Validate verification code input before sending it #627
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Builds | |
on: | |
push: | |
pull_request: | |
release: | |
tags: | |
- 'v*' | |
types: [published] | |
workflow_dispatch: | |
jobs: | |
source_dist: | |
name: "Source dist" | |
if: > | |
github.actor!='dependabot[bot]' && | |
github.event_name!='pull_request' && | |
( github.ref_type=='tag' || github.ref_type=='branch' ) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Save version info | |
run: | | |
git log -1 > ./git.info | |
- name: Fetch json-parser | |
run: | | |
make json-parser/configure | |
- name: debug | |
run: "env | sort" | |
- name: Get tag/branch name | |
run: | | |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
echo -n "$GITHUB_REF_NAME" > /tmp/version | |
else | |
exit 1 | |
fi | |
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_') | |
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
- name: Create source tarball | |
run: | | |
tar -cJ -f /tmp/${SRC_FILE} \ | |
--transform "s,^\./,pam-weblogin-${PWL_VERSION}/," --sort=name \ | |
--owner=0 --group=0 --mode=u=rwX,go=rX \ | |
--exclude-vcs --exclude='**/.github' \ | |
. | |
- name: Show what we are shipping | |
run: | | |
tar tvJf /tmp/${SRC_FILE} | |
- name: Create Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "dist-source" | |
path: "/tmp/${{env.SRC_FILE}}" | |
build_tests: | |
name: Build tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { os: ubuntu-20.04, compiler: gcc, version: 4.8 } | |
- { os: ubuntu-20.04, compiler: gcc, version: 5 } | |
- { os: ubuntu-20.04, compiler: gcc, version: 6 } | |
- { os: ubuntu-20.04, compiler: gcc, version: 7 } | |
- { os: ubuntu-20.04, compiler: gcc, version: 8 } | |
- { os: ubuntu-22.04, compiler: gcc, version: 9 } | |
- { os: ubuntu-22.04, compiler: gcc, version: 10 } | |
- { os: ubuntu-22.04, compiler: gcc, version: 11 } | |
- { os: ubuntu-22.04, compiler: gcc, version: 12 } | |
- { os: ubuntu-22.04, compiler: gcc, version: 13 } | |
- { os: ubuntu-20.04, compiler: clang, version: 9 } | |
- { os: ubuntu-20.04, compiler: clang, version: 10 } | |
- { os: ubuntu-20.04, compiler: clang, version: 11 } | |
- { os: ubuntu-20.04, compiler: clang, version: 12 } | |
- { os: ubuntu-22.04, compiler: clang, version: 13 } | |
- { os: ubuntu-22.04, compiler: clang, version: 14 } | |
- { os: ubuntu-22.04, compiler: clang, version: 15 } | |
- { os: ubuntu-22.04, compiler: clang, version: 16 } | |
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux | |
env: | |
CC: ${{ matrix.compiler == 'native' && 'cc' || format('{0}-{1}',matrix.compiler,matrix.version) }} | |
steps: | |
- name: Add source for old gcc packages (ubuntu 18.04) | |
run: | | |
sudo tee "/etc/apt/sources.list.d/bionic.list" << EOF | |
deb http://azure.archive.ubuntu.com/ubuntu bionic main universe | |
deb http://azure.archive.ubuntu.com/ubuntu bionic-security main universe | |
EOF | |
cat /etc/apt/sources.list | |
ls -la /etc/apt/sources.list.d | |
sudo apt update | |
if: runner.os == 'Linux' && matrix.compiler == 'gcc' && matrix.version < 7 | |
- name: Install gcc | |
run: | | |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test | |
sudo apt-get install --yes gcc-${{matrix.version}} | |
if: runner.os == 'Linux' && matrix.compiler == 'gcc' | |
- name: Install clang | |
run: | | |
wget https://apt.llvm.org/llvm.sh | |
sudo bash ./llvm.sh ${{ matrix.version }} | |
if: runner.os == 'Linux' && matrix.compiler == 'clang' | |
- name: Show compiler version | |
run: $CC --version | |
- name: Install dependencies (linux) | |
run: | | |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check | |
if: runner.os == 'Linux' | |
- name: Install dependencies (macOS) | |
run: | | |
brew install check | |
if: runner.os == 'macOS' | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Test compilation | |
run: | | |
make all | |
- name: Run unittests | |
run: | | |
make unittest | |
- name: Test make clean | |
run: | | |
make clean | |
make clean | |
rm -rf json-parser/ | |
make clean | |
coverage: | |
name: Coverage | |
# needs: | |
# - build_tests | |
runs-on: ubuntu-22.04 | |
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux | |
env: | |
CC: gcc-12 | |
GCOV: gcov-12 | |
COVERAGE: 1 | |
steps: | |
- name: Install gcc | |
run: | | |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test | |
sudo apt-get install --yes gcc-12 | |
- name: Show compiler version | |
run: $CC --version | |
- name: Install dependencies (linux) | |
run: | | |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check | |
if: runner.os == 'Linux' | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Compile | |
run: | | |
make all COVERAGE=1 | |
- name: Run unittests | |
run: | | |
make unittest | |
- name: Run coverage | |
run: | | |
make coverage | |
- name: Upload coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
gcov: true | |
gcov_executable: "gcov-12" | |
build_rpm: | |
name: Build RPMs | |
needs: | |
- source_dist | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { name: "fedora38", container: "fedora:38" } | |
- { name: "fedora39", container: "fedora:39" } | |
- { name: "fedora40", container: "fedora:40" } | |
- { name: "rockylinux8", container: "rockylinux:8" } | |
- { name: "rockylinux9", container: "rockylinux:9" } | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Get tag/branch name | |
run: | | |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
echo -n "$GITHUB_REF_NAME" > /tmp/version | |
else | |
exit 1 | |
fi | |
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_') | |
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
- name: Fetch source | |
id: fetch_source | |
uses: actions/download-artifact@v4 | |
with: | |
name: "dist-source" | |
path: "." | |
- name: Show source-dist | |
run: | | |
ls -la ${{steps.fetch_source.outputs.download-path}} | |
sha1sum ${{steps.fetch_source.outputs.download-path}}/* || true | |
sha256sum ${{steps.fetch_source.outputs.download-path}}/* || true | |
- name: Prepare build dir | |
run: | | |
mkdir -p rpmbuild/SOURCES | |
cp -v ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} rpmbuild/SOURCES | |
ls -la rpmbuild/SOURCES | |
tar -xvJ --wildcards --strip-components 1 -f ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} '*.spec' | |
- name: Prepare container image | |
run: > | |
echo " | |
FROM ${{matrix.container}} | |
RUN yum install -y epel-release || true | |
RUN yum install -y rpm-build | |
RUN dnf config-manager --set-enabled powertools || true | |
RUN dnf install -y pandoc || yum install -y pandoc | |
COPY pam-weblogin.spec /tmp/pwl.spec | |
RUN command -v dnf && dnf install -y 'dnf-command(builddep)' || true | |
RUN command -v dnf && dnf builddep -y /tmp/pwl.spec || yum-builddep -y /tmp/pwl.spec | |
RUN rm /tmp/pwl.spec | |
RUN gcc --version | |
" > Dockerfile; | |
docker build -f Dockerfile -t pwl-${{matrix.name}} . | |
- name: build RPM package | |
run: > | |
docker run -v `pwd`/rpmbuild:/root/rpmbuild/ \ | |
-v $(pwd)/pam-weblogin.spec:/pam-weblogin.spec \ | |
pwl-${{matrix.name}} \ | |
/bin/sh -c ' | |
rpmbuild -ba --define "pwl_version ${{env.PWL_VERSION}}" --define "pwl_distro ${{matrix.name}}" pam-weblogin.spec; | |
rpm -qlp /root/rpmbuild/RPMS/x86_64/*.rpm | |
' | |
- name: debug | |
run: ls -laR rpmbuild | |
- name: gather generated rpms | |
run: | | |
mkdir results | |
cp rpmbuild/RPMS/x86_64/*.rpm rpmbuild/SRPMS/*.rpm results/ | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rpm_${{matrix.name}} | |
path: "results/*" | |
# Setup tmate session | |
- name: Setup tmate session | |
env: | |
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}} | |
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }} | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
timeout-minutes: 60 | |
build_deb: | |
name: Build DEBs | |
needs: | |
- source_dist | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { name: "debian12", container: "debian:12" } | |
- { name: "debian11", container: "debian:11" } | |
- { name: "debian10", container: "debian:10" } | |
- { name: "ubuntu2204", container: "ubuntu:22.04" } | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Install dependencies | |
run: | | |
sudo apt-get install --yes pandoc | |
- name: Get tag/branch name | |
run: | | |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then | |
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version | |
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then | |
echo -n "$GITHUB_REF_NAME" > /tmp/version | |
else | |
exit 1 | |
fi | |
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9.+' '-' | sed 's/^v//') | |
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV | |
echo BUILD_DIR=libpam-weblogin_${PWL_VERSION}-${{matrix.name}}-1_amd64 >> $GITHUB_ENV | |
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV | |
echo BUILD_ARCH=$(dpkg-architecture -q DEB_BUILD_MULTIARCH) >> $GITHUB_ENV | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: pwl-checkout | |
- name: Prepare container image | |
run: > | |
echo " | |
FROM ${{matrix.container}} | |
RUN apt update; apt upgrade -y | |
RUN apt-get install -y build-essential git libpam0g-dev libcurl4-openssl-dev | |
RUN gcc --version | |
" > Dockerfile; | |
docker build -f Dockerfile -t pwl-${{matrix.name}} . | |
- name: Build binaries | |
run: > | |
docker run -v `pwd`/pwl-checkout:/root/pam-weblogin \ | |
pwl-${{matrix.name}} \ | |
/bin/sh -c 'cd /root/pam-weblogin; make' | |
- name: Debug | |
run: ls -laR pwl-checkout/src/*.so | |
- name: Prepare build dir | |
run: | | |
mkdir -p ${BUILD_DIR}/DEBIAN | |
mkdir -p ${BUILD_DIR}/etc/pam.d | |
mkdir -p ${BUILD_DIR}/lib/${BUILD_ARCH}/security/ | |
mkdir -p ${BUILD_DIR}/usr/share/doc/pam-weblogin/ | |
cp pwl-checkout/src/pam_weblogin.so ${BUILD_DIR}/lib/${BUILD_ARCH}/security/pam_weblogin.so | |
cp pwl-checkout/pam-weblogin.conf.sample ${BUILD_DIR}/etc/pam-weblogin.conf | |
pandoc pwl-checkout/README.md -t plain > ${BUILD_DIR}/usr/share/doc/pam-weblogin/README | |
echo "Package: libpam-weblogin | |
Version: ${PWL_VERSION} | |
Section: custom | |
Priority: optional | |
Architecture: amd64 | |
Depends: libcurl3-gnutls, libpam0g | |
Maintainer: SURF <[email protected]> | |
Description: Pam weblogin module" > ${BUILD_DIR}/DEBIAN/control | |
cat ${BUILD_DIR}/DEBIAN/control | |
- name: Build debs in container | |
run: | | |
docker run \ | |
-v `pwd`:/work/ \ | |
pwl-${{matrix.name}} \ | |
/bin/sh -c " | |
cd /work && | |
dpkg-deb --build --root-owner-group ${BUILD_DIR} | |
dpkg -c *.deb | |
" | |
- name: Gather generated debs | |
run: | | |
mkdir results | |
cp *.deb results/ | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb_${{matrix.name}} | |
path: "results/*" | |
# Setup tmate session | |
- name: Setup tmate session | |
env: | |
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}} | |
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }} | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
timeout-minutes: 60 | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
needs: | |
- coverage | |
- build_tests | |
- source_dist | |
- build_rpm | |
- build_deb | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Fetch artifacts | |
id: fetch_artifact | |
uses: actions/download-artifact@v4 | |
with: | |
path: "artifacts/" | |
- name: Gather artifacts for release | |
run: | | |
mkdir to_release | |
cp -v artifacts/**/* to_release/ | |
- name: Create Release | |
if: "github.ref_type=='tag'" | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: "to_release/*" | |
- name: Advance latest tag | |
if: "github.ref_type=='branch'" | |
uses: EndBug/latest-tag@v1 | |
with: | |
ref: "branch+${{github.ref_name}}" | |
description: "Latest commit in the main branch" | |
- name: Remove all previous "latest" releases | |
if: "github.ref_type=='branch'" | |
uses: dev-drprasad/[email protected] | |
with: | |
keep_latest: 0 | |
delete_tag_pattern: "branch+${{github.ref_name}}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release for branch | |
if: "github.ref_type=='branch'" | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: "Latest from branch ${{github.ref_name}}" | |
tag_name: "branch+${{github.ref_name}}" | |
prerelease: true | |
files: "to_release/*" | |