Skip to content

feat(proxy-wasm) strengthen host functions context checks #2721

feat(proxy-wasm) strengthen host functions context checks

feat(proxy-wasm) strengthen host functions context checks #2721

Workflow file for this run

name: CI
on:
push:
branches: main
paths-ignore:
- '**/*.md'
- '**/release.yml'
- '**/ci-large.yml'
- 'assets/release/Dockerfiles/*'
pull_request:
branches: '**'
paths-ignore:
- '**/*.md'
- '**/release.yml'
- '**/ci-large.yml'
- 'assets/release/Dockerfiles/*'
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
unit:
name: 'Unit'
#if: ${{ false }}
strategy:
fail-fast: false
matrix:
label: [""]
os: [ubuntu-latest]
cc: [gcc-12]
ngx: [1.25.3]
openresty: [""]
runtime: [wasmer]
wasmtime: [""]
wasmer: [3.1.1]
v8: [""]
ssl: [ssl]
debug: [debug, no_debug]
hup: [no_hup]
module_type: ["static"]
include:
# Wasmtime
- runtime: wasmtime
wasmtime: 14.0.3
os: ubuntu-latest
cc: gcc-12
ngx: 1.25.3
ssl: ssl
debug: debug
hup: hup
# V8
- runtime: v8
v8: 11.4.183.23
os: ubuntu-latest
cc: gcc-12
ngx: 1.25.3
ssl: ssl
debug: debug
hup: no_hup
# Old Nginx
- label: old_nginx
os: ubuntu-latest
cc: gcc-12
ngx: 1.21.6
runtime: wasmer
wasmer: 3.1.1
ssl: ssl
debug: debug
hup: no_hup
# Nginx + dynamic ngx_wasm_module + HUP
- label: dynamic_nginx
os: ubuntu-latest
cc: gcc-12
ngx: 1.25.3
runtime: wasmtime
wasmtime: 14.0.3
ssl: ssl
debug: debug
hup: hup
module_type: dynamic
# No SSL
- os: ubuntu-latest
cc: gcc-12
ngx: 1.25.3
runtime: wasmer
wasmer: 3.1.1
ssl: no_ssl
debug: no_debug
hup: no_hup
# OpenResty
- label: openresty
os: ubuntu-latest
cc: gcc-12
openresty: 1.21.4.2
runtime: wasmtime
wasmtime: 14.0.3
ssl: ssl
debug: debug
hup: no_hup
# OpenResty + dynamic ngx_wasm_module
- label: dynamic_openresty
os: ubuntu-latest
cc: gcc-12
openresty: 1.21.4.2
runtime: wasmtime
wasmtime: 14.0.3
ssl: ssl
debug: debug
hup: no_hup
module_type: dynamic
uses: ./.github/workflows/job-unit-tests.yml
with:
os: ${{ matrix.os }}
cc: ${{ matrix.cc }}
ngx: ${{ matrix.ngx }}
openresty: ${{ matrix.openresty }}
runtime: ${{ matrix.runtime }}
wasmtime: ${{ matrix.wasmtime }}
wasmer: ${{ matrix.wasmer }}
v8: ${{ matrix.v8 }}
ssl: ${{ matrix.ssl }}
debug: ${{ matrix.debug }}
hup: ${{ matrix.hup }}
module_type: ${{ matrix.module_type }}
coverage: true
secrets: inherit
coveralls:
name: 'Coveralls'
needs: unit
runs-on: ubuntu-latest
steps:
- name: Coveralls Finished
if: ${{ !env.ACT }}
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
carryforward: 'unit-ngx_1.25.3-wasmer-ssl-debug-no_hup-static,unit-ngx_1.25.3-wasmer-ssl-no_debug-no_hup-static,unit-ngx_1.25.3-wasmtime-ssl-debug-hup-static,unit-ngx_1.25.3-wasmtime-ssl-debug-hup-dynamic,unit-ngx_1.25.3-v8-ssl-debug-no_hup-static,unit-ngx_1.21.6-wasmer-ssl-debug-no_hup-static,unit-ngx_1.25.3-wasmer-no_ssl-no_debug-no_hup-static,unit-openresty_1.21.4.2-wasmtime-ssl-debug-no_hup-static,unit-openresty_1.21.4.2-wasmtime-ssl-debug-no_hup-dynamic'
valgrind:
name: 'Valgrind'
#if: ${{ false }}
strategy:
fail-fast: false
matrix:
label: [""]
os: [ubuntu-22.04]
cc: [gcc-12]
ngx: [1.25.3]
openresty: [""]
runtime: [wasmer]
wasmtime: [""]
wasmer: [3.1.1]
v8: [""]
hup: [no_hup, hup]
debug: [debug]
include:
# Wasmtime
- runtime: wasmtime
wasmtime: 14.0.3
os: ubuntu-22.04
cc: gcc-12
ngx: 1.25.3
hup: no_hup
debug: debug
# V8
- runtime: v8
v8: 11.4.183.23
os: ubuntu-22.04
cc: gcc-12
ngx: 1.25.3
debug: debug
hup: no_hup
# OpenResty
- label: openresty
os: ubuntu-22.04
cc: gcc-12
openresty: 1.21.4.2
ngx:
runtime: wasmer
wasmer: 3.1.1
debug: debug
hup: no_hup
uses: ./.github/workflows/job-valgrind-tests.yml
with:
os: ${{ matrix.os }}
cc: ${{ matrix.cc }}
ngx: ${{ matrix.ngx }}
openresty: ${{ matrix.openresty }}
runtime: ${{ matrix.runtime }}
wasmtime: ${{ matrix.wasmtime }}
wasmer: ${{ matrix.wasmer }}
v8: ${{ matrix.v8 }}
hup: ${{ matrix.hup }}
debug: ${{ matrix.debug }}
secrets: inherit
lint:
name: 'Lint'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: 'Setup cache - rustup toolchain'
uses: actions/cache@v3
if: ${{ !env.ACT }}
with:
path: |
~/.rustup/settings.toml
~/.rustup/toolchains/*
~/.rustup/update-hashes/*
key: rust-toolchain-${{ runner.os }}-${{ hashFiles('.github/**/*.yml', '.github/**/*.sh', 'rust-toolchain') }}
- uses: actions-rs/toolchain@v1
with:
components: clippy
- name: 'Setup cache - work/ dir'
uses: actions/cache@v3
if: ${{ !env.ACT }}
with:
path: |
work/downloads
work/openssl
key: lint-${{ runner.os }}-${{ hashFiles('util/**/*.sh', 'util/**/*.pl', 'util/**/*.awk', '.github/**/*.yml', '.github/**/*.sh', '.github/**/*.js', 'rust-toolchain', 'Makefile') }}
- run: make setup
- run: make lint
- uses: actions-rs/clippy-check@v1
if: ${{ !env.ACT }}
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features
- run: |
if [[ $(make reindex 2>&1 | tee reindex.out | grep -c done) -gt 0 ]]; then
cat reindex.out >&2
exit 1
fi
analyzer:
name: 'Clang analyzer'
strategy:
fail-fast: false
matrix:
cc: [clang-15]
openresty: [1.21.4.2]
runtime: [wasmtime, wasmer, v8]
wasmtime: [14.0.3]
wasmer: [3.1.1]
v8: [11.4.183.23]
ssl: [ssl]
debug: [debug, no_debug]
include:
# No SSL
- os: ubuntu-latest
cc: clang-15
ngx: 1.25.3
runtime: wasmer
wasmer: 3.1.1
ssl: no_ssl
debug: debug
uses: ./.github/workflows/job-clang-analyzer.yml
with:
cc: ${{ matrix.cc }}
ngx: ${{ matrix.ngx }}
openresty: ${{ matrix.openresty }}
runtime: ${{ matrix.runtime }}
wasmtime: ${{ matrix.wasmtime }}
wasmer: ${{ matrix.wasmer }}
v8: ${{ matrix.v8 }}
ssl: ${{ matrix.ssl }}
debug: ${{ matrix.debug }}
build:
name: 'Build'
#if: ${{ false }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
cc: [clang-15, gcc-12]
ngx: [1.25.3]
runtime: [wasmtime, wasmer, v8]
wasmtime: [14.0.3]
wasmer: [3.1.1]
v8: [11.4.183.23]
uses: ./.github/workflows/job-build-tests.yml
with:
os: ${{ matrix.os }}
cc: ${{ matrix.cc }}
ngx: ${{ matrix.ngx }}
runtime: ${{ matrix.runtime }}
wasmtime: ${{ matrix.wasmtime }}
wasmer: ${{ matrix.wasmer }}
v8: ${{ matrix.v8 }}