Skip to content

auth: added a new config for direct queries of dnskey signature #9711

auth: added a new config for direct queries of dnskey signature

auth: added a new config for direct queries of dnskey signature #9711

---
name: 'Build and test everything'
on:
push:
pull_request:
workflow_call:
inputs:
branch-name:
description: 'Checkout to a specific branch'
required: true
default: ''
type: string
runner-docker-image-name:
description: 'Image name to be used for running all jobs'
required: false
default: ''
type: string
schedule:
- cron: '0 22 * * 3'
permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
contents: read
env:
COMPILER: clang
CLANG_VERSION: '13'
# github.workspace variable points to the Runner home folder. Container home folder defined below.
REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}'
BUILDER_VERSION: '0.0.0-git1'
COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }}
LLVM_PROFILE_FILE: "/tmp/code-%p.profraw"
OPTIMIZATIONS: yes
DECAF_SUPPORT: yes
jobs:
get-runner-container-image:
name: generate docker runner image name
runs-on: ubuntu-22.04
outputs:
id: ${{ steps.get-runner-image.outputs.image-id }}
tag: ${{ steps.get-runner-image.outputs.tag }}
env:
DEFAULT_RUNNER_DOCKER_IMAGE: base-pdns-ci-image/debian-12-pdns-base
DEFAULT_IMAGE_TAG: master # update when backporting, e.g. auth-4.9.x
steps:
- id: get-runner-image
run: |
echo "image-id=ghcr.io/powerdns/${{ inputs.runner-docker-image-name || env.DEFAULT_RUNNER_DOCKER_IMAGE }}" >> "$GITHUB_OUTPUT"
echo "tag=${{ env.DEFAULT_IMAGE_TAG }}" >> "$GITHUB_OUTPUT"
build-auth:
name: build auth
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
needs: get-runner-container-image
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
FUZZING_TARGETS: yes
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
strategy:
matrix:
include:
- builder: autotools
sanitizers: asan+ubsan
- builder: meson
sanitizers: address,undefined
build_option: '--meson'
fail-fast: false
defaults:
run:
working-directory: ./pdns-${{ env.BUILDER_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: auth-ccache-${{ matrix.builder }}-${{ steps.get-stamp.outputs.stamp }}
restore-keys: auth-ccache-${{ matrix.builder }}
- name: set sanitizers
run: echo "SANITIZERS=${{ matrix.sanitizers }}" >> "$GITHUB_ENV"
working-directory: .
- run: inv install-auth-build-deps
working-directory: .
- run: inv ci-autoconf ${{ matrix.build_option }}
working-directory: .
- run: inv ci-auth-configure ${{ matrix.build_option }} -b pdns-${{ env.BUILDER_VERSION }}
working-directory: .
- run: inv ci-auth-build ${{ matrix.build_option }} # This runs under pdns-$BUILDER_VERSION/pdns/ for make bear
- run: inv ci-auth-install-remotebackend-test-deps
- if: ${{ matrix.builder == 'meson' }}
run: inv install-auth-test-deps-only -b geoip
- run: inv ci-auth-run-unit-tests ${{ matrix.build_option }}
env:
PDNS_BUILD_PATH: ../pdns-${{ env.BUILDER_VERSION }}
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }}
working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns
- name: Coveralls Parallel auth unit
if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }}
uses: coverallsapp/github-action@v2
with:
flag-name: auth-unit-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
- run: inv ci-auth-install ${{ matrix.build_option }}
- run: ccache -s
- if: ${{ matrix.builder != 'meson' }}
run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- if: ${{ matrix.builder != 'meson' }}
name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: pdns-auth-${{ env.normalized-branch-name }}
path: /opt/pdns-auth
retention-days: 1
build-recursor:
name: build recursor
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
needs: get-runner-container-image
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
features: [least, full]
exclude:
- sanitizers: tsan
features: least
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
SANITIZERS: ${{ matrix.sanitizers }}
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
defaults:
run:
working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
restore-keys: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/recursordist/
- run: inv ci-autoconf
working-directory: ./pdns/recursordist/
- run: inv ci-rec-configure ${{ matrix.features }}
working-directory: ./pdns/recursordist/
- run: inv ci-make-distdir
working-directory: ./pdns/recursordist/
- run: inv ci-rec-configure ${{ matrix.features }}
- run: inv ci-rec-make-bear
- run: inv ci-rec-run-unit-tests
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel rec unit
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
- run: inv ci-make-install
- run: ccache -s
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: pdns-recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
retention-days: 1
build-dnsdist:
name: build dnsdist
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
needs: get-runner-container-image
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
features: [least, full]
exclude:
- sanitizers: tsan
features: least
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
SANITIZERS: ${{ matrix.sanitizers }}
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
UNIT_TESTS: yes
FUZZING_TARGETS: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
defaults:
run:
working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: get timestamp for cache
id: get-stamp
run: |
echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
shell: bash
working-directory: .
- run: mkdir -p ~/.ccache
working-directory: .
- name: let GitHub cache our ccache data
uses: actions/cache@v4
with:
path: ~/.ccache
key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-make-distdir
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure ${{ matrix.features }}
- run: inv ci-dnsdist-make-bear
- run: inv ci-dnsdist-run-unit-tests
- run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist unit
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
- run: inv ci-make-install
- run: ccache -s
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Store the binaries
uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
with:
name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
retention-days: 1
test-auth-api:
needs:
- build-auth
- get-runner-container-image
runs-on: ubuntu-22.04
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
AUTH_BACKEND_IP_ADDR: "172.17.0.1"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
strategy:
matrix:
include:
- backend: gsqlite3
image: coscale/docker-sleep
- backend: gmysql
image: mysql:5
- backend: gpgsql
image: postgres:9
- backend: lmdb
image: coscale/docker-sleep
fail-fast: false
services:
database:
image: ${{ matrix.image }}
env:
POSTGRES_USER: runner
POSTGRES_HOST_AUTH_METHOD: trust
MYSQL_ALLOW_EMPTY_PASSWORD: 1
ports:
- 3306:3306
- 5432:5432
# FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
options: >-
--restart always
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-auth-${{ env.normalized-branch-name }}
path: /opt/pdns-auth
- run: inv apt-fresh
- run: inv install-clang-runtime
- run: inv install-auth-test-deps -b ${{ matrix.backend }}
- run: inv test-api auth -b ${{ matrix.backend }}
- run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' }}
- name: Coveralls Parallel auth API ${{ matrix.backend }}
if: ${{ env.COVERAGE == 'yes' }}
uses: coverallsapp/github-action@v2
with:
flag-name: auth-api-${{ matrix.backend }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-auth-backend:
needs:
- build-auth
- get-runner-container-image
runs-on: ubuntu-22.04
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
ASAN_OPTIONS: detect_leaks=0
LDAPHOST: ldap://ldapserver/
ODBCINI: /github/home/.odbc.ini
AUTH_BACKEND_IP_ADDR: "172.17.0.1"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
strategy:
matrix:
include:
- backend: remote
image: coscale/docker-sleep
env: {}
ports: []
- backend: gmysql
image: mysql:5
env:
MYSQL_ALLOW_EMPTY_PASSWORD: 1
ports:
- 3306:3306
- backend: gmysql
image: mariadb:10
env:
MYSQL_ALLOW_EMPTY_PASSWORD: 1
ports:
- 3306:3306
- backend: gpgsql
image: postgres:9
env:
POSTGRES_USER: runner
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
- backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms
image: coscale/docker-sleep
env: {}
ports: []
- backend: lmdb
image: coscale/docker-sleep
env: {}
ports: []
- backend: bind
image: coscale/docker-sleep
env: {}
ports: []
- backend: geoip
image: coscale/docker-sleep
env: {}
ports: []
- backend: lua2
image: coscale/docker-sleep
env: {}
ports: []
- backend: tinydns
image: coscale/docker-sleep
env: {}
ports: []
- backend: authpy
image: coscale/docker-sleep
env: {}
ports: []
- backend: godbc_sqlite3
image: coscale/docker-sleep
env: {}
ports: []
- backend: godbc_mssql
image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu
env:
ACCEPT_EULA: Y
SA_PASSWORD: 'SAsa12%%-not-a-secret-password'
ports:
- 1433:1433
- backend: ldap
image: powerdns/ldap-regress:1.2.4-1
env:
LDAP_LOG_LEVEL: 0
CONTAINER_LOG_LEVEL: 4
ports:
- 389:389
- backend: geoip_mmdb
image: coscale/docker-sleep
env: {}
ports: []
fail-fast: false
services:
database:
image: ${{ matrix.image }}
env: ${{ matrix.env }}
ports: ${{ matrix.ports }}
# FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
options: >-
--restart always
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-auth-${{ env.normalized-branch-name }}
path: /opt/pdns-auth
# FIXME: install recursor for backends that have ALIAS
- run: inv install-clang-runtime
- run: inv install-auth-test-deps -b ${{ matrix.backend }}
- run: inv test-auth-backend -b ${{ matrix.backend }}
- run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' }}
- name: Coveralls Parallel auth backend ${{ matrix.backend }}
if: ${{ env.COVERAGE == 'yes' }}
uses: coverallsapp/github-action@v2
with:
flag-name: auth-backend-${{ matrix.backend }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-ixfrdist:
needs:
- build-auth
- get-runner-container-image
runs-on: ubuntu-22.04
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
ASAN_OPTIONS: detect_leaks=0
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-auth-${{ env.normalized-branch-name }}
path: /opt/pdns-auth
- run: inv install-clang-runtime
- run: inv install-auth-test-deps
- run: inv test-ixfrdist
- run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' }}
- name: Coveralls Parallel ixfrdist
if: ${{ env.COVERAGE == 'yes' }}
uses: coverallsapp/github-action@v2
with:
flag-name: ixfrdist
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-recursor-api:
needs:
- build-recursor
- get-runner-container-image
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
dist_name: [debian]
pdns_repo_version: ['48']
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv apt-fresh
- run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }}
- run: inv install-clang-runtime
- run: inv install-rec-test-deps
- run: inv test-api recursor
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor API
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-api-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-recursor-regression:
needs:
- build-recursor
- get-runner-container-image
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
dist_name: [debian]
pdns_repo_version: ['48']
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
ASAN_OPTIONS: ""
LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-lsan.supp"
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
# - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv apt-fresh
- run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }}
- run: inv install-clang-runtime
- run: inv install-rec-test-deps
- run: inv test-regression-recursor
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor regression
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-regression-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-recursor-bulk:
name: 'test rec *mini* bulk'
needs:
- build-recursor
- get-runner-container-image
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
threads: [1, 2, 3, 4, 8]
mthreads: [2048]
shards: [1, 2, 1024]
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
ASAN_OPTIONS: detect_leaks=0
TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/pdns-recursor
- run: inv install-clang-runtime
- run: inv install-rec-bulk-deps
- run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
- run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel recursor bulk
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: rec-regression-bulk-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
test-dnsdist-regression:
needs:
- build-dnsdist
- get-runner-container-image
runs-on: ubuntu-22.04
strategy:
matrix:
sanitizers: [ubsan+asan, tsan]
container:
image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
env:
UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
# Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
ASAN_OPTIONS: intercept_send=0
LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-lsan.supp"
TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
# IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
SKIP_INCLUDEDIR_TESTS: yes
SANITIZERS: ${{ matrix.sanitizers }}
COVERAGE: yes
options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
- name: Fetch the binaries
uses: actions/download-artifact@v4
with:
name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
path: /opt/dnsdist
- run: inv install-clang-runtime
- run: inv install-dnsdist-test-deps $([ "$(. /etc/os-release && echo $VERSION_CODENAME)" = "bullseye" ] && echo "--skipXDP=True")
- run: inv test-dnsdist
- run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
- name: Coveralls Parallel dnsdist regression
if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
uses: coverallsapp/github-action@v2
with:
flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
parallel: true
allow-empty: true
fail-on-error: false
swagger-syntax-check:
if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
runs-on: ubuntu-22.04
# FIXME: https://github.com/PowerDNS/pdns/pull/12880
# container:
# image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
# options: --sysctl net.ipv6.conf.all.disable_ipv6=0
steps:
- uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- run: inv install-swagger-tools
- run: inv swagger-syntax-check
collect:
needs:
- build-auth
- build-dnsdist
- build-recursor
- swagger-syntax-check
- test-auth-api
- test-auth-backend
- test-dnsdist-regression
- test-ixfrdist
- test-recursor-api
- test-recursor-regression
- test-recursor-bulk
if: success() || failure()
runs-on: ubuntu-22.04
steps:
- name: Coveralls Parallel Finished
if: ${{ env.COVERAGE == 'yes' }}
uses: coverallsapp/github-action@v2
with:
parallel-finished: true
fail-on-error: false
- name: Install jq and jc
run: "sudo apt-get update && sudo apt-get install jq jc"
- name: Fail job if any of the previous jobs failed
run: "for i in `echo '${{ toJSON(needs) }}' | jq -r '.[].result'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;"
- uses: actions/checkout@v4
with:
fetch-depth: 5
submodules: recursive
ref: ${{ inputs.branch-name }}
- name: Get list of jobs in the workflow
run: "cat .github/workflows/build-and-test-all.yml | jc --yaml | jq -rS '.[].jobs | keys | .[]' | grep -vE 'collect|get-runner-container-image' | tee /tmp/workflow-jobs-list.yml"
- name: Get list of prerequisite jobs
run: "echo '${{ toJSON(needs) }}' | jq -rS 'keys | .[]' | tee /tmp/workflow-needs-list.yml"
- name: Fail if there is a job missing on the needs list
run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi"
# FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier