diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/dependabot.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/check-whitespace.yaml | 48 | ||||
| -rw-r--r-- | .github/workflows/ci-dev-distro-compiler.yaml | 177 | ||||
| -rw-r--r-- | .github/workflows/ci.yml | 106 | ||||
| -rw-r--r-- | .github/workflows/cifuzz.yml | 41 | ||||
| -rw-r--r-- | .github/workflows/unitctl.yml | 205 |
6 files changed, 546 insertions, 37 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..142cbb85 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/check-whitespace.yaml b/.github/workflows/check-whitespace.yaml new file mode 100644 index 00000000..75f0afe4 --- /dev/null +++ b/.github/workflows/check-whitespace.yaml @@ -0,0 +1,48 @@ +name: Check Whitespace + +# Get the repo with the commits(+1) in the series. +# Process `git log --check` output to extract just the check errors. + +on: + pull_request: + types: [ opened, synchronize ] + +jobs: + check-whitespace: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: git log --check + id: check_out + run: | + log= + commit= + while read dash etc + do + case "${dash}" in + "---") + commit="${etc}" + ;; + "") + ;; + *) + if test -n "${commit}" + then + log="${log}\n${commit}" + echo "" + echo "--- ${commit}" + fi + commit= + log="${log}\n${dash} ${etc}" + echo "${dash} ${etc}" + ;; + esac + done <<< $(git log --check --pretty=format:"--- %h %s" ${{github.event.pull_request.base.sha}}..) + + if test -n "${log}" + then + exit 2 + fi diff --git a/.github/workflows/ci-dev-distro-compiler.yaml b/.github/workflows/ci-dev-distro-compiler.yaml new file mode 100644 index 00000000..8b7f53b7 --- /dev/null +++ b/.github/workflows/ci-dev-distro-compiler.yaml @@ -0,0 +1,177 @@ +name: "CI - Fedora Rawhide / Alpine Edge / GCC / Clang" + +on: + push: + branches: master + paths: + - configure + - 'auto/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci-dev-distro-compiler.yaml' + pull_request: + branches: master + paths: + - configure + - 'auto/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci-dev-distro-compiler.yaml' + +jobs: + + fedora-rawhide: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + compiler: [ 'gcc', 'clang' ] + + container: + image: fedora:rawhide + + steps: + - name: Install tools/deps + run: | + dnf -y update + dnf -y install --setopt=install_weak_deps=False \ + which wget git gcc make pcre2-devel openssl-devel \ + python-unversioned-command python3 python3-devel \ + php-devel php-embedded perl-devel perl-ExtUtils-Embed \ + ruby-devel java-devel nodejs-devel nodejs-npm golang + if [ "${{ matrix.compiler }}" = "clang" ]; then + dnf -y install --setopt=install_weak_deps=False clang + fi + npm install -g node-gyp + + - uses: actions/checkout@v4 + + - name: configure unit CC=${{ matrix.compiler }} + run: | + if [ "${{ matrix.compiler }}" = "clang" ]; then + ./configure --openssl --cc=clang + else + ./configure --openssl + fi + + - name: make unit + run: make -j 4 + + - name: configure unit-php + run: ./configure php + + - name: make unit-php + run: make -j 4 php + + - name: configure unit-python + run: ./configure python + + - name: make unit-python + run: make -j 4 python + + - name: configure unit-perl + run: ./configure perl + if: matrix.compiler == 'gcc' + + - name: make unit-perl + run: make -j 4 perl + if: matrix.compiler == 'gcc' + + - name: configure unit-ruby + run: ./configure ruby + + - name: make unit-ruby + run: make -j 4 ruby + + - name: configure unit-java + run: ./configure java + + - name: make unit-java + run: make -j 4 java + + - name: configure unit-nodejs + run: ./configure nodejs + + - name: make unit-nodejs + run: make node-local-install DESTDIR=node + + - name: configure unit-go + run: ./configure go --go-path= + + - name: make unit-go + run: make go-install + + - name: Install wasmtime + run: | + wget -O- https://github.com/bytecodealliance/wasmtime/releases/download/v20.0.0/wasmtime-v20.0.0-x86_64-linux-c-api.tar.xz | tar -xJf - + + - name: configure unit-wasm + run: ./configure wasm --include-path=wasmtime-v20.0.0-x86_64-linux-c-api/include --lib-path=wasmtime-v20.0.0-x86_64-linux-c-api/lib --rpath + + - name: make unit-wasm + run: make wasm + + alpine-edge: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + compiler: [ 'gcc', 'clang' ] + + container: + image: alpine:edge + + steps: + - name: Install tools/deps + run: | + apk update && apk upgrade + apk add gcc make musl-dev openssl-dev pcre2-dev curl \ + php83-dev php83-embed python3-dev perl-dev ruby-dev openjdk21-jdk + if [ "${{ matrix.compiler }}" = "clang" ]; then + apk add clang + fi + + - uses: actions/checkout@v4 + + - name: configure unit CC=${{ matrix.compiler }} + run: | + if [ "${{ matrix.compiler }}" = "clang" ]; then + ./configure --openssl --cc=clang + else + ./configure --openssl + fi + + - name: make unit + run: make -j 4 + + - name: configure unit-php + run: ln -s /usr/lib/libphp83.so /usr/lib/libphp.so && ./configure php + + - name: make unit-php + run: make -j 4 + + - name: configure unit-python + run: ./configure python + + - name: make unit-python + run: make -j 4 + + - name: configure unit-perl + run: ./configure perl + + - name: make unit-perl + run: make -j 4 perl + + - name: configure unit-ruby + run: ./configure ruby + + - name: make unit-ruby + run: make -j 4 ruby + + - name: configure unit-java + run: ./configure java + + - name: make unit-java + run: make -j 4 java diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5368ae9..0f9bc699 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,24 @@ name: ci on: pull_request: + paths: + - configure + - 'auto/**' + - 'go/**' + - 'src/**' + - 'test/**' + - 'pkg/contrib/**' + - '.github/workflows/ci.yml' push: - branches: - - master + branches: master + paths: + - configure + - 'auto/**' + - 'go/**' + - 'src/**' + - 'test/**' + - 'pkg/contrib/**' + - '.github/workflows/ci.yml' jobs: test: @@ -49,32 +64,22 @@ jobs: os: ubuntu-latest - build: wasm os: ubuntu-latest + - build: wasm-wasi-component + os: ubuntu-latest steps: - uses: actions/checkout@v4 - # Creates and outputs directories used by tests (/usr/local is unfriendly) - - name: Configure directories - id: dir - run: | - PREFIX=${HOME}/.unit - BIN=${PREFIX}/bin - VAR=${PREFIX}/var - mkdir -p $BIN - mkdir -p $VAR - - echo "prefix=${PREFIX}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_PATH" - echo "var=${VAR}" >> "$GITHUB_OUTPUT" - cat "$GITHUB_OUTPUT" - # Provides module, language version and testpath from build name - name: Output build metadata id: metadata run: | - # Split the build name by '-' into module and version - IFS='-' read -r module version <<< "${{ matrix.build }}" + if [ "${{ matrix.build }}" = "wasm-wasi-component" ]; then + module="wasm-wasi-component" + else + # Split the build name by '-' into module and version + IFS='-' read -r module version <<< "${{ matrix.build }}" + fi testpath="test/test_${module}*" @@ -127,15 +132,6 @@ jobs: - name: Configure unit run: | ./configure \ - --prefix=${{ steps.dir.outputs.prefix }} \ - --sbindir=${{ steps.dir.outputs.bin }} \ - --logdir=${{ steps.dir.outputs.var }}/log \ - --log=${{ steps.dir.outputs.var }}/log/unit/unit.log \ - --runstatedir=${{ steps.dir.outputs.var }}/run \ - --pid=${{ steps.dir.outputs.var }}/run/unit/unit.pid \ - --control=unix:${{ steps.dir.outputs.var }}/run/unit/control.sock \ - --modules=${{ steps.dir.outputs.prefix }}/lib/unit/modules \ - --statedir=${{ steps.dir.outputs.var }}/state/unit \ --tests \ --openssl \ --njs \ @@ -179,12 +175,12 @@ jobs: - name: Configure java run: | - ./configure java + sudo ./configure java if: steps.metadata.outputs.module == 'java' - name: Make java run: | - make java + sudo make java if: steps.metadata.outputs.module == 'java' ## @@ -266,12 +262,12 @@ jobs: - name: Configure python3 run: | - ./configure python --config=python3-config + sudo ./configure python --config=python3-config if: steps.metadata.outputs.module == 'python' - name: Make python3 run: | - make python3 + sudo make python3 if: steps.metadata.outputs.module == 'python' ## @@ -309,7 +305,7 @@ jobs: - name: Configure wasm run: | - ./configure wasm --include-path=pkg/contrib/wasmtime/crates/c-api/include --lib-path=pkg/contrib/wasmtime/target/release + ./configure wasm --include-path=pkg/contrib/wasmtime/artifacts/include --lib-path=pkg/contrib/wasmtime/artifacts/lib if: steps.metadata.outputs.module == 'wasm' - name: Make wasm @@ -318,9 +314,38 @@ jobs: if: steps.metadata.outputs.module == 'wasm' ## + ## wasm-wasi-component + ## + + - name: Setup rust + run: | + curl https://sh.rustup.rs | sh -s -- -y + cargo install cargo-component + if: steps.metadata.outputs.module == 'wasm-wasi-component' + + - name: Configure wasm-wasi-component + run: | + ./configure wasm-wasi-component + if: steps.metadata.outputs.module == 'wasm-wasi-component' + + - name: Make wasm-wasi-component + run: | + CLANG_PATH=/usr/bin/clang-15 \ + BINDGEN_EXTRA_CLANG_ARGS="-I../../njs/src -I../../njs/build" \ + make wasm-wasi-component + if: steps.metadata.outputs.module == 'wasm-wasi-component' + + ## ## Tests ## + # /home/runner will be root only after calling sudo above + # Ensure all users and processes can execute + - name: Fix permissions + run: | + sudo chmod -R +x /home/runner + namei -l ${{ github.workspace }} + # Install python3 if not present - uses: actions/setup-python@v5 with: @@ -329,11 +354,18 @@ jobs: - name: Install pytest run: | - pip install pytest + if [ "${{ matrix.build }}" == "wasm-wasi-component" ]; then + pip install pytest + else + sudo -H pip install pytest + fi if: steps.metadata.outputs.module != 'wasm' - name: Run ${{ steps.metadata.outputs.module }} tests run: | - pytest --print-log ${{ steps.metadata.outputs.testpath }} - # Skip pytest if wasm build, as there are no tests yet + if [ "${{ matrix.build }}" == "wasm-wasi-component" ]; then + pytest --print-log ${{ steps.metadata.outputs.testpath }} + else + sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} + fi if: steps.metadata.outputs.module != 'wasm' diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 00000000..dc89c0b2 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,41 @@ +name: CIFuzz +on: + pull_request: + paths: + - 'src/**' + - 'fuzzing/**' + - '.github/workflows/cifuzz.yml' + +permissions: {} +jobs: + Fuzzing: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'unit' + language: c + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'unit' + language: c + fuzz-seconds: 300 + output-sarif: true + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v3 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml new file mode 100644 index 00000000..7664ab0b --- /dev/null +++ b/.github/workflows/unitctl.yml @@ -0,0 +1,205 @@ + +name: unitctl + +on: + pull_request: + paths: + - tools/unitctl/** + - docs/unit-openapi.yaml + push: + branches: + - master + tags: + - '[0-9]+.[0-9]+.[0-9]+' + workflow_dispatch: + inputs: + version: + type: string + description: "Semver tag" + required: true + +permissions: + contents: write + +jobs: + test: + runs-on: ${{ matrix.os }} + defaults: + run: + working-directory: tools/unitctl + env: + MAKE: make + CARGO: cargo + VERSION: + SHORT_VERSION: + strategy: + fail-fast: false + matrix: + include: + - build: linux-x86_64 + os: ubuntu-latest + target: x86_64-unknown-linux-gnu + - build: macos-aarch64 + os: macos-latest + target: aarch64-apple-darwin + steps: + - uses: actions/checkout@v4 + + - run: rustup update stable + - run: rustup target add ${{ matrix.target }} + + - name: Install cross + if: matrix.target == 'aarch64-unknown-linux-gnu' + uses: taiki-e/install-action@v2 + with: + tool: cross + + - name: Install macOS depedencies + if: startsWith(matrix.os, 'macos') + run: | + brew install make gnu-sed grep gawk + echo "MAKE=gmake" >> $GITHUB_ENV + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + + - run: ${{ env.MAKE }} list-targets + + - name: Generate openapi + run: ${{ env.MAKE }} openapi-generate + - name: Test ${{ matrix.os }} + run: ${{ env.MAKE }} test + + build: + runs-on: ${{ matrix.os }} + defaults: + run: + working-directory: tools/unitctl + env: + MAKE: make + CARGO: cargo + VERSION: + SHORT_VERSION: + strategy: + fail-fast: false + matrix: + include: + - build: linux-aarch64 + os: ubuntu-latest + target: aarch64-unknown-linux-gnu + - build: linux-x86_64 + os: ubuntu-latest + target: x86_64-unknown-linux-gnu + - build: macos-aarch64 + os: macos-latest + target: aarch64-apple-darwin + - build: macos-x86_64 + os: macos-latest + target: x86_64-apple-darwin + + steps: + - uses: actions/checkout@v4 + + - run: rustup update stable + - run: rustup target add ${{ matrix.target }} + + - name: Install cross + if: matrix.target == 'aarch64-unknown-linux-gnu' + uses: taiki-e/install-action@v2 + with: + tool: cross + + - uses: Swatinem/rust-cache@v2 + with: + prefix-key: rust-${{ matrix.build }} + workspaces: ./tools/unitctl -> target + save-if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') }} + + - name: Configure linux arm dependencies + if: matrix.target == 'aarch64-unknown-linux-gnu' + run: | + cat <<EOF > Cross.toml + [target.aarch64-unknown-linux-gnu] + pre-build = [ + "dpkg --add-architecture \$CROSS_DEB_ARCH", + "apt-get update && apt-get install --assume-yes libssl-dev:\$CROSS_DEB_ARCH" + ] + EOF + + cat Cross.toml + echo "CARGO=cross" >> $GITHUB_ENV + + - name: Install macOS dependencies + if: startsWith(matrix.os, 'macos') + run: | + brew install make gnu-sed grep gawk + echo "MAKE=gmake" >> $GITHUB_ENV + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + + - run: ${{ env.MAKE }} list-targets + + - name: Make unitctl (${{ env.MAKE }}, ${{ matrix.target }}) + run: ${{ env.MAKE }} ${{ matrix.target }} + + - name: Get the version from the tag + run: | + version=${version:=${{ github.ref_name }}} + short="${version#*/}" + echo $version; echo $short + echo "VERSION=$version" >> $GITHUB_ENV + echo "SHORT_VERSION=$short" >> $GITHUB_ENV + + - name: Generate sha256 sum + run: | + shasum -a 256 ./target/${{ matrix.target }}/release/unitctl > unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + mv ./target/${{ matrix.target }}/release/unitctl unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + + - name: Upload sha256 sum + uses: actions/upload-artifact@v4 + with: + name: unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + path: tools/unitctl/unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + + - name: Upload unitctl + uses: actions/upload-artifact@v4 + with: + name: unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + path: tools/unitctl/unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + + release: + # Create a draft release if a tag + if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' + needs: [build] + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v4 + with: + merge-multiple: true + + - name: Create GitHub release + uses: ncipollo/release-action@v1 + with: + artifacts: "unitctl-*" + prerelease: ${{ github.event_name == 'workflow_dispatch' }} + tag: ${{ inputs.version && format('unitctl/{0}', inputs.version) || github.ref_name }} + body: > + ## Unitctl + + This is a released binary of unitctl. + + Unitctl is an official command line tool for managing Unit installations. + + + ## Unit + + For the current release of the NGINX Unit application server check the + [Unit Installation Guide](https://unit.nginx.org/installation/) and the + [Unit Quickstart Guide](https://github.com/nginx/unit/). + + allowUpdates: true |