| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fedora m32 monthly was introduced before cross matrix. Actually,
many of cross builds are 32 bit, no need to keep dedicated Fedora
definition
|
|
|
|
|
|
|
| |
that was temporarily disabled due to
https://github.com/haproxy/haproxy/issues/1868
we are unblocked, let us enable clang in matrix
|
|
|
|
|
| |
when some api endpoints used for determine latest OpenSSL, LibreSSL
are unavailable, fail only those builds, not entire matrix
|
|
|
|
| |
OpenBSD ftp is down, let us switch to mirror
|
|
|
|
|
| |
"clen" is all around the code, since codespell cannot distingush
variables names, let us ignore it
|
|
|
|
|
| |
Fedora Rawhide is shipped with the most recent compilers, not yet released with
more conservative distro. It is good to catch compile errors on those compilers.
|
|
|
|
|
| |
actions/checkout@v2 is deprecated, accidently it was not updated in our
build definition
|
|
|
|
|
| |
as those directories do contain many documents written in French,
codespell is catching a lot of false positives scanning them.
|
|
|
|
|
| |
config syntax check seems add a value on testing code path not
covered by VTest, also checks are very fast
|
|
|
|
|
|
|
|
|
| |
The initial version of matrix.py was formatted using `black` [1], but with all
the later changes, the formatting diverged quite a bit. This patch reformats
the script using black, fixing the indentation of some statements and
shortening overlong lines.
[1] https://github.com/psf/black
|
|
|
|
| |
For consistency with `GITHUB_OUTPUT` at the bottom.
|
|
|
|
|
| |
This makes naming a little clearer in matrix.py, because the name matches the
name of the actual secret.
|
|
|
|
|
|
| |
For complex expressions, such as the ones modified, the condition expression is
much less readable, especially with the actual condition in the middle of the
"then" and "else" part.
|
|
|
|
|
| |
These functions were previously called once per compiler. Add the `lru_cache`
decorator to only perform one HTTP request each.
|
|
|
|
|
|
| |
Since 4a04cd35ae89bf6a3bb7620f7a49804de3240ac4 (CI: github: split ssl lib
selection based on git branch) the branch, instead of the workflow type is
passed. The headline should reflect that.
|
|
|
|
|
|
|
| |
Github allows to use a auto generated GITHUB_TOKEN so we don't need to
handle the token in the secret configuration.
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
|
|
|
|
|
| |
github api throttles requests with no auth, thus we can enable
GITHUB_API_TOKEN env variable. if not set, current behaviour is kept
|
|
|
|
|
|
|
|
|
| |
ML ref: https://www.mail-archive.com/haproxy@formilux.org/msg42934.html
we agreed to use "latest" images for development branches and fixed
images for stable branches
Can be backported to 2.6.
|
|
|
|
|
|
| |
it was there because we only ran ASAN for clang, now no need to separate loop
Can be backported to 2.6.
|
|
|
|
|
|
| |
Set ulimit -n to 65536 to limit less the maxconn computation.
Could be backported at least to 2.5.
|
|
|
|
|
|
|
|
|
|
|
|
| |
when *SSL_VERSION="latest" behaviour was introduced, it seems to be fine
for development branches, but too intrusive for stable branches.
let us limit "latest" semantic only for development builds, if branch name
contains "haproxy-" it is supposed to be stable branch, no latest openssl
should be taken
[wla: must be backported as far as 2.6]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
|
|
|
|
|
| |
OpenSSL 1.1.1 is not tested anymore since github updated "ubuntu-latest"
to 22.04, let's reintroduce this version.
|
|
|
|
|
|
|
| |
Some occasional builds fail only on a specific platform and being able
to figure the exact compiler version used there is crucial. It's not
easy to guess from the rest of the output, so let's add it before the
platform-specific defines, which suit the same needs.
|
|
|
|
| |
since LibreSSL-3.6.x supports QUIC, let us enable it
|
|
|
|
|
| |
LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
switch back to the latest LibreSSL available
|
|
|
|
|
| |
Build only gcc cross compile jobs are added with monthly run to catch
rare errors, mostly 32bit <--> 64bit
|
|
|
|
|
|
|
|
|
| |
This patch allows to show the backtrace of a coredump produced in the
alpine/musl jobs.
It activates some option required by the containers to allow the
production of coredump, set a shared directory so the kernel could dump
the coredump within the container. Some debug packages were also added.
|
|
|
|
|
|
|
| |
$GITHUB_OUTPUT in workflow definition
See "CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in matrix.py" for the reasoning behind this commit.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$GITHUB_OUTPUT in matrix.py
As announced in
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
the `::set-output` command is deprecated, because processes during the workflow
execution might output untrusted information that might include the
`::set-output` command, thus allowing these untrusted information to hijack the
build.
The replacement is writing to the file indicated by the `$GITHUB_OUTPUT`
environment variable.
|
|
|
|
|
| |
recently released 3.6.0 introduced some regression which must be
resolved first, let us use 3.5.3 notation instead of "latest"
|
|
|
|
|
|
|
| |
both "OPENSSL_VERSION=latest" and "LIBRESSL_VERSION=latest" processing
introduced errors when build-ssl.sh script was invoked. that error
in turn led to skipping custom openssl build and haproxy was linked against
stock openssl, i.e. openssl-1.1.1
|
|
|
|
|
|
| |
this is build only workflow, catches potential "size_t" mismatches
--
v2 job name added, various markup changes
|
|
|
|
|
| |
for some unclear reasons asan builds were limited to clang only. let us
enable them for gcc as well
|
|
|
|
|
| |
this change introduce "OPENSSL_VERSION=latest" semantic, which scans
https://api.github.com/repos/openssl/openssl/tags and detects latest release.
|
|
|
|
|
|
|
| |
this change introduce "LIBRESSL_VERSION=latest" semantic, which scans
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ and detects latest release.
LIBRESSL_VERSION=2.9.2 is removed from the matrix.
|
|
|
|
|
| |
previously we used hardcoded h2spec version. let us switch to
the latest available
|
|
|
|
| |
LibreSSL-3.5.2 was released on Apr 23nd 2022, let us switch to it
|
|
|
|
|
| |
The deprecrated code is now disabled by default, so we can build with
quictls and openssl 3.0 without this option.
|
|
|
|
| |
No functional changes for our use case, but we should keep this current.
|
|
|
|
| |
No functional change, but we should keep this current.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to rely on a call to "sed" to modify the DEBUG option in the
makefile when running under Coverity because it splits words around
spaces and does not allow to pass multi-word build options. As reported
by Tim in issue #1592, this broke with commit 8de7f2822 ("BUILD: makefile:
enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default") when the
default DEBUG options changed.
Let's change this to pass all DEBUG options one at a time instead and
get rid of this sed.
|
|
|
|
|
|
|
| |
This enables DEBUG_MEMORY_POOLS and DEBUG_POOL_INTEGRITY so that by
default the tests run under stricter checks, which are likely to
catch more bugs. Note that these ones are permanently used in prod
on haproxy.org.
|
| |
|
|
|
|
| |
v2 is the current version of the checkout action and faster than v1.
|
|
|
|
|
| |
we have two kinds of SSL libs built - git based and version based.
this commit introduces caching for version based SSL libs.
|
|
|
|
| |
re-use scripts/build-ot.sh in CI again. Bump opentracing-cpp to 1.6.0
|
|
|
|
|
| |
this caches OpenTracing libs between builds, should save couple of minutes
for each build.
|
|
|
|
|
| |
step condition "if: ${{ !failure() }}" was added in 2ef4c7c84363f5a9b80a2093df1370514319db28
during my experiments. As Tim Düsterhus mentioned, that condition is default and may be omitted.
|