OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 05:31:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

GHA: Drop Ubuntu 20.04 and other maintenance (2.6)

Browse Source 
- Drop Ubuntu 20.04
  GHA runners will go away in April 2025
- Change ubuntu-latest to ubuntu-24.04
  to make sure we are not surprised by
  future changes.
- Update vcpkg digest to latest 33e9c99
- Update github actions to latest

Backport changes:
Sync 2.6 GHA with master GHA by
- pinning action references
- adding Ubuntu 24.04 builds
- updating libressl
- updating ASAN builds to include
  "undefined" checker

Change-Id: I29b68675143988c3304395d9d5ec62289cf519a7
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com>
(cherry picked from commit c26b2e2c5581ad4e14b737df9178a03d6403a5f7)
Message-Id: <20250212215232.998-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30851.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Frank Lichtenheld 2025-02-12 22:52:32 +01:00 committed by Gert Doering
parent 5662b3a8eb
commit 40b76047e7
2 changed files with 45 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
.github/workflows/build.yaml vendored
View File

@ -13,7 +13,7 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: sudo apt update && sudo apt install -y uncrustify run: sudo apt update && sudo apt install -y uncrustify
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
path: openvpn path: openvpn
- name: Show uncrustify version - name: Show uncrustify version
@ -27,7 +27,7 @@ jobs:
- name: Show changes on standard output - name: Show changes on standard output
run: git diff run: git diff
working-directory: openvpn working-directory: openvpn
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with: with:
name: uncrustify-changes.patch name: uncrustify-changes.patch
path: 'openvpn/uncrustify-changes.patch' path: 'openvpn/uncrustify-changes.patch'
@ -42,29 +42,29 @@ jobs:
arch: [x86, x64] arch: [x86, x64]
name: "gcc-mingw - ${{ matrix.arch }} - OSSL" name: "gcc-mingw - ${{ matrix.arch }} - OSSL"
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
env: env:
VCPKG_ROOT: ${{ github.workspace }}/vcpkg VCPKG_ROOT: ${{ github.workspace }}/vcpkg
steps: steps:
- name: Install dependencies - name: Install dependencies
run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Restore from cache and install vcpkg - name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@v11 uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with: with:
vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4
vcpkgJsonGlob: '**/mingw/vcpkg.json' vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest - name: Run CMake with vcpkg.json manifest
uses: lukka/run-cmake@v10 uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
with: with:
configurePreset: mingw-${{ matrix.arch }} configurePreset: mingw-${{ matrix.arch }}
buildPreset: mingw-${{ matrix.arch }} buildPreset: mingw-${{ matrix.arch }}
buildPresetAdditionalArgs: "['--config Debug']" buildPresetAdditionalArgs: "['--config Debug']"
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with: with:
name: openvpn-mingw-${{ matrix.arch }} name: openvpn-mingw-${{ matrix.arch }}
path: | path: |
@ -72,7 +72,7 @@ jobs:
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll
!${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with: with:
name: openvpn-mingw-${{ matrix.arch }}-tests name: openvpn-mingw-${{ matrix.arch }}-tests
path: | path: |
@ -91,7 +91,7 @@ jobs:
name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL"
steps: steps:
- name: Retrieve mingw unittest - name: Retrieve mingw unittest
uses: actions/download-artifact@v4 uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with: with:
name: openvpn-mingw-${{ matrix.arch }}-tests name: openvpn-mingw-${{ matrix.arch }}-tests
path: unittests path: unittests
@ -102,56 +102,35 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ubuntu-20.04, ubuntu-22.04]
sslpkg: [libmbedtls-dev]
ssllib: [mbedtls]
libname: [mbed TLS]
include: include:
- os: ubuntu-20.04 - os: ubuntu-22.04
sslpkg: "libssl-dev" sslpkg: libmbedtls-dev
libname: OpenSSL 1.1.1 ssllib: mbedtls
ssllib: openssl libname: mbed TLS 2.28.0
- os: ubuntu-22.04 - os: ubuntu-22.04
sslpkg: "libssl-dev" sslpkg: "libssl-dev"
libname: OpenSSL 3.0.2 libname: OpenSSL 3.0.2
ssllib: openssl ssllib: openssl
- os: ubuntu-20.04 pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin"
extraconf: --enable-pkcs11
- os: ubuntu-24.04
sslpkg: "libssl-dev" sslpkg: "libssl-dev"
libname: OpenSSL 1.1.1 libname: OpenSSL 3.0.13
ssllib: openssl ssllib: openssl
extraconf: "--enable-iproute2" pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin"
- os: ubuntu-20.04 extraconf: --enable-pkcs11
sslpkg: "libssl-dev"
libname: OpenSSL 1.1.1
ssllib: openssl
extraconf: "--enable-async-push"
- os: ubuntu-20.04
sslpkg: "libssl-dev"
libname: OpenSSL 1.1.1
ssllib: openssl
extraconf: "--disable-management"
- os: ubuntu-20.04
sslpkg: "libssl-dev"
libname: OpenSSL 1.1.1
ssllib: openssl
extraconf: "--enable-small"
- os: ubuntu-20.04
sslpkg: "libssl-dev"
libname: OpenSSL 1.1.1
ssllib: openssl
extraconf: "--disable-lzo --disable-lz4"
name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}" name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}"
env: env:
SSLPKG: "${{matrix.sslpkg}}" SSLPKG: "${{matrix.sslpkg}}"
PKCS11PKG: "${{matrix.pkcs11pkg}}"
runs-on: ${{matrix.os}} runs-on: ${{matrix.os}}
steps: steps:
- name: Install dependencies - name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG}
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: autoconf - name: autoconf
run: autoreconf -fvi run: autoreconf -fvi
- name: configure - name: configure
@ -165,7 +144,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ubuntu-20.04] os: [ubuntu-22.04, ubuntu-24.04]
ssllib: [mbedtls, openssl] ssllib: [mbedtls, openssl]
name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}" name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}"
@ -178,11 +157,11 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: autoconf - name: autoconf
run: autoreconf -fvi run: autoreconf -fvi
- name: configure - name: configure
run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
- name: make all - name: make all
run: make -j3 run: make -j3
- name: make check - name: make check
@ -197,8 +176,8 @@ jobs:
os: [macos-13, macos-14, macos-15] os: [macos-13, macos-14, macos-15]
include: include:
- build: asan - build: asan
cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all
# Our build system ignores LDFLAGS for plugins # Our build system ignores LDFLAGS for plugins
configureflags: --disable-plugin-auth-pam --disable-plugin-down-root configureflags: --disable-plugin-auth-pam --disable-plugin-down-root
- build: normal - build: normal
@ -216,7 +195,7 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: brew install ${{matrix.ssllib}} lzo lz4 man2html cmocka libtool automake autoconf run: brew install ${{matrix.ssllib}} lzo lz4 man2html cmocka libtool automake autoconf
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set environment - name: Set environment
run: | run: |
cat >>$GITHUB_ENV <<EOF; cat >>$GITHUB_ENV <<EOF;
@ -246,34 +225,35 @@ jobs:
runs-on: windows-latest runs-on: windows-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: lukka/get-cmake@latest - uses: lukka/get-cmake@5f6e04f5267c8133f1273bf2103583fc72c46b17 # v3.31.5
- name: Install rst2html - name: Install rst2html
run: python -m pip install --upgrade pip docutils run: python -m pip install --upgrade pip docutils
- name: Restore artifacts, or setup vcpkg (do not install any package) - name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@v11 uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with: with:
vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4
vcpkgJsonGlob: '**/windows/vcpkg.json' vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS) - name: Run CMake with vcpkg.json manifest (NO TESTS)
uses: lukka/run-cmake@v10 uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
if: ${{ matrix.arch == 'arm64' }} if: ${{ matrix.arch == 'arm64' }}
with: with:
configurePreset: win-${{ matrix.arch }}-release configurePreset: win-${{ matrix.arch }}-release
buildPreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release
- name: Run CMake with vcpkg.json manifest - name: Run CMake with vcpkg.json manifest
uses: lukka/run-cmake@v10 uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
if: ${{ matrix.arch != 'arm64' }} if: ${{ matrix.arch != 'arm64' }}
with: with:
configurePreset: win-${{ matrix.arch }}-release configurePreset: win-${{ matrix.arch }}-release
buildPreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release
testPreset: win-${{ matrix.arch }}-release testPreset: win-${{ matrix.arch }}-release
testPresetAdditionalArgs: "['--output-on-failure']"
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with: with:
name: openvpn-msvc-${{ matrix.arch }} name: openvpn-msvc-${{ matrix.arch }}
path: | path: |
@ -293,8 +273,8 @@ jobs:
configureflags: ["--with-openssl-engine=no"] configureflags: ["--with-openssl-engine=no"]
include: include:
- build: asan - build: asan
cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
ldflags: -fsanitize=address ldflags: -fsanitize=address -fno-sanitize-recover=all
cc: clang cc: clang
- build: normal - build: normal
cflags: "-O2 -g" cflags: "-O2 -g"
@ -313,12 +293,14 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev
- name: "libressl: checkout" - name: "libressl: checkout"
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
path: libressl path: libressl
repository: libressl/portable repository: libressl/portable
ref: v3.8.3 ref: v4.0.0
- name: "libressl: autogen.sh" - name: "libressl: autogen.sh"
env:
LIBRESSL_GIT_OPTIONS: "--no-single-branch"
run: ./autogen.sh run: ./autogen.sh
working-directory: libressl working-directory: libressl
- name: "libressl: configure" - name: "libressl: configure"
@ -333,7 +315,7 @@ jobs:
- name: "ldconfig" - name: "ldconfig"
run: sudo ldconfig run: sudo ldconfig
- name: Checkout OpenVPN - name: Checkout OpenVPN
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: autoconf - name: autoconf
run: autoreconf -fvi run: autoreconf -fvi
- name: configure - name: configure

2
.github/workflows/coverity-scan.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
# Running coverity requires the secrets.COVERITY_SCAN_TOKEN token # Running coverity requires the secrets.COVERITY_SCAN_TOKEN token
# which is only available on the main repository # which is only available on the main repository
if: github.repository_owner == 'OpenVPN' if: github.repository_owner == 'OpenVPN'
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- name: Check submission cache - name: Check submission cache
id: check_submit id: check_submit