Skip to content

Attempt to pacify Coverity (CID #1604608) #4144

Attempt to pacify Coverity (CID #1604608)

Attempt to pacify Coverity (CID #1604608) #4144

Workflow file for this run

name: CI RPM
on:
push:
branches-ignore:
- coverity_scan
- run-fuzzer**
- debug-fuzzer-**
schedule:
- cron: '0 20 * * *'
jobs:
#
# We don't want to consume many workers on each push so we only build the
# full suite of distros during the scheduled or ci-debug run and just the
# "bleeding-edge" distro on each push.
#
# This job builds the matrix based on the event that trigger this run which
# the next job consumes.
#
set-matrix:
name: Setup build matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- id: set-matrix
name: Setup the matrix
run: |
if [ "$GITHUB_EVENT_NAME" = "schedule" -o "$GITHUB_REF" = "refs/heads/ci-debug" ]; then
M=$(cat <<EOF
{
"env": [
{ "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" },
]
}
EOF
)
else
M=$(cat <<EOF
{
"env": [
{ "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" }
]
}
EOF
)
fi
echo matrix=$M >> $GITHUB_OUTPUT
rpm-build:
needs:
- set-matrix
strategy:
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
fail-fast: false
runs-on: ubuntu-latest
container:
image: ${{ matrix.env.OS }}
env:
HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci
HOSTAPD_GIT_TAG: hostap_2_11
name: "RPM build"
steps:
- name: Enable PowerTools / CRB
run: |
dnf install -y dnf-utils dnf-plugins-core
dnf config-manager --enable PowerTools || :
dnf config-manager --enable powertools || :
dnf config-manager --enable crb || :
- name: Enable EPEL for Rocky Linux 9
if: ${{ matrix.env.NAME == 'rocky-9' }}
run: |
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
# For pkill
- name: Enable procps-ng
run: |
dnf install -y procps-ng
- name: Set up NetworkRADIUS extras repository
run: |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com' >> /etc/yum.repos.d/networkradius-extras.repo
rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
- name: Install common tools
run: |
dnf install -y rpm-build openssl make gcc perl git-core
- uses: actions/checkout@v4
with:
path: freeradius
#
# It has been observed that sometimes not all the dependencies are
# installed on the first go. Give it a second chance.
#
- name: Install build dependencies
run: |
dnf builddep -y freeradius.spec && dnf builddep -y freeradius.spec
working-directory: freeradius/redhat
- name: Build RPMs
run: |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || :
make rpm
working-directory: freeradius
- name: Collect RPMs
run: |
mkdir rpms
mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms
- name: Restore eapol_test build directory from cache
uses: actions/cache@v4
id: hostapd-cache
with:
path: ${{ env.HOSTAPD_BUILD_DIR }}
key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1
# Build eapol_test using a minimal make environment to avoid configuring
- name: Build eapol_test
run: |
dnf install -y libnl3-devel which
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || :
scripts/ci/eapol_test-build.sh
mv scripts/ci/eapol_test/eapol_test ../rpms
working-directory: freeradius
- name: Store RPMs
uses: actions/upload-artifact@v4
with:
name: rpms-${{ matrix.env.NAME }}
path: rpms
retention-days: 1
#
# If the CI has failed and the branch is ci-debug then start a tmate
# session. SSH rendezvous point is emited continuously in the job output.
#
- name: "Debug: Package dependancies for tmate"
run: |
dnf install -y xz
ln -s /bin/true /bin/apt-get
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
sudo: false
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
#
# Perform "post-install" testing of the FR packages that we have just built
# in a clean environment consisting of only the base OS and package
# dependancies
#
rpm-test:
needs:
- set-matrix
- rpm-build
strategy:
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
fail-fast: false
runs-on: ubuntu-latest
container:
image: ${{ matrix.env.OS }}
name: "RPM install test"
steps:
- name: Set up NetworkRADIUS extras repository
run: |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo
echo 'gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com' >> /etc/yum.repos.d/networkradius-extras.repo
rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
- name: Enable PowerTools / CRB
run: |
dnf install -y dnf-utils dnf-plugins-core
dnf config-manager --enable PowerTools || :
dnf config-manager --enable powertools || :
dnf config-manager --enable crb || :
- name: Enable EPEL for Rocky Linux 9
if: ${{ matrix.env.NAME == 'rocky-9' }}
run: |
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
# For pkill
- name: Enable procps-ng
run: |
dnf install -y procps-ng
- name: Load RPMs
uses: actions/download-artifact@v4
with:
name: rpms-${{ matrix.env.NAME }}
- name: Install RPMs
run: |
dnf install -y *.rpm
- name: Config check
run: |
radiusd -XC
#
# We now perform some post-install tests that depend on the availability
# of the source tree
#
- name: Install pre-built eapol_test
run: |
dnf install -y libnl3 make gdb which
mv eapol_test /usr/local/bin
chmod +x /usr/local/bin/eapol_test
- uses: actions/checkout@v4
with:
path: freeradius
- name: Run the post-install test target
run: |
make -C raddb/certs
touch Make.inc
mkdir -p build/tests/eapol_test
echo "EAPOL_TEST=" $(which eapol_test) > build/tests/eapol_test/eapol_test.mk
make -f scripts/ci/package-test.mk package-test
working-directory: freeradius
- name: Upload radius logs on failure
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: radius-logs-${{ matrix.env.NAME }}
path: |
/var/log/radius
freeradius/build/tests/eapol_test
retention-days: 30
#
# See above comments for tmate
#
- name: "Debug: Package dependancies for tmate"
run: |
dnf install -y xz
ln -s /bin/true /bin/apt-get
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
sudo: false
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}