Add CHAP tests to TACACS #6064
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI RPM | |
on: | |
push: | |
branches-ignore: | |
- coverity_scan | |
- run-fuzzer** | |
- debug-fuzzer-** | |
schedule: | |
- cron: '0 20 * * *' | |
jobs: | |
# | |
# We don't want to consume many workers on each push so we only build the | |
# full suite of distros during the scheduled or ci-debug run and just the | |
# "bleeding-edge" distro on each push. | |
# | |
# This job builds the matrix based on the event that trigger this run which | |
# the next job consumes. | |
# | |
set-matrix: | |
name: Setup build matrix | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- id: set-matrix | |
name: Setup the matrix | |
run: | | |
if [ "$GITHUB_EVENT_NAME" = "schedule" -o "$GITHUB_REF" = "refs/heads/ci-debug" ]; then | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "stream-8", "OS": "tgagor/centos-stream:stream8", "DIST": "centos" }, | |
{ "NAME": "rocky-8", "OS": "rockylinux/rockylinux:8", "DIST": "rocky" }, | |
{ "NAME": "rocky-9", "OS": "rockylinux/rockylinux:9", "DIST": "rocky" }, | |
] | |
} | |
EOF | |
) | |
else | |
M=$(cat <<EOF | |
{ | |
"env": [ | |
{ "NAME": "stream-8", "OS": "tgagor/centos-stream:stream8", "DIST": "centos" }, | |
{ "NAME": "rocky-8", "OS": "rockylinux/rockylinux:8", "DIST": "rocky" } | |
] | |
} | |
EOF | |
) | |
fi | |
echo matrix=$M >> $GITHUB_OUTPUT | |
rpm-build: | |
needs: | |
- set-matrix | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
env: | |
HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci | |
HOSTAPD_GIT_TAG: hostap_2_10 | |
name: "RPM build" | |
steps: | |
- name: Extra repos for CentOS and Rocky Linux 8 | |
if: ${{ matrix.env.NAME == 'stream-8' || matrix.env.NAME == 'rocky-8' }} | |
run: | | |
echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo | |
echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo | |
rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | |
yum install -y epel-release | |
- name: Enable PowerTools / CRB | |
run: | | |
yum install -y yum-utils dnf-plugins-core | |
yum config-manager --enable PowerTools || : | |
yum config-manager --enable powertools || : | |
yum config-manager --enable crb || : | |
- name: Enable EPEL for Rocky Linux 9 | |
if: ${{ matrix.env.NAME == 'rocky-9' }} | |
run: | | |
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | |
# For pkill | |
- name: Enable procps-ng | |
run: | | |
yum install -y procps-ng | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo | |
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgkey=https://packages.networkradius.com/pgp/[email protected]' >> /etc/yum.repos.d/networkradius-extras.repo | |
rpm --import https://packages.networkradius.com/pgp/[email protected] | |
- name: Install common tools | |
run: | | |
yum install -y rpm-build openssl make gcc perl git-core | |
- uses: actions/checkout@v3 | |
with: | |
path: freeradius | |
# | |
# It has been observed that sometimes not all the dependencies are | |
# installed on the first go. Give it a second chance. | |
# | |
- name: Install build dependencies | |
run: | | |
yum-builddep -y freeradius.spec && yum-builddep -y freeradius.spec | |
working-directory: freeradius/redhat | |
- name: Build RPMs | |
run: | | |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
make rpm | |
working-directory: freeradius | |
- name: Collect RPMs | |
run: | | |
mkdir rpms | |
mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms | |
- name: Restore eapol_test build directory from cache | |
uses: actions/cache@v3 | |
id: hostapd-cache | |
with: | |
path: ${{ env.HOSTAPD_BUILD_DIR }} | |
key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 | |
# Build eapol_test using a minimal make environment to avoid configuring | |
- name: Build eapol_test | |
run: | | |
yum install -y libnl3-devel which | |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
scripts/ci/eapol_test-build.sh | |
mv scripts/ci/eapol_test/eapol_test ../rpms | |
working-directory: freeradius | |
- name: Store RPMs | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rpms-${{ matrix.env.NAME }} | |
path: rpms | |
retention-days: 1 | |
# | |
# If the CI has failed and the branch is ci-debug then start a tmate | |
# session. SSH rendezvous point is emited continuously in the job output. | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
yum install -y xz | |
ln -s /bin/true /bin/apt-get | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
# | |
# Perform "post-install" testing of the FR packages that we have just built | |
# in a clean environment consisting of only the base OS and package | |
# dependancies | |
# | |
rpm-test: | |
needs: | |
- set-matrix | |
- rpm-build | |
strategy: | |
matrix: ${{ fromJson(needs.set-matrix.outputs.matrix) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ matrix.env.OS }} | |
name: "RPM install test" | |
steps: | |
- name: Set up NetworkRADIUS extras repository | |
run: | | |
echo '[networkradius-extras]' > /etc/yum.repos.d/networkradius-extras.repo | |
echo 'name=NetworkRADIUS-extras-$releasever' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'baseurl=http://packages.networkradius.com/extras/${{ matrix.env.DIST }}/$releasever/' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/networkradius-extras.repo | |
echo 'gpgkey=https://packages.networkradius.com/pgp/[email protected]' >> /etc/yum.repos.d/networkradius-extras.repo | |
rpm --import https://packages.networkradius.com/pgp/[email protected] | |
- name: Extra repos | |
if: ${{ matrix.env.NAME == 'stream-8' || matrix.env.NAME == 'rocky-8' }} | |
run: | | |
echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo | |
echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo | |
echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo | |
rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | |
yum install -y epel-release | |
- name: Enable PowerTools / CRB | |
run: | | |
yum install -y yum-utils dnf-plugins-core | |
yum config-manager --enable PowerTools || : | |
yum config-manager --enable powertools || : | |
yum config-manager --enable crb || : | |
- name: Enable EPEL for Rocky Linux 9 | |
if: ${{ matrix.env.NAME == 'rocky-9' }} | |
run: | | |
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | |
# For pkill | |
- name: Enable procps-ng | |
run: | | |
yum install -y procps-ng | |
- name: Load RPMs | |
uses: actions/download-artifact@v3 | |
with: | |
name: rpms-${{ matrix.env.NAME }} | |
- name: Install RPMs | |
run: | | |
yum install -y *.rpm | |
- name: Config check | |
run: | | |
radiusd -XC | |
# | |
# We now perform some post-install tests that depend on the availability | |
# of the source tree | |
# | |
- name: Install pre-built eapol_test | |
run: | | |
yum install -y libnl3 make gdb which | |
mv eapol_test /usr/local/bin | |
chmod +x /usr/local/bin/eapol_test | |
- uses: actions/checkout@v3 | |
with: | |
path: freeradius | |
- name: Run the post-install test target | |
run: | | |
make -C raddb/certs | |
touch Make.inc | |
mkdir -p build/tests/eapol_test | |
echo "EAPOL_TEST=" $(which eapol_test) > build/tests/eapol_test/eapol_test.mk | |
make -f scripts/ci/package-test.mk package-test | |
working-directory: freeradius | |
- name: Upload radius logs on failure | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: radius-logs-${{ matrix.env.NAME }} | |
path: | | |
/var/log/radius | |
freeradius/build/tests/eapol_test | |
retention-days: 30 | |
# | |
# See above comments for tmate | |
# | |
- name: "Debug: Package dependancies for tmate" | |
run: | | |
yum install -y xz | |
ln -s /bin/true /bin/apt-get | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
sudo: false | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} |