mirror of
https://github.com/curl/curl.git
synced 2026-04-14 13:01:42 +08:00
26eddf002f
Checking lib and src under 3m15s versus 7m15s. Downside: autotools clang-tidy support is no longer CI-tested. The reason for the slowness is invoking a single clang-tidy command with all source files, and clang-tidy checking them in a single thread, sequentially. clang-tidy offers a `run-clang-tidy` Python script for parallel processing, which may help with this. However at this point it's more practical to use cmake, which also supports verifying the whole codebase, not only lib and src. Also: - bump clang-tidy to the latest available, v20 (from v18). - enable running clang-tidy on tests. Takes under 2 minutes. Also tried `_CURL_TESTS_CONCAT=ON`, it brings down the build tests step from 1m47s to 54s, saving 1 minute. Skipped using it for now. Closes #20725
944 lines
48 KiB
YAML
944 lines
48 KiB
YAML
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
#
|
|
# SPDX-License-Identifier: curl
|
|
|
|
name: 'Linux'
|
|
|
|
'on':
|
|
push:
|
|
branches:
|
|
- master
|
|
- '*/ci'
|
|
paths-ignore:
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'Dockerfile'
|
|
- 'projects/**'
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
paths-ignore:
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'Dockerfile'
|
|
- 'projects/**'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
env:
|
|
MAKEFLAGS: -j 5
|
|
CURL_CI: github
|
|
CURL_TEST_MIN: 1600
|
|
# renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
|
|
LIBRESSL_VERSION: 4.2.1
|
|
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
|
|
WOLFSSL_VERSION: 5.8.4
|
|
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com
|
|
MBEDTLS_VERSION: 4.0.0
|
|
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver:^3.0.0 registryUrl=https://github.com
|
|
MBEDTLS_VERSION_PREV: 3.6.4
|
|
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
|
|
AWSLC_VERSION: 1.67.0
|
|
# renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
|
|
BORINGSSL_VERSION: 0.20260211.0
|
|
# handled in renovate.json
|
|
OPENSSL_VERSION: 3.6.1
|
|
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
|
|
RUSTLS_VERSION: 0.15.0
|
|
# handled in renovate.json
|
|
OPENLDAP_VERSION: 2.6.10
|
|
# renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
|
|
NGHTTP2_VERSION: 1.68.0
|
|
# renovate: datasource=github-releases depName=pizlonator/fil-c versioning=semver-coerced registryUrl=https://github.com
|
|
FIL_C_VERSION: 0.678
|
|
|
|
jobs:
|
|
linux:
|
|
name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
|
|
runs-on: ${{ matrix.build.image || 'ubuntu-latest' }}
|
|
container: ${{ matrix.build.container }}
|
|
timeout-minutes: 15
|
|
env:
|
|
MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }}
|
|
MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}'
|
|
MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}'
|
|
MATRIX_MAKE_PREFIX: '${{ matrix.build.make-prefix }}'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
build:
|
|
- name: 'libressl krb5'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libidn2-dev libnghttp2-dev libldap-dev libkrb5-dev
|
|
install_steps: libressl-c-arm pytest codeset-test
|
|
configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug
|
|
|
|
- name: 'libressl krb5 valgrind 1'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind
|
|
install_steps: libressl-c-arm
|
|
tflags: '--min=870 1 to 950'
|
|
generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
|
|
|
|
- name: 'libressl krb5 valgrind 2'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind
|
|
install_steps: libressl-c-arm
|
|
tflags: '--min=900 951 to 9999'
|
|
generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
|
|
|
|
- name: 'libressl clang'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: clang
|
|
install_steps: libressl-c-arm
|
|
configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --enable-debug
|
|
|
|
- name: 'wolfssl-all'
|
|
image: ubuntu-24.04-arm
|
|
install_steps: wolfssl-all-arm
|
|
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug
|
|
|
|
- name: 'wolfssl-opensslextra valgrind 1'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: valgrind
|
|
install_steps: wolfssl-opensslextra-arm
|
|
tflags: '--min=780 1 to 950'
|
|
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
|
|
|
|
- name: 'wolfssl-opensslextra valgrind 2'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: valgrind
|
|
install_steps: wolfssl-opensslextra-arm
|
|
tflags: '--min=800 951 to 9999'
|
|
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
|
|
|
|
- name: 'mbedtls gss valgrind 1'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind
|
|
install_steps: mbedtls-latest-arm
|
|
tflags: '--min=830 1 to 950'
|
|
LDFLAGS: -Wl,-rpath,/home/runner/mbedtls/lib
|
|
PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig
|
|
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_GSSAPI=ON -DCURL_DROP_UNUSED=ON
|
|
|
|
- name: 'mbedtls gss valgrind 2'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind
|
|
install_steps: mbedtls-latest-arm
|
|
tflags: '--min=800 951 to 9999'
|
|
LDFLAGS: -Wl,-rpath,/home/runner/mbedtls/lib
|
|
PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig
|
|
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_GSSAPI=ON
|
|
|
|
- name: 'mbedtls clang'
|
|
install_packages: libssh-dev libnghttp2-dev libldap-dev clang
|
|
install_steps: mbedtls-latest-intel pytest
|
|
configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --with-libssh --enable-debug --with-fish-functions-dir --with-zsh-functions-dir
|
|
|
|
- name: 'mbedtls-prev'
|
|
install_packages: libssh2-1-dev libnghttp2-dev libuv1-dev
|
|
install_steps: mbedtls-prev pytest
|
|
PKG_CONFIG_PATH: /home/runner/mbedtls-prev/lib/pkgconfig # Requires v3.6.0
|
|
generate: -DCURL_USE_MBEDTLS=ON -DCURL_USE_LIBUV=ON -DENABLE_DEBUG=ON
|
|
|
|
- name: 'mbedtls-pkg MultiSSL !pc'
|
|
install_packages: libnghttp2-dev libmbedtls-dev
|
|
install_steps: mbedtls-latest-intel skipall
|
|
generate: >-
|
|
-DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls
|
|
-DMBEDTLS_INCLUDE_DIR=/home/runner/mbedtls/include
|
|
-DMBEDTLS_LIBRARY=/home/runner/mbedtls/lib/libmbedtls.a
|
|
-DMBEDX509_LIBRARY=/home/runner/mbedtls/lib/libmbedx509.a
|
|
-DMBEDCRYPTO_LIBRARY=/home/runner/mbedtls/lib/libmbedcrypto.a
|
|
-DCURL_USE_PKGCONFIG=OFF -DCURL_USE_OPENSSL=ON
|
|
-DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF
|
|
-DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON
|
|
|
|
- name: 'awslc'
|
|
install_steps: awslc pytest
|
|
configure: LDFLAGS=-Wl,-rpath,/home/runner/awslc/lib --with-openssl=/home/runner/awslc --enable-ech
|
|
|
|
- name: 'awslc'
|
|
install_packages: libidn2-dev
|
|
install_steps: awslc
|
|
generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF -DCURL_DROP_UNUSED=ON -DCURL_PATCHSTAMP=test-patch
|
|
|
|
- name: 'boringssl'
|
|
install_steps: boringssl pytest
|
|
generate: -DOPENSSL_ROOT_DIR=/home/runner/boringssl -DUSE_ECH=ON
|
|
|
|
- name: 'openssl default'
|
|
install_steps: pytest
|
|
configure: --with-openssl --enable-debug --disable-unity
|
|
|
|
- name: 'openssl libssh2 sync-resolver valgrind 1'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind
|
|
tflags: '--min=920 1 to 950'
|
|
generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF
|
|
|
|
- name: 'openssl libssh2 sync-resolver valgrind 2'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind
|
|
tflags: '--min=910 951 to 9999'
|
|
generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF
|
|
|
|
- name: 'openssl intel C89'
|
|
install_packages: libssh-dev
|
|
install_steps: pytest
|
|
configure: CFLAGS=-std=gnu89 --with-openssl --with-libssh --enable-debug
|
|
|
|
- name: 'openssl arm C89'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libssh2-1-dev
|
|
install_steps: pytest
|
|
configure: CFLAGS=-std=gnu89 --with-openssl --with-libssh2 --enable-debug --disable-verbose
|
|
|
|
- name: 'openssl -O3 libssh valgrind 1'
|
|
install_packages: libssh-dev valgrind
|
|
CFLAGS: -O3
|
|
tflags: '--min=920 1 to 950'
|
|
generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50
|
|
|
|
- name: 'openssl -O3 libssh valgrind 2'
|
|
install_packages: libssh-dev valgrind
|
|
CFLAGS: -O3
|
|
tflags: '--min=890 951 to 9999'
|
|
generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50
|
|
|
|
- name: 'openssl clang krb5 openldap static'
|
|
install_steps: openldap-static
|
|
install_packages: libidn2-dev libkrb5-dev clang libssl-dev
|
|
configure: CC=clang --enable-static --disable-shared --with-openssl --with-gssapi --enable-debug --disable-docs --disable-manual --with-ldap=/home/runner/openldap-static --with-ldap-lib=ldap --with-lber-lib=lber
|
|
|
|
- name: 'openssl clang krb5 LTO'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libssh2-1-dev libkrb5-dev clang
|
|
install_steps: skiprun pytest
|
|
CC: clang
|
|
generate: -DCURL_USE_OPENSSL=ON -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LTO=ON
|
|
|
|
- name: 'openssl !ipv6 !--libcurl !--digest-auth'
|
|
image: ubuntu-24.04-arm
|
|
configure: --with-openssl --disable-ipv6 --enable-debug --disable-unity --disable-libcurl-option --disable-digest-auth
|
|
|
|
- name: 'openssl https-only'
|
|
image: ubuntu-24.04-arm
|
|
tflags: '--min=1150'
|
|
configure: >-
|
|
--with-openssl --enable-debug --disable-unity
|
|
--disable-dict --disable-gopher --disable-ldap --disable-telnet
|
|
--disable-imap --disable-pop3 --disable-smtp
|
|
--without-librtmp --disable-rtsp
|
|
--without-libssh2 --without-libssh
|
|
--disable-tftp --disable-ftp --disable-file --disable-smb
|
|
|
|
- name: 'openssl torture 1'
|
|
install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev
|
|
tflags: '-t --shallow=25 --min=920 1 to 950'
|
|
torture: true
|
|
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
|
|
|
|
- name: 'openssl torture 2'
|
|
install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev
|
|
tflags: '-t --shallow=25 --min=900 951 to 9999'
|
|
torture: true
|
|
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
|
|
|
|
- name: 'openssl i686'
|
|
install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 librtmp-dev:i386 libssh2-1-dev:i386 libidn2-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386
|
|
configure: >-
|
|
PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig
|
|
CC=i686-linux-gnu-gcc-14
|
|
CPPFLAGS=-I/usr/include/i386-linux-gnu
|
|
LDFLAGS=-L/usr/lib/i386-linux-gnu
|
|
--host=i686-linux-gnu
|
|
--with-openssl --with-librtmp --with-libssh2 --with-libidn2 --enable-ares --enable-debug
|
|
|
|
- name: '!ssl !http !smtp !imap'
|
|
image: ubuntu-24.04-arm
|
|
tflags: '--min=475'
|
|
configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
|
|
|
|
- name: 'libressl Fil-C'
|
|
install_steps: filc libressl-filc nghttp2-filc pytest
|
|
tflags: '!776' # adds 1-9 minutes to the test run step, and fails consistently
|
|
CC: /home/runner/filc/build/bin/filcc
|
|
PKG_CONFIG_PATH: /home/runner/nghttp2/lib/pkgconfig
|
|
generate: >-
|
|
-DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
|
|
-DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF
|
|
-DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
|
|
-DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF
|
|
|
|
- name: 'clang-tidy'
|
|
install_packages: clang-20 clang-tidy-20 libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev
|
|
install_steps: skiprun mbedtls-latest-intel rustls wolfssl-opensslextra-intel
|
|
install_steps_brew: gsasl
|
|
make-custom-target: tidy
|
|
CC: clang-20
|
|
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib -Wl,-rpath,/home/runner/mbedtls/lib -Wl,-rpath,/home/runner/rustls/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib
|
|
PKG_CONFIG_PATH: /home/runner/wolfssl-opensslextra/lib/pkgconfig:/home/runner/mbedtls/lib/pkgconfig:/home/runner/rustls/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig
|
|
generate: >-
|
|
-DCURL_USE_OPENSSL=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON
|
|
-DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON
|
|
-DUSE_ECH=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
|
|
-DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20
|
|
|
|
- name: 'scan-build'
|
|
install_packages: clang-tools clang libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libgss-dev librtmp-dev libgnutls28-dev
|
|
install_steps: skipall mbedtls-latest-intel rustls wolfssl-opensslextra-intel
|
|
install_steps_brew: gsasl
|
|
CC: clang
|
|
configure-prefix: scan-build
|
|
make-prefix: scan-build --status-bugs
|
|
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib -Wl,-rpath,/home/runner/mbedtls/lib -Wl,-rpath,/home/runner/rustls/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib
|
|
PKG_CONFIG_PATH: /home/runner/wolfssl-opensslextra/lib/pkgconfig:/home/runner/mbedtls/lib/pkgconfig:/home/runner/rustls/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig
|
|
generate: >-
|
|
-DCURL_USE_OPENSSL=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON
|
|
-DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON
|
|
-DUSE_ECH=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
|
|
-DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
|
|
|
|
- name: 'scan-build H3 c-ares !examples'
|
|
install_packages: clang-tools clang libidn2-dev libssh-dev libnghttp2-dev
|
|
install_steps: skipall
|
|
install_steps_brew: openssl libngtcp2 libnghttp3 c-ares
|
|
CC: clang
|
|
configure-prefix: scan-build
|
|
make-prefix: scan-build --status-bugs
|
|
LDFLAGS: -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/openssl/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib
|
|
PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig
|
|
generate: >-
|
|
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON
|
|
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DUSE_HTTPSRR=ON -DENABLE_ARES=ON
|
|
-DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
|
|
-DCURL_DISABLE_VERBOSE_STRINGS=ON
|
|
|
|
- name: 'address-sanitizer'
|
|
install_packages: clang libssl-dev libssh-dev libidn2-dev libnghttp2-dev libubsan1 libasan8 libtsan2
|
|
install_steps: pytest randcurl
|
|
CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g
|
|
LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan
|
|
CC: clang
|
|
generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON
|
|
|
|
- name: 'address-sanitizer H3 c-ares'
|
|
install_packages: clang libubsan1 libasan8 libtsan2
|
|
install_steps: pytest
|
|
install_steps_brew: openssl libssh2 libngtcp2 libnghttp3 c-ares
|
|
CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g
|
|
LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib
|
|
PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libssh2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig
|
|
CC: clang
|
|
generate: -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON -DUSE_SSLS_EXPORT=ON -DENABLE_ARES=ON
|
|
|
|
- name: 'thread-sanitizer'
|
|
install_packages: clang libtsan2
|
|
install_steps: pytest openssl-tsan
|
|
CFLAGS: -fsanitize=thread -g
|
|
LDFLAGS: -fsanitize=thread
|
|
CC: clang
|
|
generate: -DOPENSSL_ROOT_DIR=/home/runner/openssl -DENABLE_DEBUG=ON
|
|
|
|
- name: 'memory-sanitizer'
|
|
install_packages: clang
|
|
install_steps: randcurl
|
|
CFLAGS: -fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g
|
|
LDFLAGS: -fsanitize=memory
|
|
LIBS: -ldl
|
|
configure: CC=clang --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug
|
|
tflags: '--min=1480'
|
|
|
|
- name: 'event-based'
|
|
install_packages: libssh-dev
|
|
configure: --enable-debug --enable-static --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
|
|
tflags: '-n --test-event --min=1350'
|
|
|
|
- name: 'duphandle'
|
|
image: ubuntu-24.04-arm
|
|
install_packages: libssh-dev
|
|
configure: --enable-debug --enable-static --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
|
|
tflags: '-n --test-duphandle'
|
|
|
|
- name: 'rustls valgrind 1'
|
|
install_packages: libnghttp2-dev libldap-dev valgrind
|
|
install_steps: rust rustls
|
|
tflags: '--min=780 1 to 950'
|
|
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
|
|
|
|
- name: 'rustls valgrind 2'
|
|
install_packages: libnghttp2-dev libldap-dev valgrind
|
|
install_steps: rust rustls
|
|
tflags: '--min=820 951 to 9999'
|
|
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
|
|
|
|
- name: 'rustls'
|
|
install_packages: libnghttp2-dev libldap-dev
|
|
install_steps: rust rustls skiprun pytest
|
|
configure: --with-rustls --enable-ech --enable-debug
|
|
|
|
- name: 'IntelC openssl'
|
|
install_packages: libssl-dev
|
|
install_steps: intelc
|
|
configure: CC=icc --enable-debug --with-openssl
|
|
|
|
- name: 'Slackware !ssl gssapi gcc'
|
|
# Flags used to build the curl Slackware package, except OpenSSL 1.1.0:
|
|
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
|
|
configure: --enable-debug --without-ssl --with-libssh2 --with-gssapi --enable-ares --without-ca-bundle --with-ca-path=/etc/ssl/certs
|
|
# Docker Hub image that `container-job` executes in
|
|
container: 'andy5995/slackware-build-essential:15.0'
|
|
|
|
- name: 'Alpine MUSL https-rr'
|
|
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --enable-threaded-resolver
|
|
container: 'alpine:3.20'
|
|
|
|
- name: 'Alpine MUSL https-rr c-ares'
|
|
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --disable-threaded-resolver
|
|
container: 'alpine:3.20'
|
|
|
|
steps:
|
|
- name: 'install prereqs'
|
|
if: ${{ matrix.build.container == null && !contains(matrix.build.name, 'i686') }}
|
|
env:
|
|
INSTALL_PACKAGES_BREW: '${{ matrix.build.install_steps_brew }}'
|
|
INSTALL_PACKAGES: >-
|
|
${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }}
|
|
${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd dante-server' || '' }}
|
|
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources}
|
|
sudo apt-get -o Dpkg::Use-Pty=0 update
|
|
sudo apt-get -o Dpkg::Use-Pty=0 install \
|
|
libtool autoconf automake pkgconf \
|
|
libpsl-dev zlib1g-dev libbrotli-dev libzstd-dev \
|
|
${INSTALL_PACKAGES} \
|
|
${MATRIX_INSTALL_PACKAGES}
|
|
if [ -n "${INSTALL_PACKAGES_BREW}" ]; then
|
|
HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install ${INSTALL_PACKAGES_BREW}
|
|
fi
|
|
# Workaround for ubuntu-24.04-arm images having 0777 for /home/runner,
|
|
# which breaks the test sshd server used in pytest.
|
|
if [[ "$(uname -m)" = *'aarch64'* ]]; then
|
|
ls -l /home
|
|
chmod 0755 /home/runner
|
|
fi
|
|
|
|
- name: 'install prereqs (i686)'
|
|
if: ${{ contains(matrix.build.name, 'i686') }}
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources}
|
|
sudo dpkg --add-architecture i386
|
|
sudo apt-get -o Dpkg::Use-Pty=0 update
|
|
sudo apt-get -o Dpkg::Use-Pty=0 install \
|
|
libtool autoconf automake pkgconf stunnel4 \
|
|
libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \
|
|
${MATRIX_INSTALL_PACKAGES}
|
|
|
|
- name: 'install prereqs (alpine)'
|
|
if: ${{ startsWith(matrix.build.container, 'alpine') }}
|
|
run: |
|
|
apk add --no-cache build-base autoconf automake libtool perl openssl-dev \
|
|
libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev \
|
|
krb5-dev libpsl-dev c-ares-dev \
|
|
py3-impacket py3-asn1 py3-six py3-pycryptodomex \
|
|
perl-time-hires openssh stunnel sudo git openssl
|
|
|
|
- name: 'install Fil-C'
|
|
if: ${{ contains(matrix.build.install_steps, 'filc') }}
|
|
run: |
|
|
cd /home/runner
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/pizlonator/fil-c/releases/download/v${FIL_C_VERSION}/filc-${FIL_C_VERSION}-linux-x86_64.tar.xz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin && mv "filc-${FIL_C_VERSION}-linux-x86_64" filc
|
|
cd filc
|
|
./setup.sh
|
|
|
|
- name: 'cache libressl (c-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'libressl-c-arm') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-libressl-c-arm
|
|
env:
|
|
cache-name: cache-libressl-c-arm
|
|
with:
|
|
path: ~/libressl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
|
|
|
|
- name: 'build libressl (c-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'libressl-c-arm') && steps.cache-libressl-c-arm.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "libressl-${LIBRESSL_VERSION}"
|
|
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache libressl (filc)'
|
|
if: ${{ contains(matrix.build.install_steps, 'libressl-filc') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-libressl-filc
|
|
env:
|
|
cache-name: cache-libressl-filc
|
|
with:
|
|
path: ~/libressl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}-${{ env.FIL_C_VERSION }}
|
|
|
|
- name: 'build libressl (filc)'
|
|
if: ${{ contains(matrix.build.install_steps, 'libressl-filc') && steps.cache-libressl-filc.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "libressl-${LIBRESSL_VERSION}"
|
|
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl \
|
|
-DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc -DENABLE_ASM=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache nghttp2 (filc)'
|
|
if: ${{ contains(matrix.build.install_steps, 'nghttp2-filc') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-nghttp2-filc
|
|
env:
|
|
cache-name: cache-nghttp2-filc
|
|
with:
|
|
path: ~/nghttp2
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.FIL_C_VERSION }}
|
|
|
|
- name: 'build nghttp2 (filc)'
|
|
if: ${{ contains(matrix.build.install_steps, 'nghttp2-filc') && steps.cache-nghttp2-filc.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.xz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin
|
|
cd "nghttp2-${NGHTTP2_VERSION}"
|
|
cmake -B . -G Ninja -DENABLE_LIB_ONLY=ON -DBUILD_TESTING=OFF -DENABLE_DOC=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/nghttp2 \
|
|
-DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF \
|
|
-DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache wolfssl (all-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-all-arm') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-wolfssl-all-arm
|
|
env:
|
|
cache-name: cache-wolfssl-all-arm
|
|
with:
|
|
path: ~/wolfssl-all
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }}
|
|
|
|
- name: 'build wolfssl (all-arm)' # does not support `OPENSSL_COEXIST`
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-all-arm') && steps.cache-wolfssl-all-arm.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "wolfssl-${WOLFSSL_VERSION}-stable"
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-all --enable-tls13 --enable-harden --enable-all \
|
|
--disable-benchmark --disable-crypttests --disable-examples
|
|
make install
|
|
|
|
- name: 'cache wolfssl (opensslextra-intel)' # does support `OPENSSL_COEXIST`
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-intel') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-wolfssl-opensslextra-intel
|
|
env:
|
|
cache-name: cache-wolfssl-opensslextra-intel
|
|
with:
|
|
path: ~/wolfssl-opensslextra
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }}
|
|
|
|
- name: 'build wolfssl (opensslextra-intel)'
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-intel') && steps.cache-wolfssl-opensslextra-intel.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "wolfssl-${WOLFSSL_VERSION}-stable"
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \
|
|
--disable-benchmark --disable-crypttests --disable-examples
|
|
make install
|
|
|
|
- name: 'cache wolfssl (opensslextra-arm)' # does support `OPENSSL_COEXIST`
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-arm') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-wolfssl-opensslextra-arm
|
|
env:
|
|
cache-name: cache-wolfssl-opensslextra-arm
|
|
with:
|
|
path: ~/wolfssl-opensslextra
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }}
|
|
|
|
- name: 'build wolfssl (opensslextra-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-arm') && steps.cache-wolfssl-opensslextra-arm.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "wolfssl-${WOLFSSL_VERSION}-stable"
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \
|
|
--disable-benchmark --disable-crypttests --disable-examples
|
|
make install
|
|
|
|
- name: 'cache mbedtls (latest-intel)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-intel') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-mbedtls-latest-intel
|
|
env:
|
|
cache-name: cache-mbedtls-latest-intel
|
|
with:
|
|
path: ~/mbedtls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }}
|
|
|
|
- name: 'build mbedtls (latest-intel)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-intel') && steps.cache-mbedtls-latest-intel.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
|
|
cd "mbedtls-${MBEDTLS_VERSION}"
|
|
./scripts/config.py set MBEDTLS_THREADING_C
|
|
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
|
|
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \
|
|
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache mbedtls (latest-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-arm') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-mbedtls-latest-arm
|
|
env:
|
|
cache-name: cache-mbedtls-latest-arm
|
|
with:
|
|
path: ~/mbedtls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }}
|
|
|
|
- name: 'build mbedtls (latest-arm)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-arm') && steps.cache-mbedtls-latest-arm.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
|
|
cd "mbedtls-${MBEDTLS_VERSION}"
|
|
./scripts/config.py set MBEDTLS_THREADING_C
|
|
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
|
|
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \
|
|
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache mbedtls (prev)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-prev') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-mbedtls-prev
|
|
env:
|
|
cache-name: cache-mbedtls-prev
|
|
with:
|
|
path: ~/mbedtls-prev
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }}
|
|
|
|
- name: 'build mbedtls (prev)'
|
|
if: ${{ contains(matrix.build.install_steps, 'mbedtls-prev') && steps.cache-mbedtls-prev.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION_PREV}/mbedtls-${MBEDTLS_VERSION_PREV}.tar.bz2" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
|
|
cd "mbedtls-${MBEDTLS_VERSION_PREV}"
|
|
./scripts/config.py set MBEDTLS_THREADING_C
|
|
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
|
|
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls-prev \
|
|
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache openldap (static)'
|
|
if: ${{ contains(matrix.build.install_steps, 'openldap-static') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-openldap-static
|
|
env:
|
|
cache-name: cache-openldap-static
|
|
with:
|
|
path: ~/openldap-static
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENLDAP_VERSION }}
|
|
|
|
- name: 'build openldap (static)'
|
|
if: ${{ contains(matrix.build.install_steps, 'openldap-static') && steps.cache-openldap-static.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "openldap-${OPENLDAP_VERSION}"
|
|
./configure --prefix=/home/runner/openldap-static --enable-static --disable-shared --disable-slapd
|
|
make install
|
|
|
|
- name: 'cache openssl (thread sanitizer)'
|
|
if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-openssl-tsan
|
|
env:
|
|
cache-name: cache-openssl-tsan
|
|
with:
|
|
path: ~/openssl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
|
|
|
|
- name: 'build openssl (thread sanitizer)'
|
|
if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') && steps.cache-openssl-tsan.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
git clone --quiet --depth 1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl
|
|
cd openssl
|
|
CC=clang CFLAGS='-fsanitize=thread' LDFLAGS='-fsanitize=thread' ./config --prefix=/home/runner/openssl --libdir=lib no-makedepend no-apps no-docs no-tests
|
|
make
|
|
make -j1 install_sw
|
|
|
|
- name: 'cache awslc'
|
|
if: ${{ contains(matrix.build.install_steps, 'awslc') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-awslc
|
|
env:
|
|
cache-name: cache-awslc
|
|
with:
|
|
path: ~/awslc
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }}
|
|
|
|
- name: 'build awslc'
|
|
if: ${{ contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cd "aws-lc-${AWSLC_VERSION}"
|
|
cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/awslc -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache boringssl'
|
|
if: ${{ contains(matrix.build.install_steps, 'boringssl') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-boringssl
|
|
env:
|
|
cache-name: cache-boringssl
|
|
with:
|
|
path: ~/boringssl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }}
|
|
|
|
- name: 'build boringssl'
|
|
if: ${{ contains(matrix.build.install_steps, 'boringssl') && steps.cache-boringssl.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
mkdir boringssl-src
|
|
cd boringssl-src
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
"https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" --output pkg.bin
|
|
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
|
|
cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=ON
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: 'cache rustls'
|
|
if: ${{ contains(matrix.build.install_steps, 'rustls') }}
|
|
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
|
|
id: cache-rustls
|
|
env:
|
|
cache-name: cache-rustls
|
|
with:
|
|
path: ~/rustls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.RUSTLS_VERSION }}
|
|
|
|
- name: 'fetch rustls deb'
|
|
if: ${{ contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
cd ~
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--location "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" --output pkg.bin
|
|
sha256sum pkg.bin && unzip pkg.bin -d rustls && rm -f pkg.bin
|
|
|
|
- name: 'build rustls'
|
|
# Note: we do not check cache-hit here. If the cache is hit, we need to dpkg install the deb.
|
|
if: ${{ contains(matrix.build.install_steps, 'rustls') }}
|
|
run: sudo dpkg -i ~/rustls/"librustls_${RUSTLS_VERSION}_amd64.deb"
|
|
|
|
- name: 'install Intel compilers'
|
|
if: ${{ contains(matrix.build.install_steps, 'intelc') }}
|
|
run: |
|
|
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
|
|
--compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | \
|
|
sudo tee /etc/apt/trusted.gpg.d/intel-sw.asc >/dev/null
|
|
sudo add-apt-repository 'deb https://apt.repos.intel.com/oneapi all main'
|
|
sudo apt-get -o Dpkg::Use-Pty=0 install intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
|
|
source /opt/intel/oneapi/setvars.sh
|
|
printenv >> "$GITHUB_ENV"
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: 'autoreconf'
|
|
if: ${{ matrix.build.configure }}
|
|
run: autoreconf -fi
|
|
|
|
- name: 'configure'
|
|
env:
|
|
CC: '${{ matrix.build.CC }}'
|
|
CFLAGS: '${{ matrix.build.CFLAGS }}'
|
|
LDFLAGS: '${{ matrix.build.LDFLAGS }}'
|
|
LIBS: '${{ matrix.build.LIBS }}'
|
|
MATRIX_CONFIGURE: '${{ matrix.build.configure }}'
|
|
MATRIX_CONFIGURE_PREFIX: '${{ matrix.build.configure-prefix }}'
|
|
MATRIX_GENERATE: '${{ matrix.build.generate }}'
|
|
MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}'
|
|
run: |
|
|
[[ "${MATRIX_INSTALL_STEPS}" = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev
|
|
[ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}"
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
${MATRIX_CONFIGURE_PREFIX} \
|
|
cmake -B bld -G Ninja \
|
|
-DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \
|
|
-DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \
|
|
-DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \
|
|
${MATRIX_GENERATE}
|
|
else
|
|
mkdir bld && cd bld && \
|
|
${MATRIX_CONFIGURE_PREFIX} \
|
|
../configure --prefix="$HOME"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \
|
|
--disable-dependency-tracking --enable-option-checking=fatal \
|
|
${MATRIX_CONFIGURE}
|
|
fi
|
|
|
|
- name: 'configure log'
|
|
if: ${{ !cancelled() }}
|
|
run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
|
|
|
|
- name: 'curl_config.h'
|
|
run: |
|
|
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
|
|
grep -F '#define' bld/lib/curl_config.h | sort || true
|
|
|
|
- name: 'test configs'
|
|
run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true
|
|
|
|
- name: 'build'
|
|
env:
|
|
MATRIX_MAKE_CUSTOM_TARGET: '${{ matrix.build.make-custom-target }}'
|
|
run: |
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
${MATRIX_MAKE_PREFIX} cmake --build bld --verbose
|
|
else
|
|
${MATRIX_MAKE_PREFIX} make -C bld V=1 ${MATRIX_MAKE_CUSTOM_TARGET}
|
|
fi
|
|
|
|
- name: 'single-use function check'
|
|
if: ${{ (contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF')) && !contains(matrix.build.install_steps, 'filc') }}
|
|
run: |
|
|
git config --global --add safe.directory "*"
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
libcurla=bld/lib/libcurl.a
|
|
else
|
|
libcurla=bld/lib/.libs/libcurl.a
|
|
fi
|
|
./scripts/singleuse.pl --unit "${libcurla}"
|
|
|
|
- name: 'curl -V'
|
|
if: ${{ matrix.build.make-custom-target != 'tidy' }}
|
|
run: |
|
|
find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 file --
|
|
find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 stat -c '%10s bytes: %n' --
|
|
bld/src/curl --disable -V
|
|
|
|
- name: 'curl install'
|
|
run: |
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
cmake --install bld --strip
|
|
else
|
|
make -C bld V=1 install
|
|
fi
|
|
|
|
- name: 'build tests'
|
|
if: ${{ !contains(matrix.build.install_steps, 'skipall') }}
|
|
run: |
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
cmake --build bld --verbose --target testdeps
|
|
else
|
|
make -C bld V=1 -C tests
|
|
fi
|
|
|
|
- name: 'install test prereqs'
|
|
if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && matrix.build.container == null }}
|
|
run: |
|
|
python3 -m venv ~/venv
|
|
~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt
|
|
|
|
- name: 'run tests'
|
|
if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }}
|
|
timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 20 || 10 }}
|
|
env:
|
|
TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }}
|
|
TFLAGS: '${{ matrix.build.tflags }}'
|
|
run: |
|
|
if [ "${TEST_TARGET}" = 'test-ci' ] && [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
|
|
TFLAGS+=' -j6'
|
|
TFLAGS+=' !776' # skip long-running flaky test
|
|
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'libgss-dev'* ]]; then
|
|
TFLAGS+=' ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_init_sec_context()
|
|
fi
|
|
elif [ "${TEST_TARGET}" != 'test-ci' ]; then
|
|
TFLAGS+=' --buildinfo' # only test-ci sets this by default, set it manually for test-torture
|
|
fi
|
|
[ -f ~/venv/bin/activate ] && source ~/venv/bin/activate
|
|
if [[ "${MATRIX_INSTALL_STEPS}" = *'codeset-test'* ]]; then
|
|
locale || true
|
|
export LC_ALL=C
|
|
export LC_CTYPE=C
|
|
export LC_NUMERIC=fr_FR.UTF-8
|
|
fi
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
cmake --build bld --verbose --target "${TEST_TARGET}"
|
|
else
|
|
make -C bld V=1 "${TEST_TARGET}"
|
|
fi
|
|
|
|
- name: 'install pytest prereqs'
|
|
if: ${{ contains(matrix.build.install_steps, 'pytest') }}
|
|
run: |
|
|
[ -d ~/venv ] || python3 -m venv ~/venv
|
|
~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/http/requirements.txt
|
|
|
|
- name: 'run pytest'
|
|
if: ${{ contains(matrix.build.install_steps, 'pytest') }}
|
|
env:
|
|
PYTEST_ADDOPTS: '--color=yes'
|
|
PYTEST_XDIST_AUTO_NUM_WORKERS: 4
|
|
run: |
|
|
[ -f ~/venv/bin/activate ] && source ~/venv/bin/activate
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
cmake --build bld --verbose --target curl-pytest-ci
|
|
else
|
|
make -C bld V=1 pytest-ci
|
|
fi
|
|
|
|
- name: 'randcurl'
|
|
if: ${{ contains(matrix.build.install_steps, 'randcurl') }}
|
|
run: |
|
|
mkdir run
|
|
cd run
|
|
../.github/scripts/randcurl.pl 60 ../bld/src/curl
|
|
|
|
- name: 'build examples'
|
|
if: ${{ !contains(matrix.build.install_packages, 'valgrind') && matrix.build.make-custom-target != 'tidy' && !contains(matrix.build.name, '!examples') }}
|
|
run: |
|
|
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
|
|
${MATRIX_MAKE_PREFIX} cmake --build bld --verbose --target curl-examples-build
|
|
else
|
|
${MATRIX_MAKE_PREFIX} make -C bld V=1 examples
|
|
fi
|