From ba54abeb2724bc9838d648bd611cade81a0efa76 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Thu, 1 Dec 2022 14:34:19 +0100 Subject: [PATCH 01/15] Restrict permissions for GITHUB_TOKEN in our workflows Added using https://github.com/step-security/secure-workflows For more information see: - https://github.com/ossf/scorecard/blob/d8fefc9b246db3600c777e9d60d441d7c386ce1d/docs/checks.md#token-permissions - https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ --- .github/workflows/build-and-test-all.yml | 3 +++ .github/workflows/builder-dispatch.yml | 3 +++ .github/workflows/builder.yml | 3 +++ .github/workflows/codeql-analysis.yml | 8 ++++++++ .github/workflows/docker.yml | 3 +++ .github/workflows/formatting.yml | 3 +++ .github/workflows/fuzz.yml | 4 ++++ 7 files changed, 27 insertions(+) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index b05565eaf9fa..097a217992f2 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -7,6 +7,9 @@ on: schedule: - cron: '0 22 * * 3' +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: build-auth: name: build auth diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml index 4232c15609a9..e7187443e395 100644 --- a/.github/workflows/builder-dispatch.yml +++ b/.github/workflows/builder-dispatch.yml @@ -13,6 +13,9 @@ on: description: OS to build for type: string +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: build: name: build ${{ github.event.inputs.product }} for ${{ github.event.inputs.os }} diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 9c5caa4d07f3..e57468f482d1 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -5,6 +5,9 @@ on: schedule: - cron: '0 1 * * *' +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: build: name: build.sh diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 31824d50c2ab..f904d054281e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,11 +6,19 @@ on: schedule: - cron: '0 22 * * 2' +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: analyze: name: Analyze runs-on: ubuntu-20.04 + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/analyze to upload SARIF results + strategy: fail-fast: false matrix: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b4e8e491be07..c21a5d8363a6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -5,6 +5,9 @@ on: schedule: - cron: '0 4 * * *' +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: build: name: docker build diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 38395c5e2993..544ea37de0bf 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -5,6 +5,9 @@ on: push: pull_request: +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: build: name: verify formatting and Makefile.am sort order diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index c42bd8f93ea1..9b724f6616d8 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -1,5 +1,9 @@ name: CIFuzz on: [pull_request] + +permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + contents: read + jobs: Fuzzing: runs-on: ubuntu-20.04 From c4e0f95e38db15b8ea4d3751695f365db2386d4c Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Thu, 9 Feb 2023 12:16:04 +0100 Subject: [PATCH 02/15] GH actions: added auth odbc{sqlitle3, mssql} tests. Removed from CircleCI --- .circleci/config.yml | 109 ---------------- .github/workflows/build-and-test-all.yml | 7 + tasks.py | 155 +++++++++++++++++------ 3 files changed, 125 insertions(+), 146 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f51ee168d9e8..4ce45a756bc1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -563,109 +563,6 @@ jobs: paths: - pdns-auth - test-auth-regress-odbc-sqlite3: - resource_class: small - - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - steps: - - auth-regress-setup - - run: - name: Configure ODBC for sqlite - command: | - cat >> ~/.odbc.ini \<<- __EOF__ - [pdns-sqlite3-1] - Driver = SQLite3 - Database = ${PWD}/regression-tests/pdns.sqlite3 - [pdns-sqlite3-2] - Driver = SQLite3 - Database = ${PWD}/regression-tests/pdns.sqlite32 - __EOF__ - - run: - name: Install ODBC deps - command: | - apt-get install -qq -y \ - unixodbc \ - libsqliteodbc - - run: - name: Set up sqlite3 odbc testing - command: echo 'export GODBC_SQLITE3_DSN=pdns-sqlite3-1' > ./vars - workdir: ~/project/regression-tests - - auth-regress: - context: godbc_sqlite3-nsec3 - doroot: false # Broken at the moment - - test-auth-regress-odbc-mssql: - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - - image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu - environment: - - ACCEPT_EULA: Y - - SA_PASSWORD: 'SAsa12%%' - steps: - - auth-regress-setup - - run: - name: Install ODBC deps - command: | - apt-get install -qq -y \ - freetds-bin \ - tdsodbc \ - unixodbc - - run: - name: set up mssql odbc - command: | - cat >> ~/.odbc.ini \<<- __EOF__ - [pdns-mssql-docker] - Driver=FreeTDS - Trace=No - Server=127.0.0.1 - Port=1433 - Database=pdns - TDS_Version=7.1 - [pdns-mssql-docker-nodb] - Driver=FreeTDS - Trace=No - Server=127.0.0.1 - Port=1433 - TDS_Version=7.1 - __EOF__ - - run: - command: cat /usr/share/tdsodbc/odbcinst.ini <(echo Threading=1) >> /etc/odbcinst.ini - - run: - name: create database - command: echo 'create database pdns' | isql -v pdns-mssql-docker-nodb sa SAsa12%% - - run: - name: Set up mssql odbc testing - command: echo 'export GODBC_MSSQL_PASSWORD=SAsa12%% GODBC_MSSQL_USERNAME=sa GODBC_MSSQL_DSN=pdns-mssql-docker' > ./vars - workdir: ~/project/regression-tests - - auth-regress: - context: godbc_mssql-nodnssec - skip: 8bit-txt-unescaped - - auth-regress: - context: godbc_mssql - skip: 8bit-txt-unescaped - - auth-regress: - context: godbc_mssql-nsec3 - skip: 8bit-txt-unescaped - - auth-regress: - context: godbc_mssql-nsec3-optout - skip: 8bit-txt-unescaped - - auth-regress: - context: godbc_mssql-nsec3-narrow - skip: 8bit-txt-unescaped - test-auth-regress-bind: resource_class: small @@ -1054,12 +951,6 @@ workflows: - build-auth: requires: - checkout - - test-auth-regress-odbc-sqlite3: - requires: - - build-auth - - test-auth-regress-odbc-mssql: - requires: - - build-auth - test-auth-regress-geoip: requires: - build-auth diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 097a217992f2..f07d615fcdfa 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -130,6 +130,10 @@ jobs: image: coscale/docker-sleep - backend: authpy image: coscale/docker-sleep + - backend: godbc_sqlite3 + image: coscale/docker-sleep + - backend: godbc_mssql + image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu fail-fast: false services: database: @@ -138,9 +142,12 @@ jobs: POSTGRES_USER: runner POSTGRES_HOST_AUTH_METHOD: trust MYSQL_ALLOW_EMPTY_PASSWORD: 1 + ACCEPT_EULA: Y + SA_PASSWORD: 'SAsa12%%' ports: - 3306:3306 - 5432:5432 + - 1433:1433 # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. options: >- --restart always diff --git a/tasks.py b/tasks.py index 9e5cd92023be..771f16896368 100644 --- a/tasks.py +++ b/tasks.py @@ -169,7 +169,9 @@ def setup_authbind(c): geoip=[], lua2=[], tinydns=[], - authpy=[] + authpy=[], + godbc_sqlite3=['libsqliteodbc'], + godbc_mssql=['freetds-bin','tdsodbc'] ) @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable=['backend'], optional=['backend']) @@ -452,67 +454,146 @@ def test_api(c, product, backend=''): backend_regress_tests = dict( bind = [ - 'bind-both', - 'bind-dnssec-both', - 'bind-dnssec-nsec3-both', - 'bind-dnssec-nsec3-optout-both', - 'bind-dnssec-nsec3-narrow', - # FIXME 'bind-dnssec-pkcs11' + 'bind-both', + 'bind-dnssec-both', + 'bind-dnssec-nsec3-both', + 'bind-dnssec-nsec3-optout-both', + 'bind-dnssec-nsec3-narrow', + # FIXME 'bind-dnssec-pkcs11' ], geoip = [ - 'geoip', - 'geoip-nsec3-narrow' - # FIXME: also run this with the mmdb we ship - ], - lua2 = [ - 'lua2', - 'lua2-dnssec' - ], - tinydns = [ - 'tinydns' + 'geoip', + 'geoip-nsec3-narrow' + # FIXME: also run this with the mmdb we ship ], + lua2 = ['lua2', 'lua2-dnssec'], + tinydns = ['tinydns'], remote = [ - 'remotebackend-pipe', - 'remotebackend-unix', - 'remotebackend-http', - 'remotebackend-zeromq', - 'remotebackend-pipe-dnssec', - 'remotebackend-unix-dnssec', - 'remotebackend-http-dnssec', - 'remotebackend-zeromq-dnssec' + 'remotebackend-pipe', + 'remotebackend-unix', + 'remotebackend-http', + 'remotebackend-zeromq', + 'remotebackend-pipe-dnssec', + 'remotebackend-unix-dnssec', + 'remotebackend-http-dnssec', + 'remotebackend-zeromq-dnssec' ], lmdb = [ - 'lmdb-nodnssec-both', - 'lmdb-both', - 'lmdb-nsec3-both', - 'lmdb-nsec3-optout-both', - 'lmdb-nsec3-narrow' + 'lmdb-nodnssec-both', + 'lmdb-both', + 'lmdb-nsec3-both', + 'lmdb-nsec3-optout-both', + 'lmdb-nsec3-narrow' + ], + gmysql = [ + 'gmysql', + 'gmysql-nodnssec-both', + 'gmysql-nsec3-both', + 'gmysql-nsec3-optout-both', + 'gmysql-nsec3-narrow', + 'gmysql_sp-both' + ], + gpgsql = [ + 'gpgsql', + 'gpgsql-nodnssec-both', + 'gpgsql-nsec3-both', + 'gpgsql-nsec3-optout-both', + 'gpgsql-nsec3-narrow', + 'gpgsql_sp-both' + ], + gsqlite3 = [ + 'gsqlite3', + 'gsqlite3-nodnssec-both', + 'gsqlite3-nsec3-both', + 'gsqlite3-nsec3-optout-both', + 'gsqlite3-nsec3-narrow' + ], + godbc_sqlite3 = ['godbc_sqlite3-nodnssec'], + godbc_mssql = [ + 'godbc_mssql', + 'godbc_mssql-nodnssec', + 'godbc_mssql-nsec3', + 'godbc_mssql-nsec3-optout', + 'godbc_mssql-nsec3-narrow' ], - gmysql = ['gmysql', 'gmysql-nodnssec-both', 'gmysql-nsec3-both', 'gmysql-nsec3-optout-both', 'gmysql-nsec3-narrow', 'gmysql_sp-both'], - gpgsql = ['gpgsql', 'gpgsql-nodnssec-both', 'gpgsql-nsec3-both', 'gpgsql-nsec3-optout-both', 'gpgsql-nsec3-narrow', 'gpgsql_sp-both'], - gsqlite3 = ['gsqlite3', 'gsqlite3-nodnssec-both', 'gsqlite3-nsec3-both', 'gsqlite3-nsec3-optout-both', 'gsqlite3-nsec3-narrow'], ) +godbc_mssql_credentials = {"username": "sa", "password": "SAsa12%%"} + +godbc_config = ''' +[pdns-mssql-docker] +Driver=FreeTDS +Trace=No +Server=127.0.0.1 +Port=1433 +Database=pdns +TDS_Version=7.1 + +[pdns-mssql-docker-nodb] +Driver=FreeTDS +Trace=No +Server=127.0.0.1 +Port=1433 +TDS_Version=7.1 + +[pdns-sqlite3-1] +Driver = SQLite3 +Database = pdns.sqlite3 + +[pdns-sqlite3-2] +Driver = SQLite3 +Database = pdns.sqlite32 +''' + +def setup_godbc_mssql(c): + with open(os.path.expanduser("~/.odbc.ini"), "a") as f: + f.write(godbc_config) + c.sudo('sh -c \'echo "Threading=1" | cat /usr/share/tdsodbc/odbcinst.ini - | tee -a /etc/odbcinst.ini\'') + c.sudo('sed -i "s/libtdsodbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libtdsodbc.so/g" /etc/odbcinst.ini') + c.run(f'echo "create database pdns" | isql -v pdns-mssql-docker-nodb {godbc_mssql_credentials["username"]} {godbc_mssql_credentials["password"]}') + # FIXME: Skip 8bit-txt-unescaped test + c.run('touch ${PWD}/regression-tests/tests/8bit-txt-unescaped/skip') + +def setup_godbc_sqlite3(c): + with open(os.path.expanduser("~/.odbc.ini"), "a") as f: + f.write(godbc_config) + c.sudo('sed -i "s/libsqlite3odbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libsqlite3odbc.so/g" /etc/odbcinst.ini') + @task def test_auth_backend(c, backend): + pdns_auth_env_vars = 'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432"' + if backend == 'remote': ci_auth_install_remotebackend_test_deps(c) if backend == 'authpy': with c.cd('regression-tests.auth-py'): - c.run(f'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" WITHKERBEROS=YES ./runtests') + c.run(f'{pdns_auth_env_vars} WITHKERBEROS=YES ./runtests') + return + + if backend == 'godbc_sqlite3': + setup_godbc_sqlite3(c) + with c.cd('regression-tests'): + for variant in backend_regress_tests[backend]: + c.run(f'{pdns_auth_env_vars} GODBC_SQLITE3_DSN=pdns-sqlite3-1 ./start-test-stop 5300 {variant}') + return + + if backend == 'godbc_mssql': + setup_godbc_mssql(c) + with c.cd('regression-tests'): + for variant in backend_regress_tests[backend]: + c.run(f'{pdns_auth_env_vars} GODBC_MSSQL_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL_DSN=pdns-mssql-docker GODBC_MSSQL2_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL2_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL2_DSN=pdns-mssql-docker ./start-test-stop 5300 {variant}') return with c.cd('regression-tests'): if backend == 'lua2': c.run('touch trustedkeys') # avoid silly error during cleanup for variant in backend_regress_tests[backend]: - # FIXME this long line is terrible - c.run(f'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./start-test-stop 5300 {variant}') + c.run(f'{pdns_auth_env_vars} ./start-test-stop 5300 {variant}') if backend == 'gsqlite3': with c.cd('regression-tests.nobackend'): - c.run(f'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests') + c.run(f'{pdns_auth_env_vars} ./runtests') c.run('/opt/pdns-auth/bin/pdnsutil test-algorithms') return From bbdc5b994d9a3ffdd6ffdfe90e827cfa634bdb60 Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Thu, 16 Feb 2023 06:52:49 +0100 Subject: [PATCH 03/15] gh actions: added ldap and geoip-mmdb tests --- .github/workflows/build-and-test-all.yml | 60 ++++++++++++++++++++---- tasks.py | 24 +++++++++- 2 files changed, 72 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index f07d615fcdfa..60542c56fae4 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -105,49 +105,89 @@ jobs: env: UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp" ASAN_OPTIONS: detect_leaks=0 + LDAPHOST: ldap://ldapserver/ strategy: matrix: include: - backend: remote image: coscale/docker-sleep + env: {} + ports: [] - backend: gmysql image: mysql:5 + env: + MYSQL_ALLOW_EMPTY_PASSWORD: 1 + ports: + - 3306:3306 - backend: gmysql image: mariadb:10 + env: + MYSQL_ALLOW_EMPTY_PASSWORD: 1 + ports: + - 3306:3306 - backend: gpgsql image: postgres:9 + env: + POSTGRES_USER: runner + POSTGRES_HOST_AUTH_METHOD: trust + ports: + - 5432:5432 - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms image: coscale/docker-sleep + env: {} + ports: [] - backend: lmdb image: coscale/docker-sleep + env: {} + ports: [] - backend: bind image: coscale/docker-sleep + env: {} + ports: [] - backend: geoip image: coscale/docker-sleep + env: {} + ports: [] - backend: lua2 image: coscale/docker-sleep + env: {} + ports: [] - backend: tinydns image: coscale/docker-sleep + env: {} + ports: [] - backend: authpy image: coscale/docker-sleep + env: {} + ports: [] - backend: godbc_sqlite3 image: coscale/docker-sleep + env: {} + ports: [] - backend: godbc_mssql image: mcr.microsoft.com/mssql/server:2017-GA-ubuntu + env: + ACCEPT_EULA: Y + SA_PASSWORD: 'SAsa12%%' + ports: + - 1433:1433 + - backend: ldap + image: powerdns/ldap-regress:1.2.4-1 + env: + LDAP_LOG_LEVEL: 0 + CONTAINER_LOG_LEVEL: 4 + ports: + - 389:389 + - backend: geoip_mmdb + image: coscale/docker-sleep + env: {} + ports: [] fail-fast: false services: database: image: ${{ matrix.image }} - env: - POSTGRES_USER: runner - POSTGRES_HOST_AUTH_METHOD: trust - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ACCEPT_EULA: Y - SA_PASSWORD: 'SAsa12%%' - ports: - - 3306:3306 - - 5432:5432 - - 1433:1433 + env: ${{ matrix.env }} + ports: ${{ matrix.ports }} # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. options: >- --restart always diff --git a/tasks.py b/tasks.py index 771f16896368..84480b5295ac 100644 --- a/tasks.py +++ b/tasks.py @@ -171,7 +171,9 @@ def setup_authbind(c): tinydns=[], authpy=[], godbc_sqlite3=['libsqliteodbc'], - godbc_mssql=['freetds-bin','tdsodbc'] + godbc_mssql=['freetds-bin','tdsodbc'], + ldap=[], + geoip_mmdb=[] ) @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable=['backend'], optional=['backend']) @@ -464,7 +466,6 @@ def test_api(c, product, backend=''): geoip = [ 'geoip', 'geoip-nsec3-narrow' - # FIXME: also run this with the mmdb we ship ], lua2 = ['lua2', 'lua2-dnssec'], tinydns = ['tinydns'], @@ -516,6 +517,12 @@ def test_api(c, product, backend=''): 'godbc_mssql-nsec3-optout', 'godbc_mssql-nsec3-narrow' ], + ldap = [ + 'ldap-tree', + 'ldap-simple', + 'ldap-strict' + ], + geoip_mmdb = ['geoip'], ) godbc_mssql_credentials = {"username": "sa", "password": "SAsa12%%"} @@ -559,6 +566,10 @@ def setup_godbc_sqlite3(c): f.write(godbc_config) c.sudo('sed -i "s/libsqlite3odbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libsqlite3odbc.so/g" /etc/odbcinst.ini') +def setup_ldap_client(c): + c.sudo('DEBIAN_FRONTEND=noninteractive apt-get install -qq -y ldap-utils') + c.sudo('sh -c \'echo "127.0.0.1 ldapserver" | tee -a /etc/hosts\'') + @task def test_auth_backend(c, backend): pdns_auth_env_vars = 'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432"' @@ -585,6 +596,15 @@ def test_auth_backend(c, backend): c.run(f'{pdns_auth_env_vars} GODBC_MSSQL_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL_DSN=pdns-mssql-docker GODBC_MSSQL2_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL2_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL2_DSN=pdns-mssql-docker ./start-test-stop 5300 {variant}') return + if backend == 'ldap': + setup_ldap_client(c) + + if backend == 'geoip_mmdb': + with c.cd('regression-tests'): + for variant in backend_regress_tests[backend]: + c.run(f'{pdns_auth_env_vars} geoipdatabase=../modules/geoipbackend/regression-tests/GeoLiteCity.mmdb ./start-test-stop 5300 {variant}') + return + with c.cd('regression-tests'): if backend == 'lua2': c.run('touch trustedkeys') # avoid silly error during cleanup From 2b433fbc192c6ec3bbe5aab6c73d71d20f637d2e Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Thu, 16 Feb 2023 06:54:23 +0100 Subject: [PATCH 04/15] gh actions: simplified collector job in build-and-test-all.yml --- .github/workflows/build-and-test-all.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 60542c56fae4..9a176de86d3e 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -248,19 +248,22 @@ jobs: - test-auth-api - test-auth-backend - test-ixfrdist + if: success() || failure() runs-on: ubuntu-20.04 steps: + - name: Install jq and yq + run: "sudo snap install jq yq" + - name: Fail job if any of the previous jobs failed + run: "for i in `echo '${{ toJSON(needs) }}' | jq '.[].result' | tr -d '\"'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;" - uses: actions/checkout@v2.3.4 with: fetch-depth: 5 submodules: recursive - - name: Install yq - run: sudo wget https://github.com/mikefarah/yq/releases/download/v4.9.6/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq - - name: Get full list of jobs for this workflow - run: yq e '.jobs | keys' .github/workflows/build-and-test-all.yml | grep -v '^- collect' | sort | tee /tmp/workflow-jobs-list.yml - - name: Get list of jobs the collect job depends on - run: yq e '.jobs.collect.needs | ... comments=""' .github/workflows/build-and-test-all.yml | sort | tee /tmp/workflow-collect-dependencies.yml - - name: Diff them - run: diff -u /tmp/workflow-jobs-list.yml /tmp/workflow-collect-dependencies.yml + - name: Get list of jobs in the workflow + run: "yq e '.jobs | keys' .github/workflows/build-and-test-all.yml | awk '{print $2}' | grep -v collect | sort | tee /tmp/workflow-jobs-list.yml" + - name: Get list of prerequisite jobs + run: "echo '${{ toJSON(needs) }}' | jq 'keys | .[]' | tr -d '\"' | sort | tee /tmp/workflow-needs-list.yml" + - name: Fail if there is a job missing on the needs list + run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi" # FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier From 4a9c0a98ce32d1e6a659d735de787f5ce855d3f4 Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Thu, 16 Feb 2023 06:55:48 +0100 Subject: [PATCH 05/15] removed ldap and geoip-mmdb tests from circleci --- .circleci/config.yml | 58 -------------------------------------------- 1 file changed, 58 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4ce45a756bc1..a1bf19a24962 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -601,57 +601,6 @@ jobs: - auth-regress: context: bind-hybrid-nsec3 - test-auth-regress-ldap: - resource_class: small - - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - LDAPHOST: ldap://ldapserver/ - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - - image: powerdns/ldap-regress:1.2.4-1 # OpenLDAP 2.4.47 - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - name: ldapserver - command: '--loglevel debug' - environment: - LDAP_LOG_LEVEL: 0 - steps: - - auth-regress-setup - - run: DEBIAN_FRONTEND=noninteractive apt-get install -qq -y ldap-utils - - auth-regress: - context: ldap-tree - doroot: false - - auth-regress: - context: ldap-simple - doroot: false - - auth-regress: - context: ldap-strict - doroot: false - - test-auth-regress-geoip: - resource_class: small - - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - steps: - - auth-regress-setup - - run: export geoipdatabase=../modules/geoipbackend/regression-tests/GeoLiteCity.mmdb - - auth-regress: - context: geoip - doroot: false - build-auth-docs: resource_class: small @@ -951,10 +900,3 @@ workflows: - build-auth: requires: - checkout - - test-auth-regress-geoip: - requires: - - build-auth - - test-auth-regress-ldap: - requires: - - build-auth - From 85c1c08d27f2fe7f82dcb347d92d3d2f0ea60d0f Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Wed, 22 Feb 2023 11:48:28 +0100 Subject: [PATCH 06/15] Avoid Microsoft repo for ODBC. Step 1: allow apt downgrades --- build-scripts/gh-actions-setup-inv | 2 +- tasks.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/gh-actions-setup-inv b/build-scripts/gh-actions-setup-inv index 2a5f44135137..3256b71bd0fe 100755 --- a/build-scripts/gh-actions-setup-inv +++ b/build-scripts/gh-actions-setup-inv @@ -6,6 +6,6 @@ EOF " sudo chmod 755 /usr/sbin/policy-rc.d sudo apt-get update -sudo apt-get -qq -y dist-upgrade +sudo apt-get -qq -y --allow-downgrades dist-upgrade sudo apt-get -qq -y --no-install-recommends install python3-pip sudo pip3 install git+https://github.com/pyinvoke/invoke@faa5728a6f76199a3da1750ed952e7efee17c1da diff --git a/tasks.py b/tasks.py index 84480b5295ac..1f06930c9260 100644 --- a/tasks.py +++ b/tasks.py @@ -121,7 +121,7 @@ @task def apt_fresh(c): c.sudo('apt-get update') - c.sudo('apt-get dist-upgrade') + c.sudo('apt-get -qq -y --allow-downgrades dist-upgrade') @task def install_clang(c): From eb6f0fc54f093e6bb0b24ad5eac72e75909a52b4 Mon Sep 17 00:00:00 2001 From: Alexis Romero Date: Thu, 23 Feb 2023 11:03:30 +0100 Subject: [PATCH 07/15] Avoid Microsoft repo for ODBC. Step 1: codeql allow apt downgrades --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f904d054281e..c7593ac94dc6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -72,7 +72,7 @@ jobs: sudo apt-get update - name: Install dependencies run: | - sudo apt-get -qq -y --no-install-recommends install \ + sudo apt-get -qq -y --no-install-recommends --allow-downgrades install \ bison \ default-libmysqlclient-dev \ flex \ From 3634c47e2de9ee92c75160aa163325153a69c383 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 14:28:05 +0000 Subject: [PATCH 08/15] build(deps): bump actions/cache from 2 to 3.0.11 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.0.11. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3.0.11) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-test-all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 9a176de86d3e..805925e6b102 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -28,7 +28,7 @@ jobs: echo "::set-output name=stamp::$(/bin/date +%s)" shell: bash - name: let GitHub cache our ccache data - uses: actions/cache@v2 + uses: actions/cache@v3.0.11 with: path: ~/.ccache key: auth-ccache-${{ steps.get-stamp.outputs.stamp }} From 3d2d3d3915bff402be2e809d8c5723b39410ced6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 14:44:55 +0000 Subject: [PATCH 09/15] build(deps): bump actions/checkout from 2.3.4 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.4...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-test-all.yml | 12 ++++++------ .github/workflows/builder-dispatch.yml | 2 +- .github/workflows/builder.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/formatting.yml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 805925e6b102..f59810717906 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -18,7 +18,7 @@ jobs: UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp" ASAN_OPTIONS: detect_leaks=0 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive @@ -83,7 +83,7 @@ jobs: options: >- --restart always steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive @@ -192,7 +192,7 @@ jobs: options: >- --restart always steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive @@ -216,7 +216,7 @@ jobs: UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp" ASAN_OPTIONS: detect_leaks=0 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive @@ -233,7 +233,7 @@ jobs: swagger-syntax-check: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive @@ -255,7 +255,7 @@ jobs: run: "sudo snap install jq yq" - name: Fail job if any of the previous jobs failed run: "for i in `echo '${{ toJSON(needs) }}' | jq '.[].result' | tr -d '\"'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;" - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml index e7187443e395..e1498a659f20 100644 --- a/.github/workflows/builder-dispatch.yml +++ b/.github/workflows/builder-dispatch.yml @@ -22,7 +22,7 @@ jobs: # on a ubuntu-20.04 VM runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 0 # for correct version numbers submodules: recursive diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index e57468f482d1..829c4ff55085 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -26,7 +26,7 @@ jobs: - debian-bookworm fail-fast: false steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 0 # for correct version numbers submodules: recursive diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c7593ac94dc6..ae02e4d6bacf 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c21a5d8363a6..baf9f33b68f7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,7 @@ jobs: matrix: product: ['auth'] steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 544ea37de0bf..852239281e82 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -14,7 +14,7 @@ jobs: # on a ubuntu-20.04 VM runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 submodules: recursive From d4822f22724fabb6e6da80df245fa2418e403970 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 14:27:58 +0000 Subject: [PATCH 10/15] build(deps): bump actions/download-artifact from 2 to 3 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-test-all.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index f59810717906..11c970939eeb 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -88,7 +88,7 @@ jobs: fetch-depth: 5 submodules: recursive - name: Fetch the binaries - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: pdns-auth path: /opt/pdns-auth @@ -197,7 +197,7 @@ jobs: fetch-depth: 5 submodules: recursive - name: Fetch the binaries - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: pdns-auth path: /opt/pdns-auth @@ -221,7 +221,7 @@ jobs: fetch-depth: 5 submodules: recursive - name: Fetch the binaries - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: pdns-auth path: /opt/pdns-auth From 3347a564168bd00e7beeedb464d2910b54412e84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 14:28:01 +0000 Subject: [PATCH 11/15] build(deps): bump actions/upload-artifact from 1 to 3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v1...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-test-all.yml | 2 +- .github/workflows/builder-dispatch.yml | 2 +- .github/workflows/builder.yml | 2 +- .github/workflows/fuzz.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 11c970939eeb..03ceaac9c26d 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -44,7 +44,7 @@ jobs: - run: inv ci-make-install - run: ccache -s - name: Store the binaries - uses: actions/upload-artifact@v2 # this takes 30 seconds, maybe we want to tar + uses: actions/upload-artifact@v3 # this takes 30 seconds, maybe we want to tar with: name: pdns-auth path: /opt/pdns-auth diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml index e1498a659f20..5016a628d1ad 100644 --- a/.github/workflows/builder-dispatch.yml +++ b/.github/workflows/builder-dispatch.yml @@ -32,7 +32,7 @@ jobs: run: 'echo ::set-output name=version::$(readlink builder/tmp/latest)' id: getversion - name: Upload packages - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: ${{ github.event.inputs.product }}-${{ github.event.inputs.os }}-${{ steps.getversion.outputs.version }} path: built_pkgs/ diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 829c4ff55085..779177490e46 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -36,7 +36,7 @@ jobs: run: 'echo ::set-output name=version::$(readlink builder/tmp/latest)' id: getversion - name: Upload packages - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: ${{ matrix.product }}-${{ matrix.os }}-${{ steps.getversion.outputs.version }} path: built_pkgs/ diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 9b724f6616d8..c93ed0ef8769 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -20,7 +20,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v3 if: failure() with: name: artifacts From 0e7f651edbc680f9feeb09b1232edbbd2ab940eb Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Tue, 6 Dec 2022 12:39:08 -0500 Subject: [PATCH 12/15] Switch from set-output tot GITHUB_OUTPUT Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .github/workflows/build-and-test-all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 03ceaac9c26d..c2fad631ff69 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -25,7 +25,7 @@ jobs: - name: get timestamp for cache id: get-stamp run: | - echo "::set-output name=stamp::$(/bin/date +%s)" + echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" shell: bash - name: let GitHub cache our ccache data uses: actions/cache@v3.0.11 From 3b9c37a71dae4c362a159907f3e6789ea49cb4bd Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 13 Jan 2023 11:06:14 +0100 Subject: [PATCH 13/15] build-and-test-all: add functionality to quickly switch ubuntu mirrors --- .github/workflows/build-and-test-all.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index c2fad631ff69..2628de3684d2 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -18,6 +18,7 @@ jobs: UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp" ASAN_OPTIONS: detect_leaks=0 steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 @@ -83,6 +84,7 @@ jobs: options: >- --restart always steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 @@ -192,6 +194,7 @@ jobs: options: >- --restart always steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 @@ -216,6 +219,7 @@ jobs: UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ github.workspace }}/build-scripts/UBSan.supp" ASAN_OPTIONS: detect_leaks=0 steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 @@ -233,6 +237,7 @@ jobs: swagger-syntax-check: runs-on: ubuntu-20.04 steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - uses: actions/checkout@v3.1.0 with: fetch-depth: 5 From 74e43847f5b7fbb3ffa215127736032c935a13a7 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Mon, 6 Feb 2023 11:41:18 +0100 Subject: [PATCH 14/15] codeql workflow: set ubuntu mirror --- .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ae02e4d6bacf..2fe911610a1a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,6 +30,7 @@ jobs: # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection steps: + - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - name: Checkout repository uses: actions/checkout@v3.1.0 with: From c9d155099c8fda78672654ab7eac76685a0a36cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 14:28:07 +0000 Subject: [PATCH 15/15] build(deps): bump actions/setup-python from 2 to 4 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2fe911610a1a..59e09f79366f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: fetch-depth: 2 # Python is required for building the Authoritative server - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.8'