forked from rsyslog/liblognorm
-
Notifications
You must be signed in to change notification settings - Fork 2
237 lines (222 loc) · 8.21 KB
/
run_checks.yml
File metadata and controls
237 lines (222 loc) · 8.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# Copyright 2026 Rainer Gerhards and Others
#
# https://github.com/rsyslog/rsyslog-pkg-ubuntu
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
name: check
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
compile:
name: compile (${{ matrix.config }})
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
contents: read
strategy:
fail-fast: true
matrix:
config: [gcc, clang]
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Run compile check
run: |
chmod -R go+rw .
export LIBLOGNORM_CONTAINER_UID=""
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_ubuntu:24.04'
export CFLAGS='-g'
case "${{ matrix.config }}" in
gcc)
export CC='gcc'
;;
clang)
export CC='clang'
;;
*)
echo "unknown configuration"
exit 1
;;
esac
chmod +x devtools/run-build.sh
devtools/devcontainer.sh --rm devtools/run-build.sh
CI:
needs: compile
if: ${{ needs.compile.result == 'success' }}
permissions:
contents: read
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
# TODO: re-enable ubuntu_24_ubsan after the remaining sanitizer-related
# fixes have landed in the outstanding PRs.
# Disabled for now:
# ubuntu_24_ubsan
config: [centos_8, debian_13, fedora_43, ubuntu_24, ubuntu_24_asan, ubuntu_24_distcheck]
name: ${{ matrix.config }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Run container CI pipeline
run: |
chmod -R go+rw .
export LIBLOGNORM_CONTAINER_UID=""
export CFLAGS='-g'
export LDFLAGS=''
export CC='gcc'
export USE_AUTO_DEBUG='off'
export CI_MAKE_CHECK_EXTRA='TESTSUITEFLAGS=--stop'
export CI_CHECK_CMD='check'
case "${{ matrix.config }}" in
centos_8)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_centos:8'
;;
debian_13)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_debian:13'
;;
fedora_43)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_fedora:43'
;;
ubuntu_24)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_ubuntu:24.04'
;;
ubuntu_24_asan)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_ubuntu:24.04'
export CC='clang'
export CFLAGS="-fstack-protector -D_FORTIFY_SOURCE=2 \
-fsanitize=address -fsanitize-address-use-after-scope \
-g -O1 -fno-omit-frame-pointer -fno-color-diagnostics"
export LDFLAGS='-fsanitize=address'
export ASAN_OPTIONS='abort_on_error=1:symbolize=1:detect_leaks=0'
;;
# Disabled for now. Re-enable after the remaining sanitizer-related
# fixes have landed in the outstanding PRs.
# ubuntu_24_ubsan)
# export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_ubuntu:24.04'
# export CC='clang'
# export CFLAGS="-fstack-protector -D_FORTIFY_SOURCE=2 \
# -fsanitize=undefined,nullability,unsigned-integer-overflow \
# -fno-sanitize-recover=undefined,nullability,unsigned-integer-overflow \
# -g -O1 -fno-omit-frame-pointer -fno-color-diagnostics"
# export LDFLAGS='-fsanitize=undefined,nullability,unsigned-integer-overflow'
# export UBSAN_OPTIONS='print_stacktrace=1'
# ;;
ubuntu_24_distcheck)
export LIBLOGNORM_DEV_CONTAINER='rsyslog/rsyslog_dev_base_ubuntu:24.04'
export CI_CHECK_CMD='distcheck'
;;
*)
echo "unknown configuration"
exit 1
;;
esac
devtools/devcontainer.sh --rm devtools/run-ci.sh
- name: Show error logs
if: ${{ failure() || cancelled() }}
run: |
devtools/gather-check-logs.sh
cat failed-tests.log
clang_analyzer_CI:
needs: compile
if: ${{ needs.compile.result == 'success' }}
permissions:
contents: read
runs-on: ubuntu-latest
timeout-minutes: 30
name: clang static analyzer
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Run clang static analyzer
id: run-clang
env:
LIBLOGNORM_CONTAINER_UID: ""
LIBLOGNORM_DEV_CONTAINER: rsyslog/rsyslog_dev_base_ubuntu:24.04
SCAN_BUILD: scan-build
SCAN_BUILD_CC: clang
SCAN_BUILD_REPORT_DIR: scan-build-report
DOCKER_RUN_EXTRA_OPTS: >-
-e SCAN_BUILD -e SCAN_BUILD_CC -e SCAN_BUILD_REPORT_DIR
run: |
chmod -R go+rw .
chmod +x devtools/run-static-analyzer.sh
set +e
devtools/devcontainer.sh --rm devtools/run-static-analyzer.sh 2>&1 | tee clang-analyzer.log
echo "exitcode=${PIPESTATUS[0]}" >> "$GITHUB_OUTPUT"
- name: Upload clang static analyzer report
if: ${{ always() }}
id: upload-report
uses: actions/upload-artifact@v4
with:
name: clang-static-analyzer-report
path: scan-build-report
retention-days: 7
if-no-files-found: ignore
- name: Show clang static analyzer report link
if: ${{ always() }}
run: |
artifact="${{ steps.upload-report.outputs.artifact-url }}"
cat >> "$GITHUB_STEP_SUMMARY" <<EOF
Clang static analyzer HTML report (download):
$artifact
EOF
echo "Clang static analyzer HTML report (download):"
echo "$artifact"
- name: Fail if analysis failed
if: ${{ steps.run-clang.outputs.exitcode != '0' }}
run: |
artifact="${{ steps.upload-report.outputs.artifact-url }}"
echo "clang static analyzer detected issues:" >&2
tail -n 200 clang-analyzer.log >&2 || true
echo >&2
echo "Clang static analyzer HTML report (download): $artifact" >&2
exit 1
rsyslog_integration_CI:
needs: [compile, CI, clang_analyzer_CI]
if: >-
${{
needs.compile.result == 'success' &&
needs.CI.result == 'success' &&
needs.clang_analyzer_CI.result == 'success'
}}
permissions:
contents: read
runs-on: ubuntu-latest
timeout-minutes: 45
name: rsyslog integration
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Run rsyslog integration tests
env:
LIBLOGNORM_CONTAINER_UID: ""
LIBLOGNORM_DEV_CONTAINER: rsyslog/rsyslog_dev_base_ubuntu:24.04
run: |
# This is a downstream-consumer check, not another liblognorm unit test.
# We only run it after the core compile, static-analyzer, and liblognorm
# check jobs have all succeeded so failures here are much more likely to be
# real integration regressions than basic build/test breakage.
#
# The helper script intentionally keeps rsyslog narrow: build against the
# candidate liblognorm and run only the mmnormalize/pmnormalize tests.
chmod -R go+rw .
chmod +x devtools/run-rsyslog-integration.sh
devtools/devcontainer.sh --rm devtools/run-rsyslog-integration.sh