TLS With Certificate Management for PVXS #838
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .github/workflows/ci-scripts-build.yml for use with EPICS Base ci-scripts | |
# (see: https://github.com/epics-base/ci-scripts) | |
# This is YAML - indentation levels are crucial | |
name: PVXS EPICS | |
# Trigger on pushes and PRs to any branch | |
on: | |
push: | |
paths-ignore: | |
- .appveyor.yml | |
- setup.py | |
- MANIFEST.in | |
- pyproject.toml | |
- python/* | |
pull_request: | |
workflow_dispatch: | |
env: | |
SETUP_PATH: .ci-local | |
CMP: gcc | |
_PVXS_ABORT_ON_CRIT: 1 | |
PVXS_LOG: pvxs.*=WARN | |
jobs: | |
native: | |
name: ${{ matrix.name }} | |
runs-on: ${{ matrix.os }} | |
# Set environment variables from matrix parameters | |
env: | |
CMP: ${{ matrix.cmp }} | |
BCFG: ${{ matrix.configuration }} | |
BASE: ${{ matrix.base }} | |
CI_CROSS_TARGETS: ${{ matrix.cross }} | |
LIBEVENT_TAG: ${{ matrix.libevent }} | |
TEST: ${{ matrix.test }} | |
EXTRA: ${{ matrix.extra }} | |
VV: "1" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: Native Linux (WError) | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
extra: "CMD_CPPFLAGS=-Werror" | |
doc: 1 | |
- name: Native Linux (libc++ debug) | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
# https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_macros.html | |
extra: "CMD_CPPFLAGS=\"-D_GLIBCXX_ASSERTIONS -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC\"" | |
doc: 1 | |
- name: Native Linux (c++17) | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
extra: "CMD_CXXFLAGS=-std=c++17" | |
- name: Cross mingw64 DLL | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
cross: "windows-x64-mingw" | |
- name: Cross mingw64 static | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: static | |
base: "7.0" | |
cross: "windows-x64-mingw" | |
- name: RTEMS5 | |
os: ubuntu-20.04 | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
cross: "RTEMS-pc686-qemu@5" | |
- name: Native Linux with clang | |
os: ubuntu-latest | |
cmp: clang | |
configuration: default | |
base: "7.0" | |
- name: Native Linux with clang ubsan | |
os: ubuntu-latest | |
cmp: clang | |
configuration: default | |
base: "7.0" | |
extra: "CMD_CFLAGS=-fsanitize=undefined CMD_CXXFLAGS=-fsanitize=undefined CMD_LDFLAGS=-fsanitize=undefined" | |
- name: Native Linux with libevent stable | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
libevent: "release-2.0.22-stable" | |
- name: Native Linux with 7.0.2 | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "R7.0.2" | |
- name: Native Linux with 3.15 | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "3.15" | |
- name: Native Linux with 3.14 | |
os: ubuntu-latest | |
cmp: gcc | |
configuration: default | |
base: "3.14" | |
- name: OSX | |
os: macos-latest | |
cmp: clang | |
configuration: default | |
base: "7.0" | |
- name: vs2019 DLL | |
os: windows-2019 | |
cmp: vs2019 | |
configuration: debug | |
base: "7.0" | |
extra: "CMD_CXXFLAGS=-analysis" | |
- name: vs2019 static | |
os: windows-2019 | |
cmp: vs2019 | |
configuration: static-debug | |
base: "7.0" | |
extra: "CMD_CXXFLAGS=-analysis" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: "apt-get install" | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install g++-mingw-w64-x86-64 cmake gdb qemu-system-x86 libssl-dev | |
if: runner.os == 'Linux' | |
- name: Host Info | |
run: openssl version -a | |
- name: Automatic core dumper analysis | |
uses: mdavidsaver/ci-core-dumper@master | |
- name: Prepare and compile dependencies | |
run: python .ci/cue.py prepare | |
- name: Build libevent | |
run: python .ci/cue.py exec python .ci-local/libevent.py | |
- name: Build main module | |
run: python .ci/cue.py build | |
- name: Generate Docs | |
if: matrix.doc | |
run: | | |
sudo apt-get -y install doxygen python-is-python3 python3-breathe inkscape | |
make -C documentation | |
- name: otool | |
if: ${{ always() && runner.os == 'macOS' }} | |
run: otool -D -L -l bundle/usr/*/lib/*.dylib lib/*/*.dylib bin/*/pvxinfo | |
- name: readelf | |
if: ${{ always() && runner.os == 'Linux' }} | |
run: find bundle/usr lib -name '*.so' -print0 | xargs -0 readelf -d bin/linux-*/pvxinfo | |
- name: Host info | |
run: python .ci/cue.py --add-path "{TOP}/bin/{EPICS_HOST_ARCH}" --add-path "{TOP}/bundle/usr/{EPICS_HOST_ARCH}/lib" exec pvxinfo -D | |
- name: Test env setup | |
run: echo "UBSAN_OPTIONS=log_path=$PWD/UBSAN:suppressions=$PWD/.ci-local/ubsan.supp:report_error_type=1:print_stacktrace=1" >> $GITHUB_ENV | |
- name: Run main module tests | |
run: python -m ci_core_dumper exec python .ci/cue.py -T 5M --add-path "{TOP}/bundle/usr/{EPICS_HOST_ARCH}/lib" test | |
- name: Collect and show test results | |
if: ${{ always() }} | |
run: python .ci/cue.py test-results | |
- name: Show UBSAN logs | |
shell: bash | |
if: ${{ always() }} | |
run: | | |
ret=0 | |
for ff in `find . -name 'UBSAN*'` | |
do | |
echo "==== $ff ====" | |
cat "$ff" | |
ret=1 | |
done | |
exit $ret | |
- name: CDT Check | |
run: ./.ci-local/cdt-check.sh | |
if: runner.os == 'Linux' | |
- name: Troubleshoot | |
if: ${{ always() }} | |
shell: bash | |
run: grep . cfg/* | |
- name: Upload tapfiles Artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: tapfiles ${{ matrix.name }} | |
path: '**/O.*/*.tap' | |
docker: | |
name: ${{ matrix.name }} | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.image }} | |
env: | |
CMP: ${{ matrix.cmp }} | |
BCFG: ${{ matrix.configuration }} | |
BASE: ${{ matrix.base }} | |
LIBEVENT_TAG: ${{ matrix.libevent }} | |
EXTRA: ${{ matrix.extra }} | |
VV: "1" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: Linux centos 7 | |
image: centos:7 | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
- name: Linux fedora latest | |
image: fedora:latest | |
cmp: gcc | |
configuration: default | |
base: "7.0" | |
steps: | |
- name: "Build newer Git" | |
# actions/checkout@v2 wants git >=2.18 | |
# centos:7 has 1.8 | |
if: matrix.image=='centos:7' | |
run: | | |
yum -y install curl make gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker | |
curl https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.29.0.tar.gz | tar -xz | |
cd git-* | |
make -j2 prefix=/usr/local all | |
make prefix=/usr/local install | |
cd .. | |
rm -rf git-* | |
type -a git | |
git --version | |
- name: "Redhat setup" | |
run: | | |
dnfyum() { | |
dnf -y "$@" || yum -y "$@" | |
return $? | |
} | |
dnfyum install python3 gdb make perl gcc-c++ glibc-devel readline-devel ncurses-devel perl-devel libevent-devel | |
git --version || dnfyum install git | |
# rather than just bite the bullet and link python3 -> python, | |
# people would rather just break all existing scripts... | |
[ -e /usr/bin/python ] || ln -sf /usr/bin/python3 /usr/bin/python | |
python --version | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Automatic core dumper analysis | |
uses: mdavidsaver/ci-core-dumper@master | |
if: matrix.image!='centos:7' | |
- name: Automatic core dumper analysis | |
uses: mdavidsaver/ci-core-dumper@node16 | |
if: matrix.image=='centos:7' | |
- name: Prepare and compile dependencies | |
run: python .ci/cue.py prepare | |
- name: Build main module | |
run: python .ci/cue.py build | |
- name: Host info | |
run: python .ci/cue.py --add-path "{TOP}/bin/{EPICS_HOST_ARCH}" exec pvxinfo -D | |
- name: Run main module tests | |
run: python -m ci_core_dumper exec python .ci/cue.py test | |
- name: Collect and show test results | |
run: python .ci/cue.py test-results | |
- name: CDT Check | |
run: ./.ci-local/cdt-check.sh | |
- name: Upload tapfiles Artifact | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: tapfiles ${{ matrix.name }} | |
path: '**/O.*/*.tap' |