Skip to content

TLS With Certificate Management for PVXS #838

TLS With Certificate Management for PVXS

TLS With Certificate Management for PVXS #838

# .github/workflows/ci-scripts-build.yml for use with EPICS Base ci-scripts
# (see: https://github.com/epics-base/ci-scripts)
# This is YAML - indentation levels are crucial
name: PVXS EPICS
# Trigger on pushes and PRs to any branch
on:
push:
paths-ignore:
- .appveyor.yml
- setup.py
- MANIFEST.in
- pyproject.toml
- python/*
pull_request:
workflow_dispatch:
env:
SETUP_PATH: .ci-local
CMP: gcc
_PVXS_ABORT_ON_CRIT: 1
PVXS_LOG: pvxs.*=WARN
jobs:
native:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
# Set environment variables from matrix parameters
env:
CMP: ${{ matrix.cmp }}
BCFG: ${{ matrix.configuration }}
BASE: ${{ matrix.base }}
CI_CROSS_TARGETS: ${{ matrix.cross }}
LIBEVENT_TAG: ${{ matrix.libevent }}
TEST: ${{ matrix.test }}
EXTRA: ${{ matrix.extra }}
VV: "1"
strategy:
fail-fast: false
matrix:
include:
- name: Native Linux (WError)
os: ubuntu-latest
cmp: gcc
configuration: default
base: "7.0"
extra: "CMD_CPPFLAGS=-Werror"
doc: 1
- name: Native Linux (libc++ debug)
os: ubuntu-latest
cmp: gcc
configuration: default
base: "7.0"
# https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_macros.html
extra: "CMD_CPPFLAGS=\"-D_GLIBCXX_ASSERTIONS -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC\""
doc: 1
- name: Native Linux (c++17)
os: ubuntu-latest
cmp: gcc
configuration: default
base: "7.0"
extra: "CMD_CXXFLAGS=-std=c++17"
- name: Cross mingw64 DLL
os: ubuntu-latest
cmp: gcc
configuration: default
base: "7.0"
cross: "windows-x64-mingw"
- name: Cross mingw64 static
os: ubuntu-latest
cmp: gcc
configuration: static
base: "7.0"
cross: "windows-x64-mingw"
- name: RTEMS5
os: ubuntu-20.04
cmp: gcc
configuration: default
base: "7.0"
cross: "RTEMS-pc686-qemu@5"
- name: Native Linux with clang
os: ubuntu-latest
cmp: clang
configuration: default
base: "7.0"
- name: Native Linux with clang ubsan
os: ubuntu-latest
cmp: clang
configuration: default
base: "7.0"
extra: "CMD_CFLAGS=-fsanitize=undefined CMD_CXXFLAGS=-fsanitize=undefined CMD_LDFLAGS=-fsanitize=undefined"
- name: Native Linux with libevent stable
os: ubuntu-latest
cmp: gcc
configuration: default
base: "7.0"
libevent: "release-2.0.22-stable"
- name: Native Linux with 7.0.2
os: ubuntu-latest
cmp: gcc
configuration: default
base: "R7.0.2"
- name: Native Linux with 3.15
os: ubuntu-latest
cmp: gcc
configuration: default
base: "3.15"
- name: Native Linux with 3.14
os: ubuntu-latest
cmp: gcc
configuration: default
base: "3.14"
- name: OSX
os: macos-latest
cmp: clang
configuration: default
base: "7.0"
- name: vs2019 DLL
os: windows-2019
cmp: vs2019
configuration: debug
base: "7.0"
extra: "CMD_CXXFLAGS=-analysis"
- name: vs2019 static
os: windows-2019
cmp: vs2019
configuration: static-debug
base: "7.0"
extra: "CMD_CXXFLAGS=-analysis"
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: "apt-get install"
run: |
sudo apt-get update
sudo apt-get -y install g++-mingw-w64-x86-64 cmake gdb qemu-system-x86 libssl-dev
if: runner.os == 'Linux'
- name: Host Info
run: openssl version -a
- name: Automatic core dumper analysis
uses: mdavidsaver/ci-core-dumper@master
- name: Prepare and compile dependencies
run: python .ci/cue.py prepare
- name: Build libevent
run: python .ci/cue.py exec python .ci-local/libevent.py
- name: Build main module
run: python .ci/cue.py build
- name: Generate Docs
if: matrix.doc
run: |
sudo apt-get -y install doxygen python-is-python3 python3-breathe inkscape
make -C documentation
- name: otool
if: ${{ always() && runner.os == 'macOS' }}
run: otool -D -L -l bundle/usr/*/lib/*.dylib lib/*/*.dylib bin/*/pvxinfo
- name: readelf
if: ${{ always() && runner.os == 'Linux' }}
run: find bundle/usr lib -name '*.so' -print0 | xargs -0 readelf -d bin/linux-*/pvxinfo
- name: Host info
run: python .ci/cue.py --add-path "{TOP}/bin/{EPICS_HOST_ARCH}" --add-path "{TOP}/bundle/usr/{EPICS_HOST_ARCH}/lib" exec pvxinfo -D
- name: Test env setup
run: echo "UBSAN_OPTIONS=log_path=$PWD/UBSAN:suppressions=$PWD/.ci-local/ubsan.supp:report_error_type=1:print_stacktrace=1" >> $GITHUB_ENV
- name: Run main module tests
run: python -m ci_core_dumper exec python .ci/cue.py -T 5M --add-path "{TOP}/bundle/usr/{EPICS_HOST_ARCH}/lib" test
- name: Collect and show test results
if: ${{ always() }}
run: python .ci/cue.py test-results
- name: Show UBSAN logs
shell: bash
if: ${{ always() }}
run: |
ret=0
for ff in `find . -name 'UBSAN*'`
do
echo "==== $ff ===="
cat "$ff"
ret=1
done
exit $ret
- name: CDT Check
run: ./.ci-local/cdt-check.sh
if: runner.os == 'Linux'
- name: Troubleshoot
if: ${{ always() }}
shell: bash
run: grep . cfg/*
- name: Upload tapfiles Artifact
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: tapfiles ${{ matrix.name }}
path: '**/O.*/*.tap'
docker:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
container:
image: ${{ matrix.image }}
env:
CMP: ${{ matrix.cmp }}
BCFG: ${{ matrix.configuration }}
BASE: ${{ matrix.base }}
LIBEVENT_TAG: ${{ matrix.libevent }}
EXTRA: ${{ matrix.extra }}
VV: "1"
strategy:
fail-fast: false
matrix:
include:
- name: Linux centos 7
image: centos:7
cmp: gcc
configuration: default
base: "7.0"
- name: Linux fedora latest
image: fedora:latest
cmp: gcc
configuration: default
base: "7.0"
steps:
- name: "Build newer Git"
# actions/checkout@v2 wants git >=2.18
# centos:7 has 1.8
if: matrix.image=='centos:7'
run: |
yum -y install curl make gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker
curl https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.29.0.tar.gz | tar -xz
cd git-*
make -j2 prefix=/usr/local all
make prefix=/usr/local install
cd ..
rm -rf git-*
type -a git
git --version
- name: "Redhat setup"
run: |
dnfyum() {
dnf -y "$@" || yum -y "$@"
return $?
}
dnfyum install python3 gdb make perl gcc-c++ glibc-devel readline-devel ncurses-devel perl-devel libevent-devel
git --version || dnfyum install git
# rather than just bite the bullet and link python3 -> python,
# people would rather just break all existing scripts...
[ -e /usr/bin/python ] || ln -sf /usr/bin/python3 /usr/bin/python
python --version
- uses: actions/checkout@v3
with:
submodules: true
- name: Automatic core dumper analysis
uses: mdavidsaver/ci-core-dumper@master
if: matrix.image!='centos:7'
- name: Automatic core dumper analysis
uses: mdavidsaver/ci-core-dumper@node16
if: matrix.image=='centos:7'
- name: Prepare and compile dependencies
run: python .ci/cue.py prepare
- name: Build main module
run: python .ci/cue.py build
- name: Host info
run: python .ci/cue.py --add-path "{TOP}/bin/{EPICS_HOST_ARCH}" exec pvxinfo -D
- name: Run main module tests
run: python -m ci_core_dumper exec python .ci/cue.py test
- name: Collect and show test results
run: python .ci/cue.py test-results
- name: CDT Check
run: ./.ci-local/cdt-check.sh
- name: Upload tapfiles Artifact
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: tapfiles ${{ matrix.name }}
path: '**/O.*/*.tap'