CI DEB #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI DEB | |
on: | |
push: | |
branches-ignore: | |
- coverity_scan | |
- run-fuzzer** | |
- debug-fuzzer-** | |
schedule: | |
- cron: '0 20 * * *' | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
jobs: | |
# | |
# We don't want to consume many workers on each push so we only build the | |
# full suite of distros during the scheduled or ci-debug run and just the | |
# "bleeding-edge" distro on each push. | |
# | |
# This job builds the matrix based on the event that trigger this run which | |
# the next job consumes. | |
# | |
set-matrix: | |
name: Setup build matrix | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- id: set-matrix | |
name: Setup the matrix | |
run: | | |
if [ "$GITHUB_EVENT_NAME" = "schedule" -o "$GITHUB_REF" = "refs/heads/ci-debug" ]; then | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "ubuntu-22.04", "OS": "ubuntu:22.04" }, | |
{ "NAME": "ubuntu-24.04", "OS": "ubuntu:24.04" }, | |
{ "NAME": "debian-12", "OS": "debian:bookworm" }, | |
{ "NAME": "debian-sid", "OS": "debian:sid" } | |
] | |
} | |
EOF | |
) | |
else | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "debian-12", "OS": "debian:bookworm" } | |
] | |
} | |
EOF | |
) | |
fi | |
echo matrix=$M >> $GITHUB_OUTPUT | |
deb-build: | |
needs: | |
- set-matrix | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
env: | |
HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci | |
HOSTAPD_GIT_TAG: hostap_2_11 | |
name: "DEB build" | |
steps: | |
- name: Package manager performance and stability improvements | |
run: | | |
if [ -f "/etc/apt/sources.list" ]; then | |
sed -i 's/deb.debian.org/debian-archive.trafficmanager.net/' /etc/apt/sources.list | |
sed -i 's/archive.ubuntu.com/azure.archive.ubuntu.com/' /etc/apt/sources.list | |
fi | |
echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80-retries | |
echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/02speedup | |
echo 'man-db man-db/auto-update boolean false' | debconf-set-selections | |
apt-get update | |
# | |
# Required so that the checkout action uses git protocol rather than the GitHub REST API. | |
# make rpm requires the FR directory to be a git repository. | |
# | |
- name: Install recent git | |
run: | | |
apt-get install -y --no-install-recommends git-core ca-certificates | |
- name: Install build tools | |
run: | | |
apt-get install -y --no-install-recommends make gcc libc6-dev equivs file curl gnupg2 lsb-release | |
- name: NetworkRADIUS signing key | |
run: | | |
install -d -o root -g root -m 0755 /etc/apt/keyrings | |
curl -s 'https://packages.inkbridgenetworks.com/pgp/packages.networkradius.com.asc' | tee /etc/apt/keyrings/packages.networkradius.com.asc > /dev/null | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
DIST=$(lsb_release -is | tr '[:upper:]' '[:lower:]') | |
RELEASE=$(lsb_release -cs) | |
if [ "$RELEASE" = "n/a" ]; then | |
RELEASE=$(cat /etc/debian_version | awk -F \/ '{ print $(NF) }') | |
fi | |
[ "$RELEASE" != "trixie" ] || RELEASE=sid | |
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/${DIST}/${RELEASE} ${RELEASE} main" \ | |
> /etc/apt/sources.list.d/networkradius-extras.list | |
- name: Update apt repository lists | |
run: apt-get update | |
- uses: actions/checkout@v4 | |
with: | |
path: freeradius | |
- name: Install build dependencies | |
run: | | |
apt-get install -y --no-install-recommends build-essential devscripts quilt fakeroot | |
debian/rules debian/control | |
mk-build-deps -irt"apt-get -y" debian/control | |
working-directory: freeradius | |
- name: Build DEBs | |
run: | | |
make deb | |
working-directory: freeradius | |
- name: Collect DEBs | |
run: | | |
mkdir debs | |
mv *.deb debs | |
- name: Restore eapol_test build directory from cache | |
uses: actions/cache@v4 | |
id: hostapd-cache | |
with: | |
path: ${{ env.HOSTAPD_BUILD_DIR }} | |
key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 | |
# Build eapol_test using a minimal make environment to avoid configuring | |
- name: Build eapol_test | |
run: | | |
apt-get install -y libnl-3-dev libnl-genl-3-dev | |
scripts/ci/eapol_test-build.sh | |
mv scripts/ci/eapol_test/eapol_test ../debs | |
working-directory: freeradius | |
- name: Store DEBs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debs-${{ matrix.env.NAME }} | |
path: debs | |
retention-days: 1 | |
# | |
# If the CI has failed and the branch is ci-debug then start a tmate | |
# session. SSH rendezvous point is emited continuously in the job output. | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
apt-get install -y --no-install-recommends xz-utils | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
# | |
# Perform "post-install" testing of the FR packages that we have just built | |
# in a clean environment consisting of only the base OS and package | |
# dependancies | |
# | |
deb-test: | |
needs: | |
- set-matrix | |
- deb-build | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
name: "DEB install test" | |
steps: | |
- name: Load DEBs | |
uses: actions/download-artifact@v4 | |
with: | |
name: debs-${{ matrix.env.NAME }} | |
- name: Package manager performance and stability improvements | |
run: | | |
if [ -f "/etc/apt/sources.list" ]; then | |
sed -i 's/deb.debian.org/debian-archive.trafficmanager.net/' /etc/apt/sources.list | |
sed -i 's/archive.ubuntu.com/azure.archive.ubuntu.com/' /etc/apt/sources.list | |
fi | |
echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80-retries | |
echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/02speedup | |
echo 'man-db man-db/auto-update boolean false' | debconf-set-selections | |
apt-get update | |
# procps for pkill, curl+gnupg2 for apt-key, ca-certificates for curl | |
- name: Install system utilities | |
run: | | |
apt-get install -y --no-install-recommends procps curl gnupg2 ca-certificates lsb-release | |
- name: NetworkRADIUS signing key | |
run: | | |
install -d -o root -g root -m 0755 /etc/apt/keyrings | |
curl -s 'https://packages.inkbridgenetworks.com/pgp/packages.networkradius.com.asc' | tee /etc/apt/keyrings/packages.networkradius.com.asc > /dev/null | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
DIST=$(lsb_release -is | tr '[:upper:]' '[:lower:]') | |
RELEASE=$(lsb_release -cs) | |
if [ "$RELEASE" = "n/a" ]; then | |
RELEASE=$(cat /etc/debian_version | awk -F \/ '{ print $(NF) }') | |
fi | |
[ "$RELEASE" != "trixie" ] || RELEASE=sid | |
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/${DIST}/${RELEASE} ${RELEASE} main" \ | |
> /etc/apt/sources.list.d/networkradius-extras.list | |
- name: Update apt repository lists | |
run: apt-get update | |
- name: Install DEBs | |
run: | | |
find . -maxdepth 1 -name '*.deb' | xargs apt-get install -y --no-install-recommends | |
- name: Config test | |
run: | | |
freeradius -XC | |
# | |
# We now perform some post-install tests that depend on the availability | |
# of the source tree | |
# | |
- name: Install pre-built eapol_test | |
run: | | |
apt-get install -y libssl1.? libdbus-1-? libnl-3-200 libnl-genl-3-200 | |
mv eapol_test /usr/local/bin | |
chmod +x /usr/local/bin/eapol_test | |
- uses: actions/checkout@v4 | |
with: | |
path: freeradius | |
- name: Run the post-install test target | |
run: | | |
make -C raddb/certs | |
touch Make.inc | |
mkdir -p build/tests/eapol_test | |
echo "EAPOL_TEST=" $(which eapol_test) > build/tests/eapol_test/eapol_test.mk | |
make -f scripts/ci/package-test.mk package-test | |
working-directory: freeradius | |
- name: Upload radius logs on failure | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: radius-logs-${{ matrix.env.NAME }} | |
path: | | |
/var/log/freeradius | |
freeradius/build/tests/eapol_test | |
retention-days: 30 | |
# | |
# See above comments for tmate | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
apt-get install -y --no-install-recommends xz-utils | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} |