Attempt to pacify Coverity (CID #1604608) #4144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI RPM | |
on: | |
push: | |
branches-ignore: | |
- coverity_scan | |
- run-fuzzer** | |
- debug-fuzzer-** | |
schedule: | |
- cron: '0 20 * * *' | |
jobs: | |
# | |
# We don't want to consume many workers on each push so we only build the | |
# full suite of distros during the scheduled or ci-debug run and just the | |
# "bleeding-edge" distro on each push. | |
# | |
# This job builds the matrix based on the event that trigger this run which | |
# the next job consumes. | |
# | |
set-matrix: | |
name: Setup build matrix | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- id: set-matrix | |
name: Setup the matrix | |
run: | | |
if [ "$GITHUB_EVENT_NAME" = "schedule" -o "$GITHUB_REF" = "refs/heads/ci-debug" ]; then | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" }, | |
] | |
} | |
EOF | |
) | |
else | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" } | |
] | |
} | |
EOF | |
) | |
fi | |
echo matrix=$M >> $GITHUB_OUTPUT | |
rpm-build: | |
needs: | |
- set-matrix | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
env: | |
HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci | |
HOSTAPD_GIT_TAG: hostap_2_11 | |
name: "RPM build" | |
steps: | |
- name: Enable PowerTools / CRB | |
run: | | |
dnf install -y dnf-utils dnf-plugins-core | |
dnf config-manager --enable PowerTools || : | |
dnf config-manager --enable powertools || : | |
dnf config-manager --enable crb || : | |
- name: Enable EPEL for Rocky Linux 9 | |
if: ${{ matrix.env.NAME == 'rocky-9' }} | |
run: | | |
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | |
# For pkill | |
- name: Enable procps-ng | |
run: | | |
dnf install -y procps-ng | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo | |
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com' >> /etc/yum.repos.d/networkradius-extras.repo | |
rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com | |
- name: Install common tools | |
run: | | |
dnf install -y rpm-build openssl make gcc perl git-core | |
- uses: actions/checkout@v4 | |
with: | |
path: freeradius | |
# | |
# It has been observed that sometimes not all the dependencies are | |
# installed on the first go. Give it a second chance. | |
# | |
- name: Install build dependencies | |
run: | | |
dnf builddep -y freeradius.spec && dnf builddep -y freeradius.spec | |
working-directory: freeradius/redhat | |
- name: Build RPMs | |
run: | | |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
make rpm | |
working-directory: freeradius | |
- name: Collect RPMs | |
run: | | |
mkdir rpms | |
mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms | |
- name: Restore eapol_test build directory from cache | |
uses: actions/cache@v4 | |
id: hostapd-cache | |
with: | |
path: ${{ env.HOSTAPD_BUILD_DIR }} | |
key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 | |
# Build eapol_test using a minimal make environment to avoid configuring | |
- name: Build eapol_test | |
run: | | |
dnf install -y libnl3-devel which | |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
scripts/ci/eapol_test-build.sh | |
mv scripts/ci/eapol_test/eapol_test ../rpms | |
working-directory: freeradius | |
- name: Store RPMs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rpms-${{ matrix.env.NAME }} | |
path: rpms | |
retention-days: 1 | |
# | |
# If the CI has failed and the branch is ci-debug then start a tmate | |
# session. SSH rendezvous point is emited continuously in the job output. | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
dnf install -y xz | |
ln -s /bin/true /bin/apt-get | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
# | |
# Perform "post-install" testing of the FR packages that we have just built | |
# in a clean environment consisting of only the base OS and package | |
# dependancies | |
# | |
rpm-test: | |
needs: | |
- set-matrix | |
- rpm-build | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
name: "RPM install test" | |
steps: | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo | |
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com' >> /etc/yum.repos.d/networkradius-extras.repo | |
rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com | |
- name: Enable PowerTools / CRB | |
run: | | |
dnf install -y dnf-utils dnf-plugins-core | |
dnf config-manager --enable PowerTools || : | |
dnf config-manager --enable powertools || : | |
dnf config-manager --enable crb || : | |
- name: Enable EPEL for Rocky Linux 9 | |
if: ${{ matrix.env.NAME == 'rocky-9' }} | |
run: | | |
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | |
# For pkill | |
- name: Enable procps-ng | |
run: | | |
dnf install -y procps-ng | |
- name: Load RPMs | |
uses: actions/download-artifact@v4 | |
with: | |
name: rpms-${{ matrix.env.NAME }} | |
- name: Install RPMs | |
run: | | |
dnf install -y *.rpm | |
- name: Config check | |
run: | | |
radiusd -XC | |
# | |
# We now perform some post-install tests that depend on the availability | |
# of the source tree | |
# | |
- name: Install pre-built eapol_test | |
run: | | |
dnf install -y libnl3 make gdb which | |
mv eapol_test /usr/local/bin | |
chmod +x /usr/local/bin/eapol_test | |
- uses: actions/checkout@v4 | |
with: | |
path: freeradius | |
- name: Run the post-install test target | |
run: | | |
make -C raddb/certs | |
touch Make.inc | |
mkdir -p build/tests/eapol_test | |
echo "EAPOL_TEST=" $(which eapol_test) > build/tests/eapol_test/eapol_test.mk | |
make -f scripts/ci/package-test.mk package-test | |
working-directory: freeradius | |
- name: Upload radius logs on failure | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: radius-logs-${{ matrix.env.NAME }} | |
path: | | |
/var/log/radius | |
freeradius/build/tests/eapol_test | |
retention-days: 30 | |
# | |
# See above comments for tmate | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
dnf install -y xz | |
ln -s /bin/true /bin/apt-get | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} |