From d7bcf18e3f2df2b5850f7080e2514cfce7271248 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 2 Apr 2026 15:33:36 +0200 Subject: [PATCH] More CI pipeline fixes - Assume OpenSSL 3 is available - Simplify GitHub workflow - Bump versions of all actions --- .ci/build.sh | 2 +- .ci/deps.sh | 5 +- .ci/test/run.sh | 7 --- .github/workflows/test.yml | 120 +++++++++++++++++++------------------ 4 files changed, 64 insertions(+), 70 deletions(-) diff --git a/.ci/build.sh b/.ci/build.sh index e7ca4e11..b71602ac 100755 --- a/.ci/build.sh +++ b/.ci/build.sh @@ -10,4 +10,4 @@ flags=$(./.ci/conf.sh "$@") # shellcheck disable=SC2086 meson setup "$dir" $flags -ninja -C "$dir" +meson compile -C "$dir" diff --git a/.ci/deps.sh b/.ci/deps.sh index 9cbd115f..9e1ca444 100755 --- a/.ci/deps.sh +++ b/.ci/deps.sh @@ -2,7 +2,6 @@ set -eu -SKIP_OPENSSL3="${SKIP_OPENSSL3:-}" SKIP_MESON="${SKIP_MESON:-}" deps_linux_alpine() { @@ -57,7 +56,7 @@ deps_linux_debian() { apt update apt upgrade -y - apt install -y git pkgconf sudo texinfo meson + apt install -y git pkgconf sudo texinfo HOST=${HOST:-} if [ "$HOST" = mingw ]; then @@ -67,7 +66,7 @@ deps_linux_debian() { fi if [ -n "$SKIP_MESON" ]; then - return + apt install -y meson fi . /etc/os-release diff --git a/.ci/test/run.sh b/.ci/test/run.sh index f6431a48..70a3a2fc 100644 --- a/.ci/test/run.sh +++ b/.ci/test/run.sh @@ -71,13 +71,6 @@ nolegacy) gcrypt) run_tests gcrypt -Dcrypto=gcrypt "$@" ;; -openssl3) - if [ -d /opt/ssl3 ]; then - run_tests openssl3 -Dpkg_config_path=/opt/ssl3/lib64/pkgconfig "$@" - else - echo >&2 "OpenSSL 3 not installed, skipping test" - fi - ;; *) bail "unknown test flavor $1" ;; diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0e69f2f2..b5e256d1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,32 +23,35 @@ jobs: - mingw container: - image: debian:stable + image: debian:stable-slim options: --privileged + env: + CI: 1 + HOST: ${{ matrix.arch }} steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Install deps - run: HOST=${{ matrix.arch }} sh .ci/deps.sh + run: .ci/deps.sh - name: Prepare the system - run: HOST=${{ matrix.arch }} sh .ci/test/prepare.sh + run: .ci/test/prepare.sh - name: Run tests with default settings - run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh default + run: sudo -Eu build .ci/test/run.sh default - name: Run tests without legacy protocol - run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh nolegacy + run: sudo -Eu build .ci/test/run.sh nolegacy if: always() - name: Run tests with libgcrypt - run: sudo -u build CI=1 HOST=${{ matrix.arch }} sh .ci/test/run.sh gcrypt + run: sudo -Eu build .ci/test/run.sh gcrypt if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_cross_${{ matrix.arch }} path: /tmp/logs/tests.*.tar.gz @@ -64,28 +67,31 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Install dependencies - run: SKIP_OPENSSL3=1 SKIP_MESON=1 .ci/deps.sh libpkgconf-dev + run: SKIP_MESON=1 .ci/deps.sh libpkgconf-dev - name: Compatibility with muon - run: ./.ci/muon/run.sh + run: .ci/muon/run.sh analysis: runs-on: ubuntu-24.04 timeout-minutes: 30 + container: + image: debian:stable-slim + env: + CI: 1 + steps: - - name: Checkout tinc - uses: actions/checkout@v3 - with: - fetch-depth: 0 + - name: Checkout code + uses: actions/checkout@v6 - name: Install dependencies - run: sudo SKIP_OPENSSL3=1 .ci/deps.sh autoconf automake iperf3 + run: sudo .ci/deps.sh autoconf automake iperf3 - name: Compatibility with older versions of tinc - run: sudo ./.ci/compat/run.sh + run: sudo .ci/compat/run.sh if: always() - name: Install tools @@ -107,13 +113,13 @@ jobs: if: always() - name: Check warnings (clang) - run: bash .ci/warn/run.sh + run: .ci/warn/run.sh env: CC: clang-19 if: always() - name: Check warnings (gcc) - run: bash .ci/warn/run.sh + run: .ci/warn/run.sh env: CC: gcc-14 if: always() @@ -132,7 +138,7 @@ jobs: if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_compat path: tests.tar.gz @@ -148,36 +154,35 @@ jobs: - address - thread - undefined - env: - SANITIZER: "${{ matrix.sanitizer }}" + container: + image: debian:stable-slim + env: + CI: 1 + SANITIZER: "${{ matrix.sanitizer }}" steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Install deps run: | - sudo sh .ci/deps.sh iputils-arping + sudo .ci/deps.sh iputils-arping sudo pip3 install --upgrade cryptography - - name: Run tests with OpenSSL 3 - run: bash .ci/sanitizers/run.sh openssl3 - if: always() - - name: Sanitize tests with default settings - run: bash .ci/sanitizers/run.sh default + run: .ci/sanitizers/run.sh default if: always() - name: Sanitize tests without legacy protocol - run: bash .ci/sanitizers/run.sh nolegacy + run: .ci/sanitizers/run.sh nolegacy if: always() - name: Run tests with libgcrypt - run: bash .ci/sanitizers/run.sh gcrypt + run: .ci/sanitizers/run.sh gcrypt if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_sanitizer_${{ matrix.sanitizer }} path: /tmp/logs/tests.*.tar.gz @@ -207,46 +212,43 @@ jobs: CI: 1 steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Install deps - run: sh .ci/deps.sh + run: .ci/deps.sh - name: Assign name for test results artifact run: echo ARTIFACT="$(echo '${{ matrix.os }}' | sed 's|[:/]|_|g')" >>"$GITHUB_ENV" - name: Create a non-privileged user - run: sh .ci/test/prepare.sh - - - name: Run tests with OpenSSL 3 - run: sudo -u build CI=1 sh .ci/test/run.sh openssl3 + run: .ci/test/prepare.sh - name: Run tests with default settings - run: sudo -u build CI=1 sh .ci/test/run.sh default + run: sudo -u build .ci/test/run.sh default if: always() - name: Run tests without legacy protocol - run: sudo -u build CI=1 sh .ci/test/run.sh nolegacy + run: sudo -u build .ci/test/run.sh nolegacy if: always() - name: Run tests with libgcrypt - run: sudo -u build CI=1 sh .ci/test/run.sh gcrypt + run: sudo -u build .ci/test/run.sh gcrypt if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_${{ env.ARTIFACT }} path: /tmp/logs/tests.*.tar.gz if: always() - name: Build package - run: sh .ci/package/build.sh + run: .ci/package/build.sh if: github.ref == 'refs/heads/1.1' || startsWith(github.ref, 'refs/tags/release-') continue-on-error: true - name: Upload package - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: pkg-${{ env.ARTIFACT }} path: | @@ -267,7 +269,7 @@ jobs: run: mkdir -p /tmp/artifacts - name: Download packages - uses: actions/download-artifact@v4.1.7 + uses: actions/download-artifact@v8 with: path: /tmp/artifacts @@ -296,24 +298,24 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Install build deps - run: sh .ci/deps.sh + run: .ci/deps.sh - name: Run tests with default settings - run: CFLAGS=-I/opt/homebrew/include sh .ci/test/run.sh default + run: CFLAGS=-I/opt/homebrew/include .ci/test/run.sh default - name: Run tests without legacy protocol - run: CFLAGS=-I/opt/homebrew/include sh .ci/test/run.sh nolegacy + run: CFLAGS=-I/opt/homebrew/include .ci/test/run.sh nolegacy if: always() - name: Run tests with libgcrypt - run: CFLAGS=-I/opt/homebrew/include sh .ci/test/run.sh gcrypt + run: CFLAGS=-I/opt/homebrew/include .ci/test/run.sh gcrypt if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_macos path: /tmp/logs/tests.*.tar.gz @@ -347,20 +349,20 @@ jobs: procps - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Run tests with default settings shell: msys2 {0} - run: sh .ci/test/run.sh default + run: .ci/test/run.sh default - name: Create installer shell: msys2 {0} - run: sh .ci/package/build.sh + run: .ci/package/build.sh if: github.ref == 'refs/heads/1.1' || startsWith(github.ref, 'refs/tags/release-') continue-on-error: true - name: Upload package - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: pkg-windows path: .ci/package/win/tinc-*.exe @@ -368,16 +370,16 @@ jobs: - name: Run tests without legacy protocol shell: msys2 {0} - run: sh .ci/test/run.sh nolegacy + run: .ci/test/run.sh nolegacy if: always() - name: Run tests with libgcrypt shell: msys2 {0} - run: sh .ci/test/run.sh gcrypt + run: .ci/test/run.sh gcrypt if: always() - name: Upload test results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: tests_windows path: /tmp/logs/tests.*.tar.gz @@ -404,7 +406,7 @@ jobs: run: pip3 install meson - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@v6 - name: Activate dev environment uses: ilammy/msvc-dev-cmd@v1 -- 2.47.3