Add Interface to Net tlv #4559
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI macOS | |
| on: | |
| push: | |
| branches-ignore: | |
| - coverity_scan | |
| - run-fuzzer** | |
| - debug-fuzzer-** | |
| pull_request: | |
| env: | |
| ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1 | |
| LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50 | |
| UBSAN_OPTIONS: print_stacktrace=1 | |
| M_PERTURB: "0x42" | |
| PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0" | |
| ANALYZE_C_DUMP: 1 | |
| FR_GLOBAL_POOL: 4M | |
| TEST_CERTS: yes | |
| NO_PERFORMANCE_TESTS: yes | |
| DO_BUILD: yes | |
| HOSTAPD_BUILD_DIR: eapol_test.ci | |
| HOSTAPD_GIT_TAG: hostap_2_11 | |
| DEBIAN_FRONTEND: noninteractive | |
| CI: 1 | |
| GH_ACTIONS: 1 | |
| jobs: | |
| pre-ci: | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
| steps: | |
| - id: skip_check | |
| uses: fkirc/skip-duplicate-actions@master | |
| ci: | |
| timeout-minutes: 90 | |
| needs: pre-ci | |
| if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} | |
| runs-on: ${{ matrix.env.OS }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| env: | |
| - { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: macos, OS: macos-15, NAME: macos-clang } | |
| env: ${{ matrix.env }} | |
| # If branch protection is in place with status checks enabled, ensure | |
| # names are updated if new matrix entries are added or the name format | |
| # changes. | |
| name: "master-${{ matrix.env.NAME }}" | |
| steps: | |
| # Checkout, but defer pulling LFS objects until we've restored the cache | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: false | |
| - name: Create LFS file list as cache key | |
| run: git lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id | |
| - name: Restore LFS cache | |
| uses: actions/cache@v4 | |
| id: lfs-cache | |
| with: | |
| path: .git/lfs | |
| key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1 | |
| # Now the LFS pull will be local if we hit the cache, or remote otherwise | |
| - name: Git LFS pull | |
| run: git lfs pull | |
| - name: Restore eapol_test build directory from cache | |
| uses: actions/cache@v4 | |
| id: hostapd-cache | |
| with: | |
| path: ${{ env.HOSTAPD_BUILD_DIR }} | |
| key: hostapd-${{ runner.os }}-${{ env.HOSTAPD_GIT_TAG }}-v4 | |
| - name: Install dependencies (macOS) | |
| run: | | |
| brew install \ | |
| cassandra-cpp-driver \ | |
| gperftools \ | |
| hiredis \ | |
| json-c \ | |
| libidn \ | |
| libmemcached \ | |
| libyubikey \ | |
| llvm@18 \ | |
| luajit \ | |
| mariadb \ | |
| make \ | |
| mruby \ | |
| openssl \ | |
| [email protected] \ | |
| talloc | |
| ln -s `brew --prefix`/opt/make/bin/gmake /usr/local/bin/make | |
| echo "#! /bin/sh" >> /usr/local/bin/nproc | |
| echo "sysctl -n hw.physicalcpu" >> /usr/local/bin/nproc | |
| chmod +x /usr/local/bin/nproc | |
| env: | |
| HOMEBREW_NO_AUTO_UPDATE: 1 | |
| HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
| HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS: 3650 | |
| - name: Install tacacs_plus | |
| run: | | |
| PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install tacacs_plus | |
| # | |
| # Ensure the homebrew version of clang is run rather than the Apple compiler. | |
| # | |
| - name: Set path for clang | |
| run: | | |
| echo "PATH=`brew --prefix`/opt/llvm@18/bin/:$PATH" >> $GITHUB_ENV | |
| # | |
| # Ensure Python 3.10 is used | |
| # | |
| - name: Set path for Python 3.10 | |
| run: | | |
| echo "PATH=`brew --prefix [email protected]`/bin/:$PATH" >> $GITHUB_ENV | |
| # | |
| # Ensure Homebrew installed OpenSSL is used | |
| # | |
| - name: Set path for OpenSSL | |
| run: | | |
| echo "PATH=`brew --prefix openssl`/bin/:$PATH" >> $GITHUB_ENV | |
| # | |
| # Build using some alternative libraries | |
| # | |
| # PCRE 2 -> PCRE 1 | |
| # MIT Kerberos -> HEIMDAL Kerberos | |
| # | |
| - name: Use alternative libraries | |
| if: ${{ matrix.env.LIBS_ALT == 'yes' }} | |
| run: | | |
| sudo ldconfig | |
| sudo apt-get install -y --no-install-recommends libpcre3-dev # "PCRE 1" | |
| sudo apt-get purge -y libpcre2-dev # Remove default PCRE 2, leaving only PCRE 1 | |
| sudo apt-get install -y --no-install-recommends heimdal-dev | |
| - name: Show versions | |
| run: | | |
| $CC --version | |
| make --version | |
| krb5-config --all || : | |
| pcre-config --libs-posix --version 2>/dev/null || : | |
| pcre2-config --libs-posix --version 2>/dev/null || : | |
| openssl version | |
| - name: Configure | |
| run: | | |
| if $CC -v 2>&1 | grep clang > /dev/null; then | |
| echo "Enabling sanitizers" | |
| enable_sanitizers="--enable-address-sanitizer --enable-undefined-behaviour-sanitizer" | |
| if [ "`uname`" != "Darwin" ]; then | |
| enable_sanitizers="$enable_sanitizers --enable-leak-sanitizer" | |
| fi | |
| else | |
| enable_sanitizers="" | |
| fi | |
| build_paths="" | |
| if [ "`uname`" = "Darwin" ]; then | |
| build_paths="--with-libfreeradius-ldap-lib-dir=`brew --prefix`/opt/openldap/lib --with-libfreeradius-ldap-include-dir=`brew --prefix`/opt/openldap/include --with-openssl-lib-dir=`brew --prefix`/opt/openssl/lib --with-openssl-include-dir=`brew --prefix`/opt/openssl/include --with-unixodbc-lib-dir=`brew --prefix`/opt/unixodbc/lib --with-unixodbc-include-dir=`brew --prefix`/opt/unixodbc/include --with-rlm-python-config-bin=`brew --prefix [email protected]`/bin/python3.10-config" | |
| fi | |
| CFLAGS="${BUILD_CFLAGS}" ./configure -C \ | |
| --enable-developer \ | |
| --enable-werror \ | |
| $enable_sanitizers \ | |
| $build_paths \ | |
| --prefix=$HOME/freeradius \ | |
| --with-threads=$LIBS_OPTIONAL \ | |
| --with-udpfromto=$LIBS_OPTIONAL \ | |
| --with-openssl=$LIBS_OPTIONAL \ | |
| --with-pcre=$LIBS_OPTIONAL | |
| echo "config.log" | |
| cat config.log | |
| echo "Contents of src/include/autoconf.h" | |
| cat "./src/include/autoconf.h" | |
| - name: Make | |
| run: | | |
| make -j `nproc` | |
| - name: "Clang Static Analyzer: Store assets on failure" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: clang-scan.tgz | |
| path: build/plist/**/*.html | |
| retention-days: 30 | |
| if: ${{ matrix.env.CC == 'clang' && failure() }} | |
| # No detect_leaks support for ASAN on macOS | |
| - name: Run basic tests (macOS) | |
| run: | | |
| make -j `nproc` test.keywords test.unit test.modules test.auth test.digest | |
| make test | |
| env: | |
| ASAN_OPTIONS: symbolize=1 detect_stack_use_after_return=1 | |
| # | |
| # If the CI has failed and the branch is ci-debug then we start a tmate | |
| # session to provide interactive shell access to the session. | |
| # | |
| # The SSH rendezvous point will be emited continuously in the job output, | |
| # which will look something like: | |
| # | |
| # SSH: ssh [email protected] | |
| # | |
| # For example: | |
| # | |
| # git push origin ci-debug --force | |
| # | |
| # Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions | |
| # | |
| # ssh [email protected] | |
| # | |
| # Access requires that you have the private key corresponding to the | |
| # public key of the GitHub user that initiated the job. | |
| # | |
| - name: "Debug: Start tmate" | |
| uses: mxschmitt/action-tmate@v3 | |
| with: | |
| limit-access-to-actor: true | |
| if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} |