-
Notifications
You must be signed in to change notification settings - Fork 0
452 lines (393 loc) · 17.9 KB
/
linux.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# SPDX-License-Identifier: curl
name: Linux
on:
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.azure-pipelines.yml'
- '.circleci/**'
- '.cirrus.yml'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.azure-pipelines.yml'
- '.circleci/**'
- '.cirrus.yml'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
env:
MAKEFLAGS: -j 5
# unhandled
bearssl-version: 0.6
# renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com
libressl-version: 3.9.2
# renovate: datasource=github-tags depName=ARMmbed/mbedtls versioning=semver registryUrl=https://github.com
mbedtls-version: 3.6.0
# renovate: datasource=github-tags depName=icing/mod_h2 versioning=semver registryUrl=https://github.com
mod_h2-version: 2.0.27
# renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com
msh3-version: 0.6.0
# handled in renovate.json
openssl3-version: openssl-3.1.3
# unhandled
quictls-version: 3.1.4+quic
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
rustls-version: 0.13.0
jobs:
autotools:
name: ${{ matrix.build.name }}
runs-on: 'ubuntu-latest'
container: ${{ matrix.build.container }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
build:
- name: bearssl
install_packages: zlib1g-dev valgrind
install_steps: bearssl pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
singleuse: --unit
- name: bearssl-clang
install_packages: zlib1g-dev clang
install_steps: bearssl
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
singleuse: --unit
- name: libressl
install_packages: zlib1g-dev valgrind
install_steps: libressl pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
singleuse: --unit
- name: libressl-clang
install_packages: zlib1g-dev clang
install_steps: libressl
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
singleuse: --unit
- name: mbedtls
install_packages: libnghttp2-dev valgrind
install_steps: mbedtls pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
singleuse: --unit
- name: mbedtls-clang
install_packages: libnghttp2-dev clang
install_steps: mbedtls
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
singleuse: --unit
- name: msh3
install_packages: zlib1g-dev valgrind
install_steps: quictls msh3
configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug
singleuse: --unit
- name: openssl3
install_packages: zlib1g-dev valgrind
install_steps: gcc-11 openssl3 pytest
configure: CFLAGS=-std=gnu89 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
singleuse: --unit
- name: openssl3-O3
install_packages: zlib1g-dev valgrind
install_steps: gcc-11 openssl3
configure: CPPFLAGS=-DCURL_WARN_SIGN_CONVERSION CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
singleuse: --unit
- name: openssl3-clang
install_packages: zlib1g-dev clang
install_steps: openssl3
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
singleuse: --unit
- name: address-sanitizer
install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2
install_steps: pytest
configure: >
CC=clang
CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"
LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
LIBS="-ldl -lubsan"
--with-openssl --enable-debug --enable-websockets
singleuse: --unit
- name: memory-sanitizer
install_packages: clang
install_steps:
configure: >
CC=clang
CFLAGS="-fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g"
LDFLAGS="-fsanitize=memory"
LIBS="-ldl"
--without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug --enable-websockets
singleuse: --unit
- name: event-based
install_packages: libssh-dev valgrind
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: -n -e '!TLS-SRP'
singleuse: --unit
- name: hyper
install_steps: rust hyper valgrind
configure: LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" --with-openssl --with-hyper=$HOME/hyper --enable-debug --enable-websockets
singleuse: --unit
- name: rustls
install_steps: rust rustls pytest valgrind libpsl-dev
configure: --with-rustls=$HOME/rustls --enable-debug
singleuse: --unit
- name: Intel compiler - without SSL
install_packages: zlib1g-dev valgrind
install_steps: intel
configure: CC=icc --enable-debug --without-ssl
singleuse: --unit
- name: Intel compiler - OpenSSL
install_packages: zlib1g-dev libssl-dev valgrind
install_steps: intel
configure: CC=icc --enable-debug --with-openssl
singleuse: --unit
- name: Slackware-openssl-with-gssapi-gcc
# These are essentially the same flags used to build the curl Slackware package
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
# Docker Hub image that `container-job` executes in
container: 'andy5995/slackware-build-essential:15.0'
- name: Alpine MUSL
configure: --enable-debug --enable-websockets --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl
container: 'alpine:3.18'
singleuse: --unit
steps:
- if: matrix.build.container == null
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get update
sudo apt-get install libtool autoconf automake pkg-config stunnel4 libpsl-dev libbrotli-dev libzstd-dev ${{ matrix.build.install_packages }}
sudo python3 -m pip install impacket
name: 'install prereqs and impacket'
- if: startsWith(matrix.build.container, 'alpine')
run: |
apk add --no-cache build-base autoconf automake libtool perl openssl-dev libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev heimdal-dev libpsl-dev py3-impacket py3-asn1 py3-six py3-pycryptodomex perl-time-hires openssh stunnel sudo git
name: 'install dependencies'
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
# See https://github.com/actions/runner-images/issues/9491
continue-on-error: true
run: sudo sysctl vm.mmap_rnd_bits=28
- if: contains(matrix.build.install_steps, 'gcc-11')
run: |
sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
sudo apt-get update
sudo apt-get install gcc-11
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100
sudo update-alternatives --set gcc /usr/bin/gcc-11
gcc --version
name: 'install gcc-11'
- name: cache bearssl
if: contains(matrix.build.install_steps, 'bearssl')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-bearssl
env:
cache-name: cache-bearssl
with:
path: /home/runner/bearssl
key: ${{ runner.os }}-build-${{ env.cache-name }}-bearssl-${{ env.bearssl-version }}
- name: 'build bearssl'
if: contains(matrix.build.install_steps, 'bearssl') && steps.cache-bearssl.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://bearssl.org/bearssl-${{ env.bearssl-version }}.tar.gz
tar -xzf bearssl-${{ env.bearssl-version }}.tar.gz
cd bearssl-${{ env.bearssl-version }}
make
mkdir -p $HOME/bearssl/lib $HOME/bearssl/include
cp inc/*.h $HOME/bearssl/include
cp build/libbearssl.* $HOME/bearssl/lib
- name: cache libressl
if: contains(matrix.build.install_steps, 'libressl')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: /home/runner/libressl
key: ${{ runner.os }}-build-${{ env.cache-name }}-libressl-${{ env.libressl-version }}
- name: 'build libressl'
if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b v${{ env.libressl-version }} https://github.com/libressl-portable/portable.git libressl-git
cd libressl-git
./autogen.sh
./configure --disable-dependency-tracking --prefix=$HOME/libressl
make install
- name: cache mbedtls
if: contains(matrix.build.install_steps, 'mbedtls')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-mbedtls
env:
cache-name: cache-mbedtls
with:
path: /home/runner/mbedtls
key: ${{ runner.os }}-build-${{ env.cache-name }}-mbedtls-${{ env.mbedtls-version }}
- name: 'build mbedtls'
if: contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b v${{ env.mbedtls-version }} https://github.com/ARMmbed/mbedtls
cd mbedtls
git submodule update --init
make DESTDIR=$HOME/mbedtls install
- name: cache openssl3
if: contains(matrix.build.install_steps, 'openssl3')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-openssl3
env:
cache-name: cache-openssl3
with:
path: /home/runner/openssl3
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl3-version }}
- name: 'install openssl3'
if: contains(matrix.build.install_steps, 'openssl3') && steps.cache-openssl3.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl
cd openssl
./config --prefix=$HOME/openssl3 --libdir=lib
make -j1 install_sw
- name: cache quictls
if: contains(matrix.build.install_steps, 'quictls')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-quictls
env:
cache-name: cache-quictls
with:
path: /home/runner/quictls
key: ${{ runner.os }}-build-${{ env.cache-name }}-quictls-${{ env.quictls-version }}
- name: 'build quictls'
if: contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }} https://github.com/quictls/openssl
cd openssl
./config --prefix=$HOME/quictls --libdir=lib
make -j1 install_sw
- name: cache msh3
if: contains(matrix.build.install_steps, 'msh3')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-msh3
env:
cache-name: cache-msh3
with:
path: /home/runner/msh3
key: ${{ runner.os }}-build-${{ env.cache-name }}-msh3-${{ env.msh3-version }}
- name: 'build msh3'
if: contains(matrix.build.install_steps, 'msh3') && steps.cache-msh3.outputs.cache-hit != 'true'
run: |
git clone --quiet -b v${{ env.msh3-version }} --depth=1 --recursive https://github.com/nibanks/msh3
cd msh3 && mkdir build && cd build
cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3 ..
cmake --build .
cmake --install .
- if: contains(matrix.build.install_steps, 'rust')
run: |
cd $HOME
curl -sSf --compressed https://sh.rustup.rs/ | sh -s -- -y
source $HOME/.cargo/env
rustup toolchain install nightly
name: 'install rust'
- name: cache rustls
if: contains(matrix.build.install_steps, 'rustls')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-rustls
env:
cache-name: cache-rustls
with:
path: /home/runner/rustls
key: ${{ runner.os }}-build-${{ env.cache-name }}-rustls-${{ env.rustls-version }}
- name: 'build rustls'
if: contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b v${{ env.rustls-version }} --recursive https://github.com/rustls/rustls-ffi.git
cd rustls-ffi
make DESTDIR=$HOME/rustls install
- if: contains(matrix.build.install_steps, 'hyper')
run: |
cd $HOME
git clone --quiet --depth=1 https://github.com/hyperium/hyper.git
cd $HOME/hyper
RUSTFLAGS="--cfg hyper_unstable_ffi" cargo +nightly rustc --features client,http1,http2,ffi -Z unstable-options --crate-type cdylib
echo "LD_LIBRARY_PATH=$HOME/hyper/target/debug:/usr/local/lib" >> $GITHUB_ENV
name: 'install hyper'
- if: contains(matrix.build.install_steps, 'intel')
run: |
cd /tmp
curl -sSf --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo apt-key add -
sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
sudo apt install --no-install-recommends intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
source /opt/intel/oneapi/setvars.sh
printenv >> $GITHUB_ENV
name: 'install Intel compilers'
- if: contains(matrix.build.install_steps, 'pytest')
run: |
sudo apt-get install apache2 apache2-dev libnghttp2-dev vsftpd
sudo python3 -m pip install -r tests/http/requirements.txt
name: 'install pytest and apach2-dev'
- name: cache mod_h2
if: contains(matrix.build.install_steps, 'pytest')
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-mod_h2
env:
cache-name: cache-mod_h2
with:
path: /home/runner/mod_h2
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mod_h2-version }}
- name: 'build mod_h2'
if: contains(matrix.build.install_steps, 'pytest') && steps.cache-mod_h2.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b v${{ env.mod_h2-version }} https://github.com/icing/mod_h2
cd mod_h2
autoreconf -fi
./configure
make
- name: 'install mod_h2'
if: contains(matrix.build.install_steps, 'pytest')
run: |
cd $HOME/mod_h2
sudo make install
- run: autoreconf -fi
name: 'autoreconf'
- run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }}
name: 'configure'
- run: make V=1
name: 'make'
- run: |
git config --global --add safe.directory "*"
./scripts/singleuse.pl ${{ matrix.build.singleuse }} lib/.libs/libcurl.a
name: single-use function check
- run: ./src/curl -V
name: 'check curl -V output'
- run: make V=1 examples
name: 'make examples'
- run: make V=1 -C tests
name: 'make tests'
- run: make V=1 test-ci
name: 'run tests'
env:
TFLAGS: "${{ matrix.build.tflags }}"
- if: contains(matrix.build.install_steps, 'pytest')
# run for `tests` directory, so pytest does not pick up any other
# packages we might have built here
run:
pytest -v tests
name: 'run pytest'
env:
TFLAGS: "${{ matrix.build.tflags }}"
CURL_CI: github