From 8032ce31e37107ea538ebb50b7e792cf5fd3fe21 Mon Sep 17 00:00:00 2001 From: Dylan Arbour Date: Tue, 27 Feb 2024 09:41:07 -0500 Subject: Test with root access in GitHub workflows To enable tests that require privileged root access, this commit tests with `sudo`. The Java and Python jobs have additional permissions issues, so they are also configured and made with `sudo`. A small permissions fix is required before running tests to allow non-root users to execute within the `/home/runner` directory. This change also removes the custom directories that were required without root access. Reviewed-by: Andrew Clayton Signed-off-by: Dylan Arbour --- .github/workflows/ci.yml | 44 +++++++++++++------------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5368ae9..d5a2529b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,22 +53,6 @@ jobs: steps: - uses: actions/checkout@v4 - # Creates and outputs directories used by tests (/usr/local is unfriendly) - - name: Configure directories - id: dir - run: | - PREFIX=${HOME}/.unit - BIN=${PREFIX}/bin - VAR=${PREFIX}/var - mkdir -p $BIN - mkdir -p $VAR - - echo "prefix=${PREFIX}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_OUTPUT" - echo "bin=${BIN}" >> "$GITHUB_PATH" - echo "var=${VAR}" >> "$GITHUB_OUTPUT" - cat "$GITHUB_OUTPUT" - # Provides module, language version and testpath from build name - name: Output build metadata id: metadata @@ -127,15 +111,6 @@ jobs: - name: Configure unit run: | ./configure \ - --prefix=${{ steps.dir.outputs.prefix }} \ - --sbindir=${{ steps.dir.outputs.bin }} \ - --logdir=${{ steps.dir.outputs.var }}/log \ - --log=${{ steps.dir.outputs.var }}/log/unit/unit.log \ - --runstatedir=${{ steps.dir.outputs.var }}/run \ - --pid=${{ steps.dir.outputs.var }}/run/unit/unit.pid \ - --control=unix:${{ steps.dir.outputs.var }}/run/unit/control.sock \ - --modules=${{ steps.dir.outputs.prefix }}/lib/unit/modules \ - --statedir=${{ steps.dir.outputs.var }}/state/unit \ --tests \ --openssl \ --njs \ @@ -179,12 +154,12 @@ jobs: - name: Configure java run: | - ./configure java + sudo ./configure java if: steps.metadata.outputs.module == 'java' - name: Make java run: | - make java + sudo make java if: steps.metadata.outputs.module == 'java' ## @@ -266,12 +241,12 @@ jobs: - name: Configure python3 run: | - ./configure python --config=python3-config + sudo ./configure python --config=python3-config if: steps.metadata.outputs.module == 'python' - name: Make python3 run: | - make python3 + sudo make python3 if: steps.metadata.outputs.module == 'python' ## @@ -321,6 +296,13 @@ jobs: ## Tests ## + # /home/runner will be root only after calling sudo above + # Ensure all users and processes can execute + - name: Fix permissions + run: | + sudo chmod -R +x /home/runner + namei -l ${{ github.workspace }} + # Install python3 if not present - uses: actions/setup-python@v5 with: @@ -329,11 +311,11 @@ jobs: - name: Install pytest run: | - pip install pytest + sudo -H pip install pytest if: steps.metadata.outputs.module != 'wasm' - name: Run ${{ steps.metadata.outputs.module }} tests run: | - pytest --print-log ${{ steps.metadata.outputs.testpath }} + sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} # Skip pytest if wasm build, as there are no tests yet if: steps.metadata.outputs.module != 'wasm' -- cgit From 0cee7d1a481abef182655425c927e903df0ba4c2 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Wed, 6 Mar 2024 00:02:51 +0000 Subject: Add GitHub workflow for wasm-wasi-component This adds a GitHub CI workflow for the new wasm-wasi-component language module. Some things of note. 1) We need to special case 'wasm-wasi-component' in the 'Output build metadata' section as we are splitting the module names on '-' to split them into name and version. 2) Apart from needing to tell bindgen about the njs include paths, we also need to explicitly specify which version of clang to use to work around an issue with multiple versions of clang installed. Link: Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d5a2529b..4de8a3b6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,6 +49,8 @@ jobs: os: ubuntu-latest - build: wasm os: ubuntu-latest + - build: wasm-wasi-component + os: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -57,8 +59,12 @@ jobs: - name: Output build metadata id: metadata run: | - # Split the build name by '-' into module and version - IFS='-' read -r module version <<< "${{ matrix.build }}" + if [ "${{ matrix.build }}" = "wasm-wasi-component" ]; then + module="wasm-wasi-component" + else + # Split the build name by '-' into module and version + IFS='-' read -r module version <<< "${{ matrix.build }}" + fi testpath="test/test_${module}*" @@ -292,6 +298,27 @@ jobs: make wasm if: steps.metadata.outputs.module == 'wasm' + ## + ## wasm-wasi-component + ## + + - name: Setup rust + run: | + curl https://sh.rustup.rs | sh -s -- -y + if: steps.metadata.outputs.module == 'wasm-wasi-component' + + - name: Configure wasm-wasi-component + run: | + ./configure wasm-wasi-component + if: steps.metadata.outputs.module == 'wasm-wasi-component' + + - name: Make wasm-wasi-component + run: | + CLANG_PATH=/usr/bin/clang-15 \ + BINDGEN_EXTRA_CLANG_ARGS="-I../../njs/src -I../../njs/build" \ + make wasm-wasi-component + if: steps.metadata.outputs.module == 'wasm-wasi-component' + ## ## Tests ## @@ -307,15 +334,18 @@ jobs: - uses: actions/setup-python@v5 with: python-version: '3' - if: steps.metadata.outputs.module != 'wasm' + if: steps.metadata.outputs.module != 'wasm' && + steps.metadata.outputs.module != 'wasm-wasi-component' - name: Install pytest run: | sudo -H pip install pytest - if: steps.metadata.outputs.module != 'wasm' + if: steps.metadata.outputs.module != 'wasm' && + steps.metadata.outputs.module != 'wasm-wasi-component' - name: Run ${{ steps.metadata.outputs.module }} tests run: | sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} # Skip pytest if wasm build, as there are no tests yet - if: steps.metadata.outputs.module != 'wasm' + if: steps.metadata.outputs.module != 'wasm' && + steps.metadata.outputs.module != 'wasm-wasi-component' -- cgit From 2e615250932b5cda65564a5e3bbb097c26dfb030 Mon Sep 17 00:00:00 2001 From: Dylan Arbour Date: Tue, 5 Mar 2024 13:51:04 -0500 Subject: Add dependabot.yml We already use dependabot for security related patches, by default. This change adds a dependabot.yml configuration file that explicitly enables the service to manage versions of Actions in GitHub Actions. This ensures that Actions like `setup-go` are updated timely. This change does not affect how Dependabot manages versions for Go, Rust, etc. The file can be used to configure that for additional package managers and languages in the future, if desired. --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml (limited to '.github') diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..142cbb85 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily -- cgit From ff2e0f4223b477fe99dd125356d900cbaaa0fa1f Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Tue, 23 Apr 2024 00:07:38 +0100 Subject: Add a GitHub workflow to check for whitespace issues If it fails you can check the 'git log --check' output of the workflow to see what the issue is. E.g --- 93ec0133 Oops... README.md:1: trailing whitespace. +# NGINX Unit Signed-off-by: Andrew Clayton --- .github/workflows/check-whitespace.yaml | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/check-whitespace.yaml (limited to '.github') diff --git a/.github/workflows/check-whitespace.yaml b/.github/workflows/check-whitespace.yaml new file mode 100644 index 00000000..75f0afe4 --- /dev/null +++ b/.github/workflows/check-whitespace.yaml @@ -0,0 +1,48 @@ +name: Check Whitespace + +# Get the repo with the commits(+1) in the series. +# Process `git log --check` output to extract just the check errors. + +on: + pull_request: + types: [ opened, synchronize ] + +jobs: + check-whitespace: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: git log --check + id: check_out + run: | + log= + commit= + while read dash etc + do + case "${dash}" in + "---") + commit="${etc}" + ;; + "") + ;; + *) + if test -n "${commit}" + then + log="${log}\n${commit}" + echo "" + echo "--- ${commit}" + fi + commit= + log="${log}\n${dash} ${etc}" + echo "${dash} ${etc}" + ;; + esac + done <<< $(git log --check --pretty=format:"--- %h %s" ${{github.event.pull_request.base.sha}}..) + + if test -n "${log}" + then + exit 2 + fi -- cgit From 6d0880c9956243ba476ce25ca7c1060692d172a2 Mon Sep 17 00:00:00 2001 From: Dylan Arbour Date: Tue, 7 May 2024 14:38:15 -0400 Subject: Add unitctl build and release CI Adds a GitHub Actions workflow that builds and releases unitctl binaries when a tag prefixed with `unitctl/` is pushed. Binaries are built on pull-requests that change any files within `tools/unitctl`, on `master` branch pushes and when `unitctl/` prefixed tags are pushed. --- .github/workflows/unitctl.yml | 132 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 .github/workflows/unitctl.yml (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml new file mode 100644 index 00000000..129eec5e --- /dev/null +++ b/.github/workflows/unitctl.yml @@ -0,0 +1,132 @@ + +name: unitctl + +on: + pull_request: + paths: + - tools/unitctl/** + push: + branches: + - master + tags: + - unitctl/[0-9]+.[0-9]+.[0-9]+ + +permissions: + contents: write + +jobs: + build: + runs-on: ${{ matrix.os }} + defaults: + run: + working-directory: tools/unitctl + env: + MAKE: make + CARGO: cargo + VERSION: + SHORT_VERSION: + strategy: + fail-fast: false + matrix: + include: + - build: linux-aarch64 + os: ubuntu-latest + target: aarch64-unknown-linux-gnu + - build: linux-x86_64 + os: ubuntu-latest + target: x86_64-unknown-linux-gnu + - build: macos-aarch64 + os: macos-latest + target: aarch64-apple-darwin + - build: macos-x86_64 + os: macos-latest + target: x86_64-apple-darwin + + steps: + - uses: actions/checkout@v4 + + - run: rustup update stable + - run: rustup target add ${{ matrix.target }} + + - name: Install cross + if: matrix.target == 'aarch64-unknown-linux-gnu' + uses: taiki-e/install-action@v2 + with: + tool: cross + + - uses: Swatinem/rust-cache@v2 + with: + prefix-key: rust-${{ matrix.build }} + workspaces: ./tools/unitctl -> target + save-if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/unitctl/') }} + + - name: Configure linux arm depedencies + if: matrix.target == 'aarch64-unknown-linux-gnu' + run: | + cat < Cross.toml + [target.aarch64-unknown-linux-gnu] + pre-build = [ + "dpkg --add-architecture \$CROSS_DEB_ARCH", + "apt-get update && apt-get install --assume-yes libssl-dev:\$CROSS_DEB_ARCH" + ] + EOF + + cat Cross.toml + echo "CARGO=cross" >> $GITHUB_ENV + + - name: Install macOS depedencies + if: startsWith(matrix.os, 'macos') + run: | + brew install make gnu-sed grep gawk + echo "MAKE=gmake" >> $GITHUB_ENV + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + + - run: ${{ env.MAKE }} list-targets + + - name: Make unitctl (${{ env.MAKE }}, ${{ matrix.target }}) + run: ${{ env.MAKE }} ${{ matrix.target }} + + - name: Get the version from the tag + run: | + version=${{ github.ref_name }} + short="${version#*/}" + echo $version; echo $short + echo "VERSION=$version" >> $GITHUB_ENV + echo "SHORT_VERSION=$short" >> $GITHUB_ENV + + - name: Generate sha256 sum + run: | + shasum -a 256 ./target/${{ matrix.target }}/release/unitctl > unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + mv ./target/${{ matrix.target }}/release/unitctl unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + + - name: Upload sha256 sum + uses: actions/upload-artifact@v4 + with: + name: unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + path: tools/unitctl/unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }}.sha256 + + - name: Upload unitctl + uses: actions/upload-artifact@v4 + with: + name: unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + path: tools/unitctl/unitctl-${{ env.SHORT_VERSION }}-${{ matrix.target }} + + release: + # Create a draft release if a tag + if: startsWith(github.ref, 'refs/tags/unitctl/') + needs: [build] + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v4 + with: + merge-multiple: true + + - name: Create GitHub release + uses: ncipollo/release-action@v1 + with: + artifacts: "unitctl-*" + allowUpdates: true -- cgit From 149555dbb6d68c15b4d8752e76e995ff6ba36fe6 Mon Sep 17 00:00:00 2001 From: Ava Hahn Date: Thu, 9 May 2024 12:29:53 -0700 Subject: trigger unitctl CI on version tags of existing format Signed-off-by: Ava Hahn --- .github/workflows/unitctl.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml index 129eec5e..1e02fde3 100644 --- a/.github/workflows/unitctl.yml +++ b/.github/workflows/unitctl.yml @@ -9,7 +9,7 @@ on: branches: - master tags: - - unitctl/[0-9]+.[0-9]+.[0-9]+ + - '[0-9]+.[0-9]+.[0-9]+' permissions: contents: write @@ -58,7 +58,7 @@ jobs: with: prefix-key: rust-${{ matrix.build }} workspaces: ./tools/unitctl -> target - save-if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/unitctl/') }} + save-if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') }} - name: Configure linux arm depedencies if: matrix.target == 'aarch64-unknown-linux-gnu' @@ -117,7 +117,7 @@ jobs: release: # Create a draft release if a tag - if: startsWith(github.ref, 'refs/tags/unitctl/') + if: startsWith(github.ref, 'refs/tags/') needs: [build] runs-on: ubuntu-latest steps: -- cgit From a98acdedd737c48329aef7d414b4391adcc578c8 Mon Sep 17 00:00:00 2001 From: Ava Hahn Date: Thu, 9 May 2024 17:25:00 -0700 Subject: ci: Add unit testing to unitctl CI workflow * fix a few misspellings in unitctl CI workflow * add unit testing job * exclude unitd integration test from unit tests * add workflow dispatch trigger * add calls to get workflow dispatch version Signed-off-by: Ava Hahn --- .github/workflows/unitctl.yml | 65 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 4 deletions(-) (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml index 1e02fde3..be4ccfb2 100644 --- a/.github/workflows/unitctl.yml +++ b/.github/workflows/unitctl.yml @@ -10,11 +10,67 @@ on: - master tags: - '[0-9]+.[0-9]+.[0-9]+' + workflow_dispatch: + inputs: + version: + type: string + description: "Semver tag" + required: true permissions: contents: write jobs: + test: + runs-on: ${{ matrix.os }} + defaults: + run: + working-directory: tools/unitctl + env: + MAKE: make + CARGO: cargo + VERSION: + SHORT_VERSION: + strategy: + fail-fast: false + matrix: + include: + - build: linux-x86_64 + os: ubuntu-latest + target: x86_64-unknown-linux-gnu + - build: macos-aarch64 + os: macos-latest + target: aarch64-apple-darwin + steps: + - uses: actions/checkout@v4 + + - run: rustup update stable + - run: rustup target add ${{ matrix.target }} + + - name: Install cross + if: matrix.target == 'aarch64-unknown-linux-gnu' + uses: taiki-e/install-action@v2 + with: + tool: cross + + - name: Install macOS depedencies + if: startsWith(matrix.os, 'macos') + run: | + brew install make gnu-sed grep gawk + echo "MAKE=gmake" >> $GITHUB_ENV + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 21 + + - run: ${{ env.MAKE }} list-targets + + - name: Generate openapi + run: ${{ env.MAKE }} openapi-generate + - name: Test ${{ matrix.os }} + run: ${{ env.MAKE }} test + build: runs-on: ${{ matrix.os }} defaults: @@ -60,7 +116,7 @@ jobs: workspaces: ./tools/unitctl -> target save-if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') }} - - name: Configure linux arm depedencies + - name: Configure linux arm dependencies if: matrix.target == 'aarch64-unknown-linux-gnu' run: | cat < Cross.toml @@ -74,7 +130,7 @@ jobs: cat Cross.toml echo "CARGO=cross" >> $GITHUB_ENV - - name: Install macOS depedencies + - name: Install macOS dependencies if: startsWith(matrix.os, 'macos') run: | brew install make gnu-sed grep gawk @@ -92,7 +148,7 @@ jobs: - name: Get the version from the tag run: | - version=${{ github.ref_name }} + version=${version:=${{ github.ref_name }}} short="${version#*/}" echo $version; echo $short echo "VERSION=$version" >> $GITHUB_ENV @@ -117,7 +173,7 @@ jobs: release: # Create a draft release if a tag - if: startsWith(github.ref, 'refs/tags/') + if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' needs: [build] runs-on: ubuntu-latest steps: @@ -129,4 +185,5 @@ jobs: uses: ncipollo/release-action@v1 with: artifacts: "unitctl-*" + tag: ${{github.event_name == 'workflow_dispatch' && inputs.version}} allowUpdates: true -- cgit From 30b39bd0776bf00de20ea7410ae54fbb85a64c58 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Fri, 19 Apr 2024 19:09:59 +0100 Subject: Add GitHub workflows for extra coverage This adds a workflow for building Unit under Fedora Rawhide and Alpine Edge with both GCC and Clang. These are the development branches from which releases are cut. This usually consists of the latest versions of software and will hopefully catch new compiler issues and API breakages in the various languages we support. With Alpine and Clang that also gives us musl libc + clang coverage. On Alpine we don't build the wasm and wasm-wasi-component modules, mainly as this would require messing around with all the rust stuff and building wasmtime from source (as there's no musl libc based packages) and the wasm module is pretty small, any new compiler issues would hopefully show up in the rest. We _do_ build the wasm module with gcc and clang on Fedora. But not wasm-wasi-component in the interests of time. Can be added at a later date if deemed necessary. We don't build the Perl language module on Fedora with clang due to the Fedora (and probably Red Hat) Perl CFLAGS having incompatible with clang flags. We probably could work around it if we really wanted to, but not sure it's worth it and on Red Hat/Fedora, GCC _is_ the system compiler. On Alpine we also don't build the nodejs and go language modules as there's nothing that actually gets compiled there and the _main_ reason for building on Alpine is to get musl libc + clang coverage. We're also not bothering with njs for now... can be revisited at a later date. Also no pytests, these should be well covered via other workflows for example by running on latest Alpine releases. Closes: https://github.com/nginx/unit/issues/949 Signed-off-by: Andrew Clayton --- .github/workflows/ci-dev-distro-compiler.yaml | 177 ++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 .github/workflows/ci-dev-distro-compiler.yaml (limited to '.github') diff --git a/.github/workflows/ci-dev-distro-compiler.yaml b/.github/workflows/ci-dev-distro-compiler.yaml new file mode 100644 index 00000000..8b7f53b7 --- /dev/null +++ b/.github/workflows/ci-dev-distro-compiler.yaml @@ -0,0 +1,177 @@ +name: "CI - Fedora Rawhide / Alpine Edge / GCC / Clang" + +on: + push: + branches: master + paths: + - configure + - 'auto/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci-dev-distro-compiler.yaml' + pull_request: + branches: master + paths: + - configure + - 'auto/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci-dev-distro-compiler.yaml' + +jobs: + + fedora-rawhide: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + compiler: [ 'gcc', 'clang' ] + + container: + image: fedora:rawhide + + steps: + - name: Install tools/deps + run: | + dnf -y update + dnf -y install --setopt=install_weak_deps=False \ + which wget git gcc make pcre2-devel openssl-devel \ + python-unversioned-command python3 python3-devel \ + php-devel php-embedded perl-devel perl-ExtUtils-Embed \ + ruby-devel java-devel nodejs-devel nodejs-npm golang + if [ "${{ matrix.compiler }}" = "clang" ]; then + dnf -y install --setopt=install_weak_deps=False clang + fi + npm install -g node-gyp + + - uses: actions/checkout@v4 + + - name: configure unit CC=${{ matrix.compiler }} + run: | + if [ "${{ matrix.compiler }}" = "clang" ]; then + ./configure --openssl --cc=clang + else + ./configure --openssl + fi + + - name: make unit + run: make -j 4 + + - name: configure unit-php + run: ./configure php + + - name: make unit-php + run: make -j 4 php + + - name: configure unit-python + run: ./configure python + + - name: make unit-python + run: make -j 4 python + + - name: configure unit-perl + run: ./configure perl + if: matrix.compiler == 'gcc' + + - name: make unit-perl + run: make -j 4 perl + if: matrix.compiler == 'gcc' + + - name: configure unit-ruby + run: ./configure ruby + + - name: make unit-ruby + run: make -j 4 ruby + + - name: configure unit-java + run: ./configure java + + - name: make unit-java + run: make -j 4 java + + - name: configure unit-nodejs + run: ./configure nodejs + + - name: make unit-nodejs + run: make node-local-install DESTDIR=node + + - name: configure unit-go + run: ./configure go --go-path= + + - name: make unit-go + run: make go-install + + - name: Install wasmtime + run: | + wget -O- https://github.com/bytecodealliance/wasmtime/releases/download/v20.0.0/wasmtime-v20.0.0-x86_64-linux-c-api.tar.xz | tar -xJf - + + - name: configure unit-wasm + run: ./configure wasm --include-path=wasmtime-v20.0.0-x86_64-linux-c-api/include --lib-path=wasmtime-v20.0.0-x86_64-linux-c-api/lib --rpath + + - name: make unit-wasm + run: make wasm + + alpine-edge: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + compiler: [ 'gcc', 'clang' ] + + container: + image: alpine:edge + + steps: + - name: Install tools/deps + run: | + apk update && apk upgrade + apk add gcc make musl-dev openssl-dev pcre2-dev curl \ + php83-dev php83-embed python3-dev perl-dev ruby-dev openjdk21-jdk + if [ "${{ matrix.compiler }}" = "clang" ]; then + apk add clang + fi + + - uses: actions/checkout@v4 + + - name: configure unit CC=${{ matrix.compiler }} + run: | + if [ "${{ matrix.compiler }}" = "clang" ]; then + ./configure --openssl --cc=clang + else + ./configure --openssl + fi + + - name: make unit + run: make -j 4 + + - name: configure unit-php + run: ln -s /usr/lib/libphp83.so /usr/lib/libphp.so && ./configure php + + - name: make unit-php + run: make -j 4 + + - name: configure unit-python + run: ./configure python + + - name: make unit-python + run: make -j 4 + + - name: configure unit-perl + run: ./configure perl + + - name: make unit-perl + run: make -j 4 perl + + - name: configure unit-ruby + run: ./configure ruby + + - name: make unit-ruby + run: make -j 4 ruby + + - name: configure unit-java + run: ./configure java + + - name: make unit-java + run: make -j 4 java -- cgit From 4fc50258b57f90fa9b40ca50c24af815625ed343 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Fri, 17 May 2024 16:01:25 +0100 Subject: ci: Be more specific when to run the main Unit checks ci-dev-distro-compiler.yaml already limits itself to running only when relevant things are updated. Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4de8a3b6..acb2b9f8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,8 +3,14 @@ name: ci on: pull_request: push: - branches: - - master + branches: master + paths: + - configure + - 'auto/**' + - 'go/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci.yml' jobs: test: -- cgit From d7ec30c43aea185a8425e8c2ba3a6fbfdd24282b Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Thu, 6 Jun 2024 23:45:05 +0100 Subject: ci: Limit when to run checks on pull-requests Commit 4fc50258b ("ci: Be more specific when to run the main Unit checks") limited when the checks for the main ci run, on pushes to master. It should have done the same for pull-requests. Fixes: 4fc50258b ("ci: Be more specific when to run the main Unit checks") Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index acb2b9f8..541b7201 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,13 @@ name: ci on: pull_request: + paths: + - configure + - 'auto/**' + - 'go/**' + - 'src/**' + - 'test/**' + - '.github/workflows/ci.yml' push: branches: master paths: -- cgit From 3501a50ffb93756e145295021ff9313ac77f1ba9 Mon Sep 17 00:00:00 2001 From: Ava Hahn Date: Wed, 15 May 2024 10:14:08 -0700 Subject: ci: tweak unitctl github release * add body and text to github release for unitctl Signed-off-by: Ava Hahn --- .github/workflows/unitctl.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml index be4ccfb2..e1023e21 100644 --- a/.github/workflows/unitctl.yml +++ b/.github/workflows/unitctl.yml @@ -185,5 +185,22 @@ jobs: uses: ncipollo/release-action@v1 with: artifacts: "unitctl-*" - tag: ${{github.event_name == 'workflow_dispatch' && inputs.version}} + # false if triggered by a tag + prerelease: ${{github.event_name == 'workflow_dispatch' && true}} + tag: ${{(github.event_name == 'workflow_dispatch' && inputs.version) || github.ref_name}} + name: unitctl/${{(github.event_name=='workflow_dispatch' && inputs.version) || github.ref_name}} + body: > + ## Unitctl + + This is a released binary of unitctl. + + Unitctl is an official command line tool for managing Unit installations. + + + ## Unit + + For the current release of the NGINX Unit application server check the + [Unit Installation Guide](https://unit.nginx.org/installation/) and the + [Unit Quickstart Guide](https://github.com/nginx/unit/). + allowUpdates: true -- cgit From 58fdff542b176dc7a78c96bff5c401bcda4723f6 Mon Sep 17 00:00:00 2001 From: Arjun Date: Tue, 18 Jun 2024 07:48:18 +0530 Subject: fuzzing: added cifuzz workflow Signed-off-by: Arjun Signed-off-by: Andrew Clayton --- .github/workflows/cifuzz.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/cifuzz.yml (limited to '.github') diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 00000000..c8c4d5a2 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,41 @@ +name: CIFuzz +on: + pull_request: + paths: + - 'src/**' + - 'fuzzing/**' + - '.github/workflows/cifuzz.yml' + +permissions: {} +jobs: + Fuzzing: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'unit' + language: c + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'unit' + language: c + fuzz-seconds: 300 + output-sarif: true + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif -- cgit From 90542dbd711041499e181911df10794997d792d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 03:23:29 +0000 Subject: ci: cifuzz: Bump github/codeql-action from 2 to 3 Bumps from 2 to 3. Link: Release notes Link: Changelog Link: Commits Signed-off-by: dependabot[bot] Signed-off-by: Andrew Clayton --- .github/workflows/cifuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index c8c4d5a2..dc89c0b2 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -34,7 +34,7 @@ jobs: path: ./out/artifacts - name: Upload Sarif if: always() && steps.build.outcome == 'success' - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: cifuzz-sarif/results.sarif -- cgit From 593564fdd10da2bf4e76587a0482af72a9f1461b Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Tue, 20 Aug 2024 16:40:33 +0100 Subject: ci/unitctl: Update paths unitctl makes use of 'docs/unit-openapi.yaml' so be sure to run these checks if that file changes. Fixes: 6d0880c99 ("Add unitctl build and release CI") Signed-off-by: Andrew Clayton --- .github/workflows/unitctl.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml index e1023e21..e8e5adf8 100644 --- a/.github/workflows/unitctl.yml +++ b/.github/workflows/unitctl.yml @@ -5,6 +5,7 @@ on: pull_request: paths: - tools/unitctl/** + - docs/unit-openapi.yaml push: branches: - master -- cgit From 337cba43a5b74922bb38992ed09d3ddfe673e5e7 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Mon, 26 Aug 2024 15:35:48 +0100 Subject: ci: Enable the wasm-wasi-component tests We now have tests for this module via commit cad6aed52 ("Tests: initial "wasm-wasi-component" test"). We need to install cargo-component for this test target. Also the only way I found I could get this test to run was by running as non-root. The issue I was seeing was that despite cargo being installed into /home/runner/.cargo/bin *and* that being in the path, it kept claiming it couldn't find cargo. E.g. $ sudo -E echo $PATH Showed /home/runner/.cargo/bin in there. $ sudo -E /home/runner/.cargo/bin/cargo -V Worked. $ sudo -E cargo -V cargo command not found. (Also other oddities, despite claiming to be using bash, it couldn't find shell builtins like 'hash' and 'export', perhaps some Ubuntu weirdness...) However, no problem, there is *no* need for it run as root anyway so result! Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 541b7201..47dd0af3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -318,6 +318,7 @@ jobs: - name: Setup rust run: | curl https://sh.rustup.rs | sh -s -- -y + cargo install cargo-component if: steps.metadata.outputs.module == 'wasm-wasi-component' - name: Configure wasm-wasi-component @@ -347,18 +348,22 @@ jobs: - uses: actions/setup-python@v5 with: python-version: '3' - if: steps.metadata.outputs.module != 'wasm' && - steps.metadata.outputs.module != 'wasm-wasi-component' + if: steps.metadata.outputs.module != 'wasm' - name: Install pytest run: | - sudo -H pip install pytest - if: steps.metadata.outputs.module != 'wasm' && - steps.metadata.outputs.module != 'wasm-wasi-component' + if [ "${{ matrix.build }}" == "wasm-wasi-component" ]; then + pip install pytest + else + sudo -H pip install pytest + fi + if: steps.metadata.outputs.module != 'wasm' - name: Run ${{ steps.metadata.outputs.module }} tests run: | - sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} - # Skip pytest if wasm build, as there are no tests yet - if: steps.metadata.outputs.module != 'wasm' && - steps.metadata.outputs.module != 'wasm-wasi-component' + if [ "${{ matrix.build }}" == "wasm-wasi-component" ]; then + pytest --print-log ${{ steps.metadata.outputs.testpath }} + else + sudo -E pytest --print-log ${{ steps.metadata.outputs.testpath }} + fi + if: steps.metadata.outputs.module != 'wasm' -- cgit From 5c58f9d0a0afd4eb1e043abf5f4a20ad4eb3b4cb Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Fri, 21 Jun 2024 00:04:54 +0100 Subject: ci: Fix tags on ad hoc unitctl releases - Adds `unitctl/` prefix to tags generated by manual workflow runs. Previously, only release titles (but not tags) were prefixed. - Omits superfluous `name` field; falls back to `tag` when absent. - Removes unnecessary conditional from `prelease` field. This results in the following tagging / releasing behavior: 1. Running manually creates a pre-release and tags it `unitctl/VERSION` 2. Pushing a tag formatted like `x.y.z` creates a normal release Refines: 3501a50ffb93756e145295021ff9313ac77f1ba9 --- .github/workflows/unitctl.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to '.github') diff --git a/.github/workflows/unitctl.yml b/.github/workflows/unitctl.yml index e8e5adf8..7664ab0b 100644 --- a/.github/workflows/unitctl.yml +++ b/.github/workflows/unitctl.yml @@ -186,10 +186,8 @@ jobs: uses: ncipollo/release-action@v1 with: artifacts: "unitctl-*" - # false if triggered by a tag - prerelease: ${{github.event_name == 'workflow_dispatch' && true}} - tag: ${{(github.event_name == 'workflow_dispatch' && inputs.version) || github.ref_name}} - name: unitctl/${{(github.event_name=='workflow_dispatch' && inputs.version) || github.ref_name}} + prerelease: ${{ github.event_name == 'workflow_dispatch' }} + tag: ${{ inputs.version && format('unitctl/{0}', inputs.version) || github.ref_name }} body: > ## Unitctl -- cgit From c5846ba3cd13b64516e1dad0df73d5fb8cee9d60 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Mon, 9 Sep 2024 22:36:34 +0100 Subject: ci: Fix wasmtime paths in ci.yml With commit 9998918db ("Packages: bump wasmtime to 24.0.0 and wasi-sysroot to 24.0.") the paths to the wasmtime C API include and lib directories changed which broke the wasm ci tests. Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 47dd0af3..69691489 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -303,7 +303,7 @@ jobs: - name: Configure wasm run: | - ./configure wasm --include-path=pkg/contrib/wasmtime/crates/c-api/include --lib-path=pkg/contrib/wasmtime/target/release + ./configure wasm --include-path=pkg/contrib/wasmtime/artifacts/include --lib-path=pkg/contrib/wasmtime/artifacts/lib if: steps.metadata.outputs.module == 'wasm' - name: Make wasm -- cgit From 46ddb010379862b108879c471760252ad9bb3ad7 Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Mon, 9 Sep 2024 22:50:11 +0100 Subject: ci: Trigger ci.yml for changes under pkg/contrib This will catch changes to the likes of wasmtime and njs. Signed-off-by: Andrew Clayton --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to '.github') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 69691489..0f9bc699 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,7 @@ on: - 'go/**' - 'src/**' - 'test/**' + - 'pkg/contrib/**' - '.github/workflows/ci.yml' push: branches: master @@ -17,6 +18,7 @@ on: - 'go/**' - 'src/**' - 'test/**' + - 'pkg/contrib/**' - '.github/workflows/ci.yml' jobs: -- cgit