cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/893?usp=email )
Change subject: GHA: Drop Ubuntu 20.04 and other maintenance (2.6) ...................................................................... GHA: Drop Ubuntu 20.04 and other maintenance (2.6) - Drop Ubuntu 20.04 GHA runners will go away in April 2025 - Change ubuntu-latest to ubuntu-24.04 to make sure we are not surprised by future changes. - Update vcpkg digest to latest 33e9c99 - Update github actions to latest Backport changes: Sync 2.6 GHA with master GHA by - pinning action references - adding Ubuntu 24.04 builds - updating libressl - updating ASAN builds to include "undefined" checker Change-Id: I29b68675143988c3304395d9d5ec62289cf519a7 Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.u...@gmail.com> (cherry picked from commit c26b2e2c5581ad4e14b737df9178a03d6403a5f7) Message-Id: <20250212215232.998-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30851.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M .github/workflows/build.yaml M .github/workflows/coverity-scan.yml 2 files changed, 45 insertions(+), 63 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d930197..5b1c797 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y uncrustify - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: openvpn - name: Show uncrustify version @@ -27,7 +27,7 @@ - name: Show changes on standard output run: git diff working-directory: openvpn - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: uncrustify-changes.patch path: 'openvpn/uncrustify-changes.patch' @@ -42,29 +42,29 @@ arch: [x86, x64] name: "gcc-mingw - ${{ matrix.arch }} - OSSL" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: VCPKG_ROOT: ${{ github.workspace }}/vcpkg steps: - name: Install dependencies run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore from cache and install vcpkg - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e + vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4 vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 with: configurePreset: mingw-${{ matrix.arch }} buildPreset: mingw-${{ matrix.arch }} buildPresetAdditionalArgs: "['--config Debug']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: openvpn-mingw-${{ matrix.arch }} path: | @@ -72,7 +72,7 @@ ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: | @@ -91,7 +91,7 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Retrieve mingw unittest - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -102,56 +102,35 @@ strategy: fail-fast: false matrix: - os: [ubuntu-20.04, ubuntu-22.04] - sslpkg: [libmbedtls-dev] - ssllib: [mbedtls] - libname: [mbed TLS] - include: - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl + - os: ubuntu-22.04 + sslpkg: libmbedtls-dev + ssllib: mbedtls + libname: mbed TLS 2.28.0 - os: ubuntu-22.04 sslpkg: "libssl-dev" libname: OpenSSL 3.0.2 ssllib: openssl - - os: ubuntu-20.04 + pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" + extraconf: --enable-pkcs11 + - os: ubuntu-24.04 sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 + libname: OpenSSL 3.0.13 ssllib: openssl - extraconf: "--enable-iproute2" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--enable-async-push" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--disable-management" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--enable-small" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--disable-lzo --disable-lz4" + pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" + extraconf: --enable-pkcs11 name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}" env: SSLPKG: "${{matrix.sslpkg}}" + PKCS11PKG: "${{matrix.pkcs11pkg}}" runs-on: ${{matrix.os}} steps: - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG} - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: autoconf run: autoreconf -fvi - name: configure @@ -165,7 +144,7 @@ strategy: fail-fast: false matrix: - os: [ubuntu-20.04] + os: [ubuntu-22.04, ubuntu-24.04] ssllib: [mbedtls, openssl] name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}" @@ -178,11 +157,11 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: autoconf run: autoreconf -fvi - name: configure - run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} + run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} - name: make all run: make -j3 - name: make check @@ -197,8 +176,8 @@ os: [macos-13, macos-14, macos-15] include: - build: asan - cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address + cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all # Our build system ignores LDFLAGS for plugins configureflags: --disable-plugin-auth-pam --disable-plugin-down-root - build: normal @@ -216,7 +195,7 @@ - name: Install dependencies run: brew install ${{matrix.ssllib}} lzo lz4 man2html cmocka libtool automake autoconf - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set environment run: | cat >>$GITHUB_ENV <<EOF; @@ -246,34 +225,35 @@ runs-on: windows-latest steps: - - uses: actions/checkout@v4 - - uses: lukka/get-cmake@latest + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: lukka/get-cmake@5f6e04f5267c8133f1273bf2103583fc72c46b17 # v3.31.5 - name: Install rst2html run: python -m pip install --upgrade pip docutils - name: Restore artifacts, or setup vcpkg (do not install any package) - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e + vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4 vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) - uses: lukka/run-cmake@v10 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch == 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch != 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release testPreset: win-${{ matrix.arch }}-release + testPresetAdditionalArgs: "['--output-on-failure']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: openvpn-msvc-${{ matrix.arch }} path: | @@ -293,8 +273,8 @@ configureflags: ["--with-openssl-engine=no"] include: - build: asan - cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address + cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address -fno-sanitize-recover=all cc: clang - build: normal cflags: "-O2 -g" @@ -313,12 +293,14 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - name: "libressl: checkout" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: libressl repository: libressl/portable - ref: v3.8.3 + ref: v4.0.0 - name: "libressl: autogen.sh" + env: + LIBRESSL_GIT_OPTIONS: "--no-single-branch" run: ./autogen.sh working-directory: libressl - name: "libressl: configure" @@ -333,7 +315,7 @@ - name: "ldconfig" run: sudo ldconfig - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: autoconf run: autoreconf -fvi - name: configure diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 37b8102..b5e1920 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -9,7 +9,7 @@ # Running coverity requires the secrets.COVERITY_SCAN_TOKEN token # which is only available on the main repository if: github.repository_owner == 'OpenVPN' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check submission cache id: check_submit -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/893?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I29b68675143988c3304395d9d5ec62289cf519a7 Gerrit-Change-Number: 893 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: uddr <yura.u...@gmail.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: merged
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
