-
Notifications
You must be signed in to change notification settings - Fork 6
465 lines (399 loc) · 14.5 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
---
name: Builds
on:
push:
pull_request:
release:
tags:
- 'v*'
types: [published]
workflow_dispatch:
jobs:
source_dist:
name: "Source dist"
if: >
github.actor!='dependabot[bot]' &&
github.event_name!='pull_request' &&
( github.ref_type=='tag' || github.ref_type=='branch' )
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Save version info
run: |
git log -1 > ./git.info
- name: Fetch json-parser
run: |
make json-parser/configure
- name: debug
run: "env | sort"
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
- name: Create source tarball
run: |
tar -cJ -f /tmp/${SRC_FILE} \
--transform "s,^\./,pam-weblogin-${PWL_VERSION}/," --sort=name \
--owner=0 --group=0 --mode=u=rwX,go=rX \
--exclude-vcs --exclude='**/.github' \
.
- name: Show what we are shipping
run: |
tar tvJf /tmp/${SRC_FILE}
- name: Create Artifact
uses: actions/upload-artifact@v4
with:
name: "dist-source"
path: "/tmp/${{env.SRC_FILE}}"
build_tests:
name: Build tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- { os: ubuntu-20.04, compiler: gcc, version: 4.8 }
- { os: ubuntu-20.04, compiler: gcc, version: 5 }
- { os: ubuntu-20.04, compiler: gcc, version: 6 }
- { os: ubuntu-20.04, compiler: gcc, version: 7 }
- { os: ubuntu-20.04, compiler: gcc, version: 8 }
- { os: ubuntu-22.04, compiler: gcc, version: 9 }
- { os: ubuntu-22.04, compiler: gcc, version: 10 }
- { os: ubuntu-22.04, compiler: gcc, version: 11 }
- { os: ubuntu-22.04, compiler: gcc, version: 12 }
- { os: ubuntu-22.04, compiler: gcc, version: 13 }
- { os: ubuntu-20.04, compiler: clang, version: 9 }
- { os: ubuntu-20.04, compiler: clang, version: 10 }
- { os: ubuntu-20.04, compiler: clang, version: 11 }
- { os: ubuntu-20.04, compiler: clang, version: 12 }
- { os: ubuntu-22.04, compiler: clang, version: 13 }
- { os: ubuntu-22.04, compiler: clang, version: 14 }
- { os: ubuntu-22.04, compiler: clang, version: 15 }
- { os: ubuntu-22.04, compiler: clang, version: 16 }
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux
env:
CC: ${{ matrix.compiler == 'native' && 'cc' || format('{0}-{1}',matrix.compiler,matrix.version) }}
steps:
- name: Add source for old gcc packages (ubuntu 18.04)
run: |
sudo tee "/etc/apt/sources.list.d/bionic.list" << EOF
deb http://azure.archive.ubuntu.com/ubuntu bionic main universe
deb http://azure.archive.ubuntu.com/ubuntu bionic-security main universe
EOF
cat /etc/apt/sources.list
ls -la /etc/apt/sources.list.d
sudo apt update
if: runner.os == 'Linux' && matrix.compiler == 'gcc' && matrix.version < 7
- name: Install gcc
run: |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test
sudo apt-get install --yes gcc-${{matrix.version}}
if: runner.os == 'Linux' && matrix.compiler == 'gcc'
- name: Install clang
run: |
wget https://apt.llvm.org/llvm.sh
sudo bash ./llvm.sh ${{ matrix.version }}
if: runner.os == 'Linux' && matrix.compiler == 'clang'
- name: Show compiler version
run: $CC --version
- name: Install dependencies (linux)
run: |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check
if: runner.os == 'Linux'
- name: Install dependencies (macOS)
run: |
brew install check
if: runner.os == 'macOS'
- name: Checkout
uses: actions/checkout@v4
- name: Test compilation
run: |
make all
- name: Run unittests
run: |
make unittest
- name: Test make clean
run: |
make clean
make clean
rm -rf json-parser/
make clean
coverage:
name: Coverage
# needs:
# - build_tests
runs-on: ubuntu-22.04
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux
env:
CC: gcc-12
GCOV: gcov-12
COVERAGE: 1
steps:
- name: Install gcc
run: |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test
sudo apt-get install --yes gcc-12
- name: Show compiler version
run: $CC --version
- name: Install dependencies (linux)
run: |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check
if: runner.os == 'Linux'
- name: Checkout
uses: actions/checkout@v4
- name: Compile
run: |
make all COVERAGE=1
- name: Run unittests
run: |
make unittest
- name: Run coverage
run: |
make coverage
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
gcov: true
gcov_executable: "gcov-12"
build_rpm:
name: Build RPMs
needs:
- source_dist
strategy:
fail-fast: false
matrix:
include:
- { name: "fedora38", container: "fedora:38" }
- { name: "fedora39", container: "fedora:39" }
- { name: "fedora40", container: "fedora:40" }
- { name: "rockylinux8", container: "rockylinux:8" }
- { name: "rockylinux9", container: "rockylinux:9" }
runs-on: "ubuntu-latest"
steps:
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
- name: Fetch source
id: fetch_source
uses: actions/download-artifact@v4
with:
name: "dist-source"
path: "."
- name: Show source-dist
run: |
ls -la ${{steps.fetch_source.outputs.download-path}}
sha1sum ${{steps.fetch_source.outputs.download-path}}/* || true
sha256sum ${{steps.fetch_source.outputs.download-path}}/* || true
- name: Prepare build dir
run: |
mkdir -p rpmbuild/SOURCES
cp -v ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} rpmbuild/SOURCES
ls -la rpmbuild/SOURCES
tar -xvJ --wildcards --strip-components 1 -f ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} '*.spec'
- name: Prepare container image
run: >
echo "
FROM ${{matrix.container}}
RUN yum install -y epel-release || true
RUN yum install -y rpm-build
RUN dnf config-manager --set-enabled powertools || true
RUN dnf install -y pandoc || yum install -y pandoc
COPY pam-weblogin.spec /tmp/pwl.spec
RUN command -v dnf && dnf install -y 'dnf-command(builddep)' || true
RUN command -v dnf && dnf builddep -y /tmp/pwl.spec || yum-builddep -y /tmp/pwl.spec
RUN rm /tmp/pwl.spec
RUN gcc --version
" > Dockerfile;
docker build -f Dockerfile -t pwl-${{matrix.name}} .
- name: build RPM package
run: >
docker run -v `pwd`/rpmbuild:/root/rpmbuild/ \
-v $(pwd)/pam-weblogin.spec:/pam-weblogin.spec \
pwl-${{matrix.name}} \
/bin/sh -c '
rpmbuild -ba --define "pwl_version ${{env.PWL_VERSION}}" --define "pwl_distro ${{matrix.name}}" pam-weblogin.spec;
rpm -qlp /root/rpmbuild/RPMS/x86_64/*.rpm
'
- name: debug
run: ls -laR rpmbuild
- name: gather generated rpms
run: |
mkdir results
cp rpmbuild/RPMS/x86_64/*.rpm rpmbuild/SRPMS/*.rpm results/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: rpm_${{matrix.name}}
path: "results/*"
# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60
build_deb:
name: Build DEBs
needs:
- source_dist
strategy:
fail-fast: false
matrix:
include:
- { name: "debian12", container: "debian:12" }
- { name: "debian11", container: "debian:11" }
- { name: "debian10", container: "debian:10" }
- { name: "ubuntu2204", container: "ubuntu:22.04" }
runs-on: "ubuntu-latest"
steps:
- name: Install dependencies
run: |
sudo apt-get install --yes pandoc
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9.+' '-' | sed 's/^v//')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo BUILD_DIR=libpam-weblogin_${PWL_VERSION}-${{matrix.name}}-1_amd64 >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
echo BUILD_ARCH=$(dpkg-architecture -q DEB_BUILD_MULTIARCH) >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
with:
path: pwl-checkout
- name: Prepare container image
run: >
echo "
FROM ${{matrix.container}}
RUN apt update; apt upgrade -y
RUN apt-get install -y build-essential git libpam0g-dev libcurl4-openssl-dev
RUN gcc --version
" > Dockerfile;
docker build -f Dockerfile -t pwl-${{matrix.name}} .
- name: Build binaries
run: >
docker run -v `pwd`/pwl-checkout:/root/pam-weblogin \
pwl-${{matrix.name}} \
/bin/sh -c 'cd /root/pam-weblogin; make'
- name: Debug
run: ls -laR pwl-checkout/src/*.so
- name: Prepare build dir
run: |
mkdir -p ${BUILD_DIR}/DEBIAN
mkdir -p ${BUILD_DIR}/etc/pam.d
mkdir -p ${BUILD_DIR}/lib/${BUILD_ARCH}/security/
mkdir -p ${BUILD_DIR}/usr/share/doc/pam-weblogin/
cp pwl-checkout/src/pam_weblogin.so ${BUILD_DIR}/lib/${BUILD_ARCH}/security/pam_weblogin.so
cp pwl-checkout/pam-weblogin.conf.sample ${BUILD_DIR}/etc/pam-weblogin.conf
pandoc pwl-checkout/README.md -t plain > ${BUILD_DIR}/usr/share/doc/pam-weblogin/README
echo "Package: libpam-weblogin
Version: ${PWL_VERSION}
Section: custom
Priority: optional
Architecture: amd64
Depends: libcurl3-gnutls, libpam0g
Maintainer: SURF <[email protected]>
Description: Pam weblogin module" > ${BUILD_DIR}/DEBIAN/control
cat ${BUILD_DIR}/DEBIAN/control
- name: Build debs in container
run: |
docker run \
-v `pwd`:/work/ \
pwl-${{matrix.name}} \
/bin/sh -c "
cd /work &&
dpkg-deb --build --root-owner-group ${BUILD_DIR}
dpkg -c *.deb
"
- name: Gather generated debs
run: |
mkdir results
cp *.deb results/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: deb_${{matrix.name}}
path: "results/*"
# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60
release:
name: Release
runs-on: ubuntu-latest
needs:
- coverage
- build_tests
- source_dist
- build_rpm
- build_deb
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Fetch artifacts
id: fetch_artifact
uses: actions/download-artifact@v4
with:
path: "artifacts/"
- name: Gather artifacts for release
run: |
mkdir to_release
cp -v artifacts/**/* to_release/
- name: Create Release
if: "github.ref_type=='tag'"
uses: softprops/action-gh-release@v2
with:
files: "to_release/*"
- name: Advance latest tag
if: "github.ref_type=='branch'"
uses: EndBug/latest-tag@v1
with:
ref: "branch+${{github.ref_name}}"
description: "Latest commit in the main branch"
- name: Remove all previous "latest" releases
if: "github.ref_type=='branch'"
uses: dev-drprasad/[email protected]
with:
keep_latest: 0
delete_tag_pattern: "branch+${{github.ref_name}}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release for branch
if: "github.ref_type=='branch'"
uses: softprops/action-gh-release@v2
with:
name: "Latest from branch ${{github.ref_name}}"
tag_name: "branch+${{github.ref_name}}"
prerelease: true
files: "to_release/*"