Skip to content
Builds

Add auth_level functionality #575

Sign in to view logs

Add auth_level functionality

Add auth_level functionality #575

Workflow file for this run

.github/workflows/build.yml at b50f892
---
name: Builds
on:
push:
pull_request:
release:
tags:
- 'v*'
types: [published]
workflow_dispatch:
jobs:
source_dist:
name: "Source dist"
if: >
github.actor!='dependabot[bot]' &&
github.event_name!='pull_request' &&
( github.ref_type=='tag' || github.ref_type=='branch' )
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Save version info
run: |
git log -1 > ./git.info
- name: Fetch json-parser
run: |
make json-parser/configure
- name: debug
run: "env | sort"
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
- name: Create source tarball
run: |
tar -cJ -f /tmp/${SRC_FILE} \
--transform "s,^\./,pam-weblogin-${PWL_VERSION}/," --sort=name \
--owner=0 --group=0 --mode=u=rwX,go=rX \
--exclude-vcs --exclude='**/.github' \
.
- name: Show what we are shipping
run: |
tar tvJf /tmp/${SRC_FILE}
- name: Create Artifact
uses: actions/upload-artifact@v4
with:
name: "dist-source"
path: "/tmp/${{env.SRC_FILE}}"
build_tests:
name: Build tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- { os: ubuntu-20.04, compiler: gcc, version: 4.8 }
- { os: ubuntu-20.04, compiler: gcc, version: 5 }
- { os: ubuntu-20.04, compiler: gcc, version: 6 }
- { os: ubuntu-20.04, compiler: gcc, version: 7 }
- { os: ubuntu-20.04, compiler: gcc, version: 8 }
- { os: ubuntu-22.04, compiler: gcc, version: 9 }
- { os: ubuntu-22.04, compiler: gcc, version: 10 }
- { os: ubuntu-22.04, compiler: gcc, version: 11 }
- { os: ubuntu-22.04, compiler: gcc, version: 12 }
- { os: ubuntu-22.04, compiler: gcc, version: 13 }
- { os: ubuntu-20.04, compiler: clang, version: 9 }
- { os: ubuntu-20.04, compiler: clang, version: 10 }
- { os: ubuntu-20.04, compiler: clang, version: 11 }
- { os: ubuntu-20.04, compiler: clang, version: 12 }
- { os: ubuntu-22.04, compiler: clang, version: 13 }
- { os: ubuntu-22.04, compiler: clang, version: 14 }
- { os: ubuntu-22.04, compiler: clang, version: 15 }
- { os: ubuntu-22.04, compiler: clang, version: 16 }
- { os: macos-11, compiler: native }
- { os: macos-12, compiler: native }
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux
env:
CC: ${{ matrix.compiler == 'native' && 'cc' || format('{0}-{1}',matrix.compiler,matrix.version) }}
steps:
- name: Add source for old gcc packages (ubuntu 18.04)
run: |
sudo tee "/etc/apt/sources.list.d/bionic.list" << EOF
deb http://azure.archive.ubuntu.com/ubuntu bionic main universe
deb http://azure.archive.ubuntu.com/ubuntu bionic-security main universe
EOF
cat /etc/apt/sources.list
ls -la /etc/apt/sources.list.d
sudo apt update
if: runner.os == 'Linux' && matrix.compiler == 'gcc' && matrix.version < 7
- name: Install gcc
run: |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test
sudo apt-get install --yes gcc-${{matrix.version}}
if: runner.os == 'Linux' && matrix.compiler == 'gcc'
- name: Install clang
run: |
wget https://apt.llvm.org/llvm.sh
sudo bash ./llvm.sh ${{ matrix.version }}
if: runner.os == 'Linux' && matrix.compiler == 'clang'
- name: Show compiler version
run: $CC --version
- name: Install dependencies (linux)
run: |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check
if: runner.os == 'Linux'
- name: Install dependencies (macOS)
run: |
brew install check
if: runner.os == 'macOS'
- name: Checkout
uses: actions/checkout@v4
- name: Test compilation
run: |
make all
- name: Run unittests
run: |
make unittest
- name: Test make clean
run: |
make clean
make clean
rm -rf json-parser/
make clean
coverage:
name: Coverage
# needs:
# - build_tests
runs-on: ubuntu-22.04
# set CC to 'cc' for MacOS and the (e.g.) clang-12 for Linux
env:
CC: gcc-12
GCOV: gcov-12
COVERAGE: 1
steps:
- name: Install gcc
run: |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test
sudo apt-get install --yes gcc-12
- name: Show compiler version
run: $CC --version
- name: Install dependencies (linux)
run: |
sudo apt-get install --yes libpam0g-dev libcurl4-openssl-dev check
if: runner.os == 'Linux'
- name: Checkout
uses: actions/checkout@v4
- name: Compile
run: |
make all COVERAGE=1
- name: Run unittests
run: |
make unittest
- name: Run coverage
run: |
make coverage
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
gcov: true
gcov_executable: "gcov-12"
build_rpm:
name: Build RPMs
needs:
- source_dist
strategy:
fail-fast: false
matrix:
include:
- { name: "centos7", container: "centos:7" }
- { name: "fedora38", container: "fedora:38" }
- { name: "fedora39", container: "fedora:39" }
- { name: "fedora40", container: "fedora:40" }
- { name: "rockylinux8", container: "rockylinux:8" }
- { name: "rockylinux9", container: "rockylinux:9" }
runs-on: "ubuntu-latest"
steps:
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9._+' '_')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
- name: Fetch source
id: fetch_source
uses: actions/download-artifact@v4
with:
name: "dist-source"
path: "."
- name: Show source-dist
run: |
ls -la ${{steps.fetch_source.outputs.download-path}}
sha1sum ${{steps.fetch_source.outputs.download-path}}/* || true
sha256sum ${{steps.fetch_source.outputs.download-path}}/* || true
- name: Prepare build dir
run: |
mkdir -p rpmbuild/SOURCES
cp -v ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} rpmbuild/SOURCES
ls -la rpmbuild/SOURCES
tar -xvJ --wildcards --strip-components 1 -f ${{steps.fetch_source.outputs.download-path}}/${SRC_FILE} '*.spec'
- name: Prepare container image
run: >
echo "
FROM ${{matrix.container}}
RUN yum install -y epel-release || true
RUN yum install -y rpm-build
RUN dnf config-manager --set-enabled powertools || true
RUN dnf install -y pandoc || yum install -y pandoc
COPY pam-weblogin.spec /tmp/pwl.spec
RUN command -v dnf && dnf install -y 'dnf-command(builddep)' || true
RUN command -v dnf && dnf builddep -y /tmp/pwl.spec || yum-builddep -y /tmp/pwl.spec
RUN rm /tmp/pwl.spec
RUN gcc --version
" > Dockerfile;
docker build -f Dockerfile -t pwl-${{matrix.name}} .
- name: build RPM package
run: >
docker run -v `pwd`/rpmbuild:/root/rpmbuild/ \
-v $(pwd)/pam-weblogin.spec:/pam-weblogin.spec \
pwl-${{matrix.name}} \
/bin/sh -c '
rpmbuild -ba --define "pwl_version ${{env.PWL_VERSION}}" --define "pwl_distro ${{matrix.name}}" pam-weblogin.spec;
rpm -qlp /root/rpmbuild/RPMS/x86_64/*.rpm
'
- name: debug
run: ls -laR rpmbuild
- name: gather generated rpms
run: |
mkdir results
cp rpmbuild/RPMS/x86_64/*.rpm rpmbuild/SRPMS/*.rpm results/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: rpm_${{matrix.name}}
path: "results/*"
# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60
build_deb:
name: Build DEBs
needs:
- source_dist
strategy:
fail-fast: false
matrix:
include:
- { name: "debian12", container: "debian:12" }
- { name: "debian11", container: "debian:11" }
- { name: "debian10", container: "debian:10" }
- { name: "ubuntu2204", container: "ubuntu:22.04" }
runs-on: "ubuntu-latest"
steps:
- name: Install dependencies
run: |
sudo apt-get install --yes pandoc
- name: Get tag/branch name
run: |
if [ "$GITHUB_REF_TYPE" = 'branch' ]; then
echo -n "0+branch+$GITHUB_REF_NAME" > /tmp/version
elif [ "$GITHUB_REF_TYPE" = 'tag' ]; then
echo -n "$GITHUB_REF_NAME" > /tmp/version
else
exit 1
fi
export PWL_VERSION=$(cat /tmp/version | tr -C 'a-zA-Z0-9.+' '-' | sed 's/^v//')
echo PWL_VERSION=${PWL_VERSION} >> $GITHUB_ENV
echo BUILD_DIR=libpam-weblogin_${PWL_VERSION}-${{matrix.name}}-1_amd64 >> $GITHUB_ENV
echo SRC_FILE=pam-weblogin-${PWL_VERSION}.source.tar.xz >> $GITHUB_ENV
echo BUILD_ARCH=$(dpkg-architecture -q DEB_BUILD_MULTIARCH) >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
with:
path: pwl-checkout
- name: Prepare container image
run: >
echo "
FROM ${{matrix.container}}
RUN apt update; apt upgrade -y
RUN apt-get install -y build-essential git libpam0g-dev libcurl4-openssl-dev
RUN gcc --version
" > Dockerfile;
docker build -f Dockerfile -t pwl-${{matrix.name}} .
- name: Build binaries
run: >
docker run -v `pwd`/pwl-checkout:/root/pam-weblogin \
pwl-${{matrix.name}} \
/bin/sh -c 'cd /root/pam-weblogin; make'
- name: Debug
run: ls -laR pwl-checkout/src/*.so
- name: Prepare build dir
run: |
mkdir -p ${BUILD_DIR}/DEBIAN
mkdir -p ${BUILD_DIR}/etc/pam.d
mkdir -p ${BUILD_DIR}/lib/${BUILD_ARCH}/security/
mkdir -p ${BUILD_DIR}/usr/share/doc/pam-weblogin/
cp pwl-checkout/src/pam_weblogin.so ${BUILD_DIR}/lib/${BUILD_ARCH}/security/pam_weblogin.so
cp pwl-checkout/pam-weblogin.conf.sample ${BUILD_DIR}/etc/pam-weblogin.conf
pandoc pwl-checkout/README.md -t plain > ${BUILD_DIR}/usr/share/doc/pam-weblogin/README
echo "Package: libpam-weblogin
Version: ${PWL_VERSION}
Section: custom
Priority: optional
Architecture: amd64
Depends: libcurl3-gnutls, libpam0g
Maintainer: SURF <sram-support@surf.nl>
Description: Pam weblogin module" > ${BUILD_DIR}/DEBIAN/control
cat ${BUILD_DIR}/DEBIAN/control
- name: Build debs in container
run: |
docker run \
-v `pwd`:/work/ \
pwl-${{matrix.name}} \
/bin/sh -c "
cd /work &&
dpkg-deb --build --root-owner-group ${BUILD_DIR}
dpkg -c *.deb
"
- name: Gather generated debs
run: |
mkdir results
cp *.deb results/
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: deb_${{matrix.name}}
path: "results/*"
# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60
release:
name: Release
runs-on: ubuntu-latest
needs:
- coverage
- build_tests
- source_dist
- build_rpm
- build_deb
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Fetch artifacts
id: fetch_artifact
uses: actions/download-artifact@v4
with:
path: "artifacts/"
- name: Gather artifacts for release
run: |
mkdir to_release
cp -v artifacts/**/* to_release/
- name: Create Release
if: "github.ref_type=='tag'"
uses: softprops/action-gh-release@v2
with:
files: "to_release/*"
- name: Advance latest tag
if: "github.ref_type=='branch'"
uses: EndBug/latest-tag@v1
with:
ref: "branch+${{github.ref_name}}"
description: "Latest commit in the main branch"
- name: Remove all previous "latest" releases
if: "github.ref_type=='branch'"
uses: dev-drprasad/delete-older-releases@v0.3.3
with:
keep_latest: 0
delete_tag_pattern: "branch+${{github.ref_name}}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release for branch
if: "github.ref_type=='branch'"
uses: softprops/action-gh-release@v2
with:
name: "Latest from branch ${{github.ref_name}}"
tag_name: "branch+${{github.ref_name}}"
prerelease: true
files: "to_release/*"