-
Notifications
You must be signed in to change notification settings - Fork 1.1k
143 lines (125 loc) · 5.04 KB
/
ci-sanitizers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: CI-Sanitizers
on:
push:
branches-ignore:
- coverity_scan
- run-fuzzer**
- debug-fuzzer-**
pull_request:
env:
ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1
LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50
UBSAN_OPTIONS: print_stacktrace=1
M_PERTURB: "0x42"
PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0"
# Stops the utilities forking on every call to check if they're running under GDB/LLDB
DEBUGGER_ATTACHED: no
ANALYZE_C_DUMP: 1
FR_GLOBAL_POOL: 4M
TEST_CERTS: yes
NO_PERFORMANCE_TESTS: yes
DO_BUILD: yes
HOSTAPD_BUILD_DIR: eapol_test.ci
HOSTAPD_GIT_TAG: hostap_2_11
DEBIAN_FRONTEND: noninteractive
CI: 1
GH_ACTIONS: 1
jobs:
pre-ci:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
ci-sanitizers:
timeout-minutes: 150
needs: pre-ci
if: ${{ needs.pre-ci.outputs.should_skip != 'true' }}
runs-on: ${{ matrix.os.runs_on }}
strategy:
fail-fast: false
matrix:
# runs_on - where GitHub will spin up the runner, either
# "self-hosted", or the name of a GitHub VM image
# e.g. ubuntu-20.04 or ubuntu-latest
# see: https://github.com/actions/runner-images
# code - the name/version of the OS (for step evaluations below)
# docker - the docker image name, if containers are being used
# name - used in the job name only
os:
- { runs_on: "ubuntu-24.04", code: "ubuntu2404", docker: "ubuntu:24.04", name: "gh-ubuntu24", imageos: "ubuntu24" }
env:
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: no, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-lean }
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang }
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG -O2 -g3", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-O2-g3 }
- { CC: clang, BUILD_CFLAGS: "-DNDEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-ndebug }
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: yes, TEST_TYPE: fixtures, NAME: linux-clang-altlibs }
env: ${{ matrix.env }}
# If branch protection is in place with status checks enabled, ensure
# names are updated if new matrix entries are added or the name format
# changes.
name: "master-${{ matrix.os.name }}-${{ matrix.env.NAME}}"
steps:
# Checkout, but defer pulling LFS objects until we've restored the cache
- uses: actions/checkout@v4
with:
lfs: false
- name: Install build dependencies
uses: ./.github/actions/freeradius-deps
with:
use_docker: true
cc: ${{ matrix.env.CC }}
- name: Install alternative dependencies
if: ${{ matrix.env.LIBS_ALT == 'yes' }}
uses: ./.github/actions/freeradius-alt-deps
- name: Build FreeRADIUS
uses: ./.github/actions/build-freeradius
with:
use_sanitizers: true
cc: ${{ matrix.env.CC }}
test_type: ${{ matrix.env.TEST_TYPE }}
platform: ${{ matrix.os.imageos }}
- name: Run main CI tests
uses: ./.github/actions/ci-tests
if: ${{ matrix.env.TEST_TYPE == 'fixtures' }}
with:
use_docker: false
sql_mysql_test_server: 127.0.0.1
sql_postgresql_test_server: 127.0.0.1
redis_test_server: 127.0.0.1
ldap_test_server: 127.0.0.1
ldap_test_server_port: 3890
ldaps_test_server_port: 6361
ldap389_test_server: 127.0.0.1
ldap389_test_server_port: 3892
active_directory_test_server: 127.0.0.1
rest_test_server: 127.0.0.1
rest_test_port: 8080
rest_test_ssl_port: 8443
#
# If the CI has failed and the branch is ci-debug then we start a tmate
# session to provide interactive shell access to the session.
#
# The SSH rendezvous point will be emited continuously in the job output,
# which will look something like:
#
# SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
#
# For example:
#
# git push origin ci-debug --force
#
# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions
#
# ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
#
# Access requires that you have the private key corresponding to the
# public key of the GitHub user that initiated the job.
#
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}