diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh deleted file mode 100755 index 4e6f6a1af1..0000000000 --- a/.github/workflows/build_test.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: LGPL-2.1-or-later - -set -ex - -info() { echo -e "\033[33;1m$1\033[0m"; } -fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; } -success() { echo >&2 -e "\033[32;1m$1\033[0m"; } - -ARGS=( - "--optimization=0" - "--optimization=s -Dgnu-efi=true -Defi-cflags=-m32 -Defi-libdir=/usr/lib32" - "--optimization=3 -Db_lto=true -Ddns-over-tls=false" - "--optimization=3 -Db_lto=false" - "--optimization=3 -Ddns-over-tls=openssl" - "--optimization=3 -Dfexecve=true -Dstandalone-binaries=true -Dstatic-libsystemd=true -Dstatic-libudev=true" - "-Db_ndebug=true" -) -PACKAGES=( - cryptsetup-bin - expect - fdisk - gettext - iputils-ping - isc-dhcp-client - itstool - kbd - libblkid-dev - libbpf-dev - libc6-dev-i386 - libcap-dev - libcurl4-gnutls-dev - libfdisk-dev - libfido2-dev - libgpg-error-dev - liblz4-dev - liblzma-dev - libmicrohttpd-dev - libmount-dev - libp11-kit-dev - libpwquality-dev - libqrencode-dev - libssl-dev - libtss2-dev - libxkbcommon-dev - libxtables-dev - libzstd-dev - mount - net-tools - perl - python3-evdev - python3-jinja2 - python3-lxml - python3-pip - python3-pyparsing - python3-setuptools - quota - strace - unifont - util-linux - zstd -) -COMPILER="${COMPILER:?}" -COMPILER_VERSION="${COMPILER_VERSION:?}" -LINKER="${LINKER:?}" -CRYPTOLIB="${CRYPTOLIB:?}" -RELEASE="$(lsb_release -cs)" - -bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list" - -# Note: As we use postfixed clang/gcc binaries, we need to override $AR -# as well, otherwise meson falls back to ar from binutils which -# doesn't work with LTO -if [[ "$COMPILER" == clang ]]; then - CC="clang-$COMPILER_VERSION" - CXX="clang++-$COMPILER_VERSION" - AR="llvm-ar-$COMPILER_VERSION" - - # Prefer the distro version if available - if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then - # Latest LLVM stack deb packages provided by https://apt.llvm.org/ - # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg - printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ - "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list - fi - - PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") -elif [[ "$COMPILER" == gcc ]]; then - CC="gcc-$COMPILER_VERSION" - CXX="g++-$COMPILER_VERSION" - AR="gcc-ar-$COMPILER_VERSION" - - if ! apt install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then - # Latest gcc stack deb packages provided by - # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test - add-apt-repository -y ppa:ubuntu-toolchain-r/test - fi - - PACKAGES+=("gcc-$COMPILER_VERSION" "gcc-$COMPILER_VERSION-multilib") -else - fatal "Unknown compiler: $COMPILER" -fi - -# PPA with some newer build dependencies (like zstd) -add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci -apt-get -y update -apt-get -y build-dep systemd -apt-get -y install "${PACKAGES[@]}" -# Install more or less recent meson and ninja with pip, since the distro versions don't -# always support all the features we need (like --optimization=). Since the build-dep -# command above installs the distro versions, let's install the pip ones just -# locally and add the local bin directory to the $PATH. -pip3 install --user -r .github/workflows/requirements.txt --require-hashes -export PATH="$HOME/.local/bin:$PATH" - -$CC --version -meson --version -ninja --version - -for args in "${ARGS[@]}"; do - SECONDS=0 - - # meson fails with - # src/boot/efi/meson.build:52: WARNING: Not using lld as efi-ld, falling back to bfd - # src/boot/efi/meson.build:52:16: ERROR: Fatal warnings enabled, aborting - # when LINKER is set to lld so let's just not turn meson warnings into errors with lld - # to make sure that the build systemd can pick up the correct efi-ld linker automatically. - - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' - if [[ "$LINKER" != lld ]]; then - additional_meson_args="--fatal-meson-warnings" - fi - info "Checking build with $args" - # shellcheck disable=SC2086 - if ! AR="$AR" \ - CC="$CC" CC_LD="$LINKER" CFLAGS="-Werror" \ - CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="-Werror" \ - meson -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \ - -Dnobody-group=nogroup $additional_meson_args \ - -Dcryptolib="${CRYPTOLIB:?}" $args build; then - - cat build/meson-logs/meson-log.txt - fatal "meson failed with $args" - fi - - if ! meson compile -C build -v; then - fatal "'meson compile' failed with $args" - fi - - for loader in build/src/boot/efi/*.efi; do - if sbverify --list "$loader" |& grep -q "gap in section table"; then - fatal "$loader: Gaps found in section table" - fi - done - - git clean -dxf - - success "Build with $args passed in $SECONDS seconds" -done diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml deleted file mode 100644 index 8a19d5a937..0000000000 --- a/.github/workflows/build_test.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: Build test -on: - pull_request: - paths: - - '**/meson.build' - - '.github/workflows/**' - - 'meson_options.txt' - - 'src/**' - - 'test/fuzz/**' - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-22.04 - concurrency: - group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false - matrix: - env: - - { COMPILER: "gcc", COMPILER_VERSION: "11", LINKER: "bfd", CRYPTOLIB: "gcrypt" } - - { COMPILER: "gcc", COMPILER_VERSION: "12", LINKER: "gold", CRYPTOLIB: "openssl" } - - { COMPILER: "clang", COMPILER_VERSION: "12", LINKER: "gold", CRYPTOLIB: "gcrypt" } - - { COMPILER: "clang", COMPILER_VERSION: "13", LINKER: "lld", CRYPTOLIB: "openssl" } - - { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "bfd", CRYPTOLIB: "auto" } - env: ${{ matrix.env }} - steps: - - name: Repository checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - name: ${{ format('Build check ({0}-{1}-{2}-{3})', env.COMPILER, env.COMPILER_VERSION, env.LINKER, env.CRYPTOLIB) }} - run: sudo -E .github/workflows/build_test.sh diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml deleted file mode 100644 index a35a97f046..0000000000 --- a/.github/workflows/cflite_pr.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: ClusterFuzzLite PR fuzzing -on: - pull_request: - branches: - - main - - v[0-9]+-stable - -permissions: read-all - -jobs: - PR: - runs-on: ubuntu-latest - if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]' - concurrency: - group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false - matrix: - sanitizer: [address, undefined, memory] - steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 - with: - sanitizer: ${{ matrix.sanitizer }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Run Fuzzers (${{ matrix.sanitizer }}) - id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - fuzz-seconds: 1200 - mode: 'code-change' - sanitizer: ${{ matrix.sanitizer }} diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml deleted file mode 100644 index 25731abc5a..0000000000 --- a/.github/workflows/cifuzz.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ - -name: CIFuzz - -permissions: - contents: read - -on: - pull_request: - paths: - - '**/meson.build' - - '.github/workflows/**' - - 'meson_options.txt' - - 'src/**' - - 'test/fuzz/**' - - 'tools/oss-fuzz.sh' - push: - branches: - - main -jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' - concurrency: - group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false - matrix: - sanitizer: [address, undefined, memory] - architecture: [x86_64] - include: - - sanitizer: address - architecture: i386 - steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'systemd' - dry-run: false - allowed-broken-targets-percentage: 0 - # keep-unaffected-fuzz-targets should be removed once https://github.com/google/oss-fuzz/issues/7011 is fixed - keep-unaffected-fuzz-targets: true - sanitizer: ${{ matrix.sanitizer }} - architecture: ${{ matrix.architecture }} - - name: Run Fuzzers (${{ matrix.sanitizer }}) - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'systemd' - fuzz-seconds: 600 - dry-run: false - sanitizer: ${{ matrix.sanitizer }} - - name: Upload Crash - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 - if: failure() && steps.build.outcome == 'success' - with: - name: ${{ matrix.sanitizer }}-${{ matrix.architecture }}-artifacts - path: ./out/artifacts diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 73bea19b13..0000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: "CodeQL" - -on: - pull_request: - branches: [main] - paths: - - .github/codeql-config.yml - - .github/codeql-custom.qls - - .github/workflows/codeql-analysis.yml - - .github/workflows/requirements.txt - - .github/workflows/unit_tests.sh - # It takes the workflow approximately 30 minutes to analyze the code base - # so it doesn't seem to make much sense to trigger it on every PR or commit. - # It runs daily at 01:00 to avoid colliding with the Coverity workflow. - schedule: - - cron: '0 1 * * *' - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-22.04 - concurrency: - group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} - cancel-in-progress: true - permissions: - actions: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp', 'python' ] - - steps: - - name: Checkout repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - - name: Initialize CodeQL - uses: github/codeql-action/init@0c670bbf0414f39666df6ce8e718ec5662c21e03 - with: - languages: ${{ matrix.language }} - config-file: ./.github/codeql-config.yml - - - run: sudo -E .github/workflows/unit_tests.sh SETUP - - - name: Autobuild - uses: github/codeql-action/autobuild@0c670bbf0414f39666df6ce8e718ec5662c21e03 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0c670bbf0414f39666df6ce8e718ec5662c21e03 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml deleted file mode 100644 index 904a6895fd..0000000000 --- a/.github/workflows/coverity.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: Coverity - -on: - schedule: - # Run Coverity daily at midnight - - cron: '0 0 * * *' - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-22.04 - if: github.repository == 'systemd/systemd' - env: - COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}" - COVERITY_SCAN_NOTIFICATION_EMAIL: "" - COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}" - # Set in repo settings -> secrets -> repository secrets - COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" - CURRENT_REF: "${{ github.ref }}" - steps: - - name: Repository checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable - - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable - run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> "$GITHUB_ENV" - - name: Install Coverity tools - run: tools/get-coverity.sh - # Reuse the setup phase of the unit test script to avoid code duplication - - name: Install build dependencies - run: sudo -E .github/workflows/unit_tests.sh SETUP - # Preconfigure with meson to prevent Coverity from capturing meson metadata - - name: Preconfigure the build directory - run: meson cov-build -Dman=false - - name: Build - run: tools/coverity.sh build - - name: Upload the results - run: tools/coverity.sh upload diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml deleted file mode 100644 index 094f72c4b9..0000000000 --- a/.github/workflows/issue_labeler.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- - -name: Issue labeler -on: - issues: - types: [ opened ] - -permissions: - contents: read - -jobs: - label-component: - runs-on: ubuntu-22.04 - - permissions: - issues: write - - strategy: - matrix: - template: [ bug_report.yml, feature_request.yml ] - - steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 - with: - node-version: '16' - - - name: Parse issue form - uses: stefanbuck/github-issue-parser@fc06b2a0adc5ccb7702ab6b641fd8a742a5e9cc0 - id: issue-parser - with: - template-path: .github/ISSUE_TEMPLATE/${{ matrix.template }} - - - name: Set labels based on component field - uses: redhat-plumbers-in-action/advanced-issue-labeler@b89eb39b97529bb7596cb4e716485a6d6f7dd74a - with: - issue-form: ${{ steps.issue-parser.outputs.jsonString }} - section: component - block-list: | - other - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml deleted file mode 100644 index 680a2c17a7..0000000000 --- a/.github/workflows/labeler.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: "Pull Request Labeler" - -on: -- pull_request_target - -permissions: - contents: read - -jobs: - triage: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: actions/labeler@9fd24f1f9d6ceb64ba34d181b329ee72f99978a0 - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" - configuration-path: .github/labeler.yml - sync-labels: "" # This is a workaround for issue 18671 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml deleted file mode 100644 index 0612a709ce..0000000000 --- a/.github/workflows/linter.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# https://github.com/marketplace/actions/super-linter -name: Lint Code Base - -on: - pull_request: - branches: - - main - - v[0-9]+-stable - -permissions: - contents: read - -jobs: - build: - name: Lint Code Base - runs-on: ubuntu-latest - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - steps: - - name: Repo checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - # We need a full repo clone - fetch-depth: 0 - - - name: Lint Code Base - uses: github/super-linter/slim@2d64ac1c067c34beaf7d24cc12733cd46236f76e - env: - DEFAULT_BRANCH: main - MULTI_STATUS: false - # Excludes: - # - man/.* - all snippets in man pages (false positives due to - # missing shebangs) - # - .*\.(in|SKELETON) - all template/skeleton files - # except kernel-install - # - tools/coverity\.sh - external file (with some modifications) - FILTER_REGEX_EXCLUDE: .*/(man/.*|([^k]|k(k|ek)*([^ek]|e[^kr]))*(k(k|ek)*e?)?\.(in|SKELETON)|tools/coverity\.sh)$ - VALIDATE_ALL_CODEBASE: false - VALIDATE_BASH: true - VALIDATE_GITHUB_ACTIONS: true diff --git a/.github/workflows/run_mkosi.sh b/.github/workflows/run_mkosi.sh index 153ebe3d37..acdb3fcee1 100755 --- a/.github/workflows/run_mkosi.sh +++ b/.github/workflows/run_mkosi.sh @@ -20,7 +20,7 @@ ln -s /dev/null "$TEMP_EXTRA_TREE/etc/systemd/system/isc-dhcp-server6.service" for ((i = 0; i < 5; i++)); do EC=0 - (sudo python3 -m mkosi --extra-tree="$TEMP_EXTRA_TREE" "$@") |& tee "$TEMPFILE" || EC=$? + (sudo timeout -k 30 10m python3 -m mkosi --extra-tree="$TEMP_EXTRA_TREE" "$@") |& tee "$TEMPFILE" || EC=$? if [[ $EC -eq 0 ]]; then # The command passed — let's return immediately break diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh deleted file mode 100755 index affd1e9357..0000000000 --- a/.github/workflows/unit_tests.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: LGPL-2.1-or-later - -# shellcheck disable=SC2206 -PHASES=(${@:-SETUP RUN RUN_ASAN_UBSAN CLEANUP}) -RELEASE="$(lsb_release -cs)" -ADDITIONAL_DEPS=( - clang - expect - fdisk - jekyll - libbpf-dev - libfdisk-dev - libfido2-dev - libp11-kit-dev - libpwquality-dev - libqrencode-dev - libssl-dev - libtss2-dev - libxkbcommon-dev - libzstd-dev - perl - python3-libevdev - python3-pyparsing - rpm - zstd -) - -function info() { - echo -e "\033[33;1m$1\033[0m" -} - -function run_meson() { - if ! meson "$@"; then - find . -type f -name meson-log.txt -exec cat '{}' + - return 1 - fi -} - -set -ex - -MESON_ARGS=(-Dcryptolib=${CRYPTOLIB:-auto}) - -for phase in "${PHASES[@]}"; do - case $phase in - SETUP) - info "Setup phase" - bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list" - # PPA with some newer build dependencies - add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci - apt-get -y update - apt-get -y build-dep systemd - apt-get -y install "${ADDITIONAL_DEPS[@]}" - pip3 install -r .github/workflows/requirements.txt --require-hashes - ;; - RUN|RUN_GCC|RUN_CLANG|RUN_CLANG_RELEASE) - if [[ "$phase" =~ ^RUN_CLANG ]]; then - export CC=clang - export CXX=clang++ - if [[ "$phase" == RUN_CLANG ]]; then - # The docs build is slow and is not affected by compiler/flags, so do it just once - MESON_ARGS+=(-Dman=true) - else - MESON_ARGS+=(-Dmode=release --optimization=2) - fi - fi - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' - MESON_ARGS+=(--fatal-meson-warnings) - run_meson -Dnobody-group=nogroup --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true "${MESON_ARGS[@]}" build - ninja -C build -v - meson test -C build --print-errorlogs - ;; - RUN_ASAN_UBSAN|RUN_GCC_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN_NO_DEPS) - MESON_ARGS=(--optimization=1) - - if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then - export CC=clang - export CXX=clang++ - # Build fuzzer regression tests only with clang (for now), - # see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604 - # -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764 - MESON_ARGS+=(-Db_lundef=false -Dfuzz-tests=true) - - if [[ "$phase" == "RUN_CLANG_ASAN_UBSAN_NO_DEPS" ]]; then - MESON_ARGS+=(-Dskip-deps=true) - fi - fi - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' - MESON_ARGS+=(--fatal-meson-warnings) - run_meson -Dnobody-group=nogroup --werror -Dtests=unsafe -Db_sanitize=address,undefined "${MESON_ARGS[@]}" build - ninja -C build -v - - export ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1 - # Never remove halt_on_error from UBSAN_OPTIONS. See https://github.com/systemd/systemd/commit/2614d83aa06592aedb. - export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 - - # FIXME - # For some strange reason the GH Actions VM stops responding after - # executing first ~150 tests, _unless_ there's something producing - # output (either running `meson test` in verbose mode, or something - # else in background). Despite my efforts so far I haven't been able - # to identify the culprit (since the issue is not reproducible - # during debugging, wonderful), so let's at least keep a workaround - # here to make the builds stable for the time being. - (set +x; while :; do echo -ne "\n[WATCHDOG] $(date)\n"; sleep 30; done) & - meson test --timeout-multiplier=3 -C build --print-errorlogs - ;; - CLEANUP) - info "Cleanup phase" - ;; - *) - echo >&2 "Unknown phase '$phase'" - exit 1 - esac -done diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml deleted file mode 100644 index cd6c33eb64..0000000000 --- a/.github/workflows/unit_tests.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# vi: ts=2 sw=2 et: -# SPDX-License-Identifier: LGPL-2.1-or-later -# -name: Unit tests -on: - pull_request: - branches: - - main - - v[0-9]+-stable - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-22.04 - concurrency: - group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false - matrix: - run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_RELEASE, CLANG_ASAN_UBSAN, CLANG_ASAN_UBSAN_NO_DEPS] - cryptolib: [auto] - include: - - run_phase: GCC - cryptolib: openssl - - run_phase: CLANG - cryptolib: gcrypt - steps: - - name: Repository checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - name: Install build dependencies - run: | - # Drop XDG_* stuff from /etc/environment, so we don't get the user - # XDG_* variables when running under sudo - sudo sed -i '/^XDG_/d' /etc/environment - # Pass only specific env variables through sudo, to avoid having - # the already existing XDG_* stuff on the "other side" - sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP - - name: Build & test (${{ matrix.run_phase }}-${{ matrix.cryptolib }}) - run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }} - env: - CRYPTOLIB: ${{ matrix.cryptolib }}