git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-16 01:25:14 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
a7e6c78bfa
curl-curl/.github/workflows/linux.yml
Viktor Szakats 3bb5e58c10
memory: make function overrides work reliably in unity builds 
Fixing:
- HTTPS-RR builds with c-ares and Linux MUSL.
- curl-for-win minimal builds with Linux MUSL.

It should fix all other kinds of entaglement between curl's redefintions
of system symbols and system (or 3rd-party) headers sensitive to that.

It also syncs memory override behavior between unity & non-unity builds,
thus reducing build variations.

The idea is to define and declare everything once in `curl_setup.h`,
without overriding any system symbols with curl ones yet. Then, like
before this patch, override them, if necessary, in each source file via
`curl_memory.h` and `memdebug.h`, after including system headers.
To ensure a clean slate with no overrides at the beginning of each
source file, reset all of them unconditionally at the end of
`curl_setup.h`, by including `curl_mem_undef.h`. (This assumes
`curl_setup.h` is always included first, which is already the case
throughout the codebase.)

`curl_mem_undef.h` can also be included explicitly wherever overrides
are causing problems. E.g. in tests which use unity-style builds and
a previously included `curl_memory.h`/`memdebug.h` can be spilling into
other source files.

The simplified role of the two override headers:
- `curl_memory.h`: overrides system memory allocator functions to
  libcurl ones, when memory tracing (aka `CURLDEBUG`) is disabled.
- `memdebug.h`: overrides system memory allocator and some other
  functions to curl debug functions, when memory tracing is enabled.

Changed made in this patch, step-by-step:
- curl_memory.h: move allocator typedefs and protos to `curl_setup.h`.
- memdebug.h: move `ALLOC_*` macros to `curl_setup.h`.
- memdebug.h: move allocator protos to `curl_setup.h`.
- memdebug.h: move `Curl_safefree()` macro to `curl_setup.h`.
  (it's a regular macro, with a one-time, global, definition.)
- curl_memory.h: move system symbol undefs to a new, separate header:
  `curl_mem_undef.h`.
- curl_setup.h: include `curl_mem_undef.h` at the end, unconditionally,
  to reset system symbol macros after each inclusion.
- handle `sclose()` and `fake_sclose()` in `curl_setup.h`. They are not
  system symbols, a one-time definition does the job.

Also:
- GHA/linux: enable unity mode for the HTTP-RR c-ares MUSL job.
  Follow-up to 17ab4d62e6 #16413

That said, I'd still find it better to avoid redefining system macros.
To communicate clearly the fact that they are not the original system
calls and they do behave differently. And, it would allow dropping the
undef/redef dance in each source file, and maintaining the logic with
it. The "last #include files should be in this order" comments in each
source would also become unnecessary. Also the trick of using
`(func)` (or interim macros) to call the non-overridden function where
required. This method works for printf and most everything else already.
For `_tcsdup`, socket and fopen functions this could work without
disturbing the codebase much.

Ref: #16428 (clean reboot of)

Closes #17827
2025-07-28 17:45:04 +02:00

701 lines
33 KiB
YAML
Raw Blame History

# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# SPDX-License-Identifier: curl
name: 'Linux'
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'Dockerfile'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'Dockerfile'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
env:
MAKEFLAGS: -j 5
CURL_CI: github
CURL_CLANG_TIDYFLAGS: '-checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-valist.Uninitialized'
# renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com
LIBRESSL_VERSION: 4.1.0
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
WOLFSSL_VERSION: 5.8.2
# renovate: datasource=github-tags depName=wolfSSL/wolfssh versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
WOLFSSH_VERSION: 1.4.19
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com
MBEDTLS_VERSION: 3.6.4
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
AWSLC_VERSION: 1.56.0
# handled in renovate.json
OPENSSL_VERSION: 3.5.1
# handled in renovate.json
QUICTLS_VERSION: 3.3.0
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
RUSTLS_VERSION: 0.15.0
# handled in renovate.json
OPENLDAP_VERSION: 2.6.10
jobs:
linux:
name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
runs-on: ${{ matrix.build.image || 'ubuntu-latest' }}
container: ${{ matrix.build.container }}
timeout-minutes: 45
env:
MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }}
MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}'
MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}'
MATRIX_MAKE_PREFIX: '${{ matrix.build.make-prefix }}'
strategy:
fail-fast: false
matrix:
build:
- name: 'libressl heimdal'
install_packages: zlib1g-dev libidn2-dev libnghttp2-dev libldap-dev heimdal-dev
install_steps: libressl pytest codeset-test
configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug
- name: 'libressl heimdal valgrind'
install_packages: zlib1g-dev libnghttp2-dev libldap-dev heimdal-dev valgrind
install_steps: libressl
generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
- name: 'libressl clang'
install_packages: zlib1g-dev clang
install_steps: libressl
configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --enable-debug
- name: 'wolfssl-all'
install_packages: zlib1g-dev
install_steps: wolfssl-all
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug
- name: 'wolfssl-opensslextra valgrind'
install_packages: zlib1g-dev valgrind
install_steps: wolfssl-opensslextra wolfssh
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --with-wolfssh=/home/runner/wolfssh --enable-ech --enable-debug
- name: 'mbedtls valgrind'
install_packages: libnghttp2-dev libidn2-dev libldap-dev valgrind
install_steps: mbedtls
configure: LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --enable-debug
- name: 'mbedtls clang'
install_packages: libnghttp2-dev libldap-dev clang
install_steps: mbedtls pytest
configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --enable-debug
- name: 'mbedtls'
install_packages: libnghttp2-dev
install_steps: mbedtls
PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig # Requires v3.6.0 or v2.28.8
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON
- name: 'mbedtls-pkg MultiSSL'
install_packages: libnghttp2-dev libmbedtls-dev
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls -DCURL_USE_OPENSSL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF
- name: 'mbedtls-pkg !pc'
install_packages: libnghttp2-dev libmbedtls-dev
install_steps: skipall
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_PKGCONFIG=OFF -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON
- name: awslc
install_packages: zlib1g-dev
install_steps: awslc pytest
configure: LDFLAGS=-Wl,-rpath,/home/runner/awslc/lib --with-openssl=/home/runner/awslc --enable-ech
- name: 'awslc'
install_packages: zlib1g-dev libidn2-dev
install_steps: awslc
generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF
- name: 'openssl default'
install_steps: pytest
configure: --with-openssl --enable-debug --disable-unity
- name: 'openssl libssh2 sync-resolver valgrind'
install_packages: zlib1g-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind
configure: --with-openssl --enable-debug --disable-threaded-resolver --with-libssh2
- name: 'openssl'
install_packages: zlib1g-dev
install_steps: pytest
configure: CFLAGS=-std=gnu89 --with-openssl --enable-debug
- name: 'openssl arm'
install_packages: zlib1g-dev
install_steps: pytest
configure: CFLAGS=-std=gnu89 --with-openssl --enable-debug
image: 'ubuntu-24.04-arm'
- name: 'openssl -O3 libssh valgrind'
install_packages: zlib1g-dev libssh-dev valgrind
configure: CFLAGS=-O3 --with-openssl --enable-debug --with-libssh
- name: 'openssl clang krb5 openldap static'
install_steps: openldap-static
install_packages: zlib1g-dev libidn2-dev libkrb5-dev clang libssl-dev
configure: CC=clang --disable-shared --with-openssl --with-gssapi --enable-debug --disable-docs --disable-manual --with-ldap=/home/runner/openldap-static --with-ldap-lib=ldap --with-lber-lib=lber
- name: 'openssl clang krb5 LTO'
install_packages: zlib1g-dev libkrb5-dev clang
install_steps: skiprun
generate: -DCURL_USE_OPENSSL=ON -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LTO=ON
- name: 'openssl !ipv6 !--libcurl !--digest-auth'
configure: --with-openssl --disable-ipv6 --enable-debug --disable-unity --disable-libcurl-option --disable-digest-auth
- name: 'openssl https-only'
configure: >-
--with-openssl --enable-debug --disable-unity
--disable-dict --disable-gopher --disable-ldap --disable-telnet
--disable-imap --disable-pop3 --disable-smtp
--without-librtmp --disable-rtsp
--without-libssh2 --without-libssh --without-wolfssh
--disable-tftp --disable-ftp --disable-file --disable-smb
- name: 'openssl torture !FTP'
install_packages: zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
tflags: -t --shallow=25 !FTP
torture: true
- name: 'openssl torture FTP'
install_packages: zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
tflags: -t --shallow=20 FTP
torture: true
- name: 'openssl i686'
install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 librtmp-dev:i386 libssh2-1-dev:i386 libidn2-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386
configure: >-
PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig
CC=i686-linux-gnu-gcc-14
CPPFLAGS=-I/usr/include/i386-linux-gnu
LDFLAGS=-L/usr/lib/i386-linux-gnu
--host=i686-linux-gnu
--with-openssl --with-librtmp --with-libssh2 --with-libidn2 --enable-ares --enable-debug
- name: '!ssl !http !smtp !imap'
configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
- name: 'clang-tidy'
install_packages: clang-tidy zlib1g-dev libssl-dev libkrb5-dev
install_steps: skipall wolfssl-opensslextra wolfssh
configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --with-wolfssh=/home/runner/wolfssh --with-openssl --enable-ech --with-gssapi --enable-ssls-export
make-custom-target: tidy
- name: 'scanbuild'
install_packages: clang-tools clang libssl-dev libssh2-1-dev
install_steps: skipall
configure: --with-openssl --enable-debug --with-libssh2 --disable-unity
CC: clang
configure-prefix: scan-build
make-prefix: scan-build --status-bugs
- name: 'address-sanitizer'
install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2
install_steps: pytest randcurl
CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g
LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer
LIBS: -ldl -lubsan
configure: CC=clang --with-openssl --enable-debug
- name: 'thread-sanitizer'
install_packages: zlib1g-dev clang libtsan2
install_steps: pytest openssl-tsan
CFLAGS: -fsanitize=thread -g
LDFLAGS: -fsanitize=thread -Wl,-rpath,/home/runner/openssl/lib
configure: CC=clang --with-openssl=/home/runner/openssl --enable-debug
- name: 'memory-sanitizer'
install_packages: clang
install_steps: randcurl
CFLAGS: -fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g
LDFLAGS: -fsanitize=memory
LIBS: -ldl
configure: CC=clang --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug
- name: 'event-based'
install_packages: libssh-dev
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: -n --test-event '!TLS-SRP'
- name: 'duphandle'
install_packages: libssh-dev
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: -n --test-duphandle '!TLS-SRP'
- name: 'rustls valgrind'
install_packages: libnghttp2-dev libldap-dev valgrind
install_steps: rust rustls
configure: --with-rustls --enable-ech --enable-debug
- name: 'rustls'
install_packages: libnghttp2-dev libldap-dev
install_steps: rust rustls skiprun pytest
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
- name: 'IntelC openssl'
install_packages: zlib1g-dev libssl-dev
install_steps: intel
configure: CC=icc --enable-debug --with-openssl
- name: 'Slackware openssl gssapi gcc'
# These are essentially the same flags used to build the curl Slackware package
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
configure: --enable-debug --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
# Docker Hub image that `container-job` executes in
container: 'andy5995/slackware-build-essential:15.0'
- name: 'Alpine MUSL https-rr'
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --enable-threaded-resolver
container: 'alpine:3.20'
- name: 'Alpine MUSL https-rr c-ares'
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --disable-threaded-resolver
container: 'alpine:3.20'
steps:
- name: 'install prereqs'
if: ${{ matrix.build.container == null && !contains(matrix.build.name, 'i686') }}
env:
INSTALL_PACKAGES: >-
${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }}
${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd' || '' }}
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install \
libtool autoconf automake pkgconf \
libpsl-dev libbrotli-dev libzstd-dev \
${INSTALL_PACKAGES} \
${MATRIX_INSTALL_PACKAGES}
python3 -m venv ~/venv
- name: 'install prereqs'
if: ${{ contains(matrix.build.name, 'i686') }}
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo dpkg --add-architecture i386
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install \
libtool autoconf automake pkgconf stunnel4 \
libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \
${MATRIX_INSTALL_PACKAGES}
python3 -m venv ~/venv
- name: 'install dependencies'
if: ${{ startsWith(matrix.build.container, 'alpine') }}
run: |
apk add --no-cache build-base autoconf automake libtool perl openssl-dev \
libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev \
heimdal-dev libpsl-dev c-ares-dev \
py3-impacket py3-asn1 py3-six py3-pycryptodomex \
perl-time-hires openssh stunnel sudo git openssl
- name: 'cache libressl'
if: ${{ contains(matrix.build.install_steps, 'libressl') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
- name: 'build libressl'
if: ${{ contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
cd "libressl-${LIBRESSL_VERSION}"
./configure --disable-dependency-tracking --prefix=/home/runner/libressl
make install
- name: 'cache wolfssl (all)'
if: ${{ contains(matrix.build.install_steps, 'wolfssl-all') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssl-all
env:
cache-name: cache-wolfssl-all
with:
path: ~/wolfssl-all
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }}
- name: 'build wolfssl (all)' # does not support `OPENSSL_COEXIST`
if: ${{ contains(matrix.build.install_steps, 'wolfssl-all') && steps.cache-wolfssl-all.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz
cd "wolfssl-${WOLFSSL_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-all \
--disable-benchmark --disable-crypttests --disable-examples --prefix=/home/runner/wolfssl-all
make install
- name: 'cache wolfssl (opensslextra)' # does support `OPENSSL_COEXIST`
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssl-opensslextra
env:
cache-name: cache-wolfssl-opensslextra
with:
path: ~/wolfssl-opensslextra
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }}
- name: 'build wolfssl (opensslextra)'
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra') && steps.cache-wolfssl-opensslextra.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz
cd "wolfssl-${WOLFSSL_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-wolfssh --enable-ech --enable-opensslextra \
--disable-benchmark --disable-crypttests --disable-examples --prefix=/home/runner/wolfssl-opensslextra
make install
- name: 'cache wolfssh'
if: ${{ contains(matrix.build.install_steps, 'wolfssh') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssh
env:
cache-name: cache-wolfssh
with:
path: ~/wolfssh
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSH_VERSION }}-${{ env.WOLFSSL_VERSION }}
- name: 'build wolfssh'
if: ${{ contains(matrix.build.install_steps, 'wolfssh') && steps.cache-wolfssh.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssh/archive/v${WOLFSSH_VERSION}-stable.tar.gz" | tar -xz
cd "wolfssh-${WOLFSSH_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-scp --enable-sftp --disable-term \
--disable-examples --prefix=/home/runner/wolfssh
make install
- name: 'cache mbedtls'
if: ${{ contains(matrix.build.install_steps, 'mbedtls') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-mbedtls
env:
cache-name: cache-mbedtls-threadsafe
with:
path: ~/mbedtls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }}
- name: 'build mbedtls'
if: ${{ contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj
cd "mbedtls-${MBEDTLS_VERSION}"
./scripts/config.py set MBEDTLS_THREADING_C
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
cmake --build .
cmake --install .
- name: 'cache openldap-static'
if: ${{ contains(matrix.build.install_steps, 'openldap-static') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-openldap-static
env:
cache-name: cache-openldap-static
with:
path: ~/openldap-static
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENLDAP_VERSION }}
- name: 'build openldap (static)'
if: ${{ contains(matrix.build.install_steps, 'openldap-static') && steps.cache-openldap-static.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz" | tar -xz
cd "openldap-${OPENLDAP_VERSION}"
./configure --enable-static --disable-shared --prefix=/home/runner/openldap-static
make
make install
- name: 'cache openssl (thread sanitizer)'
if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-openssl-tsan
env:
cache-name: cache-openssl-tsan
with:
path: ~/openssl
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
- name: 'build openssl (thread sanitizer)'
if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') && steps.cache-openssl-tsan.outputs.cache-hit != 'true' }}
run: |
git clone --quiet --depth=1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl
cd openssl
CC=clang CFLAGS='-fsanitize=thread' LDFLAGS='-fsanitize=thread' ./config --prefix=/home/runner/openssl --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'cache quictls'
if: ${{ contains(matrix.build.install_steps, 'quictls') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-quictls
env:
cache-name: cache-quictls
with:
path: ~/quictls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1
- name: 'build quictls'
if: ${{ contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true' }}
run: |
git clone --quiet --depth=1 -b "openssl-${QUICTLS_VERSION}-quic1" https://github.com/quictls/openssl
cd openssl
./config --prefix=/home/runner/quictls --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'cache awslc'
if: ${{ contains(matrix.build.install_steps, 'awslc') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-awslc
env:
cache-name: cache-awslc
with:
path: ~/awslc
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }}
- name: 'build awslc'
if: ${{ contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
mkdir "aws-lc-${AWSLC_VERSION}-build"
cd "aws-lc-${AWSLC_VERSION}-build"
cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/awslc "../aws-lc-${AWSLC_VERSION}" -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF
cmake --build .
cmake --install .
- name: 'cache rustls'
if: ${{ contains(matrix.build.install_steps, 'rustls') }}
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-rustls
env:
cache-name: cache-rustls
with:
path: ~/rustls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.RUSTLS_VERSION }}
- name: 'fetch rustls deb'
if: ${{ contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' }}
run: |
mkdir -p ~/rustls
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" --output ~/rustls/librustls.zip
unzip ~/rustls/librustls.zip -d ~/rustls
rm ~/rustls/librustls.zip
- name: 'build rustls'
# Note: we don't check cache-hit here. If the cache is hit, we still need to dpkg install the deb.
if: ${{ contains(matrix.build.install_steps, 'rustls') }}
run: sudo dpkg -i ~/rustls/"librustls_${RUSTLS_VERSION}_amd64.deb"
- name: 'install Intel compilers'
if: ${{ contains(matrix.build.install_steps, 'intel') }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | \
sudo tee /etc/apt/trusted.gpg.d/intel-sw.asc >/dev/null
sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
sudo apt-get -o Dpkg::Use-Pty=0 install intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
source /opt/intel/oneapi/setvars.sh
printenv >> "$GITHUB_ENV"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'autoreconf'
if: ${{ matrix.build.configure }}
run: autoreconf -fi
- name: 'configure'
env:
CC: '${{ matrix.build.CC }}'
CFLAGS: '${{ matrix.build.CFLAGS }}'
LDFLAGS: '${{ matrix.build.LDFLAGS }}'
LIBS: '${{ matrix.build.LIBS }}'
MATRIX_CONFIGURE: '${{ matrix.build.configure }}'
MATRIX_CONFIGURE_PREFIX: '${{ matrix.build.configure-prefix }}'
MATRIX_GENERATE: '${{ matrix.build.generate }}'
MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}'
run: |
[[ "${MATRIX_INSTALL_STEPS}" = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev
[ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}"
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake -B bld -G Ninja \
-DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \
-DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \
-DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \
${MATRIX_GENERATE}
else
mkdir bld && cd bld && \
${MATRIX_CONFIGURE_PREFIX} \
../configure --enable-unity --enable-warnings --enable-werror \
--disable-dependency-tracking \
${MATRIX_CONFIGURE}
fi
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
grep -F '#define' bld/lib/curl_config.h | sort || true
- name: 'test configs'
run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true
- name: 'build'
env:
MATRIX_MAKE_CUSTOM_TARGET: '${{ matrix.build.make-custom-target }}'
run: |
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
${MATRIX_MAKE_PREFIX} cmake --build bld --verbose
else
${MATRIX_MAKE_PREFIX} make -C bld V=1 ${MATRIX_MAKE_CUSTOM_TARGET}
fi
- name: 'single-use function check'
if: ${{ contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF') }}
run: |
git config --global --add safe.directory "*"
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
libcurla=bld/lib/libcurl.a
else
libcurla=bld/lib/.libs/libcurl.a
fi
./scripts/singleuse.pl --unit "${libcurla}"
- name: 'check curl -V output'
if: ${{ matrix.build.make-custom-target != 'tidy' }}
run: bld/src/curl -V
- name: 'cmake install'
if: ${{ matrix.build.generate }}
run: cmake --install bld --strip
- name: 'build tests'
if: ${{ !contains(matrix.build.install_steps, 'skipall') }}
run: |
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake --build bld --verbose --target testdeps
else
make -C bld V=1 -C tests
fi
- name: 'install test prereqs'
if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && matrix.build.container == null }}
run: |
[ -x ~/venv/bin/activate ] && source ~/venv/bin/activate
python3 -m pip install -r tests/requirements.txt
- name: 'run tests'
if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }}
timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 30 || 15 }}
env:
TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }}
TFLAGS: '${{ matrix.build.tflags }}'
run: |
if [ "${TEST_TARGET}" = 'test-ci' ]; then
if [[ "${MATRIX_INSTALL_STEPS}" = *'wolfssh'* ]]; then
TFLAGS+=' ~SFTP' # curl: (79) wolfssh SFTP connect error -1051 / WS_MATCH_KEY_ALGO_E / cannot match key algo with peer
fi
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
TFLAGS+=' -j6'
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'heimdal-dev'* ]]; then
TFLAGS+=' ~2056 ~2057 ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_import_name()
fi
fi
fi
[ -x ~/venv/bin/activate ] && source ~/venv/bin/activate
if [[ "${MATRIX_INSTALL_STEPS}" = *'codeset-test'* ]]; then
locale || true
export LC_ALL=C
export LC_CTYPE=C
export LC_NUMERIC=fr_FR.UTF-8
fi
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake --build bld --verbose --target "${TEST_TARGET}"
else
make -C bld V=1 "${TEST_TARGET}"
fi
- name: 'install pytest prereqs'
if: ${{ contains(matrix.build.install_steps, 'pytest') }}
run: |
[ -x ~/venv/bin/activate ] && source ~/venv/bin/activate
python3 -m pip install -r tests/http/requirements.txt
- name: 'run pytest'
if: ${{ contains(matrix.build.install_steps, 'pytest') }}
env:
PYTEST_ADDOPTS: '--color=yes'
PYTEST_XDIST_AUTO_NUM_WORKERS: 4
run: |
[ -x ~/venv/bin/activate ] && source ~/venv/bin/activate
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake --build bld --verbose --target curl-pytest-ci
else
make -C bld V=1 pytest-ci
fi
- name: 'randcurl'
if: ${{ contains(matrix.build.install_steps, 'randcurl') }}
run: |
mkdir run
cd run
../.github/scripts/randcurl.pl 60 ../bld/src/curl
- name: 'build examples'
if: ${{ matrix.build.make-custom-target != 'tidy' }}
run: |
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
${MATRIX_MAKE_PREFIX} cmake --build bld --verbose --target curl-examples
else
${MATRIX_MAKE_PREFIX} make -C bld V=1 examples
fi
Reference in New Issue View Git Blame Copy Permalink