Bug 5363: Handle IP-based X.509 SANs better #3640
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GitHub CI | |
on: | |
push: | |
# test this branch and staged PRs based on this branch code | |
branches: [ "master", "auto" ] | |
pull_request: | |
# test PRs targeting this branch code | |
branches: [ "master" ] | |
env: | |
# empty except for pull_request events | |
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
# Full clones of Squid repository branches (depth=19000+) waste resources, | |
# while excessively shallow clones break tests that check for past commits | |
# (e.g., to skip a particular test until a known bug is fixed) or generate | |
# diffs against them (e.g., for `git diff --check`). This arbitrary limit | |
# tries to balance the two concerns. | |
CHECKOUT_FETCH_DEPTH: 1001 | |
jobs: | |
functionality-tests: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install prerequisite packages | |
run: | | |
sudo apt-get --quiet=2 update | |
sudo apt-get --quiet=2 install libtool-bin | |
- name: Setup a nodejs environment | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- name: Checkout Squid sources | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }} | |
- run: ./bootstrap.sh | |
- run: ./configure --with-openssl | |
- run: make -j`nproc` | |
- run: | | |
sudo make install | |
sudo chown -R nobody:nogroup /usr/local/squid | |
- run: ./test-suite/test-functionality.sh | |
# Squid logs are not readable to actions/upload-artifact below | |
- name: Prep test logs | |
if: success() || failure() | |
run: sudo chmod -R a+rX /usr/local/squid | |
- name: Publish test logs | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-logs | |
path: | | |
${{ runner.temp }}/*.log | |
/usr/local/squid/var/logs/overlord/*.log | |
source-maintenance-tests: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install prerequisite packages | |
run: | | |
sudo apt-get --quiet=2 update | |
sudo apt-get --quiet=2 install astyle | |
sudo apt-get --quiet=2 install gperf | |
pip install \ | |
--user \ | |
--no-cache-dir \ | |
--disable-pip-version-check \ | |
--quiet \ | |
--progress-bar off \ | |
codespell==1.16 # TODO: Upgrade to codespell v2 | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }} | |
- run: ./test-suite/test-sources.sh | |
build-tests: | |
strategy: | |
fail-fast: true | |
matrix: | |
os: [ ubuntu-22.04, macos-14 ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Install prerequisite Linux packages | |
if: runner.os == 'Linux' | |
run: | | |
# required for "apt-get build-dep" to work | |
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list | |
sudo apt-get --quiet=2 update | |
sudo apt-get --quiet=2 build-dep squid | |
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin | |
- name: Install prerequisite MacOS packages | |
if: runner.os == 'macOS' | |
run: | | |
brew install \ | |
automake coreutils cppunit gawk \ | |
gnu-getopt gnu-sed grep libtool \ | |
make openldap openssl cyrus-sasl | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Run build on Linux | |
if: runner.os == 'Linux' | |
run: ./test-builds.sh | |
- name: Run build on MacOS | |
if: runner.os == 'macOS' | |
run: | | |
eval `brew shellenv` | |
PKG_CONFIG_PATH="$HOMEBREW_PREFIX/lib/pkgconfig" | |
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$HOMEBREW_PREFIX/opt/openldap/lib/pkgconfig" | |
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$HOMEBREW_PREFIX/opt/cyrus-sasl/lib/pkgconfig" | |
export PKG_CONFIG_PATH | |
export GETOPT="$HOMEBREW_PREFIX/opt/gnu-getopt/bin/getopt" | |
export MAKE="$HOMEBREW_PREFIX/bin/gmake" | |
# ensure we use Homebrew headers and libraries | |
# this is needed because pkg-config --libs openssl points to the wrong directory | |
# in version openssl@3: stable 3.3.0 | |
export CPPFLAGS="-I$HOMEBREW_PREFIX/include${CPPFLAGS:+ $CPPFLAGS}" | |
export LDFLAGS="-L$HOMEBREW_PREFIX/lib${LDFLAGS:+ $LDFLAGS}" | |
export CFLAGS="-Wno-compound-token-split-by-macro${CFLAGS:+ $CFLAGS}" # needed fir ltdl with Xcode | |
./test-builds.sh | |
- name: Publish build logs | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build-logs-${{ runner.os }} | |
path: btlayer-*.log | |
CodeQL-tests: | |
runs-on: [ ubuntu-22.04 ] | |
permissions: | |
security-events: write | |
steps: | |
- name: Install Squid prerequisite Linux packages | |
if: runner.os == 'Linux' | |
run: | | |
# required for "apt-get build-dep" to work | |
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list | |
sudo apt-get --quiet=2 update | |
sudo apt-get --quiet=2 build-dep squid | |
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
- name: Build Squid | |
run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 |