209a558c566addb9551ba1c31d8466356273b8be
[tinc] / .github / workflows / test.yml
1 name: Test
2
3 on:
4   push:
5   pull_request:
6     types:
7       - opened
8       - synchronize
9
10 jobs:
11   cross:
12     runs-on: ubuntu-latest
13     timeout-minutes: 30
14     strategy:
15       fail-fast: false
16       matrix:
17         arch:
18           - armhf
19           - mipsel
20           - mingw
21
22     container:
23       image: debian:bullseye
24       options: --privileged
25
26     steps:
27       - name: Checkout code
28         uses: actions/checkout@v1
29
30       - name: Install deps
31         run: HOST=${{ matrix.arch }} sh .ci/deps.sh
32
33       - name: Prepare the system
34         run: HOST=${{ matrix.arch }} sh .ci/test/prepare.sh
35
36       - name: Run tests with default settings
37         run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh default
38
39       - name: Run tests without legacy protocol
40         run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh nolegacy
41         if: always()
42
43       - name: Run tests with libgcrypt
44         run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh gcrypt
45
46       - name: Upload test results
47         uses: actions/upload-artifact@v2
48         with:
49           name: tests_cross_${{ matrix.arch }}
50           path: /tmp/logs/tests.*.tar.gz
51         if: always()
52
53   static-analysis:
54     runs-on: ubuntu-latest
55     timeout-minutes: 30
56     steps:
57       - name: Checkout code
58         uses: actions/checkout@v1
59
60       - name: Install tools
61         run: |
62           sudo apt-get install -y astyle clang-tidy-$CLANG
63           sudo update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-$CLANG 100
64           curl -OL "https://github.com/koalaman/shellcheck/releases/download/v$SHELLCHECK/shellcheck-v${SHELLCHECK}.linux.x86_64.tar.xz"
65           tar -C ~ --strip-components=1 --wildcards -xf ./shellcheck-*.tar.xz 'shellcheck-*/shellcheck'
66           curl -o ~/shfmt -L "https://github.com/mvdan/sh/releases/download/v$SHFMT/shfmt_v${SHFMT}_linux_amd64"
67           chmod 755 ~/shfmt ~/shellcheck
68           python3 -m venv /tmp/venv
69           . /tmp/venv/bin/activate
70           pip3 install black pylint mypy
71         env:
72           CLANG: 11
73           SHELLCHECK: 0.7.2
74           SHFMT: 3.3.0
75
76       - name: Install deps
77         run: sudo SKIP_OPENSSL3=1 sh .ci/deps.sh
78
79       - name: Lint/typecheck/check formatting on C/shell/Python code
80         run: |
81           . /tmp/venv/bin/activate
82           PATH=$PATH:$HOME ./lint.py
83         if: always()
84
85       - name: Run clang-tidy
86         run: sh .ci/tidy/run.sh
87         if: always()
88
89       - name: Check warnings (gcc)
90         run: bash .ci/warn/run.sh
91         env:
92           CC: gcc-10
93         if: always()
94
95       - name: Check warnings (clang)
96         run: bash .ci/warn/run.sh
97         env:
98           CC: clang-12
99         if: always()
100
101   sanitizer:
102     runs-on: ubuntu-latest
103     timeout-minutes: 30
104     strategy:
105       fail-fast: false
106       matrix:
107         sanitizer:
108           - address
109           - thread
110           - undefined
111     env:
112       SANITIZER: "${{ matrix.sanitizer }}"
113
114     steps:
115       - name: Checkout code
116         uses: actions/checkout@v1
117
118       - name: Install deps
119         run: sudo sh .ci/deps.sh
120
121       - name: Run tests with OpenSSL 3
122         run: bash .ci/sanitizers/run.sh openssl3
123
124       - name: Sanitize tests with default settings
125         run: bash .ci/sanitizers/run.sh default
126
127       - name: Sanitize tests without legacy protocol
128         run: bash .ci/sanitizers/run.sh nolegacy
129         if: always()
130
131       - name: Upload test results
132         uses: actions/upload-artifact@v2
133         with:
134           name: tests_sanitizer_${{ matrix.sanitizer }}
135           path: /tmp/logs/tests.*.tar.gz
136         if: always()
137
138   linux:
139     runs-on: ubuntu-latest
140     timeout-minutes: 30
141     strategy:
142       fail-fast: false
143       matrix:
144         os:
145           - alpine
146           - centos:7 # aka RHEL 7
147           - almalinux:8 # aka RHEL 8
148           - fedora
149           - debian:buster
150           - debian:bullseye
151           - debian:testing
152           - ubuntu # current LTS
153           - ubuntu:rolling # latest
154     container:
155       image: ${{ matrix.os }}
156       options: --privileged
157       env:
158         CI: 1
159     steps:
160       - name: Checkout code
161         uses: actions/checkout@v1
162
163       - name: Install deps
164         run: sh .ci/deps.sh
165
166       - name: Assign name for test results artifact
167         run: echo ARTIFACT="$(echo '${{ matrix.os }}' | sed 's|[:/]|_|g')" >>"$GITHUB_ENV"
168
169       - name: Create a non-privileged user
170         run: sh .ci/test/prepare.sh
171
172       - name: Run tests with OpenSSL 3
173         run: sudo -u build CI=1 sh .ci/test/run.sh openssl3
174
175       - name: Run tests with default settings
176         run: sudo -u build CI=1 sh .ci/test/run.sh default
177
178       - name: Run tests without legacy protocol
179         run: sudo -u build CI=1 sh .ci/test/run.sh nolegacy
180         if: always()
181
182       - name: Run tests with libgcrypt
183         run: sudo -u build CI=1 sh .ci/test/run.sh gcrypt
184
185       - name: Upload test results
186         uses: actions/upload-artifact@v2
187         with:
188           name: tests_${{ env.ARTIFACT }}
189           path: /tmp/logs/tests.*.tar.gz
190         if: always()
191
192       - name: Build package
193         run: sh .ci/package/build.sh
194         if: github.ref == 'refs/heads/1.1' || startsWith(github.ref, 'refs/tags/release-')
195         continue-on-error: true
196
197       - name: Upload package
198         uses: actions/upload-artifact@v2
199         with:
200           name: pkg-${{ env.ARTIFACT }}
201           path: |
202             *.deb
203             ~/rpmbuild/RPMS/*/*.rpm
204         continue-on-error: true
205
206   pkg-publish:
207     if: always() && (github.ref == 'refs/heads/1.1' || startsWith(github.ref, 'refs/tags/release-'))
208     runs-on: ubuntu-latest
209     continue-on-error: true
210     needs:
211       - linux
212       - mingw
213
214     steps:
215       - name: Create artifact directory
216         run: mkdir -p /tmp/artifacts
217
218       - name: Download packages
219         uses: actions/download-artifact@v2
220         with:
221           path: /tmp/artifacts
222
223       - name: Publish packages (dev)
224         uses: marvinpinto/action-automatic-releases@latest
225         with:
226           repo_token: ${{ secrets.GITHUB_TOKEN }}
227           automatic_release_tag: latest
228           title: Development release
229           prerelease: true
230           files: /tmp/artifacts/**/*.(deb|rpm|exe)
231         if: startsWith(github.ref, 'refs/heads/')
232
233       - name: Publish packages (release)
234         uses: softprops/action-gh-release@v1
235         with:
236           files: |
237             /tmp/artifacts/**/*.deb
238             /tmp/artifacts/**/*.rpm
239             /tmp/artifacts/**/*.exe
240         if: startsWith(github.ref, 'refs/tags/')
241
242   macos:
243     runs-on: macos-latest
244     timeout-minutes: 20
245
246     steps:
247       - name: Checkout code
248         uses: actions/checkout@v1
249
250       - name: Install build deps
251         run: sh .ci/deps.sh
252
253       - name: Run tests with default settings
254         run: sh .ci/test/run.sh default
255
256       - name: Run tests without legacy protocol
257         run: sh .ci/test/run.sh nolegacy
258         if: always()
259
260       - name: Run tests with libgcrypt
261         run: sh .ci/test/run.sh gcrypt
262
263       - name: Upload test results
264         uses: actions/upload-artifact@v2
265         with:
266           name: tests_macos
267           path: /tmp/logs/tests.*.tar.gz
268         if: always()
269
270   mingw:
271     runs-on: windows-latest
272     timeout-minutes: 30
273
274     steps:
275       - name: Install msys2
276         uses: msys2/setup-msys2@v2
277         with:
278           update: true
279           # https://packages.msys2.org/package/
280           install: >-
281             base-devel
282             mingw-w64-x86_64-meson
283             mingw-w64-x86_64-pkgconf
284             mingw-w64-x86_64-gcc
285             mingw-w64-x86_64-openssl
286             mingw-w64-x86_64-libgcrypt
287             mingw-w64-x86_64-zlib
288             mingw-w64-x86_64-lzo2
289             mingw-w64-x86_64-lz4
290             mingw-w64-x86_64-ncurses
291             mingw-w64-x86_64-miniupnpc
292             mingw-w64-x86_64-nsis
293             git
294             openbsd-netcat
295             procps
296
297       - name: Checkout code
298         uses: actions/checkout@v1
299
300       - name: Run tests with default settings
301         shell: msys2 {0}
302         run: sh .ci/test/run.sh default
303
304       - name: Create installer
305         shell: msys2 {0}
306         run: sh .ci/package/build.sh
307         if: github.ref == 'refs/heads/1.1' || startsWith(github.ref, 'refs/tags/release-')
308         continue-on-error: true
309
310       - name: Upload package
311         uses: actions/upload-artifact@v2
312         with:
313           name: pkg-windows
314           path: .ci/package/win/tinc-*.exe
315         continue-on-error: true
316
317       - name: Run tests without legacy protocol
318         shell: msys2 {0}
319         run: sh .ci/test/run.sh nolegacy
320         if: always()
321
322       - name: Run tests with libgcrypt
323         shell: msys2 {0}
324         run: sh .ci/test/run.sh gcrypt
325
326       - name: Upload test results
327         uses: actions/upload-artifact@v2
328         with:
329           name: tests_windows
330           path: /tmp/logs/tests.*.tar.gz
331         if: always()
332
333   msvc:
334     runs-on: windows-latest
335     timeout-minutes: 30
336
337     strategy:
338       fail-fast: false
339       matrix:
340         target:
341           - { build: amd64, host: amd64, test: test }
342           - { build: amd64, host: x86, test: test }
343           - { build: amd64, host: arm64, test: notest }
344
345     env:
346       HOST_ARCH: ${{ matrix.target.host }}
347       BUILD_ARCH: ${{ matrix.target.build }}
348
349     steps:
350       - name: Install meson
351         run: pip3 install meson
352
353       - name: Checkout code
354         uses: actions/checkout@v1
355
356       - name: Activate dev environment
357         uses: ilammy/msvc-dev-cmd@v1
358         with:
359           arch: ${{ matrix.target.build == matrix.target.host && matrix.target.host || format('{0}_{1}', matrix.target.build, matrix.target.host) }}
360
361       - name: Build (nolegacy)
362         run: .ci\windows\build.cmd nolegacy
363
364       - name: Test (nolegacy)
365         run: .ci\windows\test.cmd nolegacy
366         if: always() && matrix.target.test == 'test'
367
368       - name: Build (OpenSSL)
369         run: .ci\windows\build.cmd openssl
370         if: always()
371
372       - name: Test (OpenSSL)
373         run: .ci\windows\test.cmd openssl
374         if: always() && matrix.target.test == 'test'