Skip to content

Prohibit bad --enable-linux-netfilter combinations #3760

Prohibit bad --enable-linux-netfilter combinations

Prohibit bad --enable-linux-netfilter combinations #3760

Workflow file for this run

name: GitHub CI
on:
push:
# test this branch and staged PRs based on this branch code
branches: [ "master", "auto" ]
pull_request:
# test PRs targeting this branch code
branches: [ "master" ]
env:
# empty except for pull_request events
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
# Full clones of Squid repository branches (depth=19000+) waste resources,
# while excessively shallow clones break tests that check for past commits
# (e.g., to skip a particular test until a known bug is fixed) or generate
# diffs against them (e.g., for `git diff --check`). This arbitrary limit
# tries to balance the two concerns.
CHECKOUT_FETCH_DEPTH: 1001
jobs:
functionality-tests:
runs-on: ubuntu-22.04
steps:
- name: Install prerequisite packages
run: |
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 install libtool-bin
- name: Setup a nodejs environment
uses: actions/setup-node@v4
with:
node-version: 20
- name: Checkout Squid sources
uses: actions/checkout@v4
with:
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }}
- run: ./bootstrap.sh
- run: ./configure --with-openssl
- run: make -j`nproc`
- run: |
sudo make install
sudo chown -R nobody:nogroup /usr/local/squid
- run: ./test-suite/test-functionality.sh
# Squid logs are not readable to actions/upload-artifact below
- name: Prep test logs
if: success() || failure()
run: sudo chmod -R a+rX /usr/local/squid
- name: Publish test logs
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: test-logs
path: |
${{ runner.temp }}/*.log
/usr/local/squid/var/logs/overlord/*.log
source-maintenance-tests:
runs-on: ubuntu-22.04
steps:
- name: Install prerequisite packages
run: |
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 install astyle
sudo apt-get --quiet=2 install gperf
pip install \
--user \
--no-cache-dir \
--disable-pip-version-check \
--quiet \
--progress-bar off \
codespell==1.16 # TODO: Upgrade to codespell v2
- uses: actions/checkout@v4
with:
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }}
- run: ./test-suite/test-sources.sh
build-tests:
strategy:
fail-fast: true
matrix:
os:
- ubuntu-22.04
- macos-14
compiler:
- { CC: gcc, CXX: g++ }
- { CC: clang, CXX: clang++ }
layer:
- { name: layer-00-default, nick: default }
- { name: layer-01-minimal, nick: minimal }
- { name: layer-02-maximus, nick: maximus }
exclude:
# Non-clang testing on MacOS is too much work for very little gain
- { os: macos-14, compiler: { CC: gcc, CXX: g++ } }
runs-on: ${{ matrix.os }}
name: build-tests(${{ matrix.os }},${{ matrix.compiler.CC }},${{ matrix.layer.nick }})
env:
CC: ${{ matrix.compiler.CC }}
CXX: ${{ matrix.compiler.CXX }}
steps:
- name: Install prerequisite Linux packages
if: runner.os == 'Linux'
run: |
# required for "apt-get build-dep" to work
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 build-dep squid
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin ${{ matrix.compiler.CC }}
- name: Install prerequisite MacOS packages
if: runner.os == 'macOS'
run: |
brew install \
automake coreutils cppunit gawk \
gnu-getopt gnu-sed grep libtool \
make cyrus-sasl
# openldap openssl # already provided by github workers base-image
- name: Checkout sources
uses: actions/checkout@v4
- name: Run build on Linux
if: runner.os == 'Linux'
run: ./test-builds.sh ${{ matrix.layer.name }}
- name: Run build on MacOS
if: runner.os == 'macOS'
run: |
eval `brew shellenv`
PKG_CONFIG_PATH="$HOMEBREW_PREFIX/lib/pkgconfig"
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$HOMEBREW_PREFIX/opt/openldap/lib/pkgconfig"
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$HOMEBREW_PREFIX/opt/cyrus-sasl/lib/pkgconfig"
export PKG_CONFIG_PATH
export GETOPT="$HOMEBREW_PREFIX/opt/gnu-getopt/bin/getopt"
export MAKE="$HOMEBREW_PREFIX/bin/gmake"
# ensure we use Homebrew headers and libraries
# this is needed because pkg-config --libs openssl points to the wrong directory
# in version openssl@3: stable 3.3.0
export CPPFLAGS="-I$HOMEBREW_PREFIX/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L$HOMEBREW_PREFIX/lib${LDFLAGS:+ $LDFLAGS}"
export CFLAGS="-Wno-compound-token-split-by-macro${CFLAGS:+ $CFLAGS}" # needed fir ltdl with Xcode
# libtool package referenced below fails to copy its configure*
# files, possibly due to a packaging/brewing bug. The following sed
# command restores installed libtoolize code to its earlier (and
# working) variation.
echo "brew libtool package details:"
brew info libtool --json | grep -E 'rebuild|tap_git_head'
# This hack was tested on libtoolize package with the following output:
# "rebuild": 2,
# "tap_git_head": "5cede8ea3b7b12c7f68215f75a951430b38d945f",
#
editable=$HOMEBREW_CELLAR/libtool/2.4.7/bin/glibtoolize
sed -i.bak 's@ltdl_ac_aux_dir=""@ltdl_ac_aux_dir="../build-aux"@' $editable || true
diff -u $editable.bak $editable || true
./test-builds.sh ${{ matrix.layer.name }}
- name: Publish build logs
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: build-logs-${{ matrix.os }}-${{ matrix.compiler.CC }}-${{ matrix.layer.nick }}
path: btlayer-*.log
CodeQL-tests:
runs-on: [ ubuntu-22.04 ]
permissions:
security-events: write
steps:
- name: Install Squid prerequisite Linux packages
if: runner.os == 'Linux'
run: |
# required for "apt-get build-dep" to work
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 build-dep squid
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
- name: Build Squid
run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3