RouterCMakeExtraArgs} | |
- name: skupper-router cmake build/install | |
run: cmake --build "${RouterBuildDir}" --config ${BuildType} --target install --parallel 6 | |
- name: Install Python runtime/test dependencies | |
run: python3 -m pip install --break-system-packages -r ${{github.workspace}}/skupper-router/requirements-dev.txt | |
- name: Install Linux runtime/test dependencies | |
run: | | |
sudo apt update; sudo apt install -y libdw1 libsasl2-2 libsasl2-modules sasl2-bin libjsoncpp25 pixz curl libwebsockets-dev ncat gdb elfutils findutils file python3-dbg | |
- name: install qpid-proton python wheel | |
run: python3 -m pip install --break-system-packages $(find ${ProtonBuildDir}/python/dist -name 'python_qpid_proton*.whl') | |
- name: CTest | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
ulimit -c unlimited | |
threads=4 | |
ctest --timeout 1200 -V --output-junit Testing/Test.xml --output-on-failure --no-compress-output -j${threads} | |
- name: Report coredump stacktraces (if any tests failed) | |
if: ${{ failure() }} | |
run: | | |
find -name 'coredump*' -exec ${{github.workspace}}/skupper-router/scripts/gha_analyze_coredump.sh {} \; | |
- name: Dump dmesg (on failure) | |
if: ${{ failure() }} | |
run: dmesg | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
if: ${{ ! cancelled() }} | |
with: | |
name: Test_Results_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: ${{env.RouterBuildDir}}/tests/junitxmls/*.xml | |
- name: Delete logs from passing tests | |
if: ${{ failure() }} | |
continue-on-error: true | |
run: python3 ${{github.workspace}}/skupper-router/scripts/gha_purge_successful_test_logs.py --build-dir=${{env.RouterBuildDir}} --no-dry-run | |
- name: Upload log files (if any tests failed) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: testLogs_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
${{env.RouterBuildDir}}/tests | |
- name: Upload core files (if any) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cores_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
**/coredump* | |
#################### | |
### Fedora Tests ### | |
#################### | |
compile_and_test: | |
name: "Compile and Test (${{matrix.container}}:${{matrix.containerTag}}, ${{matrix.buildType}}, ${{matrix.runtimeCheck}}, proton ${{matrix.protonGitRef}}, shard ${{matrix.shard}} of ${{matrix.shards}})" | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
container: ['fedora'] | |
containerTag: ['41'] | |
cc: [gcc] | |
cxx: [g++] | |
python: [python3.11] | |
buildType: [RelWithDebInfo, Debug] | |
runtimeCheck: [asan, tsan] | |
protonGitRef: | |
- ${{ github.event.inputs.protonBranch || 'main' }} | |
- 0.40.0 | |
shard: [ 1, 2 ] | |
shards: [ 2 ] | |
exclude: | |
- buildType: Debug | |
runtimeCheck: tsan | |
- buildType: RelWithDebInfo | |
runtimeCheck: asan | |
include: | |
# CentOS 9: Coverage Proton-main 1 of 2 | |
- os: ubuntu-latest | |
container: 'centos' | |
containerTag: stream9 | |
cc: gcc | |
cxx: g++ | |
python: python3 | |
buildType: Coverage | |
covType: system | |
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
runtimeCheck: OFF | |
shard: 1 | |
shards: 2 | |
# CentOS 9: Coverage Proton-main 2 of 2 | |
- os: ubuntu-latest | |
container: 'centos' | |
containerTag: stream9 | |
cc: gcc | |
cxx: g++ | |
python: python3 | |
buildType: Coverage | |
covType: system | |
runtimeCheck: OFF | |
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
shard: 2 | |
shards: 2 | |
# CentOS 9: Release Proton-main 1 of 2 | |
- os: ubuntu-latest | |
container: 'centos' | |
containerTag: stream9 | |
cc: gcc | |
cxx: g++ | |
python: python3 | |
buildType: RelWithDebInfo | |
runtimeCheck: OFF | |
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
shard: 1 | |
shards: 2 | |
# CentOS 9: Release Proton-main 2 of 2 | |
- os: ubuntu-latest | |
container: 'centos' | |
containerTag: stream9 | |
cc: gcc | |
cxx: g++ | |
python: python3 | |
buildType: RelWithDebInfo | |
runtimeCheck: OFF | |
protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
shard: 2 | |
shards: 2 | |
# # unittest coverage | |
# - os: ubuntu-latest | |
# container: 'fedora' | |
# containerTag: 41 | |
# cc: gcc | |
# cxx: g++ | |
# python: python3.12 | |
# buildType: Coverage | |
# covType: unit | |
# runtimeCheck: OFF | |
# protonGitRef: 0.40.0 | |
# routerCTestExtraArgs: "-R 'unittests|unit_tests|threaded_timer_test|router_engine_test|management_test|router_policy_test|test_command'" | |
# shard: 1 | |
# shards: 1 | |
# # clang | |
#- os: ubuntu-latest | |
# container: 'fedora' | |
# containerTag: 41 | |
# cc: clang | |
# cxx: clang++ | |
# python: python3.11 | |
# buildType: RelWithDebInfo | |
# runtimeCheck: asan | |
# protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
# shard: 1 | |
# shards: 2 | |
#- os: ubuntu-latest | |
# container: 'fedora' | |
# containerTag: 41 | |
# cc: clang | |
# cxx: clang++ | |
# python: python3.11 | |
# buildType: RelWithDebInfo | |
# runtimeCheck: asan | |
# protonGitRef: ${{ github.event.inputs.protonBranch || 'main' }} | |
# shard: 2 | |
# shards: 2 | |
container: | |
image: 'quay.io/${{ matrix.container }}/${{ matrix.container }}:${{ matrix.containerTag }}' | |
volumes: | |
- ${{github.workspace}}:${{github.workspace}} | |
options: --privileged --ulimit core=-1 --security-opt apparmor:unconfined --security-opt seccomp=unconfined --sysctl net.ipv6.conf.all.disable_ipv6=0 | |
env: | |
BuildType: ${{matrix.buildType}} | |
CC: ${{matrix.cc}} | |
CXX: ${{matrix.cxx}} | |
PYTHON: ${{matrix.python || 'python3'}} | |
ProtonBuildDir: ${{github.workspace}}/qpid-proton/build | |
RouterBuildDir: ${{github.workspace}}/skupper-router/build | |
InstallPrefix: ${{github.workspace}}/install | |
RouterCTestExtraArgs: ${{matrix.routerCTestExtraArgs}} | |
# this enables colored output | |
FORCE_COLOR: 1 | |
COLUMNS: 160 | |
# TODO(DISPATCH-2144) use -DPython_EXECUTABLE=/usr/bin/python3-debug when issue is fixed, | |
# as that allows for -DSANITIZE_3RD_PARTY=ON on Fedora | |
# TODO(https://github.com/google/sanitizers/issues/1385) some targeted asan suppressions don't work on Fedora | |
ProtonCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DBUILD_BINDINGS=python | |
-DPython_EXECUTABLE=/usr/bin/${{matrix.python || 'python3'}} | |
-DBUILD_TOOLS=OFF | |
-DBUILD_EXAMPLES=OFF | |
-DBUILD_TESTING=OFF | |
-DENABLE_FUZZ_TESTING=OFF | |
-DRUNTIME_CHECK=${{matrix.runtimeCheck}} | |
-DBUILD_TLS=ON | |
RouterCMakeExtraArgs: > | |
-DCMAKE_C_COMPILER_LAUNCHER=ccache | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
-DPython_EXECUTABLE=/usr/bin/${{matrix.python || 'python3'}} | |
-DRUNTIME_CHECK=${{matrix.runtimeCheck}} | |
CCACHE_BASEDIR: ${{github.workspace}} | |
CCACHE_DIR: ${{github.workspace}}/.ccache | |
CCACHE_COMPRESS: 'true' | |
CCACHE_MAXSIZE: '400MB' | |
QPID_SYSTEM_TEST_TIMEOUT: 300 | |
QPID_SYSTEM_TEST_SKIP_FALLBACK_SWITCHOVER_TEST: True | |
SKUPPER_SYSTEM_TEST_SKIP_POLICY: True | |
SKUPPER_SYSTEM_TEST_SKIP_DELIVERY_ABORT: True | |
VERBOSE: 1 | |
steps: | |
# The option to enable + in sed regexps differs by OS so we avoid it, https://github.com/actions/upload-artifact/issues/22 | |
- name: Escape job identifier for artifact naming | |
run: | | |
_jobIdentifierRaw="${{matrix.os}}_${{matrix.container}}_${{matrix.buildType}}_${{matrix.runtimeCheck}}_${{matrix.cc}}_${{matrix.protonGitRef}}" | |
jobIdentifier=$(echo -n "${_jobIdentifierRaw}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g') | |
echo "JOB_IDENTIFIER=${jobIdentifier}" >> $GITHUB_ENV | |
- name: Show environment (Linux) | |
if: ${{ always() && runner.os == 'Linux' }} | |
run: env -0 | sort -z | tr '\0' '\n' | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.protonRepository }} | |
ref: ${{ matrix.protonGitRef }} | |
path: 'qpid-proton' | |
- uses: actions/checkout@v4 | |
with: | |
path: 'skupper-router' | |
- name: Enable additional package repositories for CentOS 9 | |
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }} | |
run: | | |
dnf -y install epel-release 'dnf-command(config-manager)' | |
dnf config-manager --set-enabled crb | |
# also sets LD_LIBRARY_PATH to find libclang_rt.asan-x86_64.so for asan'd proton | |
- name: Install Linux compiler (clang) | |
if: ${{ matrix.cc == 'clang' }} | |
run: | | |
dnf install -y clang compiler-rt llvm | |
echo "LD_LIBRARY_PATH=$(dirname $(clang --print-file-name libclang_rt.asan-x86_64.so))" >> $GITHUB_ENV | |
- name: Install Linux compiler (gcc) | |
if: ${{ matrix.cc == 'gcc' }} | |
run: dnf install -y gcc gcc-c++ | |
- name: Install Linux build dependencies | |
run: | | |
dnf install -y elfutils-devel cmake libuuid-devel openssl openssl-devel cyrus-sasl-devel cyrus-sasl-plain swig make libwebsockets-devel libnghttp2-devel ccache libasan libubsan libtsan libunwind-devel | |
- name: Install Linux build dependencies (Fedora) | |
if: ${{ matrix.container == 'fedora' }} | |
run: | | |
dnf install -y ${PYTHON} ${PYTHON}-devel python3-pip | |
${PYTHON} -m ensurepip | |
# util-linux-core provides dmesg | |
- name: Install Linux build dependencies (CentOS 9) | |
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }} | |
run: dnf install -y util-linux-core python3-devel python3-pip | |
- name: Upgrade pip | |
run: ${PYTHON} -m pip install --upgrade pip | |
- name: Install python package for qpid-proton | |
run: ${PYTHON} -m pip install --upgrade -r ${{github.workspace}}/qpid-proton/python/ci_requirements.txt | |
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/ | |
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files | |
- name: Prepare ccache timestamp | |
id: ccache_cache_timestamp | |
shell: cmake -P {0} | |
run: | | |
string(TIMESTAMP current_date "%Y-%m-%d-%H;%M;%S" UTC) | |
file(APPEND "$ENV{GITHUB_OUTPUT}" "timestamp=${current_date}") | |
- uses: actions/cache@v4 | |
env: | |
cache-name: cache-ccache | |
with: | |
path: .ccache | |
key: ${{ github.workflow }}-${{ matrix.container }}-${{ matrix.containerTag }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }}-${{ steps.ccache_cache_timestamp.outputs.timestamp }} | |
restore-keys: | | |
${{ github.workflow }}-${{ matrix.container }}-${{ matrix.containerTag }}-${{ matrix.runtimeCheck }}-${{ matrix.protonGitRef }}-${{ env.cache-name }} | |
- name: Create Build and Install directories | |
run: mkdir -p "${ProtonBuildDir}" "${RouterBuildDir}" "{InstallPrefix}" | |
- name: Zero ccache stats | |
run: ccache -z | |
- name: qpid-proton cmake configure | |
working-directory: ${{env.ProtonBuildDir}} | |
run: > | |
cmake "${{github.workspace}}/qpid-proton" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
${ProtonCMakeExtraArgs} | |
- name: qpid-proton cmake build/install | |
run: cmake --build "${ProtonBuildDir}" --config ${BuildType} --target install --parallel 6 | |
- name: Display ccache stats | |
run: ccache -s | |
- name: enable asserts on asan build | |
if: matrix.runtimeCheck == 'asan' || matrix.runtimeCheck == 'OFF' | |
run: echo "RouterCMakeAsserts=ON" >> $GITHUB_ENV | |
- name: disable asserts on tsan build | |
if: matrix.runtimeCheck == 'tsan' | |
run: echo "RouterCMakeAsserts=OFF" >> $GITHUB_ENV | |
- name: disable Python leak checking on CentOS build | |
if: matrix.container == 'centos' | |
run: echo "RouterCMakeSanitizePython=OFF" >> $GITHUB_ENV | |
- name: skupper-router cmake configure | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
if [[ ${BuildType} == "Coverage" ]]; then CoverageOpts="-m;coverage;run"; fi | |
cmake "${{github.workspace}}/skupper-router" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
"-DCMAKE_BUILD_TYPE=${BuildType}" \ | |
"-DPYTHON_TEST_COMMAND='${CoverageOpts};-m;pytest;-vs;--timeout=400;--junit-prefix=pytest.\${py_test_module};--junit-xml=junitxmls/\${py_test_module}.xml;--pyargs;\${py_test_module}'" \ | |
${RouterCMakeExtraArgs} -DQD_ENABLE_ASSERTIONS=${RouterCMakeAsserts} -DSANITIZE_PYTHON=${RouterCMakeSanitizePython:-ON} | |
- name: skupper-router cmake build/install | |
run: cmake --build "${RouterBuildDir}" --config ${BuildType} --target install --parallel 6 | |
- name: Display ccache stats | |
run: ccache -s | |
- name: Show environment (Linux) | |
if: ${{ always() && runner.os == 'Linux' }} | |
run: env -0 | sort -z | tr '\0' '\n' | |
- name: Upgrade pip | |
run: ${PYTHON} -m pip install --upgrade pip | |
- name: Install Python runtime/test dependencies | |
run: ${PYTHON} -m pip install -r ${{github.workspace}}/skupper-router/requirements-dev.txt | |
- name: Install Linux runtime/test dependencies | |
run: | | |
dnf install -y nmap-ncat gdb binutils elfutils elfutils-debuginfod-client findutils file nginx | |
command -v curl || dnf install -y curl | |
dnf debuginfo-install -y python3 | |
- name: install qpid-proton python wheel | |
run: ${PYTHON} -m pip install $(find ${ProtonBuildDir}/python/dist -name 'python_qpid_proton*.whl') | |
- name: CTest | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
echo "coredump.%e.%p" > /proc/sys/kernel/core_pattern | |
ulimit -c unlimited | |
threads=12 | |
if [[ "${{ matrix.runtimeCheck }}" == "tsan" ]]; then | |
threads=6 | |
fi | |
ctest --timeout 1200 -V --output-junit Testing/Test.xml --output-on-failure --no-compress-output -I ${{matrix.shard}},,${{matrix.shards}} -j${threads} ${{env.RouterCTestExtraArgs}} | |
- name: Process C Coverage | |
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }} | |
working-directory: ${{env.RouterBuildDir}} | |
run: | | |
dnf install -y lcov | |
cmake --build . --target coverage | |
# https://github.com/codecov/codecov-action | |
- name: Upload C Coverage | |
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }} | |
uses: codecov/codecov-action@v3 | |
with: | |
flags: ${{matrix.covType}}tests | |
verbose: true | |
gcov: true | |
name: skupper-router | |
root_dir: . | |
working-directory: ${{github.workspace}}/skupper-router | |
- name: Process Python coverage | |
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }} | |
run: | | |
coverage combine | |
coverage xml | |
working-directory: ${{env.RouterBuildDir}}/tests | |
- name: Upload Python Coverage | |
if: ${{ !cancelled() && matrix.buildType == 'Coverage' }} | |
uses: codecov/codecov-action@v3 | |
with: | |
flags: py${{matrix.covType}}tests | |
verbose: true | |
directory: ${{env.RouterBuildDir}}/tests | |
name: skupper-router | |
root_dir: . | |
working-directory: ${{github.workspace}}/skupper-router | |
- name: Report coredump stacktraces (if any tests failed) | |
if: ${{ failure() }} | |
run: | | |
find -name 'coredump*' -exec ${{github.workspace}}/skupper-router/scripts/gha_analyze_coredump.sh {} \; | |
- name: Dump dmesg (on failure) | |
if: ${{ failure() }} | |
run: dmesg | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
if: ${{ ! cancelled() }} | |
with: | |
name: Test_Results_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: ${{env.RouterBuildDir}}/tests/junitxmls/*.xml | |
- name: Delete logs from passing tests | |
if: ${{ failure() }} | |
continue-on-error: true | |
run: python3 ${{github.workspace}}/skupper-router/scripts/gha_purge_successful_test_logs.py --build-dir=${{env.RouterBuildDir}} --no-dry-run | |
- name: Upload log files (if any tests failed) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: testLogs_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
${{env.RouterBuildDir}}/tests | |
- name: Upload core files (if any) | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cores_${{env.JOB_IDENTIFIER}}_${{matrix.shard}} | |
path: | | |
**/coredump* | |
###################### | |
### Python Checker ### | |
###################### | |
python: | |
name: 'Python Checker (${{ matrix.os }})' | |
runs-on: '${{ matrix.os }}' | |
strategy: | |
matrix: | |
os: [ 'ubuntu-latest' ] | |
env: | |
DispatchBuildDir: ${{github.workspace}}/build | |
InstallPrefix: ${{github.workspace}}/install | |
DispatchCMakeExtraArgs: > | |
-GNinja | |
# this enables colored output | |
FORCE_COLOR: 1 | |
COLUMNS: 160 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.protonRepository }} | |
ref: ${{ env.protonBranch }} | |
path: 'qpid-proton' | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
architecture: x64 | |
check-latest: true | |
- name: Install Linux build dependencies | |
run: | | |
sudo apt update; sudo apt install -y flake8 mypy pylint python3-qpid-proton libpython3-dev ninja-build libwebsockets-dev libnghttp2-dev nginx | |
- name: Install qpid-proton | |
run: | | |
cmake -S qpid-proton -B qpid-proton -GNinja -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_BINDINGS=OFF -DBUILD_TOOLS=OFF -DBUILD_TESTING=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TLS=ON | |
cmake --build qpid-proton | |
sudo cmake --install qpid-proton | |
- uses: actions/checkout@v4 | |
- name: Create Build and Install directories | |
run: mkdir -p "${DispatchBuildDir}" "{InstallPrefix}" | |
- name: skupper-router cmake configure | |
working-directory: ${{env.DispatchBuildDir}} | |
run: > | |
cmake "${{github.workspace}}" \ | |
"-DCMAKE_INSTALL_PREFIX=${InstallPrefix}" \ | |
${DispatchCMakeExtraArgs} | |
- name: CTest -R python-checker | |
working-directory: ${{env.DispatchBuildDir}} | |
run: ctest -VV -R python-checker | |
################################### | |
### AMD64 Container Image Build ### | |
################################### | |
container_amd64: | |
name: amd64 container image | |
runs-on: ubuntu-latest | |
env: | |
ImageName: local/skupper-router:local | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install podman | |
run: | | |
sudo mkdir -p /etc/apt/keyrings | |
curl -fsSL https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_$(lsb_release -rs)/Release.key \ | |
| gpg --dearmor \ | |
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\ | |
https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_$(lsb_release -rs)/ /" \ | |
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null | |
sudo apt-get update -qq | |
sudo apt-get -qq -y install podman | |
podman version | |
# temporary fix for https://github.com/containers/podman/issues/21024 | |
wget https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/amd64/conmon_2.1.2~0_amd64.deb -O /tmp/conmon_2.1.2.deb | |
sudo apt install /tmp/conmon_2.1.2.deb | |
# Starting systemd user service | |
systemctl --user start podman.socket | |
echo "PODMAN_SOCK=/run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV | |
echo "DOCKER_HOST=unix:///run/user/${UID}/podman/podman.sock" >> $GITHUB_ENV | |
- name: Build Containerfile | |
run: | | |
podman build --build-arg PLATFORM=amd64 -t ${{ env.ImageName }} -f ./Containerfile . | |
# When rustup is updated, it tries to replace its binary, which on Windows is somehow locked. | |
# This can result in a CI failure, see: https://github.com/rust-lang/rustup/issues/3029 | |
# - name: Install rust with rustup | |
# run: | | |
# rustup set auto-self-update disable | |
# rustup toolchain install stable --profile minimal | |
# | |
# - uses: Swatinem/rust-cache@v2 | |
# | |
# - name: Compile and run .rs tests | |
# run: | | |
# cargo check | |
# cargo test -- --test-threads=1 --nocapture | |
# env: | |
# QDROUTERD_IMAGE: ${{ env.ImageName }} | |
# CARGO_INCREMENTAL: 0 | |
# RUST_LOG: info | |
# RUST_BACKTRACE: 1 | |
# Trivy and Grype are the scanners that GitLab integrates with (at the time of writing) | |
# - name: Run Trivy security scan on the image | |
# if: ${{ ! cancelled() }} | |
# # https://aquasecurity.github.io/trivy/v0.43/getting-started/installation/#use-container-image | |
# run: | | |
# podman run --rm \ | |
# -v ${PODMAN_SOCK}:/var/run/docker.sock \ | |
# -v ${{github.workspace}}:${{github.workspace}} \ | |
# docker.io/aquasec/trivy:latest \ | |
# image \ | |
# --scanners vuln,secret --ignore-unfixed --exit-code=1 \ | |
# --secret-config=${{github.workspace}}/.github/trivy-secret.yaml \ | |
# ${{ env.ImageName }} | |
- name: Run Grype security scan on the image | |
if: ${{ ! cancelled() }} | |
# https://github.com/anchore/grype#getting-started | |
run: | | |
podman run --rm --volume ${PODMAN_SOCK}:/var/run/docker.sock docker.io/anchore/grype:latest \ | |
--only-fixed --fail-on low ${{ env.ImageName }} | |
#################################### | |
### ARM 64 Container Image Build ### | |
#################################### | |
container_arm64: | |
name: arm64 container image | |
runs-on: self-hosted-arm64 | |
env: | |
ImageName: local/skupper-router:local | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Containerfile | |
run: | | |
podman build --build-arg PLATFORM=arm64 -t ${{ env.ImageName }} -f ./Containerfile . | |
rpm: | |
name: 'Build and test RPM (${{ matrix.container }}:${{ matrix.containerTag }})' | |
runs-on: '${{ matrix.os }}' | |
strategy: | |
matrix: | |
os: [ 'ubuntu-latest' ] | |
container: [ 'centos' ] | |
containerTag: [ 'stream9' ] | |
container: | |
image: 'quay.io/${{ matrix.container }}/${{ matrix.container }}:${{ matrix.containerTag }}' | |
volumes: | |
- ${{github.workspace}}:${{github.workspace}} | |
env: | |
DNF: ${{github.workspace}}/build | |
steps: | |
- name: Enable additional package repositories for CentOS 9 | |
if: ${{ matrix.container == 'centos' && matrix.containerTag == 'stream9' }} | |
run: | | |
dnf -y install epel-release 'dnf-command(config-manager)' | |
dnf config-manager --set-enabled crb | |
- name: Install packit | |
run: | | |
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y epel-release | |
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y git packit | |
- uses: actions/checkout@v4 | |
- name: Take ownership of the checkout directory (Git CVE-2022-24765) | |
run: chown --recursive --reference=/ . | |
- name: Install srpm build dependencies | |
run: | | |
dnf install --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y 'dnf-command(builddep)' | |
dnf builddep --setopt=tsflags=nodocs --setopt=install_weak_deps=False -y packaging/skupper-router.spec | |
- name: Build skupper-router src.rpm and the rpm packages | |
run: | | |
mkdir /tmp/skupper-rpms | |
packit srpm | |
rpmbuild --rebuild skupper-router*.src.rpm --nocheck --define '_rpmdir /tmp/skupper-rpms' --define 'debug_package %{nil}' | |
- name: List package content | |
run: | | |
rpm -qlp /tmp/skupper-rpms/*/*.rpm | |
- name: Install built packages | |
run: | | |
dnf install -y /tmp/skupper-rpms/*/*.rpm | |
- name: Check skrouterd version | |
run: | | |
skrouterd --version | |
- name: Check that skrouterd works | |
run: | | |
skrouterd -c /dev/empty |& grep "Configuration file could not be opened" | |
- name: Check that skmanage works | |
run: | | |
skmanage --help | |
- name: Check that skstat works | |
run: | | |
skstat --help | |
- name: Check that manpages work | |
run: | | |
dnf install -y man | |
man skrouterd | |
man skrouterd.conf | |
man skstat | |
man skmanage | |
########### | |
### RAT ### | |
########### | |
rat_check: | |
name: RAT Check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Install JDK ${{ matrix.java }} | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: 11 | |
- name: RAT Check | |
run: mvn apache-rat:check | |
- name: Output | |
if: ${{ ! cancelled() }} | |
run: cat target/rat.txt || echo "Unable to print output" |