Skip to content

Do not lookup IP addresses of X509 certificate subject CNs #256

Do not lookup IP addresses of X509 certificate subject CNs

Do not lookup IP addresses of X509 certificate subject CNs #256

Workflow file for this run

# The jobs below are executed on every PR branch push (among other
# events), quickly and cheaply detecting many common PR problems.
#
# Anubis configuration must be kept in sync with the total number of
# tests executed for "auto" branch commits, including tests in other
# GitHub workflow file(s).
name: PR commit
on:
push:
# test commits on this branch and staged commits
branches: [ "master", "auto" ]
pull_request:
# test PRs targeting this branch code
branches: [ "master" ]
concurrency:
# Cancel ongoing tests in case of push to the same PR or staging branch,
# but let previous master commit tests complete.
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
env:
# empty except for pull_request events
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
# Full clones of Squid repository branches (depth=19000+) waste resources,
# while excessively shallow clones break tests that check for past commits
# (e.g., to skip a particular test until a known bug is fixed) or generate
# diffs against them (e.g., for `git diff --check`). This arbitrary limit
# tries to balance the two concerns.
CHECKOUT_FETCH_DEPTH: 1001
jobs:
functionality-tests:
runs-on: ubuntu-22.04
steps:
- name: Install prerequisite packages
run: |
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 install libtool-bin
- name: Setup a nodejs environment
uses: actions/setup-node@v4
with:
node-version: 20
- name: Checkout Squid sources
uses: actions/checkout@v4
with:
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }}
- run: ./bootstrap.sh
- run: ./configure --with-openssl
- run: make -j`nproc`
- run: |
sudo make install
sudo chown -R nobody:nogroup /usr/local/squid
- run: ./test-suite/test-functionality.sh
# Squid logs are not readable to actions/upload-artifact below
- name: Prep test logs
if: success() || failure()
run: sudo chmod -R a+rX /usr/local/squid
- name: Publish test logs
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: test-logs
path: |
${{ runner.temp }}/*.log
/usr/local/squid/var/logs/overlord/*.log
source-maintenance-tests:
runs-on: ubuntu-22.04
steps:
- name: Install prerequisite packages
run: |
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 install astyle
sudo apt-get --quiet=2 install gperf
pip install \
--user \
--no-cache-dir \
--disable-pip-version-check \
--quiet \
--progress-bar off \
codespell==1.16 # TODO: Upgrade to codespell v2
- uses: actions/checkout@v4
with:
fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }}
- run: ./test-suite/test-sources.sh
build-tests:
strategy:
fail-fast: true
matrix:
os:
- ubuntu-22.04
compiler:
- { CC: gcc, CXX: g++ }
- { CC: clang, CXX: clang++ }
layer:
- { name: layer-00-default, nick: default }
- { name: layer-01-minimal, nick: minimal }
- { name: layer-02-maximus, nick: maximus }
runs-on: ${{ matrix.os }}
name: build-tests(${{ matrix.os }},${{ matrix.compiler.CC }},${{ matrix.layer.nick }})
env:
CC: /usr/bin/ccache ${{ matrix.compiler.CC }}
CXX: /usr/bin/ccache ${{ matrix.compiler.CXX }}
steps:
- name: Install prerequisite Linux packages
run: |
# required for "apt-get build-dep" to work
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 build-dep squid
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin ${{ matrix.compiler.CC }} ccache
- name: Checkout sources
uses: actions/checkout@v4
- name: Setup ccache
uses: hendrikmuhs/ccache-action@v1.2.14
with:
verbose: 2 # default 0
key: ${{ matrix.os }}-${{ matrix.compiler.CC }}-${{ matrix.layer.nick }}
- name: Run build on Linux
run: ./test-builds.sh ${{ matrix.layer.name }}
- name: Publish build logs
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: build-logs-${{ matrix.os }}-${{ matrix.compiler.CC }}-${{ matrix.layer.nick }}
path: btlayer-*.log
CodeQL-tests:
runs-on: [ ubuntu-22.04 ]
permissions:
security-events: write
steps:
- name: Install Squid prerequisite Linux packages
run: |
# required for "apt-get build-dep" to work
sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list
sudo apt-get --quiet=2 update
sudo apt-get --quiet=2 build-dep squid
sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
- name: Build Squid
run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3