chore(CI): build deps using Bazel #1761
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - lts | |
| - lts-dev | |
| - current | |
| - current-dev | |
| pull_request: | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| # cancel previous runs if new commits are pushed to the PR, but run for each commit on master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| buld_deps: | |
| name: Build dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| submodules: true | |
| - name: Generate cache key | |
| id: cache-key | |
| uses: .github/workflow/reusable_actions/build_cache_key | |
| - name: Lookup build cache | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| key: ${{ steps.cache_key.outputs.cache-key }} | |
| path: | | |
| ${{ github.workspace }}/deps.tar.gz | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get --yes update | |
| # https://github.com/actions/runner-images/issues/2139 | |
| sudo apt-get remove nginx-core \ | |
| nginx-full \ | |
| nginx-light \ | |
| nginx-extras \ | |
| libgd3 | |
| sudo apt-get install --yes \ | |
| build-essential \ | |
| zlib1g-dev \ | |
| libpcre3 \ | |
| libpcre3-dev \ | |
| libssl-dev \ | |
| libxslt1-dev \ | |
| libxml2-dev \ | |
| libgeoip-dev \ | |
| libgd-dev \ | |
| libperl-dev \ | |
| libcurl4-openssl-dev | |
| - name: Build dependencies | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| bazel build --registry=file://$(realpath ngx_waf_deps) //:deps | |
| cp bazel-bin/deps.tar.gz . | |
| build_test: | |
| name: Build & Test | |
| runs-on: ubuntu-latest | |
| needs: [buld_deps] | |
| strategy: | |
| matrix: | |
| nginx-version: ['stable', 'mainline'] | |
| module-type: ['static', 'dynamic'] | |
| steps: | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| submodules: true | |
| - name: Generate cache key | |
| id: cache-key | |
| uses: .github/workflow/reusable_actions/build_cache_key | |
| - name: Lookup build cache | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| key: ${{ steps.cache_key.outputs.cache-key }} | |
| path: | | |
| ${{ github.workspace }}/deps.tar.gz | |
| - name: Assert build dependencies cache found | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| echo "Build dependencies cache not found, this step should be unreachable." | |
| exit 1 | |
| - name: Install prerequisites | |
| run: | | |
| sudo apt-get --yes update | |
| # https://github.com/actions/runner-images/issues/2139 | |
| sudo apt-get remove nginx-core \ | |
| nginx-full \ | |
| nginx-light \ | |
| nginx-extras \ | |
| libgd3 | |
| sudo apt-get install --yes \ | |
| build-essential \ | |
| zlib1g-dev \ | |
| libpcre3 \ | |
| libpcre3-dev \ | |
| libssl-dev \ | |
| libxslt1-dev \ | |
| libxml2-dev \ | |
| libgeoip-dev \ | |
| libgd-dev \ | |
| libperl-dev \ | |
| libcurl4-openssl-dev | |
| - name: Apply dependencies | |
| run: | | |
| tar -zxf deps.tar.gz | |
| echo "$(realpath deps/libmodsecurity/lib)" | sudo tee -a /etc/ld.so.conf.d/ngx_waf.conf | |
| echo "$(realpath deps/libsodium/lib)" | sudo tee -a /etc/ld.so.conf.d/ngx_waf.conf | |
| echo "$(realpath deps/libcjson/lib)" | sudo tee -a /etc/ld.so.conf.d/ngx_waf.conf | |
| sudo ldconfig | |
| echo "LIB_MODSECURITY=$(realpath deps/libmodsecurity)" >> "$GITHUB_ENV" | |
| echo "LIB_SODIUM=$(realpath deps/libsodium)" >> "$GITHUB_ENV" | |
| echo "LIB_CJSON=$(realpath deps/libcjson)" >> "$GITHUB_ENV" | |
| echo "LIB_UTHASH=$(realpath deps/uthash)" >> "$GITHUB_ENV" | |
| - name: Download & Build & Install nginx-${{ matrix.nginx-version }} | |
| run: | | |
| sudo pip install lastversion | |
| lastversion download nginx:${{ matrix.nginx-version }} | |
| mkdir nginx-src | |
| tar zxf nginx-*.tar.gz --directory nginx-src --strip-components=1 | |
| cd nginx-src | |
| if [ ${{ matrix.module-type }} = 'static module' ] ; then \ | |
| opt='--add-module' ;\ | |
| else \ | |
| opt='--add-dynamic-module' ;\ | |
| fi | |
| ./configure ${opt}=${{ github.workspace }} --with-http_realip_module --with-cc-opt='-Wno-unused-but-set-variable -Wno-unused-function -fstack-protector-strong' | |
| make -j$(nproc) | |
| sudo make install | |
| sudo useradd nginx -s /sbin/nologin -M | |
| sudo ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx | |
| nginx -V | |
| - name: Install Test::Nginx | |
| run: | | |
| sudo cpan Test::Nginx | |
| - name: Test | |
| run: | | |
| sudo chmod 777 -R /tmp | |
| cd test/test-nginx | |
| export MODULE_TEST_PATH=/tmp/module_test | |
| sh ./init.sh | |
| exec sudo sh start.sh t/*.t |