only run clang for testing #359

Workflow file for this run

	name: CI

	on:
	push:
	branches-ignore:
	- coverity_scan
	- run-fuzzer**
	- debug-fuzzer-**
	pull_request:

	env:
	ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1
	LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50
	UBSAN_OPTIONS: print_stacktrace=1
	M_PERTURB: "0x42"
	PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0"
	# Stops the utilities forking on every call to check if they're running under GDB/LLDB
	DEBUGGER_ATTACHED: no
	ANALYZE_C_DUMP: 1
	FR_GLOBAL_POOL: 4M
	TEST_CERTS: yes
	NO_PERFORMANCE_TESTS: yes
	DO_BUILD: yes
	HOSTAPD_BUILD_DIR: eapol_test.ci
	HOSTAPD_GIT_TAG: hostap_2_10
	ALT_OPENSSL: "3.0.2"
	DEBIAN_FRONTEND: noninteractive
	CI: 1
	GH_ACTIONS: 1

	jobs:
	pre-ci:
	runs-on: ubuntu-latest
	# Map a step output to a job output
	outputs:
	should_skip: ${{ steps.skip_check.outputs.should_skip }}
	selfhosted: ${{ github.repository_owner == 'FreeRADIUS' && '1' \|\| '0' }}
	docker_prefix: ${{ github.repository_owner == 'FreeRADIUS' && 'docker.internal.networkradius.com/' \|\| '' }}
	steps:
	- id: skip_check
	uses: fkirc/skip-duplicate-actions@master

	ci:
	timeout-minutes: 150
	needs: pre-ci
	if: ${{ needs.pre-ci.outputs.should_skip != 'true' }}

	runs-on: ${{ matrix.os.runs_on }}

	container:
	image: ${{ matrix.os.docker }}
	# "privileged" is needed for Samba install
	# "memory-swap -1" enables full use of host swap and may help
	# with containers randomly quitting with "The operation was
	# canceled"
	options: >-
	--privileged
	--memory-swap -1

	strategy:
	fail-fast: false
	matrix:

	# runs_on - where GitHub will spin up the runner, either
	# "self-hosted", or the name of a GitHub VM image
	# e.g. ubuntu-20.04 or ubuntu-latest
	# see: https://github.com/actions/runner-images
	# code - the name/version of the OS (for step evaluations below)
	# docker - the docker image name, if containers are being used
	# name - used in the job name only
	os:
	- runs_on: "${{ needs.pre-ci.outputs.selfhosted == '1' && 'self-hosted' \|\| 'ubuntu-20.04' }}"
	docker: "${{ needs.pre-ci.outputs.selfhosted == '1' && 'docker.internal.networkradius.com/self-hosted' \|\| 'ubuntu:20.04' }}"
	name: "${{ needs.pre-ci.outputs.selfhosted == '1' && 'self' \|\| 'gh' }}-ubuntu20"
	code: "ubuntu2004"
	imageos: "ubuntu20"

	env:
	# - { CC: gcc, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: no, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-gcc-lean }
	# - { CC: gcc, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-gcc }
	# - { CC: gcc, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG -O2 -g3", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-gcc-O2-g3 }
	# - { CC: gcc, BUILD_CFLAGS: "-DNDEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-gcc-ndebug }
	# - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: no, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-lean }
	# - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang }
	- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG -O2 -g3", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-O2-g3 }
	# - { CC: clang, BUILD_CFLAGS: "-DNDEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fixtures, NAME: linux-clang-ndebug }
	# - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: yes, TEST_TYPE: fixtures, NAME: linux-clang-altlibs }
	# - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG -O2 -g3", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: fuzzing, NAME: linux-fuzzer }

	env: ${{ matrix.env }}

	# If branch protection is in place with status checks enabled, ensure
	# names are updated if new matrix entries are added or the name format
	# changes.
	name: "master-${{ matrix.os.name }}-${{ matrix.env.NAME}}"

	# The standard GitHub environment contains PostgreSQL and
	# MySQL already. However when running on hosted GitHub runners
	# we need to run separate database containers to provide these.
	services:
	mariadb:
	image: ${{ needs.pre-ci.outputs.docker_prefix }}mariadb
	env:
	MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: yes
	ports:
	- 3306:3306
	options: >-
	--health-cmd="mariadb-admin ping"
	--health-interval 10s
	--health-timeout 5s
	--health-retries 10

	postgres:
	image: ${{ needs.pre-ci.outputs.docker_prefix }}postgres
	env:
	POSTGRES_HOST_AUTH_METHOD: trust
	ports:
	- 5432:5432
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5

	threeds:
	image: ${{ needs.pre-ci.outputs.docker_prefix }}4teamwork/389ds
	ports:
	- 3389:3389
	- 3636:3636
	options: >-
	-e SUFFIX_NAME=dc=example,dc=com
	-e DS_DM_PASSWORD=secret123
	--health-cmd "dsctl localhost healthcheck --check backends:localhost:search"
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5

	steps:

	# Need git installed for checkout to behave normally
	- name: Install checkout prerequisites
	run: apt-get update && apt-get install -y --no-install-recommends git git-lfs ca-certificates

	# Checkout, but defer pulling LFS objects until we've restored the cache
	- uses: actions/checkout@v3
	with:
	lfs: false

	# Docker image does not have same environment as the
	# standard GitHub actions image, so use this to bring them
	# more in line.
	- name: Prepare Docker environment
	uses: ./.github/actions/docker-prep

	- name: Build FreeRADIUS
	uses: ./.github/actions/build-freeradius
	with:
	use_docker: true
	use_sanitizers: false

	- name: Run main CI tests
	uses: ./.github/actions/ci-tests
	if: ${{ matrix.env.TEST_TYPE == 'fixtures' }}
	with:
	use_docker: true
	sql_mysql_test_server: mariadb
	sql_postgresql_test_server: postgres
	redis_test_server: 127.0.0.1
	ldap_test_server: 127.0.0.1
	ldap_test_server_port: 3890
	ldaps_test_server_port: 6360
	ldap389_test_server: threeds
	ldap389_test_server_port: 3389
	active_directory_test_server: 127.0.0.1
	rest_test_server: 127.0.0.1
	rest_test_port: 8080
	rest_test_ssl_port: 8443
	imap_test_server: 127.0.0.1
	imap_test_server_port: 1430
	imap_test_server_ssl_port: 1432
	smtp_test_server: 127.0.0.1
	smtp_test_server_port: 2525

	- name: Run fuzzer
	uses: ./.github/actions/fuzzer

	#
	# If the CI has failed and the branch is ci-debug then we start a tmate
	# session to provide interactive shell access to the session.
	#
	# The SSH rendezvous point will be emited continuously in the job output,
	# which will look something like:
	#
	# SSH: ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
	#
	# For example:
	#
	# git push origin ci-debug --force
	#
	# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions
	#
	# ssh VfuX8SrNuU5pGPMyZcz7TpJTa@sfo2.tmate.io
	#
	# Access requires that you have the private key corresponding to the
	# public key of the GitHub user that initiated the job.
	#
	- name: "Debug: Start tmate"
	uses: mxschmitt/action-tmate@v3
	with:
	limit-access-to-actor: true
	# if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
	if: ${{ success() \|\| failure() }}

	##########################################################################################
	# FREERADIUS CORE DEVELOPERS ONLY
	##########################################################################################
	#
	# Direct push access to the main freeradius-server repo will be disabled in an attempt
	# to keep CI passing reliably.
	#
	# If the above CI checks pass then we auto-merge into the same upstream branch
	# (only on push) if a PERSONAL_ACCESS_TOKEN secret is defined, i.e. when
	# the actor claims to be a FreeRADIUS developer with push access.
	#
	# Personal access tokens can be generated via the GitHub website:
	#
	# - Click on the Profile menu (top right)
	# > Settings
	# > Developer settings
	# > Personal access tokens
	# > Generate New Token
	# - Next, add the following settings and scopes:
	# Note: FreeRADIUS CI Push
	# repo (checked)
	# workflow (checked)
	#
	# This will allow any git operations using this PERSONAL_ACCESS_TOKEN to commit code to any
	# public repository you have access to.
	#
	# As this PERSONAL_ACCESS_TOKEN will only ever be accessible from GitHub actions when they are
	# running from your fork of the FreeRADIUS repo, this shouldn't be a security issue.
	#
	# After generating your PERSONAL_ACCESS_TOKEN you will need to add it as a secret to your
	# repository.
	#
	# - Copy your new token
	# - Click on the Profile menu (top right)
	# > Your repositories
	# - Search for freeradius-server
	# > Click freeradius-server
	# - Click settings in the tabs on the left
	# - Click secrets in the menu items on the left
	# - Click New repository secret
	# - Name: PERSONAL_ACCESS_TOKEN
	# Value: <value you copied>
	# - Click Add secret
	#
	# You may also wish to set a different pushurl for your local repository to make integration
	# more seamless:
	#
	# git config remote.origin.pushurl git@github.com:<github_user>/freeradius-server.git
	#
	# git pull will then pull from the upstream repo, whilst git push will be directed to your fork.
	#

	#
	# Needed because secrets are not available for evaluation in if conditions
	# at the job level, so we evaluate the existence of the PERSONAL_ACCESS_TOKEN secret
	# within a step and export the result instead. We also extract the short
	# branch name here because it's convenient to do so.
	#
	merge-preflight:
	needs:
	- ci
	if: ( github.event_name == 'push' ) && ( github.repository_owner != 'FreeRADIUS' ) && ( github.ref == 'refs/heads/master' \|\| github.ref == 'refs/heads/v3.0.x' )
	name: "Merge preflight"
	runs-on: ubuntu-latest
	steps:
	- name: "Report whether PERSONAL_ACCESS_TOKEN secret exists"
	id: merge-preflight
	run: \|
	if [ -n "$PERSONAL_ACCESS_TOKEN" ]; then echo "PERSONAL_ACCESS_TOKEN_EXISTS=1" >> $GITHUB_OUTPUT; fi
	env:
	PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
	outputs:
	PERSONAL_ACCESS_TOKEN_EXISTS: ${{ steps.merge-preflight.outputs.PERSONAL_ACCESS_TOKEN_EXISTS }}

	merge-upstream:
	needs:
	- ci
	- merge-preflight
	if: needs.merge-preflight.outputs.PERSONAL_ACCESS_TOKEN_EXISTS == '1'
	runs-on: ubuntu-latest
	name: "Merge into upstream"
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0
	lfs: false
	persist-credentials: false
	# Note: This also opportunistically updates the developer's branch with commits from
	# the main repository.
	# This update may fail if the developer has pushed additional commits since the
	# workflow started. This is normal, and we ignore the failure.
	#
	# We fixup the origin URL as the default remote fails on push with:
	# fatal: could not read Username for 'https://github.com': No such device or address
	- name: "Merge into upstream dev branch and update local branch"
	run: \|
	BRANCH=${GITHUB_REF#refs/heads/}
	git config --local user.name "github-actions[bot]"
	git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git remote add upstream https://$USERNAME:$REPO_KEY@github.com/FreeRADIUS/freeradius-server.git
	git remote set-url origin https://$USERNAME:$REPO_KEY@github.com/$REPO_NAME
	git fetch --no-recurse-submodules upstream +refs/heads/:refs/remotes/upstream/ +refs/tags/:refs/tags/upstream/
	git checkout --progress --force -B upstream-branch "refs/remotes/upstream/$BRANCH"
	git merge "$BRANCH" --ff-only
	git push upstream "upstream-branch:$BRANCH"
	git push origin "upstream-branch:$BRANCH" \|\| true
	env:
	USERNAME: ${{ github.repository_owner }}
	REPO_NAME: ${{ github.repository }}
	REPO_KEY: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

only run clang for testing #359

Workflow file

only run clang for testing #359

Jobs

Run details

Workflow file for this run